Podcasts about incident response

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

New Episode

Join Howard Miller and Grace Michael, Alliant Cyber, as they discuss practical strategies organizations can use to reduce downtime, minimize costs and strengthen resilience before and after a cyber incident. They examine how effective incident response planning, tabletop exercises and business impact analysis (BIA) collectively enhance recovery and guide smarter insurance and risk transfer decisions.

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! This episode was recorded live at the 2025 Blue Team Con conference in Chicago, Illinois. On this episode, Accidental CISO is joined by guest host 0DDJ0BB. 0J is the Director of Detection and Response for his employer. When he isn't working, he volunteers his time and expertise with non-profits, creates educational workshops about cybersecurity for local libraries, and produces videos about cybersecurity on his YouTube channel. You can find 0DDJ0BB online via his YouTube channel, Glass of 0J.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop?  Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the cloud, no? What are other good cloud tabletop scenarios? Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?  

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

#320: In this episode, Darin and Viktor are joined by Jim Hirschauer, Head of Product Marketing at Xurrent, for a deep dive into the realities of incident management in today's complex IT environments. While dashboards and monitoring tools have become ubiquitous in operations centers, the panel discusses why these visualizations alone often fall short when it comes to actually resolving incidents. Drawing on decades of experience, they share stories of war rooms, recurring outages, and the persistent challenges that technology alone can't solve. The conversation highlights the critical role of human expertise, communication, and organizational culture in bridging the gap between raw data and effective action. Whether you're an IT leader, SRE, or anyone responsible for uptime, this episode offers practical insights into what it really takes to keep systems running smoothly.   Jim's contact information: LinkedIn: https://www.linkedin.com/in/j-hirsch/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Katherine Henry of Bradley, Arant, Boult, Cummings, and Harold (Hal) Weston of Georgia State University, Greenberg School of Risk Science, who are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview.” Katherine and Hal take the discussion beyond the pages and delve into best cybersecurity practices, cyber insurance, and Safe Harbor laws offered by some states and possibly to be offered soon by others. They discuss frameworks and standards, and what compliance means for your organization, partly based on your state law.   Listen for advice to help you be prepared against cybercrime.   Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. We will be joined by the authors of the legislative review, “A 2025 Cybersecurity Legal Safe Harbor Overview”, Katherine Henry and Harold Weston. Katherine and Harold are also prominent members of the RIMS Public Policy Committee. [:48] Katherine and Harold are also here to talk about Cybersecurity Awareness Month and safe practices. But first…  [:53] RIMS-CRMP Prep Workshops! The next RIMS-CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:05] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:23] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [1:37] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on the virtual workshops! [1:56] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:08] Several RIMS Webinars are being hosted this Fall. On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [2:28] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [2:40] Before we get on with the show, I wanted to let you know that this episode was recorded in the first week of October. That means we are amid a Federal Government shutdown. RIMS has produced a special report on “Key Considerations Regarding U.S. Government Shutdown.” [2:58] This is an apolitical problem. It is available in the Risk Knowledge section of RIMS.org, and a link is in this episode's show notes. Visit RIMS.org/Advocacy for more updates. [3:12] Remember to save March 18th and 19th on your calendars for the RIMS Legislative Summit 2026, which will be held in Washington, D.C. I will continue to keep you informed about that critical event. [3:24] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:40] That is why I'm delighted that Katherine Henry and Harold (Hal) Weston are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [3:52] This report provides a general overview of expected cybersecurity measures that organizations must take to satisfy legal Safe Harbor requirements. [4:01] It summarizes state Safe Harbor laws that have been developed to ensure organizations are proactive about cybersecurity and that digital, financial, and intellectual assets are legally protected when that inevitable cyber attack occurs. [4:15] We are here to extend the dialogue. Let's get started! [4:21] Interview! Katherine Henry and Hal Weston, welcome to RIMScast! [4:41] Katherine was one of he first guests on RIMScast. Katherine is Chair of the Policyholder Insurance Coverage Practice at Bradley, Arant, Boult, Cummings. Her office is based in Washington, D.C. She works with risk managers all day on insurance issues. [5:05] Katherine has been a member of the RIMS Public Policy Committee for several years. She serves as an advisor to the Committee. [5:12] Justin thanks Katherine for her contributions to RIMS. [5:25] Hal is with Georgia State University. He has been with RIMS for a couple of decades. Hal says he and Katherine have served together on the RIMS Public Policy Committee for maybe 10 years. [5:48] Hal is a professor at Georgia State University, a Clinical Associate in the Robinson College of Business, Greenberg School of Risk Science, where he teaches risk management and insurance. Before his current role, Hal was an insurance lawyer, both regulatory and coverage. [6:05] Hal has a lot of students. He is grading exams this week. He has standards for his class. In the real world, so does a business. [6:46] Katherine and Hal met through the RIMS Public Policy Committee. They started together on some subcommittees. Now they see each other at the annual meeting and on monthly calls. [7:05] Katherine and Hal just released a legislative review during RIMS's 75th anniversary, “A 2025 Cybersecurity Legal Safe Harbor Overview”. It is available on the Risk Knowledge page of RIMS.org. [7:20] We're going to get a little bit of dialogue that extends beyond the pages. [7:31] Katherine explains Safe Harbor: When parties are potentially liable to third parties for claims, certain states have instilled Safe Harbor Laws that say, If you comply with these requirements, we'll provide you some liability protection. [7:45] Katherine recommends that you read the paper to see what the laws are in your state. The purpose of the paper is to describe some of those Safe Harbor laws, as well as all the risks. [8:04] October 14th, the date this episode is released, is World Standards Day. Hal calls that good news. Justin says the report has a correlation with the standards in the risk field. [8:43] Justin states that many states tie Safe Harbor eligibility to frameworks like NIST, the ISO/IEC 27000, and CIS Controls. [9:27] Hal says, There are several standards, and it would be up to the Chief Information Security Officer to guide a company on which framework might be most appropriate for them. There are the NIST, UL, and ISO, and they overlap quite a bit. [9:56] These are recognized standards. In some states, if a company has met this standard of cybersecurity, a lawsuit against the company for breach of its standard of care for maintaining its information systems would probably be defensible for having met a recognized standard. [10:23] Katherine adds that as risk managers, we can't make the decision about which of these external standards is the best. Many organizations have a Cybersecurity Officer responsible for this. [10:44] For smaller organizations, there are other options, including outsourcing to a vendor. Their insurance companies may have recommendations. So you're not on your own in making this decision. [11:14] Katherine says firms should definitely aim for one recognized standard. Katherine recommends you try to adhere to the highest standard. If you are global, you need to be conscious of standards in other countries. [11:46] Hal says California tends to have the highest standards for privacy and data protection. If you're a financial services company, you're subject to New York State's Department of Financial Services Cyber Regulation. [12:02] If you're operating in Europe, GDPR is going to be the guiding standard for what you should do. Hal agrees with Katherine: Any company that spans multiple states should pick the highest standard and stick to that, rather than try to implement five or 52 standards. [12:23] When you're overseas, you may not be able to just pick the highest standard; there are challenges in going from one country or region of Europe back to the U.S. If one is higher, it will probably be easier. [12:38] There are major differences between the U.S., which has little Federal protection, vs. state protection. [13:10] Katherine says if you don't have the internal infrastructure, and you can't afford that infrastructure, the best thing is to pivot to an outside vendor. There are many available, with a broad price range. Your cyber insurer may also have some vendors they already work with. [13:40] Hal would add, Don't just think about Safe Harbors. That's just a legal defense. Think about how you reduce the risk by adopting standards or hiring outside firms that will provide that kind of risk protection and IT management. [13:59] If they're doing it right, they may tell you the standards they use, and they may have additional protocols, whether or not they fall within those standards, that would also be desirable. A mid-sized firm is probably outsourcing it to begin with. [14:21] They have to be thinking about it as risk, rather than just Safe Harbor. You have to navigate to the Safe Harbor. You don't just get there. [14:31] Quick Break! RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through the 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [14:50] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [15:03] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [15:16] The RIMS Legislative Summit 2026 is mentioned during today's episode. Be sure to mark your calendar for March 18th and 19th in Washington, D.C. Keep those dates open. [15:28] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates.  [15:41] Let's return to our interview with Katherine Henry and Hal Weston! [15:54] We're talking about their new paper, “A 2025 Cybersecurity Legal Safe Harbor Overview”. Katherine mentions that some businesses are regulated. They have to comply with external regulatory standards. [16:38] Other small brick-and-mortar businesses may not have any standards they have to comply with. They look for what to do to protect themselves from cyber risk, and how to tell others they are doing that. [16:54] If you can meet the standards of Safe Harbor laws, a lot of which are preventative, before a breach, you can inform your customers, “These are the protections we have for your data.” You can tell your board, “These are the steps we're taking in place.” [17:13] You can look down the requirements of the Safe Harbor law in your state or a comparable state, and see steps you can take in advance so you can say, “We are doing these things and that makes our system safer for you and protects your data.” [17:34] Hal says you don't want to have a breach, and if you do, it would be embarrassing to admit you were late applying a patch, implementing multi-factor authentication, or another security measure. By following standards of better cyber protection, you avoid those exposures. [18:07] Hal says every company has either been hacked and knows it, or has been hacked and doesn't know it. If you're attacked by a nation-state that is non-preventable, you're in good shape. [18:26] If you're attacked because you've left some ports open on your system, or other things that are usually caught in cybersecurity analyses or assessments, that's the embarrassing part. You don't want to be in that position. [18:43] Katherine says it's not just your own systems, but if you rely on vendors, you want to ensure that the vendors have the proper security systems in place so that your data, to the extent that it's transmitted to them, is not at risk. [19:07] Also, make sure that your vendors have cyber insurance and that you're an additional insured on that vendor's policy if there's any potential exposure. [19:22] Hal says If you're using a cloud provider, do you understand what the cloud provider is doing? In most cases, they will provide better security than what you could do on your own, but there have been news stories that even some of those have not been perfect. [20:22] Hal talks about the importance of encryption. It's in the state statutes and regulations. There have been news stories of companies that didn't encrypt their data on their servers or in the cloud, and didn't understand encryption, when a data breach was revealed. [20:52] Hal places multi-factor authentication up with encryption in importance. There was a case brought against a company that did not have MFA, even though it said on its application on the cyber policy that the company used it. [21:13] Hal says these are standard, basic things that no company should be missing. If you don't know that your data is encrypted, get help fast to figure that out. [21:51] Hal has also seen news stories of major companies where the Chief Technology Officer has been sued individually, either by the SEC or others, for not doing it right. [22:07] Katherine mentions there are insurance implications. If you mistakenly state you're providing some sort of protection on your insurance application that you're not providing, the insurer can rescind your coverage, so you have no coverage in place at all. [22:23] Katherine says, These are technical safeguards, but we know the human factor is one of the greatest risks in cybersecurity. Having training for everyone who has access to your computer system, virtually everyone in your organization, is very important. [22:49] Have a test with questions like, Is this a spam email or a real email? There are some vendors who can do all this for you. Statistics show that the human element is one of the most significant problems in cybersecurity protection. [23:05] Justin says it's October, Cybersecurity Awareness Month in the U.S. Last week's guest, Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL, said the number one cyber risk is human error, like clicking the phishing link.  [23:45] Justin brings up that when he was recently on vacation, he got an email on his personal email account, “from his CEO,” asking him to handle something for them. Justin texted somebody else at RIMS, asking if they got the same email, and they hadn't. [24:14] Justin sent the suspect email to the IT director to handle. You have to be vigilant. Don't let your guard down for a second. [24:48] Katherine has received fake emails, as well. [24:51] Hal says it has happened to so many people. Messages about gift cards or the vendor having a new bank account. Call the vendor that you know and ask what this is. [25:12] Hall continues. It's important to train employees in cybersecurity, making sure that they are using a VPN when they are outside of the office, or even a VPN that's specific to your company. [25:32] Hal saw in the news recently that innocent-looking PDF files can harbor lots of malware. If you're not expecting a PDF file from somebody, don't click on that, even if you know them. Get verification. Start a new thread with the person who sent it and ask if it is a legitimate PDF. [26:08] Justin says of cybercriminals that they are smart and their tactics evolve faster than legislation. How can organizations anticipate the next generation of threats? [26:34] Katherine says, You need to have an infrastructure in your organization that does that, or you need to go to an outside vendor. You need some sort of protection, internally or externally. [27:11] Katherine says she works with CFOs all the time. If an organization isn't large enough to have a risk manager, it's a natural fit for the CFO, who handles finances, to handle insurance. When it comes to cybersecurity, a CFO needs help. [27:46] The CFO should check the cyber policy to see what support services are already there and see if there are any that are preventative, vs. after a breach. If there are not, Katherine suggests pivoting to an outside vendor. [28:07] Hal continues, This interview is for RIMS members who are risk managers and the global risk community. Risk managers don't claim to know all the risk control measures throughout a company. They rely upon the experts in the company and outside. [28:29] If the CFO is the risk manager, he or she has big gaps in expertise needed for risk management. It's the same for the General Counsel running risk management. Risk managers are known for having small staffs and working with everybody else to get the right answers. [28:55] If you're dealing with the CFO or General Counsel in those roles, they need to be even more mindful to work with the right experts for guidance. [29:09] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [29:26] He is back, just to deliver a quick message about what you can expect from his keynote on “AI and the Future of Risk.” Dan, welcome back to RIMScast! [29:37] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th at the RIMS ERM Conference 2025 in Seattle, Washington. [29:52] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [30:10] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, “AI and the Future of Risk Management,”  and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [30:29] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [30:40] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [30:48] Let's Conclude Our Interview about Navigating Cyber and IT Practices to Legal Safe Harbors with Katherine Henry and Hal Weston! [31:17] Katherine tells about how Safe Harbor compliance influences cyber insurance. If your organization applies for cyber insurance and you can't meet some minimum threshold that will be identified on the application, the insurer will not even offer you cyber insurance. [31:34] You need to have some cyber protections in place. That's just to procure insurance. Cyber insurance availability is growing. Your broker can bring you more insurers to quote if you can show robust safeguards. [32:05] After the breach, your insurer is supposed to step in to help you. Your insurer will be mindful of whether or not your policy application is correct and that you have all these protections in place. [32:21] The more protections you have, the quicker you might be able to shut down the breach, and the resulting damage from the breach, and that will lower the resulting cost of the claim and have less of an impact on future premiums. [32:36] If the cyber insurer just had to pay out the limits because something wasn't in place, that quote next year is not going to look so pretty. Your protections have a direct impact on both the availability and cost of coverage. [32:50] Justin mentions that the paper highlights Connecticut, Tennessee, Iowa, Ohio, Utah, and Oregon as the states with Safe Harbor laws. The Federal requirements are also listed. Katherine expects that more states will offer Safe Harbor laws as cybercrime lawsuits increase. [33:42] Hal says Oregon, Ohio, and Utah were the leaders in creating Safe Harbors. Some of the other states have followed. Safe Harbor is a statutory protection against liability claims brought by the public. [34:06] In other states, you can't point to a statute that gives protection, but you can say you complied with the highest standards in the nation, and you probably have a pretty defensible case against a claim for not having kept up with your duty to protect against a cyber attack. [34:55] Hal adds that every company is going to be sued, and the claim is that you failed to do something. If you have protected yourself with all the known best practices, as they evolve, what more is a company supposed to do? [35:18] The adversaries are nation-states; they are professional criminals, sometimes operating under the protection of nation-states, and they're using artificial intelligence to craft even more devious ways to get in. [36:19] Katherine speaks from a historical perspective. A decade ago, cyber insurance was available, but there was no appetite for it. There wasn't an understanding of the risk. [36:32] As breaches began to happen and to multiply, in large amounts of exposure, with companies looking at millions of dollars in claims, interest grew. Katherine would be surprised today if any responsible board didn't take cyber risk extremely seriously. [36:55] The board's decision now is what limits to purchase and from whom, and not, “Should we have cyber insurance at all?” Katherine doesn't think it's an issue anymore in any medium-sized company. [37:17] The risk manager should present to the board, “We benchmark. Our broker benchmarks. Companies of our size have had this type of claim, with this type of exposure, and they've purchased this amount of limits. We need to be at least in that place.” Boards will be receptive. [37:43] If they are not receptive, put on a PowerPoint with all the data that's out there about how bad the situation is. The average cost of a breach is well over $2 million. The statistics are quite alarming. A wise decision-maker will understand that you need to procure this coverage. [38:10] Katherine says, from the cybersecurity side, you procure the coverage, you protect the company, and take advantage of the Safe Harbors. All of those things come together with the preventative measures we've been talking about. [38:24] You can show your decision-makers and stakeholders that if you do all those things, comply with these Safe Harbor provisions, you're going to minimize your exposure, increase the availability of insurance, and keep your premiums down. It's a win-win package. [38:41] Justin says, It has been such a pleasure to meet you, Hal, and thank you for joining us. Katherine, it is an annual pleasure to see you. We're going to see you, most likely, at the RIM Legislative Summit, March 18th and 19th, 2026, in Washington, D.C. [39:01] Details to come, at RIMS.org/Advocacy. Katherine, you'll be there to answer questions. Katherine looks forward to the Summit. She has gone there for years. It's a great opportunity for risk managers to speak directly to decision-makers about things that are important to them. [39:42] Special thanks again to Katherine Henry and Hal Weston for joining us here today on RIMScast! Remember to download the new RIMS Legislative Review, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [39:58] We are past the 30-day mark now, so the review is publicly available through the Risk Knowledge Page of RIMS.org. You can also visit RIMS.org/Advocacy for more information. In this episode's notes, I've got links to Katherine's prior RIMScast appearances. [40:18] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [40:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [41:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [41:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [41:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [41:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [42:05] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS Professional Report: “A 2025 Cybersecurity Legal Safe Harbor Overview” RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS ERM Conference 2025 — Nov. 17‒18 RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now Cybersecurity Awareness Month World Standards Day — Oct 14, 2025 Upcoming RIMS Webinars: RIMS.org/Webinars “Jury Dynamics: How Juries Shape Today's Legal Landscape” | Oct. 16, 2025 | Sponsored by Zurich “Parametric Insurance: Providing Financial Certainty in Uncertain Times” | Oct. 30, 2025 | Sponsored by Swiss Re “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World” | Nov. 6 | Sponsored by Hub   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about Cyber and with Katherine Henry: “National Cybersecurity Awareness Month 2025 with Gwenn Cujdik” “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” “Legal and Risk Trends with Kathrine Henry (2023)”   Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company Demystifying Multinational Fronting Insurance Programs | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Katherine Henry, Partner and Chair of the Policyholder Coverage Practice, Bradley, Arant, Boult, and Cummings   Harold Weston, Clinical Associate Professor and WSIA Distinguished Chair in Risk Management and Insurance, Georgia State University College of Law Production and engineering provided by Podfly.  

