Podcasts about GRC

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security. France's VanityFair face a stiff fine over cookies. GrapheneOS pulls out of France over coercion worries. The EU adds to the pile-on over underage social media. India mandates the tracking of all smartphones. Apple says no. India abandons its smartphone tracking mandate. India requires all encrypted messaging to be SIM-tied. Scattered Lapsus$ Hunters --becomes--> SLH. AI demand has driven RAM pricing sky high. GRC's DNS Benchmark is finished and available. Cisco may talk a good game, but they're still Cisco. Browsers to ask users for local network access permission. React: The worst remote code exploit in a LONG time. Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow veeam.com bigid.com/securitynow zscaler.com/security hoxhunt.com/securitynow

SummaryIn this episode, Sean M Weiss engages with Richa Kaul, CEO of Compliance with a Y, discussing the critical role of governance, risk, and compliance (GRC) in today's data-driven world. They explore the mission behind the organization, the importance of risk assessments, and the challenges posed by rapid advancements in AI technology. Richa emphasizes the need for ethical considerations in AI development and the necessity of human intervention in AI processes. The conversation highlights the balance between innovation and regulation, particularly in the context of data privacy and security.TakeawaysCompliance with a Y focuses on protecting consumer data through enterprise security.Risk assessments are crucial for both large and small organizations.GRC stands for Governance, Risk, and Compliance, and is increasingly important.AI technology is evolving rapidly, outpacing current regulations.Ethical AI development requires human oversight and intervention.Organizations must prioritize security over mere compliance.The healthcare sector is a significant focus for Compliance with a Y.AI can enhance risk visibility but should not replace human judgment.Regulations need to adapt to the fast-paced changes in technology.Integrity in business practices is essential for long-term success.

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes Nicole Di Schino, Principal Compliance Services Consultant at Diligent's Spark Compliance Group to consider how to best harness AI for your compliance regime into 2026 and beyond.   Nicole and Tom discuss the critical importance of AI governance, compliance, and modern GRC. They cover practical steps for developing comprehensive compliance programs, emphasizing the necessity for AI risk assessments, the establishment of AI governance committees, and the implementation of human oversight in AI processes. Nicole highlights the intrinsic risks associated with the use of AI, including privacy concerns and AI bias, and shares her personal experiences with AI's impact in educational settings. Tom underscores the role of compliance education, advocating for the broader view of compliance as an ambassadorial and educational function. This session also explores the integration of AI into compliance workflows and the essential role of board and committee oversight.  Resources Nicole Di Schino on LinkedIn Diligent Website   Tom Fox Instagram Facebook YouTube Twitter LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is John Barrow, CISO, JB Poindexter & Co. In this episode: Building unicorns, not hunting them Cold War frameworks for modern threats Trading dollars for stories Mirror, mirror on the wall Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

La Gendarmerie royale du Canada limite l'usage de ses 973 drones chinois (soit 80 % de sa flotte) aux opérations non délicates, invoquant des « risques élevés pour la sécurité ». Le remplacement de ces appareils jugés à risque par la GRC coûterait plus de 30 millions $.

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don't miss this timely conversation as our experts break down what's real, what's risky, and what's next in AI for GRC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's episode is hosted by Chris Hackett and they are joined on the podcast by Christopher Bosch, CISO at Evolved Aerospace and Elisia Chessel, Senior Security Architect at Klarna. The conversation explores how organisations can strengthen their approach to security and GRC by effectively engaging senior leadership. Through a broad discussion on communication practices, cultural alignment and strategic visibility, the episode highlights why embedding robust frameworks early is essential for building long-term resilience. The guests also reflect on how leadership teams can better understand evolving risks and support wider operational goals. The exchange highlights practical methods for integrating security into core decision-making, ensuring GRC principles are not treated as optional but as foundational to sustainable growth. By examining shifting expectations, the episode considers how modern enterprises can foster a proactive mindset and ensure that security and GRC continue to shape organisational maturity.

