Podcasts about EDR

  • 375PODCASTS
  • 987EPISODES
  • 48mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 23, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about EDR

Show all podcasts related to edr

Latest podcast episodes about EDR

Downtime - The Mountain Bike Podcast
New Names, New Winners, New Energy | EDR World Cup 2026 So Far

Downtime - The Mountain Bike Podcast

Play Episode Listen Later Jun 23, 2026 60:06


Enduro World Cup is back and there are new names at the sharp end of the results sheets. We've had breakout performances, surprise winners, and riders stepping into the spotlight who maybe weren't on everyone's radar a few weeks ago. But it's not just what's happening on track. The coverage itself feels like it's taken a step forward too. More access, more insight, and a better window into what's actually going on inside an EDR weekend. So in this episode, we're breaking it all down. The standout rides, the new characters emerging in the series, what's changed already in 2026, and what it might be telling us about where enduro racing is heading this year. Morgane and Greg join me to provide insight into what went on at the first two rounds in Loudenvielle and Leogang. Thiis is the start of something that already feels like a new era for EDR.  So sit back, hit play and listen to this episode with Morgane Charre and Greg Callaghan. You can also watch this episode on YouTube here. Follow these accounts for great enduro coverage – @nextstagemtb, @catalyst.cc and @endurochronicles. You can download the UCI MTB World Series app here. Thanks Patreon I would love it if you were able to support the podcast via a regular Patreon donation. Donations start from as little as £3 per month. That's less than £1 per episode and less than the price of a take away coffee. Every little counts and these donations will really help me keep the podcast going and hopefully take it to the next level. To help out, head here. Merch If you want to support the podcast and represent, then my webstore is the place to head. All products are 100% organic, shipped without plastics, and made with a supply chain that's using renewable energy. We now also have local manufacture for most products in the US as well as the UK. So check it out now over at downtimepodcast.com/shop. Newsletter If you want a bit more Downtime in your life, then you can join my newsletter where I'll provide you with a bit of behind the scenes info on the podcast, interesting bits and pieces from around the mountain bike world, some mini-reviews of products that I've been using and like, partner offers and more. You can do that over at downtimepodcast.com/newsletter. Follow Us Give us a follow on Instagram @downtimepodcast or Facebook @downtimepodcast to keep up to date and chat in the comments. For everything video, including riding videos, bike checks and more, subscribe over at youtube.com/downtimemountainbikepodcast. Are you enjoying the podcast? If so, then don't forget to follow it. Episodes will get delivered to your device as soon as it's available and it's totally free. You'll find all the links you need at downtimepodcast.com/follow. You can find us on Apple Podcast, Spotify, Google and most of the podcast apps out there. Our back catalogue of amazing episodes is available at downtimepodcast.com/episodes Photo – Rick Schubert

Shedding the Corporate Bitch
How to Handle Workplace Disputes Before They Become Lawsuits — with Felicia Harris Hoss

Shedding the Corporate Bitch

Play Episode Listen Later Jun 23, 2026 36:59 Transcription Available


We'd love to hear from you. Send us fan mail!Workplace dispute resolution is one of the least discussed and most costly blindspots in executive leadership. In this episode of Shedding the Corporate B!tch, executive coach Bernadette Boas sits down with Felicia Harris Hoss, of Harris Hoss Mediations & Arbitration, a nationally recognized mediator with 30 years of trial law experience, to break down early dispute resolution and why it is one of the most powerful, underutilized tools available to corporate executives and HR leaders.Felicia explains why less than five percent of filed lawsuits ever reach trial, what that means for how executives should be approaching conflict, and why the decision to mediate early is not a sign of weakness, it is a strategic move that preserves relationships, resources, and reputation. She walks through the four Cs of mediation, the questions every executive should be asking their attorney, and how to shift from a reacting posture to a responding one in any dispute.If you lead people, manage HR concerns, or sit in any seat where workplace conflict can escalate into legal action, this conversation will change how you think about resolution. What You Will Learn• What early dispute resolution (EDR) is and why it is ABA official policy• When to engage a mediator before a lawsuit is filed• Why litigation means surrendering control — and what executives can do instead• The four Cs of mediation: confidentiality, control, creativity, certainty• What questions to ask your attorney about workplace disputes and resolution options• How the respond vs. react mindset shifts negotiation outcomes• What 'winning' actually looks like in a corporate dispute Key Quote"If you go to the courthouse, you pass that baton called control to strangers. — Felicia Harris Hoss" Episode Chapters00:00:00 — The Legal Dispute Already Living in Your Organization 00:02:00 — Why Staying in the Room Changes Everything 00:03:00 — Meet Felicia Harris-Hoss: From Trial Partner to Neutral 00:06:00 — What Mediation Actually Is (And Isn't) 00:09:00 — Workplace Scenarios That Call for a Mediator 00:12:00 — Why Early Mediation — Before Positions Harden 00:13:00 — The Human Cost Behind Every Corporate Lawsuit 00:15:00 — Why Early Mediation Wasn't Working — And What Changed 00:17:00 — Ego, Fear, and the Real Reason Leaders Avoid Resolution 00:18:00 — The Courtroom Hands Control to Strangers 00:21:00 — The Four C's of Mediation: Confidentiality, Control, Creativity, Certainty 00:26:00 — Key Questions Every Leader Should Ask Their Attorney 00:27:00 — What to Know Before You Bring a Dispute to HR 00:31:00 — Why Even Lawyers Get Confirmation Bias 00:32:00 — Respond, Don't React: The Mindset That Changes Outcomes 00:34:00 — Bernadette's Takeaways for Every Leader and HR Professional About the GuestFelicia Harris Hoss, of Harris Hoss Mediations & Arbitration, is a 30-year trial attorney and nationally credentialed mediator who specializes in early dispute resolution for executives, corporations, and complex business conflicts. She co-authored Resolution 500 for the American Bar Association, which was unanimously adopted in 2024, making early dispute resolution official ABA policy. She also helped establish the American Arbitration Association's EDR Mediation Panel.Learn more at HarrisHossPLLC| Connect on LinkedIn HERE Related Episodes Employee Engagement Strategies That Actually Move the Needle with Ian Watts— HEREYour Calendar is Lying - The Timer Leadership Framework— HERESlow Down To Go Fast with Loretta Stagnitto — HERE Subscribe CTAIf this conversation gave you a new way to think about conflict, leadership, and control, subscribe to Shedding the Corporate Bitch on YouTube at @ShedtheCorpBitchTV for new episodes every week. You can also DOWNLOAD our free Leadership Gap Diagnostic and identify where your leadership needs the most attention right now. Support the show

Cyber Security Today
Stolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking

Cyber Security Today

Play Episode Listen Later Jun 22, 2026 10:03


A breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Clue to customers' Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Clue revoked tokens, removed the legacy integration credential involved, and engaged CrowdStrike as Icarus threatens extortion, echoing earlier Salesforce token-theft campaigns affecting nearly 1,000 companies.  Researchers also detail AriStinger, a new botnet infecting 4,000+ end-of-life D-Link routers to scan, proxy, tunnel, execute commands, and hijack DNS, with many infections in South Korea and China. The episode covers federal cyberstalking charges against Anthony Belford for allegedly using fake accounts and AI-generated nude images, and ESET's report that the "Gentleman" ransomware crew is developing modular EDR-killing tools to disable endpoint defenses. 00:00 Top Stories Teaser 00:29 Clue OAuth Token Breach 02:32 Salesforce Token Attack Trend 04:14 AryStinger Router Botnet 05:33 AI Deepfake Cyberstalking Case 07:50 Gentleman EDR Killer Arsenal 09:37 Wrap Up And Sign Off

CISSP Cyber Training Podcast - CISSP Training Program
CCT 358: EDR Bypass Ransomware: The Gentle Killer Threat Every CISSP Must Know

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 22, 2026 43:02 Transcription Available


