Podcasts about incident response

When David Koopmans' IT manager started sending strange messages to employees, David knew something was wrong. By then, threat actors had been inside his network for 30 days.What followed was a ransomware nightmare that cost $14 million, put David in the hospital, and ended with him being let go—despite years of warning leadership they needed to invest in security.In this episode, we follow David's story from chaos to recovery, with expert context from Fortinet's incident response team on what actually happens when the call comes in (spoiler: it's always Friday afternoon), the critical mistakes that make attacks worse, and why 30 minutes a week of preparation could be the difference between survival and catastrophe.Key Takeaways:Why "we're not a target" is the most dangerous assumption in securitThe common mistake that lets attackers hit you twiceHow tabletop exercises helped one company respond to a near-identical real incidentThe 30-minute weekly habit that separates prepared teams from overwhelmed onesFeaturing: David Koopmans (CIO, MMT Ambulance), Josh Brewer (Softchoice), John Simmons (FortiGuard IR Lead, Americas), John Hollenberger (FortiGuard Proactive Lead)====This episode is brought to you by FortinetWhen a cyber incident hits, the difference between chaos and recovery comes down to preparation. Learn how FortiGuard Incident Response Services can help your team respond faster and recover stronger at softchoice.com/fortinet====Resources• FortiGuard Incident Response Services: softchoice.com/fortinet• Book: "Cybersecurity Tabletop Exercises: From Planning to Execution" by John Hollenberger (No Starch Press, October 2024)The Catalyst by Softchoice is the podcast dedicated to exploring the intersection of humans and technology.

In this episode of Unspoken Security, host AJ Nash sits down with Bob Fabien “BZ” Zinga, a cybersecurity executive and Naval Information Warfare Commander in the U.S. Navy Reserve. They explore how performative leadership shows up in security teams, and why values on a wall fail when pressure hits.BZ argues that optics without accountability kills trust. When leaders bend with politics or budgets, engaged employees go quiet. That silence hides risk. He shares how breaches often trace back to human choices, including a W-2 phishing scam that exposed employees' data and changed his own life. He also pushes blameless postmortems and clear escalation paths.From there, the conversation moves to AI. BZ warns that teams can automate bias and outsource judgment. He calls for guardrails, regulation, and human oversight, especially in high-stakes decisions. He closes with a simple standard: speak up for fairness, even when silence would feel safer.Send a textSupport the show

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: OT Cybersecurity That Works: Tabletop Exercises, Critical Controls & Building TrustPub date: 2026-02-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationYou can't secure OT environments with checklists alone - you secure them with trust, clarity, and focused action. In this episode of Protect It All, host Aaron Crow sits down with OT security expert Dean Parsons to unpack what actually improves cybersecurity maturity in manufacturing, water, and wastewater environments. From remote access blind spots to outdated network architecture, they explore the practical gaps many organizations face - and how to fix them without massive budgets. A central theme? Tabletop exercises. Not as a compliance checkbox - but as a powerful tool to build collaboration between IT and OT teams, clarify roles, and stress-test real incident response plans before a crisis hits. You'll learn: Why tabletop exercises accelerate OT maturity The importance of trust between engineers and IT teams How focusing on the SANS 5 Critical Controls drives meaningful progress Why visibility and architecture matter more than shiny tools How to improve OT security without overwhelming teams or budgets The human and process factors that determine response success Whether you're leading OT security, managing critical infrastructure, or trying to bridge IT and engineering teams, this episode delivers practical, experience-backed strategies you can implement immediately. Tune in to learn how to strengthen OT security through people, process, and purposeful action - only on Protect It All. Key Moments:  03:57 "Improved IT-OT Collaboration Tabletops" 08:57 "ICS Security Priorities" 12:16 "Accelerating ICS Cybersecurity Programs" 15:07 Trusted Expertise Builds Credibility 17:28 "Engineering Role in Incident Response" 20:53 "Cybersecurity: Tabletops Gain Traction" 26:34 "Control Systems, Protocol Abuse Insights" 27:51 Secure Architecture Enables Network Visibility 33:07 "Targeted Network Monitoring Essentials" 35:23 Prioritize Critical Assets Strategically 37:50 "Bridging IT and OT Expertise" 41:56 Critical Infrastructure Security Risks 44:30 ICS Leadership and Threat Strategy 48:14 "Power Plant Walkthrough Insights" 52:02 Critical Cyber Asset Management 57:29 "SANS Courses: Essential and Valuable" About the guest :  Dean Parsons is a SANS Principal Instructor and the CEO and Principal Consultant of ICS Defense Force. Over the past two decades, Dean has built and led industrial cyber defense programs, conducted incident response and digital forensics in live plants and partnered with operators and engineers to maintain both safety and uptime across major industrial sectors. He helps organizations align investment and policy decisions with operational priorities, developing risk metrics and tabletop exercises that unify operations, engineering, and cybersecurity so organizations in any industrial sector can prioritize and measure what matters. How to connect Dean : https://www.linkedin.com/in/dean-parsons-cybersecurity Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

As AI systems move rapidly from experimentation into production, organizations are discovering that adoption alone is not the hard part, understanding, governing, and trusting AI in live environments is. In this episode of the Tech Transformed, Shubhangi Dua speaks with Camden Swita, Head of AI, New Relic, about why AI observability has become a critical requirement for modern enterprises, particularly as agentic AI and AI-driven operations take on increasingly autonomous roles.The discussion explores how traditional observability models fall short when applied to probabilistic systems, why many AI ops initiatives stall at proof-of-concept, and what security and IT leaders must prioritize to safely scale AI in production.Be the first to see how intelligent observability takes you beyond dashboards to agentic AI with business impact at New Relic Advance, February 24, 2026.Why AI Adoption Is Outpacing Operational ReadinessWhile AI adoption is accelerating rapidly, most organizations still lack visibility into what their AI systems are actually doing once deployed. Generative AI is already widely used for natural language querying, coding assistants, customer support bots, and increasingly within IT operations and SRE workflows. As these systems move into production, new challenges emerge around cost control, governance, performance quality, and trust. Leaders recognize AI's potential value, but without deep observability, they struggle to determine whether AI-enabled systems are delivering consistent outcomes or introducing hidden operational and security risks.How Observability Must Evolve for Agentic AI and AI OpsThe episode then examines how observability itself must evolve to support agentic and autonomous AI systems. While core observability principles still apply, AI introduces a new layer of complexity that requires visibility into model behavior, agent decision-making, and multi-step workflows. Modern AI observability extends traditional application performance monitoring by capturing telemetry from LLM interactions, agent orchestration layers, and automated evaluations of output quality against intended use cases. Without this visibility, teams are effectively operating blind, unable to diagnose failures, validate compliance, or confidently deploy AI at scale. At the same time, AI is increasingly being embedded into observability platforms to reduce noise, accelerate root cause analysis, and improve incident response.Making Agentic AI Work in PracticeSuccessful adoption starts with low-risk, high-friction tasks such as incident triage, dashboard interpretation, and runbook summarization, rather than fully autonomous remediation. These use cases deliver immediate productivity gains while preserving human oversight. Over time, stronger feedback loops, better context management, and human-in-the-loop learning allow agents to become more reliable and useful. Looking ahead, Camden predicts that 2026 will be a turning point for agentic AI in production, driven by maturing AI observability platforms, richer semantic data, and knowledge graphs that connect technical telemetry to real business outcomes.Listen to Are “Vibe-Coded” Systems the Next Big Risk to Enterprise Stability?When Vibe Code Breaks OpsAI-generated code is pushing prototypes into production faster than ops can cope. How observability becomes the...