In this JCO Precision Oncology Article Insights episode, Natalie DelRocco summarizes "Genomic Risk Classifiers in Localized Prostate Cancer: Precise but Not Standardized" by Góes et al. published on September 10, 2025. TRANSCRIPT Natalie DelRocco: Hello and welcome to JCO Precision Oncology Article Insights. I'm your host, Natalie DelRocco, and today we will be discussing the editorial "Genomic Risk Classifiers in Localized Prostate Cancer: Precise but Not Standardized." This editorial by Góes, Li, and Chehrazi-Raffle, and Janopaul-Naylor et al. describes genomic risk classifiers, or GRCs, for patients with localized prostate cancer. Like any risk prediction model, GRCs are intended to help identify groups of patients that may benefit from less intense or more intense anticancer therapy. Risk prediction tools can be difficult to bring into clinical practice; they require a lot of validation. And as the authors describe, GRCs in localized prostate cancer are no exception. The authors of this editorial contextualize an article by Janopaul-Naylor et al., which attempts to retrospectively explore the clinical use of three available GRCs for localized prostate cancer: Decipher, Oncotype DX, and Prolaris. Each of these three GRCs is being used in clinical practice currently. In the original article, all three GRCs were associated with less intense therapy being prescribed in practice. However, the editorial authors note that this is likely selection bias due to the observational nature of the study design. It is conceivable that GRCs were more likely ordered to make decisions for patients who were already thought to be good candidates for less intensive therapy. Another weakness of the retrospective study design is that patient level covariates known to be associated with clinical prognosis in localized prostate cancer, such as staging, Gleason score, prostate specific antigen, were unavailable. The authors note that sampling bias may also be an issue. Uninsured patients are not included in the original article, and therefore may impede the ability to make conclusions about the association of GRC use with income level. The editorial authors highlight important study findings as well as these limitations, such as the heterogeneity of interventions following GRC result return. The Prolaris GRC was found to be associated with more surgical interventions, while the Decipher GRC was associated with more androgen deprivation therapy plus radiation. Additionally, patients with active surveillance were more likely to have a GRC in general ordered. While these conclusions are very interesting, the editorial authors note that further exploration and validation, given the retrospective study design and limitations outlined, are needed to fully understand the impact of GRCs in the practice of treating localized prostate cancer. Thank you for listening to JCO Precision Oncology Article Insights. Don't forget to give us a rating or a review and be sure to subscribe so that you never miss an episode. You can find all ASCO shows atasco.org/podcasts. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions.  Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.

Christine Lowthian, Head of Regulatory Compliance at HSBC, on her career journey, the importance of seizing opportunities and building a supportive network. She highlights her experience leading global teams, particularly in commercial banking and the U.S., and the challenges of managing multicultural teams. Lowthian stresses the role of technology, particularly AI, in enhancing compliance efficiency but noted the need for clean data. She advises aspiring leaders to embrace opportunities, maintain open communication with boards and regulators, and focus on strategic thinking and continuous improvement. SHOW NOTES 02:12 Career Journey 05:46 Leading Global Teams 08:50 Managing Multicultural Teams 16:27 Skills for the Compliance Officer of the Future 17:57 Engaging with Boards and Regulators 26:29 Handling Challenging Personalities 29:05 Advice for Women Starting Out Transcript and more GRC content: https://www.riskywomen.org/2025/11/podcast-s813-leading-global-teams-managing-with-impact-christine-lowthian/

The Explosion of Security Data & Modern Detection with Joshua Scott | DailyCyber 280 ~ Watch Now ~In this episode of DailyCyber, I sit down with Joshua Scott, VP of Security at Hydrolix, a leader with nearly 30 years of hands-on experience across enterprise security, cloud architecture, GRC, risk, IR, compliance, detection engineering, and product security.Joshua has built and led security programs in every major function — from enterprise GRC and security engineering to cloud security, DevSecOps, threat detection, incident response, IAM, and data governance. Today, he leads security for Hydrolix, a platform built to help organizations query terabytes to petabytes of security data at speed.This episode is for CISOs, vCISOs, architects, analysts, SOC leads, and anyone trying to navigate today's overwhelming security landscape. 

Today we're launching Risky Women Academy, where we empower women in governance, risk, and compliance to advance in their careers! I'm Kimberley Cole, and I'm excited to share that we offer a range of courses from various providers, covering everything from trade and industry topics to essential soft skills. Bringing you new ways to learn from experts in the GRC industry, you'll also find discounts and special offers on courses right here. Discover the tools and knowledge you need to excel in your career! Check out Risky Women Academy now and be part of a community that champions your success. Are you part of an organization eager to showcase your valuable content? We invite you to collaborate with us! Reach out at info@riskywomen.org to explore how we can elevate the conversation together. Let's keep building on our super powers for even greater success!