Send us Fan MailYour endpoint tool can be world class and still get taken out first. That's the unsettling reality behind a new wave of “EDR killer” capabilities being packaged inside ransomware-as-a-service platforms, where affiliates can plug in advanced evasion without building it themselves. When attackers can blind endpoint detection and response before the ransomware payload runs, the old comfort of “we have EDR, so we're covered” turns into a single point of failure.We unpack the reporting on a highly active ransomware operation and its toolset, then zoom in on the technical path that makes this work: BYOVD, bring your own vulnerable driver. With admin access, attackers load a legitimate but vulnerable signed driver, escalate into kernel mode, and terminate security processes from below the privilege stack. From there, we shift to what matters for real security programs: defence in depth, kernel integrity protections like HVCI and KMCI, strict driver allow and block policies, and aggressive driver hygiene to reduce attack surface.Then we put on the CISSP lens. We tie the scenario to Domain 7 security operations (EDR limits, incident response, monitoring), Domain 3 security architecture and engineering (layered controls, hardening), and Domain 1 security and risk management (risk = threat × vulnerability × impact, plus threat landscape shifts). The big takeaway is simple: your job isn't to find the fanciest tool, it's to build a program that still works when one control fails and to communicate that risk clearly to leadership.If this helps you think like a manager and study smarter, subscribe for weekly CISSP-focused breakdowns, share the episode with a teammate, and leave a review so more people can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Paul's Security Weekly
LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591

Paul's Security Weekly

Play Episode Listen Later Jun 19, 2026 39:02


Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-591

Paul's Security Weekly TV
LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591

Paul's Security Weekly TV

Play Episode Listen Later Jun 19, 2026 39:02


Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-591

Hack Naked News (Audio)
LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591

Hack Naked News (Audio)

Play Episode Listen Later Jun 19, 2026 39:02


Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-591

Hack Naked News (Video)
LLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker... - Rob Allen - SWN #591

Hack Naked News (Video)

Play Episode Listen Later Jun 19, 2026 39:02


Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-591

Cyber Morning Call
1029 - F5 corrige duas falhas críticas no NGINX

Cyber Morning Call

Play Episode Listen Later Jun 19, 2026 7:09


Referências do EpisódioTURING DAY 2026 | 6ª EDIÇÃO - DIA 25/06K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530K000161584: NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability CVE-2026-42055Killing me gently: Inside Gentlemen's EDR killer frameworkLost in relocation: analysis of a new loader distributing CASTLESTEALERAutoJack: How a single page can RCE the host running your AI agent Oracle Critical Security Patch Update Advisory - June 2026PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVMRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

The CyberWire
The botnet browser blues.

The CyberWire

Play Episode Listen Later Jun 18, 2026 25:15


International law enforcement disrupts the SocGholish botnet. The UK's cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU's cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Critical patches land from F5, Atlassian, and Splunk. Agentjacking targets AI coding assistants. And Kodak confirms a breach claimed by ShinyHunters. Our guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on the failure of FISA section 702 to reauthorize. Criminal coders face automation anxiety. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and coh-host of Caveat, as he discusses the failure of FISA section 702 to reauthorize. Selected Reading Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp (Bleeping Computer) Hostile States Behind 75% of Cyber-Attacks on UK CNI, NCSC Warns (Infosecurity Magazine) Cyberspace Locked in a Nation-State Contest, Says NCSC CEO (BankInfo Security) EU grants Ukraine access to cybersecurity reserve for major attacks (The Record) Killing me gently: Inside Gentlemen's EDR killer framework (ESET) ShapedPlugin update flow hacked to infect WordPress sites (Bleeping Computer) F5 issues out-of-band patches for critical NGINX vulnerabilities (Bleeping Computer) Atlassian, Splunk Patch Critical Vulnerabilities (SecurityWeek) Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents (HackRead) Kodak Admits Data Breach After ShinyHunters Hack Claims (SecurityWeek) Cybercriminals Are Worried About AI Taking Their Jobs Too (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat Talks - Your Gateway to Cybersecurity Insights
What about Iran? One Word Document, Three Backdoors

Threat Talks - Your Gateway to Cybersecurity Insights

Play Episode Listen Later Jun 16, 2026 22:14


Every big nation state has a cyber army: China, Russia, the US, Europe. But what about Iran? Meet Boggy Serpens, a group tied to Iran's civilian intelligence service whose entire business is breaking in and staying in, then handing the keys to whoever strikes next. Their playbook, Operation OLALAMPO, needs just one booby-trapped Word document to plant three separate backdoors on your network.A Telegram-bot command channel that hides inside everyday encrypted chat traffic, a Rust “Ghost” backdoor built to defeat analysis, and a legitimate AnyDesk install quietly turned against you.The layered defense for every stage: email and file controls, behavioral EDR, egress policy, threat intel, and Zero Trust segmentation.The twist: why this operation mostly failed, plus the tells that the malware was partly written with AI.Filmed live at the ON2IT SOC, host Lieuwe Jan Koning runs a red team vs blue team session with analysts Yuri Wit, the “proxy Iranian” attacker, and Rob Maas on defense. Watch the full episode to see each move, and the exact control that stops it.

ITSPmagazine | Technology. Cybersecurity. Society
Seeing What Your EDR Can't | A Brand Spotlight at Infosecurity Europe 2026 with Matt Ellison, Director of Sales Engineering EMEA & APAC of Corelight

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 10, 2026 16:36


At Infosecurity Europe 2026 in London, Matt Ellison, Director of Sales Engineering EMEA & APAC at Corelight, joins Sean Martin to unpack the visibility gap widening across security operations. The SOC is either drowning in data or missing the data that matters most. Corelight, custodian of the open-source Zeek project, builds a platform that turns raw network traffic into evidence teams can actually use. Why do today's most evasive attacks slip past endpoint detection? Because they are designed to. Ellison points to typhoon-style campaigns staged from network and hardware devices specifically to avoid EDR. When a platform sees all of the network traffic moving backwards and forwards, those moves stop being invisible. Seeing more is only half the battle. Ellison describes teams trapped by a fear of missing something, switching on every "just in case" detection until alert volume becomes its own crisis. The real question shifts from "what fired" to "what does this actually mean for my environment." How do you investigate a detection you cannot see inside? A black box hands down a verdict with no evidence behind it. Corelight takes an open approach, exposing the data behind every conclusion so analysts can follow a flow to its root cause and apply the one thing no vendor ships: their own knowledge of the network. The proof tends to show up fast. Ellison recalls a proof of value where, within thirty minutes, the team surfaced sensitive information moving unencrypted across the network. Other finds are smaller but telling, like a finance team's certificate using a weak cipher. Corelight even names its catch-all logs plainly, the "weird" log and the "unknown" log. Visibility feeds compliance too. Frameworks like NIS2, DORA, and GDPR demand evidence, not a tool humming in the corner that no one reviews. Ellison previews a coming release that adds asset classification, identifying every device on the network and explaining the why behind it. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUESTMatt Ellison, Director of Sales Engineering EMEA & APAC, Corelight LinkedIn: https://www.linkedin.com/in/matthewrellison/ RESOURCES Learn more about Corelight, including customer stories: https://corelight.com Zeek, the open-source NDR project Corelight maintains: https://zeek.org Infosecurity Europe 2026 coverage from ITSPmagazine: https://www.itspmagazine.com/infosecurity-europe-2026-infosec-london-cybersecurity-event-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight ▶︎ Get your own Brand Briefing at an upcoming event: https://www.studioc60.com/buy-brand-briefings KEYWORDS Matt Ellison, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, network detection and response, NDR, Zeek, open source security, network visibility, threat hunting, SOC alert fatigue, EDR evasion, encrypted traffic analysis, NIS2, DORA, GDPR, Infosecurity Europe 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

El Garaje Hermético de Máximo Sant
¿Por qué ya no hay coches PEQUEÑOS y BARATOS?