This episode features Tim Beasley, a Senior Incident Response Consultant at Semperis with decades of experience in compromise recovery and post-breach response.With a background that includes leading recovery efforts at Microsoft's DART team and helping build the Compromise Recovery Security Practice, Tim brings deep operational insight into what happens after attackers gain access. His work spans ransomware, nation-state intrusions, and large-scale identity compromises across public and private sector organizations.In this episode, Tim explains why gaining access is only the beginning of modern attacks and why identity remains the primary path for escalation. He breaks down how attackers exploit credential exposure and identity infrastructure, and why prevention alone fails without a recovery-first mindset. He shares real-world lessons from incident response and recovery, including how teams contain threats and limit the impact of identity compromises.This episode reframes identity security as a resilience problem and offers a clearer way to think about preparing for the breach you haven't detected yet.Guest Bio Tim Beasley is a Senior Incident Response Consultant at Semperis. He is Microsoft and VMware Certified, a MIS graduate, and a self-driven IT professional with experience in both public sector and private sector technology. While extremely loyal to employers, Tim has gained quality knowledge throughout a career that's enabled tremendous growth in an IT security environment. He enjoys challenges and implements proactive measures to maintain complete customer satisfaction and success.Guest Quote “Everything in compromise essentially starts with identity. We always say identity is the new perimeter. It's true. All attacks, breaches, every engagement that I've been a part of... all start with a compromised set of credentials.”Time stamps 00:41 Meet Tim Beasley: Cybersecurity Specialist 01:32 Tim's Journey at Microsoft 12:24 The Role of Identity in Cybersecurity 20:57 Real-World Cybersecurity Identity Challenges 23:27 The Big Four in Identity Management 24:01 Flashcard Fiascos: Cyberattacks Across Industries 32:50 Assume Breach Mentality 37:08 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Tim on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most cybersecurity conversations focus on stolen data, breached accounts, and attacks that live entirely on screens. This episode looks at a far more consequential threat: what happens when cyberattacks target the physical systems that keep society running. Power, water, transportation, and manufacturing. When those systems fail, the consequences aren't just digital. They're immediate, visible, and sometimes dangerous. My guest is Lesley Carhart, Technical Director of Incident Response at Dragos, a cybersecurity firm focused exclusively on protecting critical infrastructure. Lesley specializes in industrial control systems and operational technology, investigating real-world attacks against power plants, water systems, transportation networks, and industrial facilities built on aging, irreplaceable technology. We talk about why these environments are uniquely vulnerable, how ransomware groups and nation-state actors quietly gain long-term access, and why many compromises go undetected for years. The conversation also explores the limits of traditional cybersecurity thinking, the real-world constraints operators face, and what organizations can realistically do to improve security when failure isn't an option. Show Notes: [01:30] Lesley Carhart is here and explains what operational technology is and why industrial systems are uniquely vulnerable [03:40] How decades-old computers still run power plants, water systems, and transportation infrastructure [06:10] Why industrial environments can't simply patch, upgrade, or shut systems down [08:25] The mindset shift required when safety and continuity matter more than stopping an intrusion [10:40] Why air-gapped systems are mostly a myth in modern critical infrastructure [13:15] How remote access became unavoidable—and one of the biggest risk factors [16:05] The three main threat categories facing industrial systems: ransomware, insiders, and nation-state actors [18:45] Why ransomware is especially damaging in power, water, and manufacturing environments [21:30] How nation-state attackers quietly establish footholds years before taking action [24:20] Why many industrial compromises go undetected for months—or even years [27:10] What incident response looks like when you can't just "pull the plug" [30:05] The most common causes of industrial failures: human error, maintenance issues, and environment [32:40] A surprising incident that looked like a nation-state attack—but wasn't [34:55] Why critical infrastructure organizations often feel pressure to pay ransoms [37:00] Practical starting steps for organizations with aging, mission-critical systems [39:20] Advice for people interested in industrial cybersecurity and working with legacy technology [42:10] Why mentorship matters and why Lesley chooses to give back to the field Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Lesley Carhart Lesley Carhart - LinkedIn Lesley Carhart - Dragos

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios AcademyPub date: 2026-02-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring, SOC operations, and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring & SOC and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.

This episode focuses on incident response, emphasizing that since attacks are inevitable, businesses must prioritize agile management to mitigate economic and operational damage. The experts analyze the 16-hour AWS outage caused by a DNS failure, which disrupted payment systems and was exploited by criminals to launch bank-impersonating smishing campaigns. They also discuss the Jaguar Land Rover attack, which cost nearly £2 billion, likely because the breach affected critical operational technology (OT) systems rather than just IT. Guest expert Antonio Sanz explains that ransomware has evolved into multiple extortion, where attackers steal data, contact clients, and deliberately destroy old-fashioned backups. To counter this, companies must adopt "21st-century backups" that are immutable or resilient against intentional destruction by hackers. Sanz notes that while 1% of firms have vast resources, 90% lack basic awareness, leaving them vulnerable to opportunistic attacks through credential leaks or a lack of multi-factor authentication. Forensic readiness is highlighted as a vital preparation step, ensuring that logs and evidence are preserved to allow for a proper investigation after a breach. Finally, Artificial Intelligence is viewed as a supportive tool for interpreting complex data, though it still requires human oversight to ensure accuracy. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