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is our sponsored guest, Nathan Hunstad, director, security, Vanta. In this episode: Metrics that matter Testing for real AI as an assistant Intelligence without context Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

In this episode of The Digital Executive, host Brian Thomas welcomes Yakir Golan, CEO and Co-founder of Kovrr, a global leader in cyber and AI risk quantification. Drawing from his early career in Israeli intelligence and later roles in software, hardware, and product management, Yakir explains how his background shaped his holistic approach to understanding complex, interconnected risk systems.Yakir breaks down why quantifying AI and cyber risk—rather than relying on subjective, color-coded scoring—is becoming essential for enterprise leaders, boards, and regulators. He explains how Kovrr's new AI Risk Assessment and Quantification module helps organizations model real financial exposure, understand high-impact “tail risks,” and align security, GRC, and finance teams around a shared, objective language.Looking ahead, Yakir discusses how global regulation, including the EU AI Act, is accelerating the need for measurable, defensible risk management. He outlines a future where AI risk quantification becomes a board-level expectation and a foundation for resilient, responsible innovation. Through Kovrr's mission, Yakir aims to equip enterprises with the same level of intelligence-driven decision making once reserved for national security—now applied to the rapidly evolving digital risk landscape.If you liked what you heard today, please leave us a review - Apple or Spotify.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Guest article by Paul Dongha . Co-author of Governing the Machine: How to navigate the risks of AI and unlock its true potential. Artificial Intelligence (AI) has moved beyond the realm of IT, it is now the defining strategic challenge for every modern organisation. The global rush to adopt AI is shifting from a sprint for innovation to a race for survival. Yet as businesses scramble to deploy powerful systems, from predictive analytics to generative AI, they risk unleashing a wave of unintended consequences that could cripple them. That warning sits at the heart of Governing the Machine: How to navigate the risks of AI and unlock its true potential, a timely new guide for business leaders. Governing the Machine The authors, Dr Paul Dongha, Ray Eitel-Porter, and Miriam Vogel, argue that the drive to embrace AI must be matched by an equally urgent determination to govern it. Drawing on extensive experience advising global boardrooms, they cut through technical jargon to focus on the organisational realities of AI risk. Their step-by-step approach shows how companies can build responsible AI capability, adopting new systems effectively without waiting for perfect regulation or fully mature technology. That wait-and-see strategy, they warn, is a losing one: delay risks irrelevance, while reckless deployment invites legal and reputational harm. The evidence is already visible in a growing list of AI failures, from discriminatory algorithms in public services to generative models fabricating news or infringing intellectual property. These are not abstract technical flaws but concrete business risks with real-world consequences. Whose problem is it anyway? According to the authors, it is everyone's. The book forcefully argues that AI governance cannot be siloed within the technology department. It demands a cross-enterprise approach, requiring active leadership driven from the C-suite, Legal counsel, Human Resources, Privacy and Information Security teams as well as frontline staff alike. Rather than just sounding the alarm, the book provides a practical framework for action. It guides readers through the steps of building a robust AI governance programme. This includes defining clear principles and policies, establishing accountability, and implementing crucial checkpoints. A core part of this framework is a clear-eyed look at the nine key risks organisations must manage: accuracy, fairness and bias, explainability, accountability, privacy, security, intellectual property, safety, and the impact on the workforce and environment. Each risk area is explained, and numerous controls that mitigate and manage these risks are listed with ample references to allow the interested reader to follow-up. Organisations should carefully consider implementing a Governance Risk and Compliance (GRC) system, which brings together all key aspects of AI governance. GRC systems are available, both from large tech companies and from specialist vendors. A GRC system ties together all key components of AI governance, providing management with a single view of their deployed AI systems, and a window into all stages of AI governance for systems under development. The book is populated with numerous case studies and interviews with senior executives from some of the largest and well-known origanisations in the world that are grappling with AI risk management. The authors also navigate the complex and rapidly evolving global regulatory landscape. With the European Union implementing its comprehensive AI Act and the United States advancing a fragmented patchwork of state and federal rules, a strong, adaptable internal governance system is presented as the only viable path forward. The EU AI Act, which has now come into force, with staggered compliance deadlines in the coming two years, requires all organisations that operate within the EU, to implement risk mitigation controls with evidence of compliance. A key date is August 2nd 2026, by which time all 'Hig...