How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials -⁠ ⁠⁠⁠⁠Damien's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website

In this special (and now maybe annual!) episode of The Gate 15 Interview, live from the floor of TribalNet 2025, Andy speaks with TribalHub's Senior Marketing & Communications Manager, Michelle Bouschor, as they catch up and talk incident response, why non-IT leaders need to be part of the conversation, and what's trending across the conference. Plus, Michelle throws out a fun popup question: what would Andy do if he weren't working in tech? Listen on Spotiy, Apple or the TribalHub page at podbean!Relevant to their conversation: Tribal-ISAC Unveils Cybersecurity Report. The Tribal Information Sharing and Analysis Center (Tribal-ISAC) released its first-ever report, The Pulse – The State of Cybersecurity Within Tribal Nations, during the Annual TribalNet Conference and Tradeshow in early September. The report was produced by the Tribal-ISAC with assistance from TribalHub, and features cybersecurity insights, trends and more gathered from three key sources: Tribal-ISAC's 2025 “Tribal Cybersecurity” Survey, TribalHub's “How Prepared is Your Tribe for AI?” Survey, and Gate 15's CHIEF and NATIVE Reports.More than two-thirds report zero or only one dedicated cybersecurity staff member, despite facing similar regulatory pressures as larger entities.Budget allocations remain modest, with more than 60% dedicating less than 20% of their technology budget to cybersecurity.73% of respondents anticipate increased cybersecurity spending in 2026, and 1% expect a decrease, signaling a shift toward resilience and threat mitigation.74% of organizations received no federal or state cybersecurity grants in 2025.Additional selected links:⁠TribalNet 2025⁠⁠Tribal-ISAC⁠⁠The Pulse⁠ – Tribal-ISAC's new annual cybersecurity report!