El Garaje Hermético de Máximo Sant

Play Episode Listen Later Jun 7, 2026 19:11


Estamos asistiendo al fin de los utilitarios y el Segmento A. Este tema me toca la fibra sensible porque afecta directamente al derecho a la movilidad de los más jóvenes y de las rentas más bajas. ¿Has intentado comprar un coche pequeño y económico últimamente? Es imposible. El Segmento A ha muerto. Modelos honestos y racionales como el Seat Mii, el Ford Ka o el Citroën C1 han pasado a mejor vida, y no por falta de clientes, sino por un "suicidio financiero" provocado por la normativa. El "impuesto" de la seguridad obligatoria Desde 2024, con implementación total en este 2026, la Unión Europea exige que todos los vehículos nuevos incorporen sistemas ADAS (seguridad activa). Hablamos de frenada de emergencia, asistente de carril, detector de fatiga y la famosa caja negra (EDR). Técnicamente, instalar estos sensores en un coche de 100.000 euros es insignificante, pero en un utilitario diseñado para costar 10.000 euros, supone un sobrecoste directo de unos 2.000 euros. Rediseñar el cableado y el salpicadero de un coche diminuto para que todo quepa dispara los costes de ingeniería. El fabricante se queda sin opciones: o vende el coche a 17.000 euros (y nadie lo compra) o deja de fabricarlo. La estocada final: La Normativa Euro 7 Si la seguridad hirió al segmento, la Euro 7 le ha dado la estocada. Para que un motor de 1.0 litro cumpla con los límites de óxidos de nitrógeno y partículas en condiciones reales de conducción, necesita un sistema de escape extremadamente complejo. Catalizadores de tres vías avanzados y filtros de partículas de última generación añaden otros 1.200 euros de coste mínimo por motor. La física y la química no entienden de presupuestos ajustados; limpiar los gases requiere metales preciosos y tecnología cara. El refugio de los SUV y la rentabilidad Las marcas han descubierto que es mucho más rentable vender un B-SUV que un utilitario tradicional. Mientras que en un coche de 12.000 euros el beneficio neto podía ser de apenas 500 euros, en un SUV basado en la misma plataforma el margen salta a los 3.000 o 4.000 euros. El valor percibido por el cliente es mayor, aunque la tecnología interna sea casi idéntica. Estamos pasando de una industria que buscaba motorizar a las masas a una que busca maximizar el beneficio por unidad. La falsa promesa del coche eléctrico Muchos dicen que el eléctrico salvará el segmento, pero la realidad industrial de 2026 dice lo contrario. Una batería con autonomía digna cuesta hoy cerca de 6.000 euros. Si solo la batería representa el 40% del coste total, es imposible fabricar coches eléctricos de 10.000 euros. El coche eléctrico pequeño se está convirtiendo en un segundo o tercer coche para familias de alto poder adquisitivo, no en una solución para el ciudadano medio. Consecuencias: Un parque móvil envejecido Al encarecer artificialmente los coches pequeños, estamos consiguiendo el efecto contrario al deseado. Como la gente no puede pagar un coche nuevo, mantiene su vehículo de 15 o 20 años. Estamos envejeciendo el parque móvil y, por tanto, contaminando más. Es la paradoja de la movilidad moderna: hemos legislado contra la sencillez y, al final, hemos expulsado a la población de la movilidad privada nueva. En el video de hoy recordamos clásicos como el Fiat Panda de segunda generación, el ejemplo perfecto de lo que hemos perdido: un coche indestructible, lógico y barato que hoy sería ilegal fabricar. Bienvenidos a la era donde la sencillez es un lujo prohibido.

@BEERISAC: CPS/ICS Security Podcast Playlist
Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 7, 2026 35:43


Podcast: Industrial Cybersecurity InsiderEpisode: Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.Pub date: 2026-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it?In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap.Chapters:(00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Segment: A Zero Trust Leadership Podcast
Same Problems, Different Decade | Dr. Anton Chuvakin and Erik Bloch

The Segment: A Zero Trust Leadership Podcast

Play Episode Listen Later Jun 3, 2026 54:42


In this episode, Raghu Nandakumara sits down with two heavyweights in cybersecurity: Dr. Anton Chuvakin (Google Cloud) and Erik Bloch (Illumio), for a candid, often funny, and occasionally sobering look at why detection and response keeps fighting the same battles it was fighting 20 years ago. From the birth of SIEM and the coining of "EDR," to the short-lived reign of XDR, to today's AI hype cycle, Anton and Erik trace the full arc of the industry's evolution and interrogate why, despite decades of tooling investment, the fundamental outcomes haven't changed.  Alert fatigue, signal-to-noise ratios, and the needle-in-the-haystack problem remain as stubborn as ever –and the slides security teams are building in 2025 look suspiciously like the ones from 2003. Raghu, Anton, and Erik discuss: Why the SOC still largely runs on a 1990s operating model and what it would actually take to change that How compliance pulled SIEM away from detection for over a decade and why that hangover still lingers Why a handful of engineering-led organizations (Google, Netflix, a European bank) have cracked the code while nearly everyone else keeps applying band-aids The pharmaceutical industry analogy that explains why security startups keep building band-aids instead of solving root causes What MDRs are doing right and why enterprise SOCs have no incentive to learn from them Why AI is accelerating tooling but, for some organizations, actually slowing down the harder transformation work How securing AI is repeating the exact same mistakes made in the early days of cloud Stay connected with our host Raghu on LinkedIn For more information about Illumio, check out our website at illumio.com

CISSP Cyber Training Podcast - CISSP Training Program
CCT 353: AI Agent Governance Essentials - CISSP Practice Questions

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 28, 2026 28:26 Transcription Available


Send us Fan MailAI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership.We walk through what is driving the mess: board-level pressure, AI FOMO, and the dangerous habit of treating AI agents like old-school automation. Then we get concrete. We talk about why many enterprises still lack an inventory of AI agents, why traditional security tooling is tuned for human behaviour anomalies, and what it actually takes to be audit-ready. We cover practical governance frameworks like tiered autonomy, why observability is more than collecting output logs, and how to design decision-path tracing with execution records and decision logs you can act on.To make it actionable for exam prep and day-to-day work, I close with CISSP-style practice questions on the exact scenarios you will face: detection gaps, human approval bottlenecks, least privilege for agents, proving decisions during audits, and architecting platforms that balance operational efficiency with risk management. If you are serious about passing, I also share how my CISSP Sprint cohort is structured to force momentum, including booking your exam date early.Subscribe for weekly CISSP-focused training, share this with a teammate building AI workflows, and leave a review so more security pros can find the show. What part of AI agent governance is your biggest blind spot right now?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Management Blueprint
333: Turn Your IT into Your Growth Engine with Tom Kirkham