RadioPirate LIVE édition du 11 novembre 2025 avec ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jeff⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Fillion⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ 0min00 - ⁠Jeff⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ et ⁠MisterWhite⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ essaient de comprendre ou s'en va notre PM François Legault. (Partie 1) 17min19- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jeff⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ et ⁠⁠MisterWhite⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ essaient de comprendre ou s'en va notre PM François Legault. (Partie 2) 33min36 - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Une histoire incroyable dans la Boîte à ⁠⁠⁠⁠⁠⁠⁠⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠. ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Substack du ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ici https://gerrypizza.substack.com/⁠ 47min05 - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Le spectaculaire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jo Hamel⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ fait le tour de l'actualité économique et politique d'ici et d'ailleurs avec ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jeff⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ et ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. 1h12min30 - ⁠⁠⁠⁠⁠⁠Jeff⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ et ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Gerry⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ reçoivent Alain Pharand qui a travaillé pendant 19 ans à la GRC comme policier puis par la suite en finance. Il a écrit un livre d'affaire en 2021 et vis au Mexique a Playa Del Carmen depuis ou il aide les gens qui s'y intéresse à y inverstir et s'installer. (Podcast intégral sur le PRIME) Consulter son site ici : https://playahere.com/fr/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we're joined by Jakob Lilholm, Co-founder & CEO at Formalize, the Danish-based compliance SaaS that went from a single-point whistleblowing tool to a multi-product GRC platform used by 8,000+ customers across ~80 countries. Jakob shares how his team timed EU regulatory tailwinds, built whistleblowing software, and then layered products on top, shifting from high-volume transactional sales to a focused, consultative motion for regulated industries. Fresh off announcing a €30M Series B, Jakob walks through the internal rewiring it took: carving out an innovation pod with its own OKRs, resisting flattering false positives from the existing base, and proving platform demand with new-logo sales first, going from ~€100k ARR on the platform to >50% of company revenue in a year.  Here are some of the key questions we address: When do you expand from a point solution to a platform? We discuss the timing model Formalize used (EU roadmap + S-curve “next wave” before the first peaks). What's the right ICP for a platform? Why did they end up narrowing their ICP and say “not yet” to others? How do you avoid false positives when you already have thousands of customers? Jakob explains why he decided to validate platform fit with new logos first. What org design supports a second act like this? How do you shift GTM, pricing, and messaging? What is the process moving from low ACV sales to higher-ACV, consultative deals without breaking the engine? Which metrics matter in the first year of a platform bet? How do you prove value creation, track conversion quality, and know when to re-inject the core team?

Today's guest is Annette Muldowney, Vice President - ServiceNow Manager at MidWestOne Bank. Founded in 1934, MidWestOne Bank is a relationship-driven community bank that provides comprehensive financial solutions, including personal and business banking, lending, trust services and wealth management. Guided by values of integrity, teamwork and impact, MidWestOne Bank aims to generate meaningful outcomes for both their customers and communities.Annette is a resourceful and innovative leader with over 20 years of technical management, project implementation and customer experience expertise across private, public and Fortune 500 sectors. As a ServiceNow Platform Owner, Annette oversees roadmap creation, governance and adoption strategies to ensure seamless user experiences and measurable results. She is recognized for a collaborative leadership style, commitment to excellence and ability to deliver impactful, technology-driven organizational change.In the episode, Annette talks about:0:00 Driving financial innovation with ServiceNow for efficiency, transparency3:06 Her role driving service management transformation at MidWestOne3:52 Focusing on FSO, CSM, and emerging GRC initiatives5:32 How her team is leveraging partners to manage ServiceNow implementation8:02 Driving a phased ServiceNow implementation using crawl, walk, run approach10:56 How Executive support and right vendor critical for ServiceNow success13:12 Why building personal connection with vendors, fit and vision matter most14:35 Advice to lead by example, stay fact-based, and measure what matters18:03 The need to deeply understand the business to drive long-term platform success