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL. Justin and Gwenn cover various cybersecurity topics, and how her 15 years as an Assistant District Attorney prepared her for her current role of responding to cyber attacks. Listen for tips on securing your organization, large or small, from cyber attacks and responding when, not if, they come. Gwenn shares her experiences and some advice.   Listen for Gwenn's insights to help you be vigilant and prepared against cybercrime.   Key Takeaways: [:01] About RIMS and RIMScast. [:14] With great sadness, the RIMS family lost a true leader in September. Susan Meltzer was an exceptional risk professional and passionate volunteer with RIMS. She served as the Society's President in 1999 and 2000. [:29] RIMS has established a scholarship fund in her name. You can donate to that fund through RIMS, The Foundation for Risk Management®, at RIMS.org/FRM. [:46] About this episode of RIMScast. This is our National Cybersecurity Awareness Month episode. Here to lend her insight on all things cyber is Gwenn Cujdik. She is the Incident Response and Cyber Services Lead for North America at AXA XL. [1:19] We're also going to talk about her fascinating career that antedates her time in cyber. [1:24] RIMS-CRMP Prep Workshops! The next RIMS CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:36] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:53] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [2:07] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on virtual workshops! [2:26] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:37] Several RIMS Webinars are being hosted this Fall. On October 9th, Global Risk Consultants returns to deliver “Natural Hazards: A Data-Driven Guide to Improving Resilience and Risk Financing Outcomes”. [2:51] On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [3:08] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [3:20] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:35] Joining me today to discuss cybersecurity awareness is Gwenn Cujdik. You may remember her from the RIMS AXA XL webinar on September 4th, “Lock Down & Level Up.” [3:52] During that webinar, we had a brief, fascinating discussion about her time as an Assistant District Attorney in Pennsylvania. [4:01] I wanted to learn more about how someone transitions from a colorful career to cybersecurity and eventually becomes the Incident Response and Cyber Services Lead for North America at AXA XL. [4:15]  She's got a lot on her plate. She's got a huge risk radar. We're going to talk all about it and help all the risk managers out there use her insight and perspective to protect their organizations. Let's get to it! [4:28] Interview! Gwenn Cujdik, welcome to RIMScast! [5:09] Gwenn is Incident Response and Cyber Services Lead for North America at AXA XL. When a client has a cyber breach, they call AXA XL and work with Gwenn's teams. [5:42] Gwenn works on training her teams to be able to respond, setting up procedures and processes to make the response seamless and collaborative, and making sure the clients get consistent service, whoever handles the call. [6:16] Gwen's team has 18. Four are in leadership with 14 more team members. Two managers directly supervise the teams to help them with answers to questions about unusual situations. [6:50] Gwenn helps the teams understand massive events and how they might affect AXA XL and their clients, how to interact with brokers, and technical matters. She helps the team understand coverages when it comes to something unique. “It's all hands on deck for us!” [7:55] Gwenn says, Fighting crime is a part of who I am. She is driven by helping others get through some terrible times. She has seen the worst of the worst. Sometimes it takes just one helping hand to get people through tough times. She has seen how impactful that can be. [8:44] Sometimes, in a crisis, how people interact with the victim could be the recipe for them to recover fully from that event. Gwenn has seen people recover, take back their lives, move forward, and be survivors. She has seen corporations and companies do so and become better. [9:39] Justin repeats that Gwenn has seen the worst of the worst: homicides, murders, abuses of women and children, arson, and more. She has seen it all, including things that she wishes she hadn't seen. [10:27] Gwenn compares cyber incident response to her ADA work. A prosecutor has to be able to handle things under pressure. The best prosecutors are looking to do the right thing. Gwenn has met many people who, absent the crime, would have been friends. [11:06] You have to be able to see there's a human on the other side, and there are humans that they hurt. You do right by understanding that there are a lot of players involved, who are humans. [11:26] It helps you understand where somebody might be coming from. It helps you understand why they might be screaming at you. “I'm just the messenger, but let's talk about why you're so upset.” [11:39] Gwenn says one of the cool things about being a prosecutor is that every case you have presents a different set of facts and circumstances. There's a law that's intertwined with it, and that's interesting for Gwenn. [11:54] The first time Gwenn had an arson case, she had to work with the Fire Marshals to understand how they knew the fire started here. How did they know it was a chemical? She started with the Fire Marshals and then went to the crime scene to talk to Forensic Chemists. [12:11] The Forensic Investigators explained the chemistry behind the Molotov Cocktail that was thrown through the window. This was how the fire started, and then it enveloped the room. [12:22] When Gwenn first worked with DNA, she found it to be incredibly complicated. She had to learn it to be able to explain it. Her job was to explain to 12 people why DNA mattered, why it's this guy, and not anybody else, that committed this crime; the numbers are insane. [12:44] It could be one in a hundred quadrillion that it's another person. Those numbers are insane, and it's really hard to understand. [12:56] Gwenn was in the DA's office when cell site analysis came around; being able to triangulate where someone is, using cell towers. The Philadelphia Field Office had one of the pioneers in that science. Gwenn learned from him. [13:13] One of Gwenn's matters was a homicide. They tracked the defendant from the scene of the crime, through public transportation, back to his house, using cell site triangulation. While they were mapping, the actor Joe Piscopo came by, touring the building. Gwenn was an SNL fan. [14:23] Gwenn's prosecutorial experience translates to cyber in that each matter is a little different. There's a bad guy at the other end. Gwenn is not sympathetic to the bad guys because they are anonymous. Nobody sees them or knows them. It's usually a criminal enterprise. [14:59] It's a group of people working together, motivated by money and wreaking havoc on people who are trying to make a living and support their families. The bad guys want to extort millions of dollars and put businesses and livelihoods in danger. [15:42] In Philadelphia, the elite of the elite prosecutors worked in homicide. Some spend 20 or 30 years there. Gwenn was an ADA for 15 years, but couldn't see herself doing it for 20 or 30 years. She wanted to stay positive and be a force for good when she was dealing with bad. [16:34] She wondered where she could go to have a similar impact for good, investigating, and helping people get through an awful time. [16:45] Gwenn had a friend who worked with her in the Family Violence and Sexual Assault Unit. She had left the office to work for a new law firm doing cyber incident response. She called Gwenn and said she would be really good at it. She explained it to Gwenn. [17:50] Gwenn interviewed with the firm and got an offer the day she interviewed. She realized that was what she wanted to do. Some former prosecutors were doing it. There were some amazing people, and she wanted to be a part of that, something new, interesting, and growing. [18:15] Gwenn wanted to be challenged and get to help people. Once she discovered it, she couldn't think of a better transition for people who are in law enforcement than going into cybersecurity. [18:39] RIMS Events! On November 17th and 18th, join us in Seattle, Washington, for the RIMS ERM Conference 2025. The agenda is live. Check out Episode 357 for Justin's dialogue with ERM Conference Keynote Presenter Dan Chuparkoff on AI and the future of risk. [18:59] Visit the Events page of RIMS.org to register. [19:02] RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through May 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [19:16] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [19:30] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [19:42] Let's return to our interview with Gwenn Cujdik! [20:14] Gwenn says cybersecurity takes a village. What she learned in criminal prosecution is that as long as there have been humans, there has been crime. We're fortunate as a society to have laws, law enforcement, governing bodies, and organizations to keep crime down. [20:54] It's not dissimilar to cybersecurity. If Gwenn were talking to a board, she would say, It takes everybody in your community, in your organization, to build resilience, protect yourself from cybercrime, and react to it. [21:12] Gwenn says a big mistake people often make is thinking incident response is a job for just their tech team. The IT team is not trained in all the various fields you need to be an expert in to get through a cyber incident. [21:41] Your IT team will be able to get you up and running, collaborate, and be a good foundation for the incident response, working with outside experts. It takes people who understand the law and who understand communications. [21:54] It takes people who understand the brand, who are the heart of the organization, to be able to respond. Your CISO may say, Here's how I think that we should respond, but your CEO may say, This isn't how I think we would respond to an event like this. Keep in mind who we are. [22:32] Your legal team is there to say, Here's why we can't do that, the risk is too great; It will be worse if you do X, Y, Z; You shouldn't do that because you need to be compliant with the law. [23:11] Gwenn says good leaders lead best when they model. If you expect people to be open-minded and collaborative, you need to be the same. For the most part, organization leadership is very aware that cybersecurity is an important part of who they are and will be. [23:55] Gwenn has met a ton of CEOs who admit they don't know what they don't know and ask for help to understand cybersecurity so they can help their organizations in the best way possible. Some CEOs are thinking ahead and putting teams together that understand their role. [24:20] Gwenn has encountered CEOs who are just messing up the process. One wanted to invite his wife, not an employee, to the conversation because she would like to hear about it.  From a legal and business perspective, it's very risky for the company. [25:04] One Final Break! The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [25:23] Since 1999, Spencer has awarded over $2.9 million to create more than 570 Risk Management Internships. The Internship Grants application process is now open through October 15th, 2025. [25:39] To be eligible, risk managers must be based in the U.S., Canada, or Bermuda. A link to the Internship Grants page is in this episode's show notes. You can always visit SpencerEd.org, as well. [25:53] Let's Conclude Our National Cybersecurity Awareness Month Interview with Gwenn Cujdik! [26:05] It's National Cybersecurity Awareness Month 2025, here in the U.S. It's a big month for everyone in Gwenn's house; they have to pull their own weight a little more because she's traveling a lot, she's out a lot, and there are a lot of conferences and meetings going on! [26:29] Gwenn tries not to shove everything cyber just into October. October is busy, and she loves it. [26:56] On October 29th, at the Sheraton New York Times Square Hotel in Manhattan, Gwenn will be the Conference Co-Chair for the Zywave Cyber Risk Insights New York event. It's a full day with a lot of very knowledgeable individuals from a range of companies. [27:50] It is one of Gwenn's favorite events. It's a day packed with good information. She would love to see more risk managers and CISOs join it. The amount of information you can get in one day is almost unbelievable. The content is pretty diverse. [28:21] It covers claims, the state of the market, the different ways threat actors are attacking, how to prepare better for attacks and for business continuity, and how to organize invoices and costs as you're going through an incident response. [29:01] Gwenn says, Get the small things right so you can deal with the big things. While you tackle the small things, you can talk about whether or not the law requires you to file notifications to seven million people and how to get through that as a company. [29:22] Gwen says it's a great event. Gwenn will be there, giving opening remarks. Justin will be there, after attending a heavy metal concert the night before. The link is in this episode's show notes. [30:52] When Gwenn entered the cybersecurity field, she was surprised at the female presence. One of the managing partners who interviewed her was a female. There are also savvy female hackers out there. [31:35] Gwenn says that in criminal law, people have trouble understanding that women can commit crimes, the same way that men can. Gwenn points out Elizabeth Holmes and the book Bad Blood, about Theranos. [32:23] Gwenn mentions a woman in government who embezzled $22 million from her community to show horses. [32:42] Gwenn says, in terms of cybersecurity being a male-dominated field, we're all learning together; anybody who tries and is committed to it can do it. Because it's new, people come from different backgrounds with diverse experiences. [33:11] Gwenn says, We're seeing value in people coming from different careers and different industries and seeing their skillsets translate to cybersecurity. In this field, you need great diversity with people from all different backgrounds to be able to tackle this. [33:38] It's not one-size-fits-all. There are personalities involved. There are different businesses involved, from small to large, public to government. You have to be able to understand a huge variety of people and businesses. You have to understand a huge amount of technology. [34:00] Gwenn talks about the differences between cybersecurity and other industries. eDiscovery for cyber is not the same as eDiscovery for litigation. You need special people and tooling, and you have to understand what the tooling is, which helps you figure out timing. [34:43] Technology is always developing. Gwenn compares it to cat and mouse. We're constantly chasing the bad guys to figure out what they're doing. Sometimes it's reactive. They'll think of something new, and we've never seen it before. This is how we get through it. [35:04] The tools and a skillset you've used dealing with everything before help you tackle what's coming. Even the way we investigate and respond to things has changed. [35:16] Gwenn says when we came on the scene, we would grab images of all the computers. If there were 50 computers, you would have 50 images, which would mean people going through a massive amount of data, taking a really long time. [35:30] We don't do that now. We have tools and technology that can get through a system programmatically, to pull the evidence we need to do these investigations without having to go into a shop and take copies of laptops or servers to get through that. [35:49] That makes a potential difference of millions of dollars in responding. It's the difference between months and a month to respond. [36:15] Gwenn has not seen a malicious actor with technology or an algorithm that is beyond what she has seen before. She says, We have the technology they have. You'd be surprised how much private industry gives to our community in terms of intelligence and technology. [36:35] Gwenn adds, We work with the government to find out solutions. The industry is armed pretty well. Gwenn has seen some things that have impressed her. One attacker was pulling searches from a legal hold, getting into sensitive information. [37:16] Their searches looked legitimate, like what an attorney would look for, so it didn't set off bells and whistles. Gwenn wonders how they knew to look in a legal hold. Were they lawyered? That was something small but ingenious to Gwenn. [37:46] Seeing a smart attack invigorates Gwenn to use her brain and try to be as smart or smarter. She says that's what is great about this job. It's constantly changing. You're constantly moving. It's not for weak minds. [38:11] To excel, you have to be smart, tenacious, and love learning. You have to love that you may be an expert in this, but you may become obsolete. You've got to keep your game up.  Gwenn says she is just a big nerd for it. [38:33] Attackers are using AI more. Gwenn recalls two incidents recently where two different groups, for two different reasons, were attacking Salesforce. That's the rub of being popular. One group used AI to search quickly for sensitive information to leverage attacks on companies. [39:27] Unfortunately, people are reusing passwords, and the bad guys know that. Gwenn says you'd better not! [39:57] Justin comments that AI being used for a cyber attack should be on companies' risk radars. How can they adjust defense strategies to stay ahead of something like that? [40:08] Gwenn is dealing with that at this moment. If you are a big company with subsidiaries and locations around the country or the world, segregate the networks. If an attack hits your facility in Oklahoma, they won't have access to your facility in Belgium. [40:38] If your locations are networked, it's a domino effect. If one goes down, they all go down. In terms of business resilience, that is the one factor that can tumble everything with the press of a button. [40:55] The tools that bad guys are using are meant to get them through fast. They get in, use AI to conduct reconnaissance, and get terabytes of data out quickly. It's important to take every effort to reduce the severity of an attack in its spread and the amount of data stolen. [41:40] Can they move laterally within a company or elevate privileges by getting to the admin, who has access to everything? It's great to focus on how to prevent it, but the reality is, they're going to find a way. It's not if, it's when. [42:09] While you have to prevent the attack from happening, and be vigilant. If you get an attack, you have to make sure it's small, you respond quickly, and it's not going to hit every facet of your company. Attacks that hit every facet of the company are the most devastating. [42:39] Justin says you've been wonderful. You've given us so much to think about when it comes to National Cybersecurity Awareness Month. You do great work! I look forward to seeing you in more AXA XL RIMS collaborative webinars! [42:55] We'll see you in the city for the Zywave Cyber Risk Insights New York, on  October 29th, delivering the opening address and mingling with attendees. [43:04] Gwenn says, I'll be there all day, attending sessions, supporting my friends on panels, my cyber family, and for folks who want to meet me. I'm always happy to talk cyber! [43:24] Justin says, Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals. [43:30] You've been such a wonderful guest, and I appreciate all your time and insight today. Thank you, Gwenn! [43:43] Special thanks to Gwenn Cujdik of AXA XL for joining us here to discuss all things cyber. The AXA XL RIMS webinar, “Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals,” is now available on demand through the RIMS.org/Webinars page. [44:05] A link is also in this episode's show notes. [44:07] Gwenn will deliver the opening address at the Zywave Cyber Risks Insights New York Conference on October 29th in Manhattan. A link is in this episode's show notes. [44:19] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [44:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [45:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [45:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [45:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [45:54] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [46:06] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS ERM Conference 2025 — Nov. 17‒18 Spencer Internship Program — Registration Open Through Oct. 15. RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS Risk Management magazine | Contribute RIMS Now Zywave's 2025 Cyber Risk Insights Conference — Oct. 29, 2025 | New York City StaySafeOnline.org “RIMS Issues Statement on the Passing of Legendary Risk Leader and Former RIMS President Susan Meltzer” Upcoming RIMS Webinars: RIMS.org/Webinars Natural Hazards: A Data-Driven Guide to Improving Resilience and Risk Financing Outcomes | Oct. 9 | Sponsored by Global Risk Consultants Jury Dynamics: How Juries Shape Today's Legal Landscape | Oct. 16, 2025 | Sponsored by Zurich Parametric Insurance: Providing Financial Certainty in Uncertain Times | Oct. 30, 2025 | Sponsored by Swiss Re Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World | Nov. 6 | Sponsored by Hub “Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals”   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about Cyber: “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver”   Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Gwenn Cujdik, Incident Response and Cyber Services Lead for North America at AXA XL Production and engineering provided by Podfly.  