Management Blueprint

Play Episode Listen Later May 26, 2026 20:47


https://youtu.be/sUyjA0muVgM Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning. In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance. — Turn Your IT into Your Growth Engine with Tom Kirkham Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.  Oh, it’s great to be here, Steve.  Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?  That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it's been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading. And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird. So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism. In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.Share on X And so we’ve been trying to perfect that system in the culture for the past ten years. Of course, no one's perfect, but if you pursue perfection, you can achieve excellence. And I think we've done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it's really fulfilling. It's more of a personal feeling because I've been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I'm sixty-four now. So I didn't really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.  What resonated with you with this idea of stakeholder capitalism? It just made sense. The obvious part is with employees—all of that is true. That's obvious to any good leader or manager, right? As you well know, there's a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it's something new—a new tool that we're going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.  So it's not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I'm dealing with a vendor, if it fails for us, it's not our fault—it's their fault, right? Either they oversold the product or they didn't deliver on the service component. I didn't want it to be because we failed to do the right training, or didn't communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.  Yeah. I like it. So you're looking for partnership-based relationships where it's win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can't exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I'm always looking for frameworks—something practical that helps businesses achieve results. Usually it's some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?  Well, we have a thing we call the IronTech Framework.  Okay.  And it was something that we came up with many years ago and started practicing seven or eight years ago, and it's a framework. It's like the NIST Cybersecurity Framework. I looked at NIST and there's five components to it, and it's about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it's not enough just to throw it out there and tell all your people to take it. You've got to follow up, you've got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.  If somebody accidentally fires off a ransomware attack, they need to know they're not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there's a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it's all well and good if you want to put these protections in and these particular products, but we're a best-of-breed company. Like one of our critical tools that's required for our clients to put in place, to buy it and use it every single day on every single computer, is what's known as an EDR. And it's basically an AI-based super turbo antivirus.  To even call it an antivirus is not doing it justice. So there's three legs to the IronTech Framework. We want to make sure that you're getting a return on your investment in IT, because that's why you buy it. If you treat IT as an expense, you need to kind of change the way you're thinking. You want to improve productivity and efficiency.Share on X The second leg is cybersecurity, because a bad cyberattack can put you out of business. I think the last stats I saw were something like 40 to 60% of businesses go out of business within two years of a significant cyberattack. And then finally, the third is governance. That's the three legs of our IronTech Framework. So part of governance is engaging with our clients' management and leadership—the CEO, finance, of course the CIO, the CISO or security officer, and maybe even the board sometimes. Really getting to know: what are your objectives, and how can we utilize our services to best help your company realize those objectives? Because for most companies, there's no other vendor they engage with as much as us.  We're talking to Susie every day. We're talking to Bill every day. We know that Mary's out sick and Steve's on vacation. I mean, when you're running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far. So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.Share on X “Okay, you need to replace these 30 laptops that are four years old. You're not getting an ROI on them.” “This server's five years old. Let's start thinking about replacing it.” “We have this new tool that's really excellent. We're recommending everybody get it.” And because we've developed that trust, those conversations become pretty easy. For the most part, everybody just says yes. But of course, we don't sell just to sell, especially when it comes to things like hardware. That's not really what we're here for. We're here for the day-in, day-out work: keeping things running, stopping breaches, and putting the policies and procedures in place to run your company as smoothly as possible.  Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot. And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don't have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they're going to be more motivated and more effective. So I thought it was a no-brainer.  Yes, but there's still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.  Yeah, that makes sense. So Tom, tell me, what drives growth in your business?  Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don't know if you're asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don't cold call people unless we've already contacted them in another way, if that's what you're asking.  Yeah. I'm asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you? Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don't treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don't understand the size and scale of that industry. It's a $10 to $12 trillion industry now.  Wow.  If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything's fine… If they don't already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don't understand. That email was one of 100,000 emails that got blasted out. They don't know who you are, nor do they care who you are.” They're playing a numbers game. And it's kind of like marketing. They're looking at conversion numbers. Yeah.  Let's say it's 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let's say 1% become victims. And let's say they collect an average of $10,000 per victim. Well, that's a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It's done at scale, and it's a much bigger industry than that. That's just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We're one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you've got China and other nation states not only trying to get into your client, but you're also a threat vector. You're a way to get into that client's patents and secrets.  So we've got to treat that differently. It's not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we're offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don't publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That's one of the things we do. You spent time on our website, and you didn't see a single client name on there. And that's just one of the small things we do to protect our clients' security and privacy, because privacy and security go hand in hand. Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?  I think because of all the chaos in the United States, making a decision to do anything—everybody's kind of frozen. There are a lot of hiring freezes. I know we've got a freeze on right now because we're looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That's one of the challenges, is getting people over the hump. No matter what you do, if you've got an IT company doing your stuff and you only call them when things are broken, there's a much more profitable way to do that. You're spending more money.  So there are benchmarks in industries, right? Basically, the research—and these aren't numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that's everything. I'm talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That's the way it works. So when we engage with a prospect and find out they're only spending 3 or 4%, then I already know they have gaps. I don't even have to do an assessment to see what they're not doing.  They're either not getting a return on investment, or they're not secure. That's it. If all the accounting firms are spending 6%, and you're only spending 4%, don't just pat yourself on the back. That's one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that's a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven't uncovered? And those are some of the things we try to educate our clients on. They don't have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it's $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it's hurting productivity by 10% or more? Yeah. That’s a no-brainer.  Yeah. It should be.  Yeah. It's not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn't have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.  Precisely. I mean, we're so tuned into that that we're a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We'll order it and get it there for you. We're so tuned into that, that we went all Mac back when they were still Intel Macs. And I don't know how much you know about Macs, but they were…  I have a couple. Okay. Yeah, we're Mac people too. Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don't think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren't as dramatic as going from Intel to the first M-series chip. But it's still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That's where the sweet spot is on trade-in value. We rotate them every two to three years and they're out. I think mine is maybe a year old, but I'll probably keep this one for a couple more years.  By the way, you're the first IT company and MSP I've met that doesn't use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn't need them anymore since I had the Mac.  Yeah, that's kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.  Yeah. Classic. Very classic.  Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we're a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn't break. It doesn't mind being unplugged from a docking station. It just works.” Yeah.  And then all the other things—that they're generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody's going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”  Yeah.  About half the office resisted it. And I said, “You gotta try it because I think you'll like it, and if you don't, then we'll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.” Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they're finally talking to an IT service company that's not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally? The website is the best place to go. It's www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you're thinking, because we want to know what you're thinking and see if there's a fit with the way we do things. Macs started becoming important with executives. That's where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we're perfectly happy with that.  Yeah. Okay. Very good. So if you're listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you're doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you're going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.  Oh, it’s been my pleasure, Steve. Important Links: Tom's LinkedIn Tom's website

Paul's Security Weekly
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460

Paul's Security Weekly

Play Episode Listen Later May 25, 2026 104:54


Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Backup Central's Restore it All
Stop 90% of Ransomware Attacks with Basic Cyber Hygiene

Backup Central's Restore it All

Play Episode Listen Later May 25, 2026 40:27 Transcription Available


Basic cyber hygiene — patch management, password management, and MFA — is responsible for stopping roughly 90% of the ransomware attacks that could hit your organization. This episode is the overview: what those three things are, why they matter, and what happens when you skip them.WannaCry infected over 200,000 systems worldwide. A patch existed. People just hadn't applied it. Rackspace lost an entire business line — not because the attack was sophisticated, but because a workaround gave them false confidence and they delayed a critical patch. These aren't edge cases. They're the rule.Dr. Mike Saylor (Black Swan Cybersecurity) and Prasanna Malaiyandi join me to walk through the three pillars of basic cyber hygiene. We cover patch management first — and before you can even patch, you have to know what you have. Inventory is the starting point. Then we get into passwords: why reusing them is a numbers game the bad guys always win, and why a password manager isn't optional anymore. Finally, MFA — what it is, which forms are actually worth using, and why "remember this device" is quietly defeating the whole point.This is an overview episode. We're going deeper on each pillar in three follow-up episodes. But if you're not doing these three things today, stop reading this and go do them. There's no point talking about EDR, XDR, or any other three-letter security product if you haven't nailed the basics first. It's like researching a Roth IRA when you don't have a savings account.Chapters:0:00 Intro0:59 Welcome & Introductions4:20 WannaCry: The Patch That Would Have Saved 200,000 Systems7:33 Rackspace: When a Workaround Isn't Enough12:12 Defining Basic Cyber Hygiene14:53 Why These Three Things Stop 90% of Ransomware17:54 Pillar 1: Patch Management23:55 Pillar 2: Password Management31:55 Pillar 3: MFA & Passkeys37:34 Wrap-Up & What's Next

Enterprise Security Weekly (Audio)
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460

Enterprise Security Weekly (Audio)

Play Episode Listen Later May 25, 2026 104:54


Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-460

Paul's Security Weekly TV
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460

Paul's Security Weekly TV

Play Episode Listen Later May 25, 2026 104:54


Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

Enterprise Security Weekly (Video)
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460

Enterprise Security Weekly (Video)

Play Episode Listen Later May 25, 2026 104:54


Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly enterprise news Finally, in the enterprise security news, a really interesting vibe check funding acquisitions the verizon DBIR we give a tutorial on how to leak AWS keys on github OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL agents versus agents exploitbench the vulnpocalypse robot dogs are SO EASY to take out, we don't need to be too scared of them yet All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-460

Risky Business News
Sponsored: Teaching AI agents the rules of the road

Risky Business News

Play Episode Listen Later May 24, 2026 26:54


In this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren't enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can't and won't prevent agents from going rogue. Josh explains Sondera's “principle of least autonomy” for agents: let them do useful work, but put them in a deterministic policy harness so they can't leak secrets, abuse tools or wander off-task. Show notes