Parliament convened in September, but a familiar face from the previous term wasn’t there. Progress Singapore Party’s secretary-general Leong Mun Wai was a notable presence as a Non-Constituency MP during the 14th term of Parliament, sometimes having heated exchanges with ministers and PAP MPs. But he and fellow party member Hazel Poa did not retain their NCMP spots following the General Election in May. Their PSP team for West Coast-Jurong West GRC lost to the PAP slate, which won the five-man GRC with 59.99 per cent of the vote to PSP’s 40.01 per cent. In this episode of The Usual Place, I speak with Mr Leong about steering the party in its next phase post-GE2025 and the challenges of not being in Parliament. How will PSP evolve its practices and policy communications without a Parliamentary presence, and remain relevant? Highlights (click/tap above): 4:06 Increasing online presence to explain party positions 6:05 Mr Leong on heated exchanges as NCMP 10:45 How PSP will explain its policy ideas to the public post-GE2025 19:19 What will PSP really stand for "after Dr Tan Cheng Bock"? 20:20 Wanting to lead national conversation on economy 22:55 How does PSP stand out differently from other parties? 25:00 Will PSP move beyond the electro west? 28:00 "I learnt a very hard lesson about the powerful PAP machinery": Mr Leong Read Natasha Ann Zachariah’s articles: https://str.sg/iSXm Follow The Usual Place podcast on IG: https://www.instagram.com/theusualplacepodcast Follow Natasha on LinkedIn: https://str.sg/v6DN Filmed by: Studio+65 Edited by: Teo Tong Kai and Chen Junyi Executive producers: Danson Cheong, Elizabeth Khor & Ernest Luis Editorial producer: Lynda Hong Follow The Usual Place Podcast and get notified for new episode drops every Thursday: Channel: https://str.sg/5nfm Apple Podcasts: https://str.sg/9ijX Spotify: https://str.sg/cd2P YouTube: https://str.sg/theusualplacepodcast Feedback to: podcast@sph.com.sg SPH Awedio app: https://www.awedio.sg --- Follow more ST podcast channels: All-in-one ST Podcasts channel: https://str.sg/wvz7 Get more updates: http://str.sg/stpodcasts The Usual Place Podcast YouTube: https://str.sg/4Vwsa --- Get The Straits Times app, which has a dedicated podcast player section: The App Store: https://str.sg/icyB Google Play: https://str.sg/icyX -- #tup #tuptrSee omnystudio.com/listener for privacy information.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta. In this episode: Skip the Sermon When to coach versus command Making risk quantification useful Recognizing a distinct discipline   Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner  

In this episode of GRC Chats, we explored vital mindset shifts for GRC professionals navigating crisis situations. Caroline Stokes, leadership coach and author of "Aftershock to 2030: A CEO's Guide to Reinventing in the Age of AI, Climate, and Societal Collapse," shares her expertise on fostering resilience and mental health in risk management, cyber security, and governance. Discover how these tireless professionals can prioritize self-care without compromising their mission-critical roles. We discussed the challenges faced by Chief Risk Officers, cyber security leaders, and sustainability advocates, including burnout, work-life balance, and career development. Caroline highlights strategies, including the importance of taking moments to reset, leveraging coaching, and rethinking systems for long-term success. Her insights are essential for anyone in risk management, governance, or defense industries. Aftershock to 2030 book: Amazon: https://www.amazon.co.uk/dp/B0FB5BKFGL Thinkers 50 Leadership Award announcement: https://www.linkedin.com/posts/ocarolinestokes_thinkers50-leadership-regeneration-activity-7378448096940298240-iXXs?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAD7q70Bk40-vywCY4O_4l7zVHq6e1LRqpE If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Inquiry.

CISO Roles, Talent Crisis & AI Tools | DailyCyber 276 with Michael Reichstein ~ Watch Now ~In this episode of DailyCyber, I'm joined by Michael Reichstein, a global cybersecurity executive with more than 20 years of experience leading security programs across multiple continents. His journey spans military service, enterprise GRC integration, and Fortune 500 leadership. Michael brings a people-first perspective to security, emphasizing communication, culture, and aligning security with business goals. 

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements.The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode:01:12. Why CIS “drinks its own champagne” when it comes to cybersecurity02:56. Three ways the CIS Controls help modern enterprises defend against threat actors04:02. The importance of pulling together security lessons learned in a way that's translatable10:03. Our use of the CIS Controls to align to SOC 2, ISO 27001, and other frameworks12:01. How governance, risk, and compliance (GRC) engineering works with automation to help build repeatable processes22:43. The role of collaboration and communication in building a cybersecurity program27:17. Privacy regulations as a catalyst for security innovation30:24. The CIS Community Defense Model and evidence-based practices32:40. How CIS leverages lessons learned to improve our security best practicesResourcesEpisode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP's modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD's SWFT, SRG, and RMFSubscribe now

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Davis Cup Double FaultFor credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/bonus-episode-4-davis-cup-double-fault/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

What happens when governance, risk, and compliance (GRC) collide with the everyday realities of the healthcare supply chain? On this episode of Power Supply, we're joined by David Williams, a healthcare supply chain leader with deep expertise in finance, risk, and compliance, to explore how cybersecurity, finance, procure-to-pay, and AI are all connected under the GRC umbrella. From process risks hiding in daily workflows to the growing urgency of cyber hygiene and AI governance, David explains why alignment across supply chain, finance, and IT is critical to protecting both operations and patient safety. Whether you're in the C-suite or working on the loading dock, this conversation breaks down what GRC really means for supply chain—and how to balance the equation for a smarter, safer future! Once you complete the interview, jump on over to the link below to take a short quiz and download your CEC certificate for 0.5 CECs! – https://www.flexiquiz.com/SC/N/ps15-07 #PowerSupply #Podcast #AHRMM #HealthcareSupplyChain #SupplyChain #GRC #Risk #Compliance #Governance #Cybersecurity

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com        

SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.    

Meter: Visit https://meter.com/itcareer to book a demoCybersecurity is changing faster than ever — and the jobs of the future may not look like the ones you picture today. Everyone talks about hacking, red teaming, and pen testing, but there's a side of cybersecurity that's just as critical and often overlooked: GRC (Governance, Risk, and Compliance).In this episode, I sit down with  @UnixGuy  (Abed Hamdan) to talk about the future of cybersecurity, why GRC might be the biggest hidden career opportunity, and what it really takes to break into the field. We'll cover who should consider GRC, the skills you need to succeed, and how AI and automation are reshaping the industry.Whether you're brand new to tech or looking to pivot your career, this conversation will give you insider knowledge most people miss.

The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

Thousands had data leaked in blood center ransomware attack UK Electoral Commission recovers, 3 years after China hack Npm packages with 2 billion weekly downloads targeted in supply chain attack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks. In this episode: Making organizations take their security medicine Building CISO support systems Holding the door for humans Underappreciated risks: beyond the headlines Huge thanks to our sponsor, Safe Security SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.  

In this episode, we demystify the often misunderstood world of surveillance in financial services with Emily Wright, a leading expert in compliance and risk management. Emily breaks down the complexities of employee surveillance, highlighting its real value beyond mere compliance theater. She emphasizes the critical role of human behavior in shaping effective risk management strategies. Join us as we explore how understanding these dynamics can transform your organization's approach to surveillance and foster a culture of integrity and accountability. SHOW NOTES01:25 Career Journey 08:18 Behind the Screens Book 11:43 Obstacles for Trade Surveillance 14:11 Changes for Comms Surveillance 17:35 Technology & AI Influences 22:42 Do the 3 Lines of Defense Hold?

GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.  

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group. In this episode: Vulnerability management vs. configuration control Open source security and supply chain trust Building security leadership presence AI governance and enterprise risk Huge thanks to our sponsor, Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

Dave Sobel interviews John Harden, the director of strategy and technology evangelism at Auvik, discussing the evolution of SaaS management and its growing adoption in the industry. Since Auvik's acquisition of SaaSlio in 2022, the company has invested significantly in engineering efforts to enhance its SaaS management capabilities. Harden highlights the increasing need for visibility into SaaS applications due to rising cybersecurity threats and the growing importance of AI in business environments. He emphasizes that many organizations are now recognizing the necessity of understanding their SaaS assets, particularly in light of the proliferation of AI tools.The conversation delves into the different ways organizations are consuming AI, with smaller companies typically using AI through SaaS applications, while larger organizations may develop their own models via APIs. Harden explains how Auvik's SaaS management platform provides visibility into both categories, allowing businesses to monitor AI usage and manage potential risks associated with shadow IT. He also discusses the recent release of SaaSOps, which enhances visibility and integrates with popular tools to provide deeper insights into API usage and license management.As organizations begin to shift back to on-premises servers due to the high costs associated with AI workloads, Auvik has responded by introducing server management capabilities. Harden notes that this new feature allows for comprehensive monitoring of on-premises infrastructure, ensuring that businesses can effectively manage their IT assets regardless of where they are hosted. This adaptability is crucial as companies navigate the complexities of their IT environments, whether they are utilizing cloud services or traditional on-premises solutions.Looking ahead, Harden expresses optimism about the growth of compliance and governance, risk, and compliance (GRC) solutions, which he believes will foster stronger relationships between managed service providers (MSPs) and their clients. He emphasizes the importance of asset visibility in achieving compliance and cybersecurity goals, as well as in developing AI strategies. By continuing to expand its asset visibility portfolio, Auvik aims to support MSPs in meeting the evolving needs of their customers in a rapidly changing technological landscape. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.