From the floor of TribalNet 2025, Michelle Bouschor catches up with Andy Jabbour of Gate 15 to talk incident response, why non-IT leaders need to be part of the conversation, and what's trending across the conference. Plus, a fun pop-up question: what would Andy do if he weren't working in tech?   Connect with Andy on LinkedIn and learn more about Gate 15!

Je hoopt als CISO dat je ze nooit hoeft te bellen; incident response partijen. Maar als je ze nodig hebt, dan ben je blij dat ze er zijn.Hoe zorg je dat je een goede incident response partij selecteert? Hoe zit het eigenlijk met de relatie tussen ransomware verzekeraars en incident response partijen? Wie is er dan eigenlijk de klant? En hoeveel waarde moeten we hechten aan het nieuwe keurmerk voor incident response?Ik sprak Lisa de Wilde tijdens Cybersec Netherlands over deze vragen. Als incident responder met vele jaren ervaring weet zij alles wat je moet weten om te zorgen dat je een gedegen partij kiest als het er écht toe doet.Met dank aan Beyond Products wederom voor het mogen gebruiken van de opname apparatuur. Helaas mist aan het einde een deel van de video, maar dat mag de pret niet drukken!YouTube:https://youtu.be/dsALjRxoPPE

This month I talk with Louise Cullinan about Critical Incident Response. She is an expert on the subject and currently leads training for organizations so they have the tools and skills to deal with the aftermath of a mishap. Check out these links for more information. https://airlineincidentresponse.com/ https://icisf.org/   This Podcast is sponsored by Time2climb Training and Consulting

In this episode of No Password Required, host Jack Clabby and guest host Sarina Gandy discuss the insights gained from their conversation with Demarcus Williams, a senior security engineer at Starbucks. They explore Demarcus's journey into cybersecurity, the importance of competitions like CCDC in career development, and the role of gut instinct in cybersecurity. The discussion also touches on the differences between corporate cultures, the significance of mentorship, and the fun aspects of the cybersecurity community, including a light-hearted lifestyle polygraph segment. TakeawaysDemarcus' curiosity about video games sparked his interest in cybersecurity.The transition from defense contracting to corporate roles offers broader access to tools.Gut feelings play a significant role in cybersecurity decision-making.Competitions like CCDC are crucial for career development in cybersecurity.Networking at competitions can lead to job opportunities.Corporate culture varies significantly between government contracting and tech companies.A people-first approach is essential in mentorship and cybersecurity.The red team experience enhances skills applicable to day-to-day work.Work-life balance is crucial in maintaining a sustainable career in cybersecurity.Engaging with the community is vital for personal and professional growth. Chapters00:00 Introduction to Cybersecurity and Curiosity02:47 Day-to-Day Life of a Senior Security Engineer05:30 The Role of Gut Instinct in Cybersecurity08:31 Early Inspirations and the Journey into Cybersecurity11:35 The Importance of Competitions in Career Development14:33 Transitioning from Student to Professional17:34 The Red Team Experience and Its Impact20:25 Recruitment Opportunities in Cybersecurity Competitions23:33 Navigating Corporate Culture in Cybersecurity26:31 Mentorship and People-First Approach29:11 Lifestyle Polygraph and Fun Insights

In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

The race to deploy AI is on, but are the cloud platforms we rely on secure by default? This episode features a practical, in-the-weeds discussion with Kyler Middleton, Principal Developer, Internal AI Solutions, Veradigm and Sai Gunaranjan, Lead Architect, Veradigm as they compare the security realities of building AI applications on the two largest cloud providers.The conversation uncovers critical security gaps you need to be aware of. Sai reveals that Azure AI defaults to sending customer data globally for processing to keep costs low, a major compliance risk that must be manually disabled . Kyler breaks down the challenges with AWS Bedrock, including the lack of resource-level security policies and a consolidated logging system that mixes all AI conversations into one place, making incident response incredibly difficult .This is an essential guide for any cloud security or platform engineer moving into the AI space. Learn about the real-world architectural patterns, the insecure defaults to watch out for, and the new skills required to transition from a Cloud Security Engineer to an AI Security Engineer.Guest Socials - ⁠⁠⁠Kyler's Linkedin + Sai's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who are Kyler Middleton & Sai Gunaranjan?(03:40) Common AI Use Cases: Chatbots & Product Integration(05:15) Beyond IAM: The Full Scope of AI Security in the Cloud(07:30) The Role of the Cloud in Deploying Secure AI(13:10) AWS AI Architecture: Bedrock, Knowledge Bases & Vector Databases(15:10) Azure AI Architecture: AI Services, ML Workspaces & Foundry(21:00) The "Delete the Frontend" Problem: The Risk of Agentic AI(23:25) A Security Deep Dive into Microsoft Azure AI Services(29:20) Azure's Insecure Default: Sending Your Data Globally(31:35) A Security Deep Dive into AWS Bedrock(32:30) The Critical Gap: No Resource Policies in AWS Bedrock(33:20) AWS Bedrock's Logging Problem: A Nightmare for Incident Response(36:15) AWS vs. Azure: Which is More Secure for AI Today?(39:20) A Maturity Model for Adopting AI Security in the Cloud(44:15) From Cloud Security to AI Security Engineer: What's the Skill Gap?(48:45) Final Questions: Toddlers, Kickball, Barbecue & Ice Cream