ITSPmagazine | Technology. Cybersecurity. Society
After RSAC Conference 2026, Reflecting on Agentic AI, Community, and the Evolution of Cybersecurity | A Brand Highlight at RSAC Conference 2026 with Tony Anscombe, Chief Security Evangelist of ESET

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 23, 2026 7:33


Agentic AI was the theme that pulled away from the pack at RSAC Conference 2026. Tony Anscombe of ESET makes the case that once AI shifts from being directed by humans to operating with its own objectives and logic, the security surface changes with it, and organizations are being forced to rethink what they protect and how. At the show, ESET announced two products that meet that moment head on. The ESET AI Skills Checker is a free-to-use tool coming to market. ESET AI Protection looks inside AI sessions on the endpoint, flagging sensitive data leakage, malicious links returned by AI systems, and suspicious behavior, and surfacing it all inside normal cybersecurity operations for investigation, blocking, or detection. Tony closes with a reminder worth keeping. His first RSA was in 1998, and the technology he worked on then (sandboxing, dynamic code, remote windowing, encryption, authentication) mirrors a lot of what walks the RSAC Conference floor today. The packaging evolves, the core principles do not. Build forward, but do not lose sight of what the past already proved. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES Learn more about ESET: https://www.eset.com ESET AI Skills Checker and ESET AI Protection: https://www.eset.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic AI, AI security, RSAC Conference 2026, threat intelligence, MDR, EDR, endpoint security, AI Skills Checker, AI Protection, cybersecurity community, multifactor authentication, cybersecurity evolution Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Paul's Security Weekly
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

Paul's Security Weekly

Play Episode Listen Later May 20, 2026 62:32


Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448

Paul's Security Weekly TV
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

Paul's Security Weekly TV

Play Episode Listen Later May 20, 2026 62:32


Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448

Business Security Weekly (Audio)
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

Business Security Weekly (Audio)

Play Episode Listen Later May 20, 2026 62:32


Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-448

Business Security Weekly (Video)
Shift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448

Business Security Weekly (Video)

Play Episode Listen Later May 20, 2026 62:32


Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more! Show Notes: https://securityweekly.com/bsw-448

Cyber Security Today
Exchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical Flaws

Cyber Security Today

Play Episode Listen Later May 19, 2026 12:48


A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

AWS for Software Companies Podcast
Ep207: The AI Arms Race: How Vectra AI Uses Agentic AI to Outpace Cyber Attackers

AWS for Software Companies Podcast

Play Episode Listen Later May 19, 2026 13:31


Greg Murphy of Vectra AI explains why no single security tool is enough in 2026, and how AI is transforming overwhelmed security teams into lean, highly responsive defense operations.Topics Include:Vectra AI helps enterprises detect and respond to cyberattacks before they become breaches.CISOs face millions of alerts monthly with dangerously understaffed security teams.Vectra pioneered AI-driven triage to prioritize only the most critical threats.The result: analysts act on two or three alerts, not thousands.Generative AI is now actively being weaponized by sophisticated bad actors.The first fully AI-orchestrated cyberattack by a nation state has already happened.Vectra and AWS Bedrock are building autonomous agents to fight back.Agentic AI can investigate thousands of incidents and surface only what matters.Over-reliance on single tools like EDR leaves dangerous gaps in defense.Modern attacks move fluidly across identity, network, and cloud environments simultaneously.AI stitches cross-surface signals together, revealing attacks hidden in isolated events.Best practice: assume breach, expand your network definition, and layer best-of-breed solutions.Participants:Greg Murphy – Chief Business Officer, Vectra AISee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

La French Connection
Épisode 0x294 - Cybersécurité au cégep : 1 tech VS 1200 étudiants

La French Connection

Play Episode Listen Later May 9, 2026 68:45


Synopsis Cette semaine, Patrick et Jacques reçoivent Jonathan Bastille, technicien informatique avec mandat sécurité au Cégep de Rivière-du-Loup. Jonathan raconte sa transition du privé vers le secteur public, et le contraste brutal entre la rapidité de décision en PME et le rythme « paquebot » d'un milieu où chaque changement passe par un conseil d'administration. La discussion bifurque rapidement vers la loi 25, l'illusion de conformité par bouts de papier, et l'attitude de trop de PME québécoises : « la sécurité, c'est pas important — j'attends que ça le devienne ». Le trio s'attaque ensuite à un sujet récurrent du podcast : la futilité de la majorité des campagnes de phishing simulé. Renforcement positif vs punition, tests qui ne mesurent que le clic au lieu du processus de détection en arrière, et l'argument central de Patrick — si vos employés deviennent bons à reconnaître votre simulation, ils ne deviennent pas pour autant bons à reconnaître les vraies attaques. Jonathan partage aussi une histoire concrète où il a bloqué le device code flow dans Microsoft, juste avant qu'une attaque réelle utilisant exactement cette technique frappe l'organisation. Côté actualités, plusieurs nouvelles passent au crible : le retour forcé au bureau qui a accouché du néologisme « téléprésentiel », la sortie maladroite du chef du CST qui blâme la proximité avec les États-Unis pour les cyberattaques canadiennes, et surtout le combo explosif CopyFeld + cPanel — une vulnérabilité Linux d'escalade de privilèges présente depuis 2007 et un piratage massif de panneaux d'administration d'hébergeurs. L'épisode se ferme sur une campagne de phishing déployant ScreenConnect chez 80+ organisations, un faux positif retentissant de Microsoft Defender sur des certificats DigiCert, et un rappel martelé : tant que les utilisateurs travaillent en local admin, aucun EDR ne va vous sauver. Crew Patrick Mathieu Jacques Sauvé Jonathan Bastille (invité spécial) Liens et ressources Patrick Microsoft Attack Surface Reduction Rules Device code phishing - Microsoft Microsoft Digital Defense Report Téléprésentiel – retour au bureau, 3 h de trafic pour Teams (Journal de Montréal) Proximité avec les États-Unis et cyberattaques – Radio-Canada cPanel / WHM – exploitation massive du contournement d'authentification (TechCrunch) Copy Fail – exploitation pour obtenir root sur Linux (CISA / BleepingComputer) Jacques Campagne phishing ScreenConnect 80+ organisations Microsoft Defender faux positif DigiCert / Cerdigent Jonathan Microsoft Defender for Endpoint Microsoft Sentinel Microsoft Intune Shamelessplug Inscriptions Hackfest 2026 Hackfest CTF Polar - journée pour les gestionnaires en cybersécurité Call for Paper Hackfest 2026 (mai à fin août) iHack - 30 mai 2026 (Québec, Trois-Rivières, Chicoutimi, Montréal) Discord Hackfest securite.fm Crédits Montage audio par Hackfest Communication Musique par Caleidisco – Candy Island - Much Too Loose Locaux virtuels par Streamyard

The Cybersecurity Defenders Podcast
AI: The Hero's Journey with Ken Westin from LimaCharlie / Defender Fridays [#320]

The Cybersecurity Defenders Podcast

Play Episode Listen Later May 8, 2026 31:50


In this episode, Ken Westin maps AI adoption onto the hero's journey framework, drawing on two decades of security experience to explore how practitioners can move past early resistance, build real fluency with AI tools, and find a working model where humans and AI operate together.Key Topics:Why early AI tools left security teams skeptical and what has genuinely changed since thenHow Ken used AI to accelerate detection engineering without sacrificing analyst oversightWhy AI is best understood as an eager, overconfident intern that still needs supervisionThe importance of hands-on experimentation over passive observation when learning AIHow collaboration and shared prompting practices are shaping how practitioners learnWhy security analysts who engage with AI now will not be left behind as the field evolvesThe case for AI as a tool of empowerment, not replacementAt Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.About Our GuestKen Westin is a Senior Solutions Engineer at LimaCharlie with nearly two decades in the cybersecurity industry. A former startup founder who built tools to track criminal activity, Ken has worked across SIEM, EDR, and detection engineering throughout his career. He also teaches at the college level, where AI and cybersecurity are increasingly intertwined disciplines.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Ken Westin - Senior Solutions Engineer at LimaCharlie

ai hero register defenders eliminate siem edr senior solutions engineer limacharlie
SECURE AF
Qilin Ransomware's EDR Killer DLL – How Attackers Are Subverting Defenses