Jeff Steadman is joined by RSM colleagues Rich Servillas and Charles John to explore the critical intersection of identity access management, operational resilience, and disaster recovery. Rich, a director from the cyber response group, shares insights from the front lines of ransomware and cloud intrusions, while Chuck, director of operational resilience, discusses the importance of business continuity planning. The conversation covers the true impact of security incidents on brand reputation and operations, the necessity of out-of-band communication, and why identity is often the first thing challenged and the last thing trusted during a crisis. The guests also provide practical advice for IAM professionals on reducing blast radius through standing privilege reduction and robust logging.Connect with Rich: https://www.linkedin.com/in/richard-servillas-041a0551/Connect with Chuck: https://www.linkedin.com/in/chuckjohn/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps:00:00:00 - Introduction and 2026 conference outlook00:01:44 - Introducing guests Rich and Chuck from RSM00:03:56 - Defining operational resilience and business continuity00:06:22 - When and how to start the planning process00:09:55 - Chuck's background in public health and emergency management00:12:44 - The broad impact of incidents on brand and operations00:16:45 - Key elements every recovery plan must include00:19:14 - Defining incident severity and matrixes00:21:52 - Identity as the new perimeter and its operational dependencies00:24:57 - Why hackers log in rather than break in00:26:46 - The first hours of a cyber incident response00:29:35 - Current threat trends and the role of AI00:31:29 - Updating plans through post-action debriefs00:34:31 - Cyber insurance gaps and contractual SLAs00:40:24 - Advice for identity professionals on reducing blast radius00:46:10 - Personal milestones and looking forward to 2026Keywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Business Continuity, Disaster Recovery, Operational Resilience, RSM, Incident Response, Ransomware, Cyber Insurance, Identity Governance

Bob Miller, CEO and Founder of IRGame, is a technology entrepreneur with 30+ years of experience across cybersecurity and emerging technologies. He's a pioneer in using AI-powered gamification for incident response (“IR”) training, designed specifically for busy executives who can't spend full days in training but must make high-stakes decisions quickly during real crises. IRGame puts executive teams through realistic scenario such as ransomware, data breaches, business email compromise, and AI-related incidents, so they can practice decision-making under pressure. Returning to Lafayette and building startups Bob graduated in 1988 from University of Louisiana – Monroe in Computer Science and Math. He moved back to Louisiana from San Jose around 2010 and chose Lafayette as home. Almost immediately, the Lafayette Economic Development Authority (LEDA) contacted him about helping build a startup accelerator. With experience across roughly 10 startups, he became founding director of what he named the Opportunity Machine, where his title was “Head Machinist”). Bob later continued mentoring via the Accelerator Board. After three years, engineer and entrepreneur Bill Fenstermaker recruited him to help commercialize products at Fenstermaker & Associates. Bob worked on projects including a custom GIS system and underwater acoustics, following earlier work in areas like satellite systems. Later he became COO at Waitr in its early stage, helping scale from about 300 to 3,000 employees in roughly 12–14 months, the kind of operational scaling challenge he's often brought in to manage. He then joined a local managed service provider and helped transform it into a managed security service provider, an experience that directly led to IR Game. Why IR Game exists Bob identified a persistent problem: many organizations resist spending time and money on cybersecurity because they don't understand it and lack an emotional connection because they have never experienced a crisis. Traditional tabletop training exercises meant to train a business team on how to respond during a crisis (paper scenarios, PowerPoint presentations, and sitting around a conference table discussing solutions) have existed for decades, but they're time-consuming (often 80–90 hours to prepare) and require pulling people into a room for a full day, which makes them expensive and hard to scale. If it's hard, many companies simply don't do it. Bob attended a cybersecurity conference and participated in a tabletop designed for managed service providers, an exercise that was “fundamentally terrifying” and eye-opening. A worst-case Managed Service Provider (“MSP”) scenario is when a third-party tool, especially remote monitoring and management (RMM) software, gets compromised. That can lead to ransomware across an MSP's entire customer base simultaneously. The exercise illustrated IRGame's central insight: about 80% of incident response is non-technical in nature: financial consequences, shutdown decisions, customer impact, employee panic, communications, reputational and legal exposure. Bob brought the tabletop back to his company and ran it with 80 of 130 employees, customizing it with real customer names, revenue figures, and tenure. Even with a mature incident response plan and twice-yearly practice, they discovered a dozen needed changes. That convinced him that if a well-prepared security organization learns that much from a scenario, “everybody can.” The breakthrough: turning tabletop into an online multiplayer game During that exercise, a longtime software collaborator of Bob’s mentioned he still had a dormant game app framework built years earlier for a high-school project with Bob's daughter. He believed he could convert the paper tabletop into an online multiplayer experience in a weekend. After running the in-person tabletop on Thursday, he demonstrated a working browser-based multiplayer version on Sunday. They showed it to cybersecurity tabletop authors and industry influencers, Matt Lee and Ethan Tancredi, who were shocked by how quickly the tabletop content had been transformed into a functional digital game. Soon after, they invited about 20 people to test it. The early version looked rough, like a 1980s text adventure, but it worked. The response was far stronger than expected: participants reported intense emotional engagement and immediate practical takeaways. One government participant said it left him rattled, with pages of notes and a need for a drink; an MSP in Hawaii asked when he could use it with customers. That became a monthly community practice program: they've run 25+ free games, putting 1,000+ people through the system. As demand grew—especially from providers wanting to use it with customers—IRGame chose to commercialize. IR Game mirrors tabletop training but compresses it into a high-intensity, guided simulation. A scenario is narrated like scenes in a movie. Participants answer opening questions to get teams communicating quickly, which is critical because incident response requires fast coordination. Players assume roles and must allocate limited resources to tasks. Challenges pile up faster than teams can handle them, forcing prioritization and tradeoffs, just like real incidents. A key design element is pressure: a relentless timer counts down; there's no pause button. This stress reveals the truth: under pressure, people become more honest about gaps in their preparedness. That's valuable because organizations often sugarcoat weaknesses—until a simulation forces real reactions. Bob explained an example crisis scenario: a business email compromise (which he says is currently a dominant incident type). A financial firm discovers a customer wired money to a “new account” supposedly sent by the CFO, yet the CFO didn't send it. As the story unfolds, participants learn the compromise likely affected many customers, not just one. The game surfaces operational realities executives often miss: internal rumors, uncontrolled communications, legal exposure triggered by words like “breach,” and the need for an “event mode” communications policy that calms the organization and prevents chaos. AI scenarios and new risks IRGame also focuses on emerging AI-related risks. Miller says they ran what they described as the first AI incident scenario at a national security conference (IT Nation Secure) and now maintain multiple AI scenarios. The point is not to create fear, but to provide a safe environment to practice decisions around new threat patterns. Practical cybersecurity guidance for individuals and small businesses Bob emphasizes that cybersecurity is no longer optional and that AI strengthens attackers as well as defenders. He predicts that in 2026 smaller businesses will face increased targeting, because automation lets “two dudes and a dog” run campaigns that once required larger teams, making up revenue in volume rather than big single payouts. He also notes that cybercriminal ecosystems now resemble legitimate businesses, including tools, support, and organizational structure. Bob recommends baseline controls that are realistic for small organizations: unique passwords, password managers, multi-factor authentication, training on phishing, cyber insurance, and economical endpoint monitoring (EDR/MDR). These measures raise the cost for attackers so they move on to easier targets, though no control is perfect. On password managers, Bob uses Keeper and mentions 1Password and others. He strongly warns against saving passwords in browsers. He also flags emerging concerns about AI-enabled browsers that maintain a large “context window” across many sites, potentially increasing risk if compromised. On online exposure to your information, such as emails and staff info on websites, he advises sharing only what's necessary. Data can be scraped and used for phishing and impersonation. Deepfakes and better-written scams are making social engineering harder to detect. He also notes that much personal data is already exposed through breaches, citing Louisiana's DMV breach as an example of widespread data loss where every licensed driver's Social Security Number was compromised. Incident response planning and insurance pressure A recurring theme: organizations need an incident response plan and must practice it, especially as cyber insurers increasingly demand proof. In a room of 50+ attorneys he spoke to recently, Miller found only three had a plan, and none practiced it. He warned that future claims could be denied if companies claim they had plans but don't demonstrate practice. Trying IRGame for free IRGame offers free public sessions: the last Friday of every month, sign-up available via their website. Miller notes they also post recordings and content online (LinkedIn and YouTube). Visit https://www.irgame.ai/ for more information and to sign up for a free public session. You can also see how IRGame works by visiting its youtube channel at https://www.youtube.com/@IRGameify Personal note: music and creativity Outside cybersecurity, Miller is a musician, primarily blues/rock, and often appears on video with guitars behind him. He draws a parallel between software development and music: both require creativity within rules. He argues policies and procedures aren't bureaucracy—they're like scales and tempo: structure that enables effective performance under pressure.

In this episode of Unspoken Security, host AJ Nash sits down with Eric Yunag, EVP of Product and Services at Convergint. They explore how security integration is changing as organizations face a fast-moving threat landscape and rising expectations from leaders and regulators. Eric explains why today's environment demands a new approach—one that connects hardware, software, and services in a more dynamic, real-time ecosystem.Eric shares how integrators help companies navigate not just the technical, but also the legal and operational complexity of modern security. He describes how shifting to cloud platforms, unifying physical and digital identities, and balancing privacy with business outcomes all add new layers of challenge. The conversation highlights the growing use of AI and “visual intelligence”—using camera data for both security and business insight—as organizations look to do more with their investments.Throughout the discussion, Eric makes the case for trusted, neutral advisors who help organizations build smarter, more connected security systems. He shows how today's integrators are positioned to guide clients through tough choices, benchmark best practices, and unlock value that goes far beyond traditional security.Send us a textSupport the show

Vincent Stoffer, Field Chief Technology Officer at Corelight, shares his predictions for 2026 and what security teams should prepare for in the coming year. With nearly a decade at Corelight and a background in network and security engineering, Stoffer brings a unique perspective on where the industry is heading.The conversation explores the emergence of the agentic SOC, where AI agents work alongside human analysts to accelerate detection, response, and incident resolution. Stoffer explains that while the protocols and tools have been in development, 2026 is the year organizations will finally see these capabilities deliver real results. The key differentiator, he notes, is data quality. Tools that provide rich, detailed, and comprehensive network evidence will thrive in this AI-enabled environment.Stoffer also addresses the persistent threat from nation-state actors, particularly China's Typhoon campaigns targeting critical infrastructure. From energy and telecoms to international partners, these threats continue to expand with AI-powered acceleration. Understanding your environment and detecting anomalous behavior remains essential for organizations facing these sophisticated adversaries.The discussion concludes with a look at post-quantum readiness. While quantum computing threats may be 10 to 20 years away, Stoffer emphasizes the importance of understanding cryptographic assets now. Corelight has published a white paper detailing how NDR provides the network visibility needed to locate cryptographic assets and plan migration to quantum-ready cipher suites.This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTVincent Stoffer, Field Chief Technology Officer at CorelightOn LinkedIn: https://www.linkedin.com/in/vincent-stoffer-07057827/RESOURCESLearn more about Corelight: https://corelight.comAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSVincent Stoffer, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic SOC, network detection and response, NDR, critical infrastructure security, nation-state threats, China Typhoon campaigns, Salt Typhoon, Volt Typhoon, post-quantum cryptography, quantum readiness, AI in cybersecurity, security operations, incident response, network visibility, Zeek Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

In deze aflevering van Techzine Talks duiken we diep in de wereld van Managed Detection & Response (MDR). Erik de Jong (Chief Research Officer) en Eric van Gend (CEO) van Tesorion leggen uit hoe MDR is geëvolueerd, wat organisaties kunnen verwachten en waarom basishygiëne nog steeds cruciaal is.Je leert over de verschillen tussen preventie en detectie, hoe MDR-providers omgaan met visibility en coverage, en waarom transparantie over gemiste dreigingen belangrijk is. Ook komen praktische zaken aan bod zoals threat hunting, forensisch onderzoek en de integratie met verschillende security tools.Belangrijkste takeaways:• MDR combineert preventie (baseline checks) met detection en response• Flexibiliteit in technologie-stack biedt klanten meer keuzemogelijkheden• Transparantie over false positives en gemiste dreigingen is essentieel• Eigen engineering-capaciteit zorgt voor workarounds bij leveranciersproblemen• NIS2 wetgeving maakt MDR steeds belangrijker voor organisaties• Een goede MDR-provider helpt je beter worden, niet alleen alerts afhandelenChapters:0:00 - Introductie MDR en gasten van Tesorion3:18 - Wat is MDR en hoe is het geëvolueerd6:28 - Preventie versus detection en response11:25 - Technologie-stack en platformflexibiliteit18:38 - Transparantie en verschillen tussen MDR-providers28:13 - Basishygiëne en patching blijven essentieel38:16 - Visibility en coverage bij klanten43:24 - Risk scores en metrics voor klanten48:55 - Transparantie over gemiste dreigingenKeywords: MDR, Managed Detection and Response, cybersecurity, Tesorion, SOC, threat hunting, NIS2, security monitoring, incident response, visibility

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-442

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-442

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-442

Segment 1 with Beck Norris - Making vulnerability management actually work Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity. Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure. Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen??? Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again! Segment Resources: [Mandiant - Best practices for incident response planning] (https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933) Beyond Cyberattacks: Evolution of Incident Response in 2026 Segment 3 - Weekly Enterprise News Finally, in the enterprise security news, Almost no funding… Oops, all acquisitions! Changes in how the US handles financial crimes and international hacking Mass scans looking for exposed LLMs The state of Prompt injection be careful with Chrome extensions and home electronics from unknown brands Is China done with the West? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-442

Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to empower underrepresented groups through initiatives like WOsec and We Hack Purple. Sponsored by Meter, this episode dives deep into the importance of building security into software development and the potential role of AI in improving code security. 00:00 Introduction and Sponsor Message 00:18 Meet Tanya Janca: The Journey Begins 01:05 From Developer to Pen Tester 03:14 Empowering Women in Cybersecurity 13:11 Challenges in Academia and Training 19:18 The Need for Secure Coding 21:22 Challenges in Medical Device Security 22:18 The Economics of Open Source 24:43 Building Security into Development 26:14 Training and Cultural Shifts 32:33 AI and Secure Coding 39:03 Incident Response and Preparedness 39:54 Final Thoughts and Future Directions