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Bridging Military and Civilian Cybersecurity: Leadership, Skills, and Lifelong Learning with Christopher RossPub date: 2025-09-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with cybersecurity leader and National Guard threat hunt team lead Christopher Ross, diving into the real-world experiences that shape careers in the intersecting worlds of IT and OT security. Chris shares his 18-year journey from joining the military with a passion for computers to leading critical infrastructure cybersecurity efforts - both in uniform and in the private sector. Together, Aaron and Chris break down myths about gatekeeping, discuss the unique challenges of military versus civilian roles, and highlight lessons learned along the way. From imposter syndrome to servant leadership, the conversation unpacks how effective communication, continuous training, and the willingness to learn from failure fuel professional growth. Chris also reflects on how military training instills risk mitigation and teamwork, and how those skills can translate - and sometimes clash - with civilian cybersecurity cultures. They talk certifications, hands-on learning, the importance of meaningful tabletop exercises, and the evolving landscape as AI powers both attackers and defenders. Whether you're a veteran, a fresh analyst, or just passionate about cybersecurity, this honest and energetic exchange will leave you motivated to keep learning, keep growing, and keep protecting it all. So grab your energy drink and tune in for a conversation that proves everyone in cyber, no matter their path, has wisdom worth sharing.   Key Moments:  05:30 Military Adventures Surpass Civilian Opportunities 07:28 Military vs. Civilian Leadership Dynamics 10:42 Clarifying Civilian vs Military Missions 12:22 Leadership: Addressing Miscommunication & Misalignment 15:45 Toxic Leadership and Military Transition 20:01 Reliance on Tools vs. Core Skills 22:29 "Forgotten Skills Fade Over Time" 25:13 Boosting Confidence in New Roles 29:42 Interactive Training and Environmental Protection 32:37 Purple Teaming Strategy Insights 36:15 Persistence in Skill Development 39:04 Soft Skills Matter for Career Growth 42:44 "Technical & Business Acumen Fusion" 44:41 Military: Career Value and Benefits 48:09 "Cyber Education for K-12" Resources Mentioned :  https://www.ransomware.live/ comprehensive resource that tracks and monitors ransomware groups and their activities. https://ransomwhe.re/ tracks ransomware payments by collecting and analyzing cryptocurrency addresses associated with ransomware attacks.  https://www.ransom-db.com/ real-time ransomware tracking platform that collects, indexes, and centralizes information on ransomware groups and their victims.  About the Guest :  Christopher Ross is a veteran and cybersecurity leader with over 15 years of experience in Security Operations, Incident Response, and threat hunting across defense and fintech. A Chief Warrant Officer in the Army National Guard's Cyber Brigade, he has led blue and purple team operations, translating military discipline and teamwork into enterprise cyber defense strategies.   In his civilian career, Christopher has built and led SOC teams, integrated MSSPs, and driven automation to strengthen detection and response capabilities at organizations including MACOM, CFGI, Draper, and Abiomed. He holds a Master of Science in Information Security Engineering from the SANS Technology Institute and more than a dozen GIAC certifications. An Order of Thor recipient from the Military Cyber Professional Association.    Christopher is passionate about developing playbooks, advancing training pipelines, and mentoring the next generation of defenders. Sharing lessons from his veteran-to-cyber journey, practical insights on certification paths and ROI, and real-world stories from blue-team operations and purple-team collaboration.   Visit  https://public.milcyber.org/ The Military Cyber Professionals Association is the only U.S. military professional association with cyber at its core. It connects, supports, and elevates those who serve in or support the military cyber domain, while investing in future generations through education and mentorship. Connect Christopher : https://www.linkedin.com/in/christopheraross-ma/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.Learn more about Asimily: itspm.ag/asimily-104921Note: This story contains promotional content. Learn more.Guest: Shankar Somasundaram, CEO & Founder, Asimily  | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/Company Directory: https://www.itspmagazine.com/directory/asimilyResourcesLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

“Organizations spend heavily on prevention, but incidents still happen. What makes the difference is how well you respond—and you can't do that by flipping through a 50-page Word document,” says Noam Morginstin, CEO and Co-Founder of Exigence. At the MSP Summit in Orlando, Doug Green, Publisher of Technology Reseller News, sat down with Morginstin to discuss how Exigence helps enterprises and MSPs shift from static documents to a dynamic, platform-based approach to incident readiness. Exigence provides organizations with the ability to build, practice, and execute cybersecurity incident response plans—as well as broader crisis plans such as disaster recovery or business continuity. For MSPs, the company offers a multi-tenant platform with ready-to-use templates and tabletop scenarios, making it simple to onboard clients and provide ongoing value. Morginstin stressed that effective incident response requires three steps: Create a plan. Practice it through tabletop exercises. Execute it when an incident occurs. By moving this entire lifecycle onto a platform, MSPs can eliminate outdated or inaccessible documents, improve client preparedness, and create a scalable, profitable service offering. “The hackers don't discriminate between large and small companies,” Morginstin explained. “Every business needs to be prepared to respond efficiently when—not if—an incident occurs.” Learn more at exigence.io.

In this Aftershow with host George Jack, Tom Wetzel explains how cybercrime—fueled by AI tools and global cyber gangs—poses escalating risks for agencies and small businesses, stressing the … Read More » The post Navigating the Cyber Claim Minefield | IJA Aftershow: Tom Wetzel appeared first on Insurance Journal TV.

Got a question or comment? Message us here!

Integrity360, one of Europe and EMEA's leading cyber security specialists, has been named as a Representative Vendor in the 2025 Gartner Market Guide for Digital Forensics and Incident Response (DFIR). The Gartner Market Guide provides security and risk management leaders with insights to understand the DFIR market, evaluate trends, refine requirements and identify market players. Integrity360 is listed among 40 vendors globally which, according to Gartner, best represent the DFIR market and attract the most client interest through Gartner.com searches and inquiries. DFIR retainers are increasingly viewed as a cornerstone of cyber resilience, providing organisations with rapid access to expert teams who can investigate malicious activity, conduct forensic analysis, support recovery and perform post-incident reviews. According to Gartner, these retainers are now often required by cyber insurance policies and certain regulations, such as the Digital Operational Resilience Act (DORA). The guide also highlights that the DFIR market continues to grow in response to rising security incidents, with AI integration significantly reducing investigation times and improving incident context. It emphasises the value of providers offering both reactive services - such as breach investigation and ransomware negotiation - and proactive measures including tabletop exercises, penetration testing and readiness assessments. "We are pleased to be recognised by Gartner as a Representative Vendor in the DFIR market," said Richard Ford, CTO at Integrity360. "As organisations face tighter regulatory mandates and increasingly sophisticated threats, we're proud to offer DFIR services which are designed to minimise impact, support recovery and strengthen defences against future threats." Integrity360's DFIR services give clients 24/7 access to incident response specialists across multiple regions, enabling rapid deployment when needed. These services include forensic investigation, malware analysis and breach containment to help strengthen long-term resilience. See more stories here.

In the current threat landscape, one can easily become overwhelmed. I sat down with Noam Morginstin, founder of Exigence, to talk about realistic ways MSPs can begin building their Incident Response Plan and how to tackle successful Tabletop Exercises and prepare for resilience.

Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and the Defender Fridays community sit down with Jared Atkinson and dive into BloodHound.Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at www.invoke-ir.com.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at https://limacharlie.io/defender-fridays

Send us a textIn this action-packed episode, Joey Pinz sits down with cybersecurity veteran and ex-MSP operator Chris Loehr. From his early days as a two-footed soccer midfielder to leading Solis Security through complex ransomware response cases, Chris shares insights forged in both cleats and crisis. ⚽

Join us for the second part of our deep dive into incident response and recovery on the Tech for Business Podcast. In this episode, Todd, COO and CISO, and Nate, Director of Cybersecurity, unpack the challenging balance between acting swiftly and investigating thoroughly. Learn about the critical role of backup systems, the impact of regulatory rules, and the importance of continuous improvement for businesses. They also discuss containment strategies, maintaining business operations during an incident, and how to prepare your organization for future challenges. Don't miss out on their insightful tips and real-life examples!00:00 Introduction to Incident Response and Recovery00:34 Balancing Speed and Thoroughness in Incident Response01:33 Containment and Eradication Strategies05:25 The Importance of Pre-Planning and Backup Systems16:12 Challenges in Incident Removal and Insider Threats18:53 Recovery Time and Prioritization23:20 Lessons Learned and Continuous Improvement28:00 Conclusion and Contact InformationResources: Master Tabletop Exercises: https://www.cit-net.com/mastering-incident-response-tabletop-exercises/ Your Role in Incident response: https://www.cit-net.com/your-role-in-incident-response/ St Paul Cyber Incident: https://www.cit-net.com/city-of-st-paul-cyber-incident/ SonicWall Vulnerability: https://www.cit-net.com/sonicwall-vulnerability-breakdown/ Eliminate VPNS: https://www.cit-net.com/the-end-of-vpns/ NIST: https://csrc.nist.gov/projects/incident-response