SECURE AF

Play Episode Listen Later May 6, 2026 6:04 Transcription Available


Got a question or comment? Message us here!Qilin ransomware is deploying a malicious DLL to disable EDR tools before encryption begins. In this #SOCBrief, we break down how the attack works, what to look for, and how defenders can respond. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Security Squawk
Hackers Use Microsoft Teams to Break In - VPN Ransomware Surge - KPMG 2026 Warning

Security Squawk

Play Episode Listen Later Apr 28, 2026 41:56


A new type of cyberattack is bypassing every security tool you've invested in — and it starts with a simple Microsoft Teams message. No malware. No exploit. No zero-day. Just someone pretending to be IT support. At the same time, new data shows 73% of ransomware attacks are now entering through VPNs, and small businesses are absorbing an average of $422,000 per incident. Meanwhile, KPMG just released its 8 cybersecurity priorities for 2026, sending a clear message to executives: the biggest risk isn't technology — it's leadership. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three critical developments every business leader needs to understand right now. This Week's Cybersecurity Breakdown 1. Microsoft Teams Hack (UNC6692 Attack Campaign) Hackers are impersonating IT support inside Microsoft Teams to gain access to enterprise environments. No software vulnerability exploited Targets C-suite and senior leadership (77% of victims) Uses legitimate platforms like AWS and Heroku to evade detection 2. VPNs Are Now the Front Door for Ransomware (At-Bay 2026 Report) New insurance data reveals a sharp increase in ransomware attacks targeting VPN infrastructure: 73% of attacks originate through VPNs 60% of victims had EDR deployed — and still got hit SonicWall vulnerabilities linked to a significant percentage of attacks Average loss: $422,000 for SMBs 3. KPMG's 8 Cybersecurity Priorities for 2026 A strategic warning for boards, CEOs, and executives: AI is now an attack surface Non-human identities (APIs, service accounts) are a major blind spot Supply chain attacks are becoming the primary entry point Cybersecurity is no longer an IT issue — it's a leadership responsibility The Bottom Line The biggest cybersecurity gap today isn't technical. It's leadership. You can't patch employee trust You can't rely on tools without oversight You can't delegate cyber risk and expect protection If you're running a business, this is required awareness. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware trends, and executive-level security insights.

Backup Central's Restore it All
Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow Copies

Backup Central's Restore it All

Play Episode Listen Later Apr 27, 2026 37:22 Transcription Available


Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow CopiesRansomware deletes shadow copies using your own built-in Windows tools against you — and if VSS was your backup plan, you just found out the hard way that it wasn't. In this episode, W. Curtis Preston (Mr. Backup), Prasanna Malaiyandi, and Dr. Mike Saylor break down exactly what shadow copies are, why they don't qualify as a real backup, and how attackers are weaponizing vssadmin to wipe your recovery options before you even know you're under attack.If you've got Windows systems and you've been thinking "eh, we've got shadow copies," this episode is for you. We cover the history of VSS — what it was actually designed for, why it became a crutch, and why using it as your primary backup strategy is a bad idea on multiple levels. Performance, the 3-2-1 rule, and the fact that one attacker with admin rights can delete every single copy in seconds. We also get into the living off the land angle: how attackers do recon on your shadow copies, how they use them to scope out valuable data before going full ransomware, and what you can actually do to detect and respond to this behavior using EDR tools.The bottom line: VSS is a great tool. It was just never meant to be your backup. Get a real one.Chapters:0:00 — Intro1:39 — Welcome & Book Talk3:26 — What Are Shadow Copies and Why Do People Use Them as Backups?9:14 — Performance Problems with VSS as a Backup10:19 — Living Off the Land: How Ransomware Uses VSS Against You12:36 — Can You Monitor or Lock Down VSS Admin?14:26 — Why Shadow Copies Fail the 3-2-1 Rule (They're Not a Backup)18:01 — How to Protect Yourself: Configuring Your EDR21:31 — The Local Admin Problem and Security Culture27:00 — Virtualization, Snapshots, and Shadow Copies29:00 — Final Thoughts: Just Don't Do That

Govcon Giants Podcast
How to Build a Cyber Defense Strategy That Meets CMMC Without Overspending | EP: 321

Govcon Giants Podcast

Play Episode Listen Later Apr 22, 2026 43:35


Cybersecurity is no longer a nice-to-have for government contractors — CMMC compliance is now a pre-award requirement, and if you haven't addressed it, your proposal may be dead before anyone reads it. In this episode, Eric sits down with a 15-year MIT Lincoln Laboratory veteran whose company now trains US Cyber Command to break down exactly what small and mid-size contractors need to know about cyber readiness in a rapidly shifting AI-driven threat landscape. Here's what you'll learn in this episode: Why CMMC and FedRAMP exist — and why meeting the minimum standard is just the floor, not the finish line, for contractors serious about winning DoD business How AI is accelerating cyberattacks on small businesses — attackers are using the same tools you use to run your business, and they're moving faster than ever What a cyber range actually is and how it works — the fire drill analogy that explains why buying tools without training your team is money wasted The right cybersecurity stack for small contractors — endpoint detection and response (EDR), firewalls, and SIEMs explained in plain language with practical starting points How to stop overspending on tools you don't use — why most CISOs only fully utilize a third of their security tools and how to build a lean, effective stack instead What AI adoption inside your company is actually exposing — prompt injection, data leakage, and the governance controls that protect your sensitive contract data   EPISODE CHAPTERS: 0:00 - Sponsor message and why cybersecurity just became mandatory 0:53 - Introducing a 15-year MIT Lincoln Lab cyber expert  6:01 - How the guest built cyber infrastructure for national defense 7:25 - What cyber ranges are and how they work for DoD training  9:16 - The fire drill analogy for understanding cyber readiness 11:07 - Why buying tools without training your team is not enough  13:28 - How the threat landscape has evolved from servers to cloud to AI 16:17 - CMMC and FedRAMP explained as a minimum bar for contractors  19:38 - The real-world financial losses that finally force action on cyber 25:21 - Building a practical cyber stack for small business contractors  31:17 - How AI is changing team size, efficiency, and detection capability 33:36 - Where AI adoption inside your business is creating new vulnerabilities  37:00 - How cyber range assessments work and how long they take  42:14 - What the next five years looks like for cybersecurity in govcon   If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/ Website: https://govcongiants.org/ Connect with Encore Funding: http://govcongiants.org/funding Connect with Lee Rossey: https://www.linkedin.com/in/lee-rossey-0873881/  

Business of Tech
Insurance Mandates and AI Regulation Shift MSPs from Tool Support to Proof and Liability Management

Business of Tech

Play Episode Listen Later Apr 22, 2026 12:53


The dominant structural shift discussed in the episode is the movement from tools-based differentiation to a market defined by proof and liability. This shift is driven by the rising demand for continuous, auditable control over data location, access, and change—requirements increasingly codified by policy mandates, insurance underwriting, and regional AI governance. As illustrated by France's shift away from Windows to Linux across government ministries, enforced through formal governmental policy, the conversation is moving beyond technology preferences to mandated operational boundaries and verifiable compliance. The episode cites findings from ESET's 2026 SMB Cyber Readiness Index, reporting that 86% of US SMBs and 78% of Canadian SMBs carry cyber insurance, with over half of US-insured SMBs required to implement explicit security controls by insurers. Underwriters increasingly demand evidence of controls like MFA, immutable backups, and EDR—not just attestations—at renewal, underwriting, and post-incident. Public sector mandates, such as France's comprehensive push for sovereignty encompassing OS, collaboration, cloud, and AI platforms, are producing enforceable requirements that cascade to commercial contracts and the MSP channel. Supporting developments include Gartner's forecast that by 2027, 35% of countries will be locked into region-specific AI platforms. This is reinforced by channel research from Channel Insider and a survey of 333 MSPs by AvePoint and Omnia, both pointing to governance—not AI tooling—as the leading blocker for MSPs adopting new technologies. Microsoft's move toward metered AI billing and the proliferation of shadow data (with more than 80% of sensitive data potentially sitting outside formal controls, according to Palo Alto Networks research) further highlight how operational complexity and fragmented governance elevate risk for service providers. For MSPs and IT leaders, these trends increase contractual and operational exposure. Failure to recognize that the market is purchasing assurance rather than tool support will leave providers absorbing liabilities related to insurance control failures and unmetered operational costs, often under fixed-fee models that do not account for new governance demands. Providers are advised to immediately review contract language for obligations tied to security controls, reconsider pricing and scope in governance delivery, and prepare for insurer-driven requirements such as third-party access to telemetry or continuous control attestations. The takeaway is that defensible, auditable evidence—not stack management—will define margins, accountability, and long-term client relationships. 00:00 Sovereignty Squeeze 04:22 Spawl Blindspot 07:02 Proof Pays 09:35 Why Do We Care?  Supported by:  ScalePad CometBackup 

The Cyber Threat Perspective
Episode 178: Internal Security Controls That Actually Frustrate Attackers

The Cyber Threat Perspective

Play Episode Listen Later Apr 22, 2026 31:02


In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year.This isn't a vendor comparison or a theoretical framework. It's an honest account of what works, what gets misconfigured, and what separates organizations that slow attackers down from those that don't.Topics covered include:Application Control — ThreatLocker and Magic Sword — why app control is probably the single most effective endpoint control against attackers, how the learning period works, why jumping straight to enforcement mode is a mistake, and why executive buy-in is as critical as the technical implementationWDAC vs. traditional App Locker — the differences, what closed-book enforcement actually means for attackers, and the two schools of thought on allow-list vs. block-list approachesStrong identity controls — MFA beyond RDP including SMB, WinRM, and HTTP via products like Silverfort, why push notification MFA falls short, and why number matching mattersProtected Users Group — one of the most powerful and underused Active Directory controls, with a real-world story of how it nearly matched a full third-party identity product in effectiveness during a law firm pen testLeast privilege and admin tiering — why Help Desk is one of the most targeted groups for social engineering, how over-permissioned service accounts hand attackers domain admin in minutes, and the real cost of control path vulnerabilitiesNetwork segmentation and zero trust — why domain controllers don't need internet access, how segmentation limits attacker recon, and where products like Zscaler fit inEDR baselining and UEBA — why plugging in an EDR tool and expecting it to work isn't enough, the case for getting back to behavior-based detection, and why catching recon activity matters more than catching executionDeception — honeypots, canaries, and fake assets — why deception is underrated, why high-fidelity low-false-positive alerts change the game, and what it actually feels like as a pen tester to trip on a well-placed decoy without knowing itAlso mentioned: Spencer and Brad's Tools of the Trade workshop at ILTA Evolve — Denver, end of April.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Cloud Security Podcast
Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling

Cloud Security Podcast

Play Episode Listen Later Apr 14, 2026 31:06


Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era .Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider .We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpointGuest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Brandon's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Security, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:50) Who is Brandon Dixon? (RiskIQ, Microsoft Copilot, Ent AI) (04:00) Redefining Insider Risk: Malice vs. Mistakes (05:10) "Living Off the Land": Why Adversaries Use Legitimate Tools (06:30) The Zoom Example: Why EDR is Blind to Remote Control Hacks (09:30) The Failure of Security Training against "Click Fix" Attacks (11:50) Case Study: A HIPAA Violation via Meta AI in WhatsApp (13:50) Why Traditional DLP Fails at Semantic Context (16:50) Local AI Usage: Why Workloads Are Returning to the Endpoint (18:50) The Problem with UEBA: Putting Anomalies in Context (22:30) Why You Can't Build This With a Data Lake (26:30) Stopping the "Trophy SOC" and Dumb Alerts (27:40) Fun Questions: Kangaroo Jerky Tasting (28:40) Hobbies & Pride: Ultramarathons and Growing Up in Baltimore (29:20) Favorite Cuisine: Burmese Food (Tea Leaf Salad)

Cloud Security Podcast by Google
EP272 More Than Just Packets: Is NDR a "First-Class" Cloud Security Control?

Cloud Security Podcast by Google

Play Episode Listen Later Apr 13, 2026 34:11


Guest: Raja Mukerji, Co-Founder & Chief Scientist, Extrahop Rafal Los, VP of Client Relations and Strategic Initiatives, Extrahop Topics: Is Network Detection and Response (NDR) coming back after being shoved to the side by EDR a bit? Is this for real? What's the value proposition of NDR in 2026, because some people still don't understand it? How does NDR apply to the world of WFH, cloud/SaaS, encryption, high bandwidth, etc? Is the value of NDR the same, or different, when it comes to public (or private) cloud? How does NDR fill visibility gaps that identity and agent-based solutions cannot? What does NDR offer that built-in cloud security tooling (as of right now) does not? Would you call NDR a key cloud security control? Does NDR help with shadow AI? NDR elephant in the room is sometimes cost. How does cost change the value prop when compared to on-premise or physical infrastructure? Resources: Video version EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty EP113 Love it or Hate it, Network Security is Coming to the Cloud EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer? EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI) "The GC+CISO Connection Book" book

@BEERISAC: CPS/ICS Security Podcast Playlist
Who Actually Owns OT Cybersecurity? Not Who You Think

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 11, 2026 30:36


Podcast: Industrial Cybersecurity InsiderEpisode: Who Actually Owns OT Cybersecurity? Not Who You ThinkPub date: 2026-04-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig break down what they are seeing in real industrial environments as companies begin the OT cybersecurity journey. They outline why most organizations are still in an “unaware to awareness” phase, what creates the “oh wow” moment after the first pilot, and why ownership and execution often falls to plant-floor teams and their OEM and integrator partners.The conversation covers the limits of surface-level visibility, why accurate asset inventory and remote access control are foundational, and how practical constraints like flat networks, legacy switches, warranty concerns, and limited human capital can stall progress.They also share cautionary examples of IT-first security tooling causing operational impact, and they close with a clear message: think globally, act locally, and build a defensible OT program that matches how plants actually run.Chapters:(00:00:00) Why OT vulnerabilities and remote access are the real “kicker”(00:01:00) The market reality: 60% unaware, 30% starting, 10% operationalized(00:03:00) Who owns remediation: IT vs OT and the plant-floor accountability gap(00:05:00) Why “visibility” often stops at Purdue Level 3 and misses Level 2 assets(00:07:00) OEMs, integrators, and why support models matter in OT cybersecurity(00:09:00) Flat networks, north-south traffic, and why you still miss panel-level devices(00:11:00) The human capital problem and why outsourcing is often unavoidable(00:18:00) A real-world warning: EDR in ICS can create massive operational cost(00:20:00) Safety, quality, and cybersecurity: the three things leaders will fund(00:24:00) Change management failures and why monitoring PLC edits mattersLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Cyber Threat Perspective
Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice

The Cyber Threat Perspective

Play Episode Listen Later Apr 9, 2026 38:23


In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.Topics covered include:"Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open"EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed"Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works"Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point"Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces riskFocusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxesBrad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Secure Ventures with Kyle McNulty
JetStream | CEO Raj Rajamani on the EDR War and Agent Identity

Secure Ventures with Kyle McNulty

Play Episode Listen Later Apr 7, 2026 53:23


Raj Rajamani is co-founder and CEO of JetStream. JetStream sells an AI agent governance and identity platform designed to help organizations identify and control their sprawling AI footprint. In a crowded space, JetStream has emerged as a leader with a world-class team and $34 million seed round. Before JetStream, Raj has a storied career as a product leader at several of the most important EDR companies of the last 15 years. He served as a VP of Product at Cylance, CPO at SentinelOne, and CPO at CrowdStrike. In the episode, we talk about the lessons from the winners of the EDR battle, his personal character changes throughout, and how his experience has set him up to lead a startup in arguably the most important security category right now. https://jetstream.security/

7 Minute Security
7MS #716: Tales of Pentest Pwnage – Part 83

7 Minute Security

Play Episode Listen Later Apr 3, 2026 33:23


Today is my favorite pentest pwnage tale of 2026 – and maybe ever!  It centers around an ADCS abuse via an attack path I'd never seen before.  Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made?  Try copying them out to some-other-server.domain.comshare This post featured interesting use of the Responder -N option

The Cyber Threat Perspective
Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers

The Cyber Threat Perspective

Play Episode Listen Later Apr 2, 2026 24:25


In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that's become a go-to for their internal penetration testing engagements.They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely — no installation, no dependencies, no signatures to fight.Topics covered include:Why NetTools replaced AD Explorer and how EDR pressure forced the shiftGroup Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with write access to server OUsLDAP Search & Browser for querying AD, identifying risky data (like passwords in descriptions), and exploring object relationshipsAssigned Trustees & Permissions Reporter for fast, visual identification of misconfigurationsHow to run NetTools from non-domain-joined machines using saved credential profilesPassword checker functionality for targeted validation without spraying the environmentFor pentesters, it's a faster way to get visibility into AD risk. For IT admins, it's a practical way to audit and harden your environment.NetTools combines the functionality of multiple tools into one portable utility. Learn more at nettools.net. Credit to creator Gary Reynolds.NetTools | The Swiss army knife of AD troubleshootingBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

ITSPmagazine | Technology. Cybersecurity. Society
From Visibility to Actionability: How Asset Intelligence Drives Real Security Outcomes | A Brand Spotlight at RSAC Conference 2026 with Angelos Kottas, VP of Product and Corporate Marketing at Axonius

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 1, 2026 18:43


Security teams have more data than ever -- and less confidence in it. Angelos Kottas, VP of Product and Corporate Marketing at Axonius, opens by sharing a striking finding from the Axonius Actionability Report: 55% of CISOs still run their environments off spreadsheets, and fewer than 20% have daily updates to their asset data. The result is a gap between what organizations think they know and what is actually happening across their digital real estate. Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind. But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place. The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption. Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Angelos Kottas, VP of Product and Corporate Marketing, Axonius LinkedIn: https://www.linkedin.com/in/amkottas/ RESOURCES Axonius website: https://www.axonius.com Axonius Actionability Report: https://www.axonius.com (available on the Axonius website) Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ITSPmagazine | Technology. Cybersecurity. Society
From Threat Intelligence to Cyber Resilience: What SMBs and Enterprises Need to Know Now | A Brand Spotlight at RSAC Conference 2026 with Tony Anscombe, Chief Security Evangelist of ESET

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 1, 2026 24:01


On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury. Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture. Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation. Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster. A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET: https://www.eset.com ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ITSPmagazine | Technology. Cybersecurity. Society
From Network Evidence to Autonomous Defense: Corelight at RSAC Conference 2026 | A Brand Spotlight at RSAC Conference 2026 with Vijit Nair, VP of Product Management at Corelight

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 1, 2026 18:03


Vijit Nair, VP of Product Management at Corelight, joins Sean Martin on the floor of RSAC Conference 2026 for a conversation about what it takes to move security operations from AI-assisted to AI-autonomous. Corelight is the fastest-growing company in the network detection and response (NDR) space, and Nair has spent six years helping build the platform from early network monitoring to its current position as a Gartner Magic Quadrant Leader. The company's open NDR platform transforms raw network traffic into high-fidelity, unopinionated evidence -- and that evidence is now powering the next leap: agentic triage. Corelight's newly launched Agentic Triage product moves beyond the "level one" AI assistant model -- where a system answers questions but takes no action -- to a "level two" agent that actually investigates and triages alerts. It identifies the riskiest entities in an environment, collects all associated context and data, runs a full investigation cycle, and delivers a verdict with full evidence attached. Nair calls it "bringing the receipts": analysts see not just the conclusion but every step of the reasoning. Early results show a 10x increase in investigation speed and 60-70% of alerts being automatically triaged. The network is having a resurgence as an essential visibility layer, and Nair explains why: attackers have adapted to EDR. Nation-state-style campaigns like Volt Typhoon and Salt Typhoon operate in the network layer, targeting unmanaged devices, routers, firewalls, and VPNs that endpoint tools cannot see. Corelight almost always finds something in the first 30 days of a pilot deployment -- from shadow IT and shadow VPNs to active red team attacks using tools like Sliver-based C2 frameworks. On the question of SOC adoption, Nair pushes back on the assumption that hesitation comes from the top. The hunger for AI-powered tools runs from CISOs all the way down to the analysts dealing with alert overload and understaffed teams. A recent customer put it simply: "This is amazing. Please don't take it away from me." Nair frames the path to full autonomy as a spectrum -- from human-controlled to fully agentic -- and draws the comparison to Waymo: the journey is measured and incremental, but the destination is inevitable. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Vijit Nair, VP of Product Management, Corelighthttps://www.linkedin.com/in/vijitn RESOURCES Corelight: https://corelight.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Vijit Nair, Corelight, Sean Martin, network detection and response, NDR, agentic triage, AI SOC, autonomous security operations, SOC automation, network security monitoring, threat detection, AI-powered security, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Web3 with Sam Kamani
372: The Security Mistakes Every Web3 Founder Makes (And How to Avoid Them) with Guest Speaker Johnathon Claudius from Asymmetric Research

Web3 with Sam Kamani

Play Episode Listen Later Mar 23, 2026 34:07


I sat down with Jonathan Claudius from Asymmetric Research to talk about the security landscape in Web3. We covered the new vulnerabilities emerging from LLMs and AI agents, the easy wins every founder should implement today, and why security can't be confined to a two-week audit window. Jonathan shares real examples from their work with the Interchain Foundation, explains how to balance shipping speed with security rigor, and gives practical advice on building defense in depth. If you're building in this space, this conversation will change how you think about security. • [01:03] How Asymmetric Research started from Jump Crypto and their shift to commercial engagements• [04:52] Real incident: Preventing a DPRK hacking group infiltration at Interchain Foundation• [08:18] New security threats from LLMs and AI agents - the offense vs defense arms race• [10:08] Bug bounty programs seeing high-quality submissions from LLM-enabled attackers• [13:46] Easy wins: Branch protection, security keys, linting, and static analysis tools• [16:24] Balancing speed and security through defense in depth strategies• [18:35] OpenClaw and AI agents creating new attack vectors like prompt injection• [22:14] Laptop security basics: MDM and EDR solutions every team needs• [25:19] Why Asymmetric focuses on human connection over productization• [29:14] Founder lessons: Building finance and BD systems earlyAsymmetric Research Website: https://asymmetric.reAsymmetric Research Careers: https://asymmetric.re/careerWeb3 with Sam Kamani: https://www.web3pod.xyz/Nothing mentioned in this podcast is investment advice and please do your own research. It would mean a lot if you can leave a review of this podcast on Apple Podcasts or Spotify and share this podcast with a friend. Be a guest on the podcast or contact us - https://www.web3pod.xyz/

ITSPmagazine | Technology. Cybersecurity. Society
The AI Hype Is Real -- But So Is the Risk of Getting It Wrong | A Brand Spotlight at RSAC Conference 2026 with Subo Guha, Senior Vice President of Product Management of Stellar Cyber

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 18, 2026 20:25


Every vendor at RSAC Conference 2026 will have an autonomous SOC story. Subo Guha, Senior Vice President of Product Management at Stellar Cyber, has been building the real thing for over a decade -- and he has one question every buyer should ask at every booth: can your platform explain why it reached its verdict? Stellar Cyber's autonomous SOC provides a full case summary for every true positive, showing the forensic evidence chain, threat intelligence correlations, and specific observables that led to the conclusion. SOC analysts can review, challenge, or override -- and that feedback loop is how the system improves. The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace. At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on. Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it. Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Subo Guha, Senior Vice President of Product Management, Stellar Cyberhttps://www.linkedin.com/in/suboguha/ RESOURCES Learn more about Stellar Cyber: https://stellarcyber.ai RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.