What really happens inside an organization when a cyber incident hits and the neat incident response plan starts to fall apart? That question sat at the heart of my return conversation with Max Vetter, VP of Cyber at Immersive. It has been a big year for breaches, public fallout, and eye-watering financial losses, and this episode goes beyond headlines to examine what cyber crisis management actually looks like when pressure, uncertainty, and human behavior collide. Max brings a rare perspective shaped by years in law enforcement, intelligence work, and hands-on cyber defense, and he is refreshingly honest about where most organizations are still unprepared. We talked about why written incident response plans tend to fail at the exact moment they are needed most. Cyber incidents are chaotic, emotional, and non-linear, yet many plans assume calm decision-making and perfect coordination. Max explains why success or failure is often defined by the response rather than the initial breach itself, and why leadership, communication, and judgment matter just as much as technical skill. Real-world examples from major incidents highlight how competing pressures quickly emerge, whether to contain or keep systems running, whether to pay a ransom or risk prolonged downtime, and how every option comes with consequences. One idea that really stood out is Max's belief that resilience is revealed, not documented. Compliance and audits may tick boxes, but they rarely expose how teams behave under stress. We explored why organizations that rely on annual tabletop exercises often develop a false sense of confidence, and how that confidence can become dangerous when decisions are made quickly and publicly. Max shared why the best-performing teams are often the ones that feel less certain in the moment, because they question assumptions and adapt faster. We also dug into the growing role of crisis simulations and micro-drills. Rather than rehearsing a single scenario once a year, Immersive focuses on repeated, realistic practice that builds muscle memory across technical teams, executives, legal, and communications. The goal is not to predict the exact attack, but to train people to think clearly, collaborate across functions, and make defensible decisions when there are no good options. That preparation becomes even more important as cyber incidents increasingly spill into supply chains, manufacturing, and the physical world. As public scrutiny rises and consumer-led legal action becomes more common after breaches, reputation and response speed now sit alongside forensics and recovery as business-critical concerns. This episode is a candid look at why cyber crisis readiness is a discipline, not a document, and why assuming you will cope when the moment arrives is a risky bet. So if resilience only truly shows itself when everything is on the line, how confident are you that your organization would perform when the pressure is real and the clock is ticking? Useful Links Connect with Max Vetter on Linkedin Learn more about Immersive Labs Follow on LinkedIn, Instagram, Twitter and Facebook Thanks to our sponsors, Alcor, for supporting the show.

One famous cartoon featured two vultures sitting on a fence; one turned to the other and said, "I am sick of waiting, let's kill something." When it comes to preventing cyberattacks, the federal government is well known for a defensive approach. They have security systems, air gap systems, and even a zero-trust approach. This defensive approach is essential but may not give the federal government a complete view of how to protect data. Today, we sat down with Chris Jones, Nightwing's Chief Technical Officer. He outlines some of the characteristics of a concept called "offense informs defense."  This is a method that Nightwing has developed through over 40 years of working with federal technology leaders. For example, they developed their Counter Trace service, which uses offensive cyber strategies to defend critical infrastructure. The service involves proactively hunting for vulnerabilities, identifying access points, and analyzing digital evidence to expose cyberattacks. During the interview, Jones mentions that the GSA has received this approach well. In fact, Nightwing recently won all six GSA Highly Adaptive Security Services categories. These handle security aspects like Penetration Testing, Incident Response, Risk Assessments, Cyber Hunt, and High Value Asses Assessments.  Jones emphasizes the importance of initiative-taking, cybersecurity, AI integration, and collaboration across agencies to adapt to protect federal data.  

The Institute of Internal Auditors Presents: All Things Internal Audit Deepfakes are reshaping fraud, trust, and evidence, and challenging what organizations can rely on as "proof." In this episode, Andrew Guasp speaks with Corey Chadderton about how AI-generated media is being used to impersonate leadership and bypass controls, why the barriers to entry have collapsed, and what internal auditors must do to strengthen governance, training, and response as these risks accelerate into 2026. HOST:Andrew Guasp, CIA, CFE Senior manager, Standards & Professional Guidance, The IIA GUEST:Corey Chadderton, IAP Internal Auditor, Barbados Water Authority KEY POINTS: Introduction to Deepfakes and Audit Risk [00:00:02–00:00:40] What Are Deepfakes and Why Auditors Must Pay Attention [00:00:40–00:02:40] How Deepfake Technology Works (Without Becoming a Technical Expert) [00:02:50–00:04:10] Deepfakes as a "Force Multiplier" for Fraud [00:04:20–00:06:22] Real-World Deepfake Fraud and Governance Failures [00:06:24–00:08:36] Reputational Risk, Content Monitoring, and Trust Breakdown [00:08:36–00:09:32] Where Organizations Are Most Vulnerable Today [00:09:51–00:12:59] Applying Cyber Testing Techniques to Deepfake Risk [00:13:10–00:13:55] Red Flags and Indicators of Manipulated Media [00:14:04–00:16:10] The Power of the Pause and Training Against Urgency Attacks [00:16:13–00:18:22] Limits of Deepfake Detection Tools and the Human Factor [00:18:28–00:22:01] Professional Skepticism Beyond the Audit Function [00:22:01–00:23:51] Internal Audit's Advisory Role in Policies and Incident Response [00:24:02–00:27:14] Staying Ahead Through Continuous Risk Assessment [00:27:23–00:30:04] Closing Thoughts [00:30:04–00:30:19] IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: GAM 2026 AI Knowledge Centers CEO Message: Combating Deepfakes Global Internal Audit Standards   Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer

In this episode of Unspoken Security, host AJ Nash sits down with Danielle Jablanski from STV to break down the hard truths of operational technology (OT) security. Danielle explains why critical infrastructure - from water and transportation to manufacturing - remains vulnerable, tracing the challenge back to legacy systems, vendor complexity, and the lack of clear, industry-wide standards. She argues that many organizations have poor visibility into their assets and often rely on outdated assumptions about risk and business impact.Danielle calls out the pitfalls of flashy security solutions and emphasizes the need for basic, proven practices like network segmentation and clear asset management. She highlights the disconnect between IT and OT, showing how real-world safety and business operations depend on bridging this gap with honest communication and practical controls. Rather than chasing after hype, Danielle urges leaders to focus on building resilience: knowing what matters, assessing real risks, and strengthening what you can control.Throughout the conversation, Danielle offers a grounded perspective on why OT security demands more than checklists and compliance. She points to the need for shared data, better early warning systems, and a broader base of professionals willing to dig into the complexities - before an incident forces everyone's hand.Send us a textSupport the show

Moin, für die RSS Freunde das ganze als Audio. Im Video gibt es dann unter  https://media.ccc.de/v/39c3-och-menno-x-disconnected-unexpected-elbonian-incident-response-wie-reagiere-ich-falsch

In this encore presentation of Unspoken Security Episode 32 (originally published on 3 April 2025), host AJ Nash sits down with Chris Birch, an intelligence practitioner with nearly 30 years of experience, to discuss the ever-evolving landscape of social engineering. Chris's unique perspective comes from leading teams that actively engage with threat actors, turning the tables on those who typically exploit vulnerabilities.Chris details how social engineering is simply human manipulation, a skill honed from birth. He explains how attackers leverage fear and greed, the fastest and cheapest ways to manipulate individuals. He also dives into how attacks have evolved, highlighting the dangers of increasingly sophisticated tactics like deepfakes and the blurring lines between legal and illegal applications of social engineering.The conversation also explores the crucial role of organizational culture in cybersecurity. Chris emphasizes that awareness, not just education, is key to defense. He advocates for sharing threat intelligence widely within organizations and across industries, empowering everyone to become a sensor against social engineering attempts. Chris also shares a surprising personal fear, offering a lighthearted end to a serious discussion.Send us a textSupport the show

In incident response, if you wipe systems first and ask questions later, you're deleting the truth.In this episode, host Anthony Hess sits down with Devon Ackerman, Global Head of Digital Forensics and Incident Response at Cybereason, to unpack what serious DFIR looks like when your audience is regulators, legal counsel, and insurance carriers and brokers. A former FBI Supervisory Special Agent and Senior Forensic Examiner, Devon explains why his team approaches every matter as if it could end up in court, and what that changes in practice.He breaks down how to scope an incident from the first call, preserve evidence before “fixing” the environment, and pressure-test tool output instead of blindly trusting it. Anthony and Devon also dig into AI and automation in DFIR, the central role of timelines and logging in telling a credible breach story, and why third- and fourth-party access, zero trust, and contracts are now defining systemic cyber risk for boards and insurers alike.You'll learn:1. Why “defensible truth” is the real product in high-stakes incident response2. How forensic-science DFIR changes scoping, evidence preservation, and decision-making3. Where AI speeds up investigations and where it creates blind spots for junior teams4. Why timelines and logging shape what carriers, regulators, and boards believe happened5. How vendor access and contracts drive third- and fourth-party cyber risk at scale___________Get in touch with Devon Ackerman on LinkedIn: https://www.linkedin.com/in/devonackerman/___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us!

Send us a textA single convincing email can move real money. We break down how Scripted Sparrow and other BEC crews spoof reply chains, impersonate trusted service providers, and slip under approval thresholds to nudge finance teams into wiring funds. The threat isn't flashy malware; it's pressure, process gaps, and the illusion of internal approval. We talk through the red flags that matter, from sudden vendor banking changes to realistic W9 attachments and urgent payment timelines, and then lay out the safeguards that stop these scams cold.From there, we zoom out to the full incident management lifecycle and make it practical. You'll hear how we define an incident by its impact on confidentiality, integrity, and availability, and why that clarity speeds action. We map the steps—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—and explain what they look like in a real company: one-click phishing reporting for employees, prepared legal statements for regulators, isolation choices that protect revenue, and documentation habits that pay off when auditors and insurers start asking questions.We also get honest about today's attack surface. Cloud sharing, APIs, and over-permissive identities push sensitive data to the edge, making containment harder if an attacker lands. Expect persistence: backdoors, credential reuse, and lateral movement thrive when local admin rights and flat networks remain. The antidote is a blend of stronger finance workflows, pre-briefed legal and communications teams, and regular tabletop drills that involve everyone who touches money, systems, or messaging.If you're serious about preventing wire fraud and surviving security incidents with your business intact, this conversation gives you a focused plan you can adopt today. Subscribe, share with your finance and HR leaders, and leave a review with the one control you'll implement first.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into incident response, forensics, and monitoring essentials crucial for your tech exam prep. Learn the full incident response lifecycle—preparation, detection, analysis, containment, eradication, recovery, and lessons learned—to develop your IT skills and master concepts important for the CompTIA exam. We discuss how having a solid plan, defined roles, and effective communication helps IT teams maintain clarity when systems fail. Tune in for real-world examples showing how SOC analysts escalate brute force attacks, how teams preserve evidence for forensics, and how incident debriefs lead to stronger security measures like multi-factor authentication. This episode is an essential part of your CompTIA study guide and technology education journey.We then turn to digital forensics and make it concrete. Legal hold, due process, and chain of custody aren't buzzwords—they're the difference between actionable findings and inadmissible claims. We break down the order of volatility, memory and disk acquisition, hashing, and write blockers, plus the reporting and e‑discovery steps that transform artifacts into a defensible narrative. If you've ever wondered when to pull the plug or why RAM matters, this segment gives you the why and the how.Finally, we zoom out to monitoring and the tools that power modern security operations. From Windows logs and Syslog to IDS, IPS, NetFlow, and packet capture with Wireshark, we show how each source fits the puzzle. We unpack SIEM fundamentals—log aggregation, normalization, correlation, alert tuning—and share strategies to beat alert fatigue without missing true positives. To round it out, we offer certification guidance across A+, Network+, Security+, and Tech+, helping you choose the right path whether you're SOC-bound or supporting compliance from another business unit.Subscribe for more practical cybersecurity breakdowns, share this with a teammate who needs a stronger IR playbook, and leave a review with your biggest monitoring or forensics question—we may feature it next time.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

In this episode of Unspoken Security, host AJ Nash sits down with Zoë Rose, SecOps Manager at Canon EMEA. They explore the real-world barriers to building effective incident response programs and discuss why so many organizations struggle to move beyond reactive firefighting.Zoë shares her perspective from both consulting and in-house roles, pointing out that most incident response teams are overwhelmed, under-resourced, and stuck dealing with basics that never get fixed. She explains why expensive tools and new technology often miss the mark when organizations skip foundational work—like asset inventories, clear policies, and tuned alerts. Zoë urges listeners to focus on practical steps, such as documenting processes, improving communication, and building trust between technical teams and business leaders.Throughout the conversation, Zoë breaks down how real change happens: by investing in people, closing skills gaps, and fostering a culture where mistakes drive learning instead of blame. The episode ends with a reminder that effective security is not about quick fixes or flashy tools, but about honest assessment, teamwork, and steady improvement.Send us a textSupport the show

On July 19, 2024, a misconfigured file sent as part of an update to the Falcon Sensor suite by CrowdStrike caused service outages worldwide. Liam Westley talks about his experiences executing the incident management plan at his company that day—even though his company did not use the software! Liam talks about dealing with the regulatory requirements of a finance company as part of incident planning, and how the software and services supply chain can lead to outages because those companies are affected. A great story about the day of the incident and the improvements in planning and resiliency that followed!LinksCrowdStrike Incident TimelineAzure Front DoorRecorded October 29, 2025

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside Cyber Incident Response: Military Lessons, OT Challenges & the Power of Blameless CulturePub date: 2025-12-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCyber incidents don't just test your technology - they test your people, your processes, and your culture. In this episode of Protect It All, host Aaron Crow sits down with Daniel Swann, Cyber Incident Commander at Rockwell Automation, to pull back the curtain on what really happens during IT and OT incidents. With decades of experience across the U.S. Air Force, enterprise environments, and industrial operations, Daniel shares lessons learned the hard way - from managing chaos in real time to building a culture where teams can learn without blame. You'll learn: Why documentation and scribe roles can make or break an incident response How blameless postmortems actually strengthen team performance What military-style discipline can teach us about OT and IT incident handling How to run effective tabletop exercises that expose real gaps The human factors - communication, clarity, ownership - that reduce downtime and panic Practical strategies to evolve your incident response plan before the next breach Whether you're developing your first IR playbook or leading seasoned response teams, this episode delivers actionable, real-world insights that help you prepare, respond, and recover with confidence. Tune in for battle-tested wisdom from military operations to industrial control rooms - only on Protect It All. Key Moments:  00:00 "Protect IT/OT Cybersecurity Podcast" 03:30 Cybersecurity: Versatility Is Key 07:52 "Balancing Bureaucracy and Flexibility" 10:20 "Practice Makes Plans Effective" 14:17 "Learning While Doing" 18:44 "Document Key Info in Incidents" 19:46 "Versatile Team Role Importance" 22:45 "Tracking Lessons with Visibility" 28:34 Proactive Reporting Encouraged 29:33 Safe Reporting Prevents Phishing Incidents 32:52 "Bridging IT and OT Safely" 37:15 Team Collaboration Enhances Outcomes 41:00 Military Preparedness and Logistics Planning 42:59 Preparing for Unlikely Scenarios 47:20 AI Threats to OT Systems 48:32 "AI's Impact on Learning and Jobs" About the guest:  Daniel Swann is a seasoned Cyber Incident Commander at Rockwell Automation, bringing 17+ years of IT leadership and nearly a decade of cybersecurity experience. A U.S. Air Force veteran, he has led global cyber operations, responded to major vulnerabilities like Log4J, and driven large-scale improvements in incident response and vulnerability management. Daniel is highly certified, mission-driven, and recognized for building strong, resilient security teams. Links :  Video of Daniel Swann with Kate Vajda, Director of Vulnerability Research and Malware Threat Research, Dragos : https://www.youtube.com/watch?v=4zotgrPk8vI Connect with Daniel on LinkedIn : https://www.linkedin.com/in/j-daniel-swann/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

Podcast: ICS Arabia PodcastEpisode: OT Incident Response Explained | 68Pub date: 2025-11-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode

When hackers target the systems controlling your water, power, and transportation, the consequences go far beyond data breaches—people can die. Leslie Carhartt, Technical Director of Incident Response at Dragos, pulls back the curtain on one of cybersecurity's most critical blind spots: industrial control systems that keep society running but remain dangerously exposed. What You'll Learn: Why industrial control systems can't be updated like your laptop—and what that means for security How threat actors are using AI to generate custom malware for power plants and water treatment facilities The real state of critical infrastructure security (spoiler: forget about air gaps) Why commodity ransomware has become an existential threat to industrial operations The five critical controls organizations should implement right now to defend OT environments Don't wait until your organization becomes the next headline. Like, share, and subscribe for more in-depth security intelligence that goes beyond the buzzwords. #industrialcybersecurity #criticalinfrastructure #OTsecurity #ICS #SCADA #dragos #incidentresponse #ransomware #AIthreats #cybersecurity #infosec 

Continuing its global expansion plan, and its commitment to the African continent, Integrity360 has acquired Redshift, a well-established and highly regarded cyber security services company operating out of Johannesburg in South Africa. The terms of the transaction were not disclosed. The acquisition comes on the back of Integrity360's considerable investment in the region following the 2024 and early 2025 acquisitions of the Grove Group and Nclose. The acquisition brings Integrity360 resources in South Africa to a team of over 230 employees serving the needs of customers across Africa. Integrity360's operations in Johannesburg and Cape Town also serve as key locations for its integrated "global SOC" (Security Operations Centre) operation which delivers a comprehensive suite of managed services, including EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and MDR (Managed Detection and Response) solutions for both local and international customers. Founded in 2015, Redshift has developed a reputation for service excellence amongst its customers, specifically for cyber security testing but also a selection of other specialised activities including cyber crime investigations, anti fraud advisory, scammer group takedowns, cyber intelligence, and a focused range of managed services. Redshift adds approx. 50 customers including many leading South African finance, banking and telecommunications organisations, and an additional team of approx. 40 employees to the group. Redshift will serve as a regional centre of excellence for the group for cyber security testing, and also be connected up with the existing Integrity360 cyber advisory and managed services teams operating in the region. Integrity360 will invest in the development and expansion of the business utilising the considerable resources across the group. Redshift customers will benefit from access to Integrity360's highly extensive and complementary cyber services portfolio encapsulating cyber risk and assurance, highly comprehensive 24/7 incident response and forensics services, infrastructure and technology services, PCI compliance, OT (operational technology) consulting and solutions, and a highly comprehensive range of cyber security managed services ranging from managing cyber infrastructure, to Managed SASE (Secure Access Service Edge), Managed CTEM (Continuous Threat Exposure Management), and a full suite of innovative XDR/MDR solutions. Integrity360's innovative range of services have been recognised five times in a Gartner market guide, most recently for Incident Response and Forensic services. Ian Brown, Executive Chairman at Integrity360 commented: "We are very excited to be welcoming Sean, Cailan and the entire Redshift team to Integrity360. The reputation and expertise they have developed since their formation in 2015 is highly impressive and we are looking forward to helping them provide an enhanced set of services to their customers and expanding further in the African market over the coming years." Sean Howell and Cailan Sacks, Directors of Redshift, commented: "This is a significant moment for us, and we could not be more delighted that Redshift is joining Integrity360 and continuing the growth and development of the business that was initially started by Sean a decade ago. Thanks to the support of our customers and employees, Redshift has grown enormously during that time, and having spent considerable time with Ian, and the wider Integrity360 leadership team, we are confident will continue to do so being part of the Integrity360 group. We areexcited about the future for us as an organisation, for our people and in particular for what the enhanced group can provide our customers moving forward." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever pl...

Incident responder and SOC analyst Alante Pritchett joins the Stats On Stats crew to talk about breaking into cybersecurity, transitioning from government contracting to the private sector, and how gaming, Discord communities, and mentorship shape his approach to helping others enter the field. Co-host Joshua Davis adds insights from government tech as they compare offensive vs. defensive security, discuss burnout, and offer practical guidance for newcomers.Guest Connect: Alante PritchettLinkedIn: https://www.linkedin.com/in/alante-pritchett-0b1666140/Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks    | https://www.codeculturecollective.io  Merch: https://www.statsonstats.io/shop   LinkTree: https://linktr.ee/statsonstatspodcast   Stats on Stats Partners & AffiliatesIntelliCON 2026Website: https://www.intelliguards.com/intellic0n-speakersRegister: www.eventbrite.com/e/1497056679829/?discount=STATSONSTATSUse Discount Code: "STATSONSTATS" for 30% offAntisyphon TrainingWebsite: https://www.antisyphontraining.com   MAD20 TrainingWebsite: https://mad20.io   Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com   Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com   Dream Chaser's Coffee Website: https://dreamchaserscoffee.com   Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind   IntrusionsInDepthWebsite: https://www.intrusionsindepth.com  -----------------------------------------------------Episode was shot and edited at BlueBox Studio Tampahttps://blueboxdigital.com/bluebox-studio/

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

On this episode of The Cybersecurity Defenders Podcast we speak with Navroop Mitter, CEO of ArmorText, about the role of Out-of-Band (OOB) communication in cyber incident response.ArmorText Named a Leader in The Forrester Wave™: Secure Communications Solutions, Q3 2024Cyber Resilience: Incident Response Tabletop ExercisesNavroop Mitter is the CEO of ArmorText, a mobile security and privacy company based in the Washington, D.C. area.Before founding ArmorText, Navroop was a Senior Manager in Accenture's North American Security Practice, where he built and led information security programs across multiple regions. He helped double Accenture's Scandinavian security practice within a year and established the firm's first near-shore security delivery center in Argentina, hiring and training over 30 practitioners in under 30 days.Navroop has led large-scale international security engagements, working across cultures and time zones to strengthen teams in the U.S., India, and abroad. Recognized for his entrepreneurial mindset and expertise in identity and access management, he became one of Accenture's most sought-after leaders for complex, multi-country security initiatives.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In Episode 161 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Mishal Makshood, Azure Partner Alliance Manager at the Center for Internet Security® (CIS®), and David Kalish, Sr. Cybersecurity Solutions Engineer at CIS. Together, they explore how CIS Hardened Images® help to secure cloud environments and strengthen critical national infrastructure (CNI) resilience through collaboration.Mishal and David explain how these virtual machine images, which are pre-configured to the CIS Benchmarks®, serve as secure, scalable blueprints for cloud deployments. They highlight how CIS Hardened Images reduce human error, accelerate compliance, and foster trust across a global cybersecurity ecosystem that includes hyperscalers, supply chains, and public-private partnerships.Tony shares the origin story of the CIS Hardened Images and reflects on the evolution of cybersecurity from isolated efforts to a cooperative model built on shared standards and integrated tooling. The group also discusses how CIS Hardened Images align to frameworks and how they help organizations navigate multi-cloud environments while maintaining consistent security postures. Here are some highlights from our episode:00:50. Introductions to Mishal and David01:36. What CIS Hardened Images are and why they matter03:14. Why CIS Hardened Images are uniquely suited to strengthening CNI resilience04:24. The cultural shift toward working as an ecosystem to start from secure baselines06:34. The origin story of the CIS Hardened Images10:32. The value of taking guesswork out of secure configuration management in the cloud13:44. How CIS Hardened Images support compliance directly and through the CIS Critical Security Controls® (CIS Controls®)20:39. Building trust through cloud partnerships and collaboration28:50. The foundational role of configuration management in cybersecurity34:35. Getting started with strengthening your cloud security foundationResourcesCIS Hardened Images® ListSecure by Design: A Guide to Assessing Software Security PracticesSoftware Supply Chain Security25 Years of Creating Confidence in the Connected WorldMapping and Compliance with the CIS ControlsGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1Build a Zero Trust Roadmap for FinServ with CIS SecureSuiteEpisode 154: Integration of Incident Response into DevSecOpsHow to Construct a Sustainable GRC Program in 8 StepsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

If you've ever shipped an AI feature that looked great in testing — only to watch it behave unpredictably in production — you're not alone.In this episode of IT Visionaries, host Chris Brandt talks with Lawrence Jones, Founding Engineer at incident.io, about the critical gap between AI that demos well and AI that works under pressure. Lawrence shares how his team designs tools that help engineers respond faster, learn from failure, and build systems that don't crumble when it counts. CHAPTERS / KEY MOMENTS00:00 - AI Chaos & The Mike Tyson Rule00:58 - Meet Lawrence Jones of Incident.io03:14 - From FinTech Outages to Incident Response06:22 - The Biggest Mistake in Incident Management09:08 - Training for Chaos: Game Day Simulations10:31 - Inside the AI SRE System13:01 - What SRE Really Means16:23 - From Prototype to Production AI20:27 - Keeping Up with AI's Rapid Evolution22:50 - Understanding Vector Databases & Embeddings28:34 - The Architecture Problem: Chaining Prompts at Scale36:11 - Measuring AI Performance & Reliability44:02 - The Future of SRE Meets AI52:10 - Lessons from Real Incidents56:42 - Final Thoughts: Building AI That Works -- This episode of IT Visionaries is brought to you by Meter - the company building better networks. Businesses today are frustrated with outdated providers, rigid pricing, and fragmented tools. Meter changes that with a single integrated solution that covers everything wired, wireless, and even cellular networking. They design the hardware, write the firmware, build the software, and manage it all so your team doesn't have to.That means you get fast, secure, and scalable connectivity without the complexity of juggling multiple providers. Thanks to meter for sponsoring. Go to meter.com/itv to book a demo.---IT Visionaries is made by the team at Mission.org. Learn more about our media studio and network of podcasts at mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of IT Insiders, Maddie Regis speaks with Ryan Braunstein and Mat Lee from Automox's security team about the evolution of automation in security operations. They discuss their career backgrounds, the day-to-day use of Automox for security tasks, and the innovative strategies they employ to enhance automation. The conversation also covers various tools used for advanced automation and concludes with a fun game related to video games and security.This episode originally aired September 19, 2024.

In this slightly tardy Halloween episode, a tale of a spooky airport. I also finish my discussion with Louise Cullinan on Critical Incident Response. Here are the links to Lou's websites if you want more information: https://airlineincidentresponse.com/ https://icisf.org/   If you are interested in watching the video of this two part series you can find "On Condition" on YouTube here: https://www.youtube.com/playlist?list=PL2fQLuaiCJMolPo8Es47Jei4yJ9TVgNHH   This Podcast is sponsored by Time2climb Training and Consulting  

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop?  Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the cloud, no? What are other good cloud tabletop scenarios? Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?  

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials -⁠ ⁠⁠⁠⁠Damien's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website