What happens when a cybersecurity incident requires legal precision, operational coordination, and business empathy—all at once? That's the core question addressed in this origin story with Bryan Marlatt, Chief Regional Officer for North America at CyXcel.Bryan brings over 30 years of experience in IT and cybersecurity, with a history as a CISO, consultant, and advisor. He now helps lead an organization that sits at the intersection of law, cyber, and geopolitics—an uncommon combination that reflects the complexity of modern risk. CyXcel was founded to address this reality head-on, integrating legal counsel, cybersecurity expertise, and operational insight into a single, business-first consulting model.Rather than treat cybersecurity as a checklist or a technical hurdle, Bryan frames it as a service that should start with the business itself: its goals, values, partnerships, and operating environment. That's why their engagements often begin with conversations with sales, finance, or operations—not just the CIO or CISO. It's about understanding what needs to be protected and why, before prescribing how.CyXcel supports clients before, during, and after incidents—ranging from tailored tabletop exercises to legal coordination during breach response and post-incident recovery planning. Their work spans critical sectors like healthcare, utilities, finance, manufacturing, and agriculture—where technology, law, and regulation often converge under pressure.Importantly, Bryan emphasizes the need for tailored guidance, not generic frameworks. He notes that many companies don't realize how incomplete their protections are until it's too late. In one example, he recounts a hospital system that chose to “pay the fine” rather than invest in cybersecurity—a decision that risks reputational and operational harm far beyond the regulatory penalty.From privacy laws and third-party contract reviews to incident forensics and geopolitical risk analysis, this episode reveals how cybersecurity consulting is evolving to meet a broader—and more human—set of business needs.Learn more about CyXcel: https://itspm.ag/cyxcel-922331Note: This story contains promotional content. Learn more.Guest: Bryan Marlatt, Chief Regional Officer (North America) at CyXcel | On LinkedIn: https://www.linkedin.com/in/marlattb/ResourcesLearn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcelLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

It's not just a show, it's a lifeline for how to unscary a seemingly daunting career journey – no matter where you're at in your IT or security hustle.From super-talented IT cartoonist and influencer marketing service agency co-owner, Forrest Brazeal, and gifted Automox VP of Customer Experience, Charles Coaxum, to the sagely verbose CISO and VP of Product at Automox, Jason Kikta, and Gong's inspirational Director of IT, James Sennett – our handpicked line-up of industry trailblazers won't just talk about how to advance. Instead, they'll walk you through real-life strategies to help you climb the career ladder and stay on the top rung once you get there.This show was broadcast live Wednesday, October 30, 2024 at 12 PM Central Time. 

Keywordscybersecurity, product management, career development, market strategy, customer insights, hacking, music, team building, startup life, risk management  SummaryIn this episode of No Password Required, host Jack Clabby and co-host Kayleigh Melton engage in a lively conversation with John Shipp, a product strategist at Rapid7. They explore John's unique journey from a metalhead to a cybersecurity expert, discussing the importance of passion in career development, the intricacies of product management, and the significance of customer insights in shaping cybersecurity solutions. John shares his early experiences in hacking, the influence of music on his life, and the value of building strong teams and company culture. The episode concludes with a fun segment called the Lifestyle Polygraph, where John answers quirky questions about his ideal cyber team and his dream day with Ric Flair.  TakeawaysBeing a metalhead prepares you for the boardroom.You can follow your passion and thrive in your career.Product management involves understanding customer needs and market dynamics.Curiosity is a key driver in the tech field.Great teams are built on strong leadership and culture.Startup life requires a willingness to take risks.Networking and building relationships are crucial in cybersecurity.Understanding your risk appetite is important when considering career moves.Music can be a significant influence on personal and professional life.Mentorship and sharing knowledge are vital for growth in the industry. TitlesFrom Metal to Management: A Cybersecurity JourneyPassion and Profession: Finding Your Path in Cybersecurity Sound bites"You can follow your passion and thrive.""I learned security at scale.""Curiosity drives my passion for tech." Chapters00:00 Introduction to Cybersecurity and Personal Journeys02:49 The Role of Passion in Career Development05:21 Navigating Product Management and Market Strategy08:23 The Evolution of Cybersecurity Skills11:37 The Importance of Customer Insights in Product Development14:35 Early Experiences in Hacking and Cybersecurity17:24 The Influence of Music on Personal and Professional Life20:19 Building Teams and Company Culture23:10 Startup Life and Risk Management26:08 Lifestyle Polygraph: Fun Questions and Insights29:13 Final Thoughts and Connections 

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA's leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft's SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won't Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Jowan Joseph. Chris and Jowan discuss the importance of effective communication, role adaptation, and the psychological aspects of crisis situations. The discussion emphasizes the need for proactive preparedness and building trust within teams to navigate challenges effectively.  [Aug 18, 2025]   00:00 - Intro 00:32 - Jowan Joseph Intro 00:44 - New Format 01:24 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:08 - Tabletop...Child's Play 04:36 - Phase One: Assigning Roles 07:11 - Going Rogue 08:05 - Measuring Tone 09:22 - A Few More Twists 09:57 - Some Heads Are Gonna Roll 10:41 - Communication Breakdown 12:17 - Post Mortem                                                      13:44 - Alignment at Scale 14:57 - Divide and Conquer... Together 17:31 - Proactive Instead of Reactive 20:21 - The Communication Gap 21:22 - Trust Factor 22:15 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Agentic AI is moving from hype to reality, reshaping how enterprises operate, and how cyber defenders must adapt. In this CyberTalks episode, Mark Gillett (Chief Product Officer, eSentire) is joined by Ben Wilde (Head of Innovation, Georgian) to break down the risks, reliability challenges, and opportunities presented by autonomous AI agents.In this episode, we explore:How AI agents expand the enterprise attack surfaceWhy “agent security” may soon be its own disciplineGuardrails security leaders need before adoptionThe balance between automation and human oversight in the SOCA practical crawl–walk–run model for implementing agentic AIIf you're a CISO, SOC architect, or IT leader, this episode will help you cut through the hype and prepare your team for the next frontier of AI-driven cybersecurity.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.esentire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and follow ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@eSentire⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Christopher Luft, Co-Founder and CCO of LimaCharlie, and Dr. Mike Saylor, CEO of Blackswan Cybersecurity, sat down with the Defender Fridays community for Black Hat week wrap up and a deep dive building secure environments for IR.Dr. Mike Saylor is an accomplished, outcome-driven and solution-focused business professional and entrepreneur with 30+ years of Consulting, IT Audit & Risk, Cyber Security & Incident Response experience. Uniquely qualified as a leader with a solid knowledge of operations, strategy and management, Dr. Mike has enjoyed repeated success guiding highly skilled, cross functional teams in areas of intelligence, security, technology, and audit & compliance. Dr. Mike is an experienced public speaker, writer, and researcher on topics of technology, security, and cybercrime. He stays current with changes in the industry through professional affiliations and continuing professional development. Learn more about Blackswan Cybersecurity at blackswan-cybersecurity.comOn Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at limacharlie.io/defender-fridays

In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. We'll cover the do's, don'ts, and common mistakes we see, so you're ready when the heat is on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss incident response planning. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Podcast: Simply ICS CyberEpisode: S1 E5: Incident Response in ICS/OT/SCADAPub date: 2025-04-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHow does Incident Response in ICS/OT/SCADA work? In this episode of Simply ICS Cyber, Don and Tom welcome Kai Thomsen, Director of Global Incident Response Services at Dragos.Join us as we answer the questions below and provide more insight into how IR works in OCS, OT, and SCADA:- Is DFIR the same on the OT side as the IT side?- What are some of the challenges the OT DFIR team faces?- In an organization, who is responsible for OT incident response?- What are table tops, how should you conduct them?- What are some table top exercises?- How do you get into OT DFIR?Discover the Dragos 2025 YIR Report: https://www.dragos.com/ot-cybersecurity-year-in-reviewConnect with Kai on LinkedIn: https://www.linkedin.com/in/kai-thomsen-a635b21b7Check out the Incident Response Table top resources below:- CISA Tabletop Exercise Packages (CTEPs)- CISA ICS Training- Dean Parson's ICS Incident Response Tabletops- Lenny Zeltser Cheat Sheets and Presentations- NERC's Grid Security Exercise (GridEx) - MITRE Cyber Exercise Playbook- Black Hills Information Security (BHIS) Backdoors and Breaches ICS/OT Deck- Center for Internet Security, Tabletop Exercises – Six Scenarios to Help Prepare Your Cybersecurity Team- Red Canary: Are You Using Tabletop Simulations to Improve Your Information Security Program?- Dragos: Preparing for Industrial Cyber Response Tookit- Dragos: Preparing for Incident Handling and Response in ICS- Dragos Tabletop Exercise- ICS4ICS Incident Command System for Industrial Control Systems- European Network for Cyber Security (ENCS) Red Team – Blue Team TrainingJoin us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don linkedin.com/in/cutaway- Tom linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/SocialsThe podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The nature of Security Operations is changing. As cloud environments grow in complexity and data volumes explode, traditional approaches to detection and response are proving insufficient. This episode features an in-depth conversation with Kyle Polley, who leads the AI security team at Perplexity, about a modern blueprint for the Security Operations Center (SOC).The discussion centers on a necessary architectural shift away from traditional SIEMs, which were not built for today's scale, toward a "data lake infrastructure built for detection and response". Kyle explains how this model provides the scalability needed to handle modern data loads and enables a more effective incident response process.A cornerstone of this new model is the use of centralized AI agents. The conversation explores how these agents can be tasked with performing in-depth alert investigations, helping to reduce analyst burnout and allowing security teams to focus on more proactive, high-impact work. This approach moves beyond simple automation to create a system where AI augments and enhances the capabilities of the human team.Guest Socials -⁠⁠ ⁠⁠⁠⁠Kyle's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction to Kyle Polley & The Future of SOCs(01:03) The Core Argument: Why You Must Build Your SOC Before Compliance(03:34) Beyond the Certificate: The Difference Between Being Compliant vs. Secure(04:20) Today's #1 AI Threat: The Challenge of Prompt Injection(06:00) The Architectural Flaw: Handling Untrusted Data in AI Systems(08:20) The "Security Data Lake": Moving Beyond the Traditional SIEM(15:00) The Future is Now: A Centralized AI Agent for Automated Investigations(20:06) Will AI Take My Job? How AI Elevates, Not Replaces, the Security Analyst(25:20) Redefining "Shifting Left" with Personal AI Security Agents(31:00) Can AI Reason? How Modern AI Agents Intelligently Query Logs(37:05) Rethinking Incident Response Playbooks in the Age of AI(41:00) The MVP SOC: A Practical Roadmap for Small & Medium Companies(46:08) Final Questions: Maintaining Optimism, Woodworking, and Tex-Mex(50:08) Where to Connect with Kyle PolleyResources spoken about during the episode:Easy Agents: an open-source frameworkHow to give every department their own AI Agent

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Keywordscybersecurity, military transition, Tampa cybersecurity, mentorship, cyber law, incident response, private sector, cybersecurity misconceptions, legal perspectives, cybersecurity growth  SummaryIn this episode of No Password Required, hosts Jack Clabby and Kayley Melton sit down with Kurt Sanger — former Deputy General Counsel at U.S. Cyber Command — to talk about the evolving world of cyber law, the wild ride from government service to private sector strategy, and what keeps him grounded in a field that's constantly shifting. Kurt dives into the fast-growing cybersecurity scene in Tampa, the power of mentorship, and why people still get cyber law so wrong. Plus: insights on responding to incidents under pressure and what role the government should (and shouldn't) play in the digital fight.  TakeawaysKurt emphasizes that newcomers to cybersecurity are not as far behind as they think.The transition from military to private sector can be challenging but rewarding.Tampa is becoming a significant hub for cybersecurity talent and companies.Understanding cybersecurity misconceptions is crucial for decision-makers.Mentorship plays a vital role in navigating career challenges in cybersecurity.Military and civilian cyber law have distinct differences in enforcement and flexibility.The stakes in private sector cybersecurity can be incredibly high for clients.Kurt's experience highlights the need for collaboration between government and private sectors.Cybersecurity is an ever-evolving field that requires continuous learning.Kurt finds excitement in helping clients during their most challenging times.  Sound bites "You're only six months behind.""We're all in the same boat.""The government needs to step back."  Chapters 00:00 NPR S6E7 Kurt Sanger52:53 NPR S6E7 Kurt Sanger01:45:47 Introduction to Cybersecurity Conversations01:48:22 Transitioning from Military to Private Sector Cybersecurity01:51:11 The Growth of Tampa as a Cybersecurity Hub01:54:05 Understanding Cybersecurity Misconceptions01:57:15 The Role of Mentorship in Cybersecurity Careers02:00:24 Military vs. Civilian Cybersecurity Law02:03:07 The Excitement of Cyber Command vs. Private Sector02:13:52 High Stakes in Cybersecurity for Small Organizations02:15:44 The Role of Legal Experts in Cybersecurity02:17:21 Translating Technical Jargon for Clients02:18:57 Challenges of Explaining Cyber Operations to Commanders02:22:43 Lifestyle Polygraph: Fun Questions and Insights02:23:30 The 10,000 Hour Rule in Cybersecurity02:29:34 Creative Freedom with LEGO Bricks02:31:27 Tampa's Culinary Delights and Local Favorites

Title: "Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time"A Post–Infosecurity Europe 2025 Conversation with Ken MunroGuestsKen Munro Security writer & speakerhttps://www.linkedin.com/in/ken-munro-17899b1/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________After a whirlwind week at Infosecurity Europe 2025, I had the chance to reconnect with Ken Munro from Pen Test Partners — a longtime friend, hacker, and educator who brings cybersecurity to life in the most tangible ways. From car hacking escape rooms to flight simulators in pubs, we talked about why touching tech matters, how myth-busting makes us safer, and how learning through play might just be the key to securing our increasingly complex world. Tune in, and maybe bring a cocktail.⸻There's something special about catching up with someone who's not just an expert in cybersecurity, but also someone who reminds you why this industry can — and should — be fun. Ken Munro and I go back to the early days of DEFCON's Aviation Village, and this post-Infosecurity Europe 2025 chat brought all that hacker spirit right back to the surface.Ken and his crew from Pen Test Partners set up shop next to the main Infosecurity Europe venue in a traditional London pub — but this wasn't your average afterparty. They transformed it into a hands-on hacking village, complete with a car demo, flight simulator, ICS cocktail CTF, and of course… a bar. The goal? Show that cybersecurity isn't just theory — it's something you can touch. Something that moves. Something that can break — and be fixed — before it breaks us.We talked about the infamous “Otto the Autopilot” from Airplane, the Renault Clio-turned-Mario Kart console, and why knowing how TCAS (collision avoidance) works on an Airbus matters just as much as knowing your Wi-Fi password. We also dug into the real-world cybersecurity concerns of industrial systems, electronic flight bags, and why European regulation might be outpacing the U.S. in some areas — for better or worse.One of the biggest takeaways? It's time to stop fearing the hacker mindset and start embracing it. Curiosity isn't a threat — it's a superpower. And when channeled correctly, it leads to safer skies, smarter cars, and fewer surprises in the water we drink or the power we use.There's a lot to reflect on from our conversation, but above all: education, community, and creativity are still the most powerful tools we have in security — and Ken is out there proving that, one demo and one pint at a time.Thanks again, Ken. See you at the next village — whichever pub, hangar, or DEFCON corner it ends up in.⸻Keywords: cybersecurity, ethical hacking, pen testing, Infosecurity Europe, embedded systems, car hacking, flight simulator, ICS security, industrial control systems, aviation cybersecurity, hacker mindset, DEFCON___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Send us a textAre you chasing every alert but missing the point? In this dynamic episode from IT Nation Secure 2025, Joey Pinz interviews Mark Balovnev, CEO of Serisma, to explore the evolving cybersecurity challenges facing MSPs—and how to approach them with focus and clarity.

Send us a textWhat do rock climbing and cybersecurity have in common? For Matthew Panizari, both demand strategy, grit, and constant reevaluation. In this powerful episode recorded at IT Nation Secure 2025, Joey Pinz explores Matthew's frontline experience in digital forensics and incident response.

Patch Tuesday. Mozilla  patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt's full interview here. The State of Data Security: Quantifying AI's Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report. Selected Reading Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register) Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue'  (The Register) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek) Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News) Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News) CISO who helped unmask Badbox warns: Version 3 is coming (The Register) How Scammers Are Using AI to Steal College Financial Aid  (SecurityWeek) 300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity) ConnectWise rotating code signing certificates over security concerns (Bleeping Computer) House Homeland Chairman Mark Green's departure could leave congressional cyber agenda in limbo (CyberScoop) Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices