POPULARITY
Categories
This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Kyle Friedman, who leads Security Contracting and Request for Proposal Support for our Information Security Client Data Protection team. She ensures that we have the right provisions in our proposal responses and contracts to run engagements in a secure fashion that works for both Accenture and our clients. Learn about Kyle's unconventional start at Accenture, passion for client data protection, and ability to translate information security topics to people outside the field. Her career advice? Always listen and keep an open mind.
Host James Dyson is joined by Jani Arnell, Senior Director and Head of Digital Trust & Security at Capgemini Invent; Jussi-Pekka Liimatainen, Information Security Compliance Manager at Valmet; Tomi Kallio, CISO at Normet; and Mohamed Mahmoud, Lead Consultant in Information Security and Functional Safety at Huld. Together, they explore how organizations are rethinking their cyber operating models to tackle today's evolving threat landscape. This episode uncovers strategies around digital trust, security leadership, risk resilience, and functional safety in critical industries.
The Future of HubSpot is PasswordlessLearn how HubSpot's CISO Alyssa Robinson breaks down passwordless authentication, innovative security strategies, and the art of balancing usability with protection on the latest episode. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Meet Chris Brandt, the new host of IT Visionaries.In this special episode, outgoing host Albert Chou passes the mic to Chris—a seasoned Technology Strategist with a passion for connecting bold ideas to real business outcomes.Chris's career spans startups to global enterprises, from building an EMP-shielded data center deep underground to deploying 200PB HPC environments in Fintech. His expertise includes business strategy, IT operations, security, and network architecture.Outside of work, he enjoys life with his wife Julie, their two kids, Lily and Camden, and their dog, Hobs.Get to know the new voice behind IT Visionaries—and what's coming next. ---Produced by the team at Mission.org and brought to you by Brightspot.
Data protection, disinformation and hybrid threats: impact on national security in the digital ageThe objective of this talk is to provide a view on the problem of the importance and role of strategic global policies and investments in the protection and resiliency of critical infrastructure, national and international, in the context of modern hybrid threats. Disinformation, broadly defined as false information intended to mislead, emanates from both states and non-state actors, and affects communities across the globe. Fake news and deception are ages-old phenomena, but the digital age has facilitated the amplification and manipulation of false information to an unprecedented extent threw internet and new media. Acknowledging the importance of disinformation and its consequences and considering the fact that in future wars the primary target of the attack is going to be critical infrastructure (one or more) the cyberspace will be a tool for conducting attack(s) threw hybrid threats. Potential solution to the problem of insufficient state protection of critical infrastructure should be observed through the prism of building investment policies in broader national strategies for protecting critical infrastructure as well as national security budget defence expenditures/allocations leading to higher level of protection and resiliency of critical infrastructure.Short bioProf. dr. sc. Marija Boban, Full Professor at Universtiy of Split Faculty of Law in Split is expert in the field of personal data protection, GDPR, information security and smart technologies; Head of Department of Economic, Financial and Information Sciences and Statistics, Faculty of Law, University of Split; Director and owner of the consulting company TechFuturo innovation specialized in business consulting in the digital age. Author and co-author of 7 books, more than 140 scientific papers in the field of personal data protection, cybersecurity, citizen's privacy, AI, robotics, right of access to information and computer forensics from which 45 scientific papers are cited in the Scopus and Web of science databases. Teaches courses Informatics in Law, Cyber crimes, Intellectual Property and Information Security, National Security Systems and Electronic Business at the Faculty of Law in Split and at the Department of Forensic Sciences at the University of Split. Also for many year is external associate professor of the Polytechnic "Marko Marulić" in Knin and the Faculty of Law, University of Mostar. As invited speaker and lecturer has participated in more than150 international and domestic scientific and professional conferences with the presentation of papers published in proceedings and relevant scientific and professional journals. She has won a number of awards and recognitions and through her many years of scientific and professional work has profiled her as one of the most recognized experts in the Republic of Croatia in cyber security, personal data protection, e-Health, e-Government and computer forensics.
In Jan. 2025, then-Vice President Kamala Harris announced a final rule by the Consumer Financial Protection Bureau to remove medical debt from consumers’ credit reports. The policy was to take effect in March, but just like many other Biden-era actions, the Trump administration is changing course. Now, a federal judge is expected to decide in mid-June about whether to vacate the consumer protection rule. Georgia ranks among the top five states with the most medical debt, with 13% of adults in the state owing money. Former health tech executive and consumer advocate Scott Speranza, the CEO of HealthLock, discusses what this could mean for Georgians. For “Closer Look’s” Class of 2025 graduation series, we hear from Bon Varlet. The standout Kennesaw State University graduate majored in information technology. She talks with Rose about her academic journey, including earning a Fulbright Study Award, and her aspirations to attend law school and to protect public institutions, particularly libraries.See omnystudio.com/listener for privacy information.
You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about what admins need to know about Agentforce and how to build secure AI experiences. You should subscribe for the full episode, but here are a few takeaways from our conversation with […] The post Why Secure AI Starts With You: What Admins Must Know About Agentforce appeared first on Salesforce Admins.
The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! This time, Accidental CISO is joined by guest host Dr. Gerald Auger, PhD. Gerald is the managing partner at Coastal Information Security Group, an adjunct professor of cybersecurity at The Citadel, and the founder of Simply Cyber. He is passionate about teaching and helping his clients, students, and community learn about cybersecurity. You can connect with Gerald online via on a variety of social platforms. A list is available at https://simplycyber.io/socials. You can find is huge library of video content on his YouTube channel. Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now! Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.
In this podcast session, the speaker will provide a deeper dive into all the prospective questions organizations must ask their technology providers prior to moving forward with a deal. Although, the technology works, great, but does the company as a whole? Moderator: @Christina Wojcik - Head of Innovation & Partnerships, Pierson Ferdinand LLP Speaker: @Krishna Vyas - Director of Third Party Risk Management and Information Security, CITI Recorded 5-15-2025
Understanding information security standards is the first step toward building a resilient and trustworthy organization. Cyber-attacks, data leaks, and rule-breaking are becoming more common. Businesses and people need to keep their information safe—but how can they do that? One way is by following security standards like ISO 27001.
Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about:The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems.Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them.The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.”Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience.Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.During this episode, we reference:Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022).Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66, Issue 1 (2022): 1116-1120.
In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
#036 – In this next episode, I was joined by Erin Grippo, Senior Manager of Product Operations at Brivo, who brings nearly a decade of experience in the security industry across marketing, business strategy, partnerships, and product operations.Today's conversation explored Erin's career journey and how she navigated major transitions across roles, companies, and countries. We discussed her philosophy about career growth, overcoming early career challenges, and her advice for aspiring professionals. Erin also shared her perspective on leadership development, the value of networking, and why mentorship is important in our careers. I think you'll find this to be an honest and inspiring discussion!After graduating from DePauw University with a degree in Communication, Erin launched her career at Allegion in the U.S. and later relocated to Toronto to lead multifamily and PropTech initiatives for Allegion Canada. She continued to expand her expertise at Latch, managing partnerships and launching new products and programs before joining Brivo in 2023.Erin is active in the security industry's professional community, serving on the Security Industry Association's RISE Steering Committee and previously on the Foundation for Advancing Security Talent (F.A.S.T) board from 2020 to 2024. She was recently named one of the 2024 Women in Security Forum Power 100. Erin is passionate about mentoring early-career professionals and building stronger pathways for the next generation of security leaders—and it was a pleasure having her on the podcast.-- Get the resources and show notes mentioned in this episode --https://thesecuritystudent.com/shownotes
The 2023 FBI Internet Crime Report reveals that nearly 21% of ransomware attacks targeted the healthcare and public health sectors—making them the top victims. This week on Feds At The Edge, we explore how agencies can defend against these growing threats. Benjamin Koshy, Chief Information Security Officer and Director, Division of Information Security of Indian Health Service, explains the unique identity management challenge in healthcare: balancing open patient access with strict data protection. Keith Busby, Acting CISO at CMS, outlines how to go beyond Zero Trust with real-world risk assessments and robust incident response plans - not just a three-ring binder gathering dust on a shelf. And Alec Lizanetz, Identity Protection Specialist from CrowdStrike, emphasizes the importance of prioritizing threats and using frameworks like CISA's to respond efficiently. Tune in on your favorite podcasting platform today to hear practical, high-impact strategies to secure critical systems and protect patient care, perfect for healthcare leaders who must protect both data and lives.
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance
Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Our feature guest this week is Jason Haddix, CEO/Hacker @ Arcanum Information Security. We're also trying something new with our interviews and Jason will be doing an Ask Me Anything in the #AMA channel on Slack. Head on over there to ask him any questions you might have! News from and a lot more! Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver airport seeks $150M contract for new consolidated rental car facility Metro Denver a leader nationally for how fast unsold homes are piling up Centennial-based Boom Technology chooses Adams County as test site for its supersonic jet engines Denver coding school to close Denver dialysis giant DaVita hit with ransomware attack Davita 8-K (ransomware attack) Proposed changes to Colorado's AI regulation draw mixed reactions from business leaders Cybersecurity metrics that matter (and how to measure them) The New Security Model: A Blueprint for Successful SASE Deployment Protecting Your Business – Ransomware Prevention and Recovery Best Practices Why Strong Digital Identity is Essential—With or Without Executive Order 14144 Upcoming Events: Check out the full calendar ASIS Denver - Colorado Corporate Security Symposium - 5/7 ISSA COS - May Chapter Meeting - 5/13 Let's Talk Software Security - Is Using AI Really That Insecure? - 5/14 ISSA Denver - ISC2 Certified Cloud Security Professional (CCSP) Exam Preparation - 5/17/-5/18 LIFT - Hike #1 - 5/20 ISC2 Denver - Enhancing Privacy and Security in the Age of AI-Driven Social Engineering - 5/27 Rocky Mountain Information Security Conference (RMISC) - 5/28-30 ISC2 Pikes Peak - Chapter Meeting - 5/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Andrew Guasp talks with Alex Gacheche about the importance of emotional intelligence (EQ) in the internal audit profession, especially in the context of AI advancements. They discuss how EQ can enhance internal audit effectiveness, the role of empathy and communication, and the impact of cultural differences on EQ. From active listening to handling difficult conversations, this episode unpacks the human side of internal auditing. HOST:Andrew Guasp, CIA Senior Manager, Standards & Professional Guidance, The IIA GUEST:Alex Gacheche, CISAHead of Internal Audit, Information Security, Technology Infrastructure, Emerging Technology, and AI, Meta Key Points Introduction [00:00–00:01:16] What Is Emotional Intelligence? [00:01:17–00:03:34] Human Judgment with AI [00:03:35–00:05:01] Balancing Hard and Soft Skills [00:05:02–00:06:27] Developing EQ in Auditing [00:08:42–00:11:51] EQ in Communication and Reporting [00:11:52–00:13:16] Training for EQ Skills [00:13:17–00:14:31] Blending AI and EQ [00:14:32–00:15:49] Resources to Grow EQ [00:15:50–00:18:24] Using EQ in Remediation [00:18:25–00:21:42] EQ in Planning and Information Gathering [00:21:43–00:24:01] Cultural Sensitivity and Word Choice [00:24:02–00:26:32] Leading Multigenerational Teams [00:26:33–00:30:17] EQ's Role in the AI Era [00:30:18–00:32:25] Leadership, Retention, and EQ [00:32:26–00:35:02] EQ in Walkthroughs and Meetings [00:35:03–00:40:47] Final Thoughts [00:40:48–00:41:53] The IIA Related Content Interested in this topic? Visit the links below for more resources: 2025 AuditSphere Virtual Conference Building a Better Auditor: The Powerful Synergy of EQ and AI Knowledge Centers: Artificial Intelligence 'Mastering Soft Skills in Internal Auditing,' All Things Internal Audit Podcast The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams. Resources: View Christina Morillo on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online - LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors - Shawn Edwards - Jay Leek 27:02 - Book Recommendations - R. E. Lee: A Biography - Douglas Southall Freeman 29:34 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
There Is No Information Security Any More Karel Cast 25-56 I received a letter this weekend, a letter that I've gotten before. In fact, I've gotten six of them total. And you know what it says. It says that all the verification of who you are, all the information of yours that your health care provider has, including your charts, your conditions, your medications, might as well be at the public library. Because it certainly isn't safe. Is anything being done? Or is it a lost cause? Also, we now live in a society where our children can go through not one, but TWO mass shootings, and STILL nothing at all is done. The story of the Parkland survivor that ended up in the Florida shooting. Another study about plant based diets...what will it take for you to finally change? The Karel Cast is heard on all streaming services from Apple Music to iHeart Media, Spotify to Spreaker. The show is Monday through Thursday at 10:30 am Live PST. It can also be seen on TikTok and Instagram. Karel is a history-making broadcaster and entertainer currently in Las Vegas with his little service girl Ember. The Karel Cast is supported by your donations at patreon.com/reallykarel Please watch, like and subscribe to the videos at youtube.com/reallykarel
In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.
ISO consultancy isn't a field many aspire to enter, mostly because many don't know it exists until you're tasked with either managing an existing ISO Management System or implementing a brand new one. We're continuing with our latest mini-series where we introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification. In this episode we introduce Sarah Ball, a Senior Isologist® at Blackmores, to learn about her journey towards becoming an ISO Consultant and what drives her to help clients on their ISO journey. You'll learn · What is Sarah's role at Blackmores? · What does Sarah enjoy outside of consultancy? · What path did Sarah take to become an ISO Consultant? · What is the biggest challenge she's faced when implementing ISO Standards? · What is Sarah's biggest achievement? Resources · Isologyhub · Productivity Ninja In this episode, we talk about: [00:30] Episode Summary – We introduce Sarah Ball, a Senior Isologist® here at Blackmores, to discuss her journey towards becoming an ISO consultant who specialises in ISO 9001, ISO 45001, ISO 14001 and ISO 27001. [03:45] What is Sarah's role at Blackmores? Sarah is a Senior Isologist® with Blackmores, supporting companies with maintaining systems, undertaking internal audits, and supporting with implementing new systems to gain certification utilising our Isology methodology. Sarah also coordinates the development of content of our online learning platform, the isologyhub. [04:50] What does Sarah enjoy doing outside of consultancy?: Sarah has a keen interest in history, having studied it at school, she like to travel to various locations of historical interest. She also spends a lot of time researching her own family tree, learning as much as she can about the far reaching members of the past. Sarah also likes to go jogging outside, as the gym environment didn't inspire much enjoyment, she instead prefers to be in nature while exercising. She has also participated in long distance running for charity, completing the 10k Race for Life. She's taking on the more daunting muddy 5K version this year, which includes a number of obstacles, so we're wishing her luck! One of the new hobbies she's like to take up this year include mountain climbing, with Mount Snowdon on her to-do list. [06:35] What was Sarah's path towards becoming an ISO Consultant?: Sarah initially started in Customer Services, working as a customer service advisor in a company and then got promoted to manager of a team. At that point, her role became more about understanding why they were getting certain complaints and what could be done to prevent them happening rather than just resolving them. She ended up spending more time with suppliers and other departments to help prevent some of the recurring issues, and along the line it lead onto being asked to implement an ISO 9001 Quality Management System. Which was a tall request considering the fact that at the time, Sarah knew nothing about ISO 9001 outside of it's designation and area of focus. As a result, she spent a lot of time researching it, and had the help of an external consultant to Implement the Management System. This was necessary, as knowing how to apply it to a business was something that she needed support with. 2 years later, the company asked Sarah to implement an ISO 45001 Health & Safety management system and an ISO 14001 environmental management system. These two she implemented herself after getting a feel for it during the initial quality management system implementation. For the next 10 years, Sarah worked in other companies, assisting with their integrated management systems. Along the way, she also picked up on ISO 27001 Information Security, before landing in Blackmores in 2020. [09:10] A path people fall onto – Most people don't actively plan to get into ISO consultancy, it's usually a result of being tasked with managing or implementing a management system while working in another role. [10:10] What is Sarah's favourite aspect of being a Consultant? – Sarah enjoys the variety, not just in the work and tasks but in the companies and industries that she gets to work with. Each have their own way of working, unique approaches and knowledge nuggets in the form of ways of working that can be cherry picked and applied elsewhere. She also likes to see how a management system develops and evolves overtime and how it can become part of a company's success, driving continual improvement. Sarah enjoys working with people that can see the real benefits of ISO management systems, rather than just focusing on the certificate on the wall. [13:40] Making a Management System your own – Sarah is a big proponent of making a Management system your own, giving it an identity so that it can be fully integrated into the way a business works. Businesses do it all the time, usually by naming large projects that everyone can reference by a common shorthand. A Management System can work in the same way, making it a part of the day-to-day running of the business. She's also a fan of not worrying about the terminology in Standards. Many of the terms used are meant to be general, this was due to the way international audiences referred to certain aspects of management, it wouldn't always translate correctly. So many Standards have some admittedly awkward terminology that can be applied to any business, and you by no means have to use their wording, as long as you can explain what relates to what in an audit then you're free to name things as appropriate to you. [16:55] What Standards does Sarah specilaise in and why? Starting with: · ISO 9001 Quality: This is the main standard that Sarah starting working with, and is one that touches on a lot of areas within other Standards. It's a great base to build off of, and is the starting point for many venturing into the world of ISO. · ISO 14001 Environmental: Sarah got experience with this Standard at her first company, it's also commonly implemented alongside ISO 9001. · ISO 45001 Health & Safety: Another one of the first Standards Sarah implemented, it's also a common one to see in integrated management systems. · ISO 27001 Information Security: Sarah got to grips with this Standard through years of working with other companies. Sarah's favourite Standard is ISO 9001, not only because it was her first experience with implementing ISO Standards, but because it create a blueprint for success. ISO Standards are setting the minimum requirement, not the maximum, they are designed get you started so you can make continual improvements. It also acts as a foundation to build onto, you can pick aspects of other Standards to integrate into your existing system. You don't necessarily have to certify to those additional Standards, but nothing is stopping you from strengthening your Management System with the best bits from other ISO's. [21:00] Sarah's favourite clause in ISO 9001: Sarah personally favors Clause 10 – non-conformity and corrective action. The reason behind that choice is due to that clauses' importance in driving continual improvement. It's about taking something negative being turned into a positive, which is what Quality Management is at it's core. [22:05] What is the biggest challenge Sarah had faced during a project and how did he overcome it?: Molding the Standard to the business. As a consultant, the biggest challenge is understanding how to make the requirements of a Standard fit the business, and not the other way round. It's all about trying to align the ISO Standard requirements to their values and mission, and then getting people on board with understanding the true benefits of management system implementation. At Blackmores, we ensure that each management system is unique to each business. We don't operate with a copy paste model. This is another reason why Sarah encourages naming your management system, by branding it you encourage engagement. Sarah highlights the fact that we run a lot of workshops in the initial part of a project, conducting a Gap Analysis, SWOT and PESTLE ect, this helps our consultants to really get a feel for how a business ticks. From that, we can help steer the delivery of the Management System to the wider business, by building it into their existing tools, such as an intranet. [25:45] Leading by example: We revamped our own ISO 9001 Management System a few years ago, with both Rachel Churchman and Sarah Ball leading the refresh. We gave it a name, H20 (How 2 Operate) and integrated it with our Microsoft Teams channels as we'd all swapped to mostly remote work following the COVID pandemic in 2020. As Sarah points out, there are many different ways to display and deliver your management system, including: · Microsoft Teams · Intranet · Google / Google Drive · SharePoint · CRM's such as Monday.com The key is building it into the day-to-day tools everyone uses. Make the Management System part of your processes, so adhering and maintaining it becomes part of everyone's way of working. [28:55] What is Sarah's proudest achievement? Obtaining her degree through the Open University while still working full time. It took Sarah 8 years of hard work to obtain her honours degree in History, which was one not required by her work or career development. It was simply something she wanted to do to prove to herself that she could achieve it. Many other members of Blackmores can attest to Sarah's level of determination, and organisation, as she shares many tips and techniques learned from her years of study and work. This includes: The Productivity Ninja – Learned from Graham Allcott's book, which seeks to help reduce procrastination, and tackle tasks with efficiency. The Second Brain – A tool to help keep track of ideas / tasks that aren't an immediate priority. These tools are now used by a number of the team, and we have no doubt Sarah will be schooling us on more techniques in future. If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Imagine a world where product teams collaborate with security teams. Where product designers can shadow their security peers. A place where security team members believe communication is one of the most important skillsets they have. These are key attributes of human-centered security—the type of dynamics Jordan Girman and Mike Kosak are fostering at Lastpass.In this episode, we talk about:What cross-disciplinary collaboration looks like at Lastpass (for example, a product designer is shadowing the security team).A set of principles for designing for usable security and privacy.Why intentional friction might be counterintuitive to designers but, used carefully, is critical to designing for security.When it comes to improving security outcomes, the words you use matter. Mike explains how the Lastpass Threat Intelligence team thinks about communicating what they learn to a variety of audiences.How to build a threat intelligence program within your organization--even if you have limited resources.Jordan Girman is the VP of User Experience at Lastpass. Mike Kosak is the Senior Principal Intelligence Analyst at Lastpass. Mike references a series of articles he wrote, including “Setting Up a Threat Intelligence Program From Scratch.”
Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about his recent presentation at TDX and how to build secure, reliable AI experiences with Agentforce. You should subscribe for the full episode, but here are a few takeaways from our conversation […] The post Building Secure AI Agents with Salesforce Agentforce appeared first on Salesforce Admins.
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Show Notes: https://securityweekly.com/bsw-389
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389
Rachel Maddow looks at Donald Trump's ridiculously poor track record of mishandling sensitive information, with the scandal of several of his top officials thoughtlessly discussing military plans in an insecure group text raising questions of criminality on top of the widespread outrage over the sheer sloppiness of their actions.
The freight industry is evolving fast—so how do we keep it secure, innovative, and people-focused? In this episode of Supply Chain Decoded, we sit down with two powerhouse leaders from DAT Freight & Analytics: Kary Jablonski, VP & GM of Trucker Tools and Broker Growth, and Dr. Erika Voss, VP of Information Security. We dive into everything from tackling fraud and cybersecurity threats to driving innovation in freight technology. Kary and Erika share insights on building a people-first workforce, why trust is the backbone of supply chain relationships, and how DAT is creating smarter, more secure solutions for brokers and carriers. Plus, we explore the growing impact of women in leadership and what it takes to lead with vision in a historically male-dominated industry. Whether you're a broker, carrier, or logistics professional, this episode is packed with must-know insights that could change the way you think about security in freight. -- Disclaimer: All views and opinions expressed in this podcast are those of the speakers and do not necessarily reflect the views or positions of Transfix, Inc. or any parent companies or affiliates or the companies with which the participants are affiliated, and may have been previously disseminated by them. The views and opinions expressed in this podcast are based upon information considered reliable, but neither Transfix, Inc. nor its affiliates, nor the companies with which such participants are affiliated, warrant its completeness or accuracy, and it should not be relied upon as such. All such views and opinions are subject to change.
Bridging the Cybersecurity DivideJoin host Nabil Hannan in conversation with Robert Wagner, Advisory CISO and Managing Director at NetSPI. The two discuss the cybersecurity divide and how to prioritize security efforts for small and medium-size businesses in the latest episode of Agent of Influence.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Investigate data security, risk and leak cases faster by leveraging AI-driven insights with Microsoft Purview Data Security Investigations. This goes beyond the superficial metadata and activity-only signals found in incident management and SIEM tools, by analyzing the content itself within compromised files, emails, messages, and Microsoft Copilot interactions. Data Security Investigations allows you to pinpoint sensitive data and assess risks at a deeper level—quickly understanding the value of what's been exposed. Then by mapping connections between compromised data and activities, you can easily find the source of the security risk or exposure. And using real-time risk insights, you can also apply the right protections to minimize future vulnerabilities. Data Security Investigations is also integrated with Microsoft Defender incident management as part your broader SOC toolset. Nick Robinson, Microsoft Purview Principal Product Manager, joins Jeremy Chapman to share how to enhance your ability to safeguard critical information. ► QUICK LINKS: 00:00 - Microsoft Purview Data Security Investigations 01:00 - Risks of data theft & data leaks 03:20 - Start an investigation 04:45 - Results of an investigation 06:15 - Vector-based search & semantic indexing 08:00 - Use AI for the investigation 09:21 - Map activities 10:44 - Connect SOC & Data Security teams 11:21 - Known leaked information 12:26 - Steps to get DSI up and running 13:15 - Wrap up ► Link References Get started at https://aka.ms/DataSecurityInvestigations Stay up-to-date with our blog at https://aka.ms/DSIBlog ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Welcome back to the To the Point cybersecurity podcast, presented by Forcepoint! In this episode, hosts Rachael Lyon and Jonathan Knepper continue their engaging conversation with Michele Rigby Assad, a former CIA intelligence officer and renowned author of "Breaking Cover" and "Get Off the X." Join us as Michele shares her unique insights into the global threat landscape and the security challenges we face domestically. From discussing the imperative of modernizing the intelligence workforce with STEM education to her message of embracing discomfort and taking risks for meaningful growth, Michele offers a compelling perspective that is both inspiring and thought-provoking. We'll explore the impact of cultural and linguistic isolation on the U.S.'s ability to engage globally and the pressing threats poised by countries like Iran. Plus, Michele reveals her personal philosophy on overcoming adversity and the importance of getting "off the X" to achieve extraordinary things, no matter how ordinary you start. Tune in for an enlightening discussion filled with personal anecdotes and actionable advice for navigating today's complex world. Don't miss this opportunity to hear Michele's compelling stories and invaluable expertise on the intricacies of intelligence and cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e324
On this episode of Blood, Sweat & Balance Sheets, host Mike Whitmire sits down with Vicky LeVay, Sr. Director of Compliance, Risk, and Information Security at FloQast, and Jaysen Dyal, Product Marketing Manager at FloQast and former accountant. Together, they discuss the growing role of AI in accounting and FloQast's achievements, including earning ISO 42001 certification.Vicky provides insights into what it takes to secure this critical certification and why it's essential for building trust and ensuring accountability in AI-driven processes. The conversation dives into the ethical challenges of implementing AI in the accounting field and how FloQast's vision paves the way for innovation, efficiency, and solving industry challenges. Learn how AI-powered tools are reshaping the profession, empowering accountants to move beyond manual tasks and tackle strategic work with confidence.Key TakeawaysAI's Role in Accounting: How artificial intelligence is streamlining accounting processes and enabling accountants to focus on strategic initiatives.ISO 42001 and Trust in AI: Why FloQast pursued ISO 42001 certification and its significance in ensuring trust and compliance in AI workflows.Addressing Ethical Challenges: Exploring risks like prompt injection, AI hallucinations, and the importance of integrating robust safeguards.FloQast's Vision for AI: How FloQast is driving innovation with AI-powered products, reducing workloads, boosting efficiency, and preventing burnout for accounting teams.Preparing for the Future: Insights into how ethical AI is shaping the future for accountants and helping them take on more impactful roles within their organizations.Listen in for actionable insights and perspectives on the intersection of AI, compliance, and innovation in accounting.
In this episode of the "To the Point cybersecurity podcast," hosts Rachael Lyon and Jonathan Knepper dive into a compelling conversation with Michele Rigby Assad, a former CIA intelligence officer with vast experience in The Middle East. Michele shares insights from her latest book, "Get Off the X," which explores the importance of getting out of one's comfort zone and reassessing effectiveness in both personal and professional contexts. The discussion navigates the complexities of the current threat landscape, highlighting the dangers posed by nation-states like Iran and China, and the evolving challenges in cybersecurity. Michele underscores the significance of collaboration between public and private sectors to tackle these threats. With her background in intelligence, Michele offers a unique perspective on the interplay between traditional espionage techniques and modern technology, including the role of social engineering and the challenges of artificial intelligence in amplifying cyber threats. Tune in for an enlightening conversation about the need for innovation, proactive measures, and adept leadership in the realm of global cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e323
In this conversation, Benny Carreon and Dennis discuss the critical importance of cybersecurity for small to mid-sized businesses, highlighting the increasing risks they face from cyber threats. Joined by Bob Quandt from Bullseye Compliance, they explore various aspects of cybersecurity, including the evolution of cybercrime, the necessity of multi-factor authentication, password management best practices, and the human element in security.Bob Quandt is an experienced security leader with over 20 years' experience. Prior to starting Bullseye Compliance in 2017, Bob was the Vice President of Information Security and Information Security Officer at Sharecare (formerly Healthways) where he led the information security function and helped build a solid security program. Prior to this role, Bob led an IT audit function and worked in security, application development, and internal audit at a Fortune 100 healthcare provider. Bob is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and a member of the Middle Tennessee ISACA and ISSA organizations. Bob received his bachelors' degree from Middle Tennessee State University and served in the United States Marine Corps.Hosted by Benny Carreon and Dennis JacksonBob Quandt - https://www.bullseyecompliance.comDennis Jackson-WorX Solution- dennisj@worxsolution.com ; www.worxsolution.comBenny Carreon- Velocity Technology Group- benny@velocitytechnology.group;https://velocitytechnology.group/
Greg Crowley is the CISO at eSentire. In this episode, he joins host Heather Engel and Dwayne Smith, Sr. VP Information Security and Global CISO at Vensure Employer Solutions, to discuss M&A integration, including how CISOs can ensure a secure process, tackling inherited vulnerabilities, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com
Erika Voss and Joe Lynch discuss taking the uncertainty and risk out of freight. Erika is Vice President of Information Security at DAT Freight & Analytics, the largest truckload freight marketplace in North America. About Erika Voss Dr. Erika Voss, with over two decades of experience, has held high-level positions at companies including Capital One, Microsoft, and Amazon Web Services. Currently Vice President of Information Security at DAT Freight & Analytics, she leads the vision, strategy, and execution of advanced security protections. Recognized as a leader in her field, Erika has been honored with the CISO's Top 100 Accelerated CISOs Award (A100) and the 2024 Women in Supply Chain Award in the DEI Pioneer category. Erika holds a Ph.D. in Cybersecurity from Northcentral University, while teaching Cyber courses in the evening and advising Women in Leadership at the University of San Francisco. About DAT Freight & Analytics DAT Freight & Analytics operates the largest truckload freight marketplace in North America. Shippers, transportation brokers, carriers, news organizations and industry analysts rely on DAT for trends and data insights based on more than 400 million freight matches and a database of $150 billion in annual market transactions.Founded in 1978, DAT is a business unit of Roper Technologies (Nasdaq: ROP), a constituent of the Nasdaq 100, S&P 500, and Fortune 1000. Key Takeaways: Taking the Uncertainty and Risk Out of Freight Network Integrity Unit: DAT has a dedicated team, the Network Integrity Unit, which works around the clock to monitor the network for suspicious activity, investigate potential threats, and enforce security measures to protect users from fraud and cybercrime. Proactive Security Measures: DAT employs a range of proactive measures, including multi-factor authentication, advanced monitoring tools, and regular security testing, to safeguard user accounts and data, and to prevent fraudulent activities like identity theft and double brokering. Data-Driven Insights: DAT offers advanced analytics, providing shippers with actionable insights to optimize transportation decisions and mitigate risks. Comprehensive Freight Visibility: With access to vast transaction data, shippers can track rates across various modes (TL, LTL, Intermodal, Ocean) and equipment types (Dry Van, Flatbed, Temp-Control). RateView Analytics: DAT helps manage transportation costs with accurate market data, allowing shippers to set realistic budgets and adjust rates during volatile conditions. Network Analytics: Shippers gain granular visibility into capacity, helping them optimize sourcing and manage their transportation network more efficiently. Custom Analytics Services: DAT offers tailored analytics, API integrations, and consultative services to address specific business needs and improve decision-making. Proven Trust by Leading Companies: Over 1,400 shippers, including major brands like Walmart and Freshpet, rely on DAT's data for logistics decision-making. Market Benchmarking: DAT provides benchmarking tools that allow shippers to compare their freight spend against the broader market, identifying opportunities for cost savings and risk management. Learn More About Taking the Uncertainty and Risk Out of Freight Erika Voss | Linkedin DAT Freight & Analytics | Linkedin DAT security team: How to make safe connections online Transparency you can trust: A new approach to maximize your network Fraud Protection DAT Freight | Facebook DAT Freight | X DAT Freight | Instagram DAT Freight | YouTube DAT iQ: The Metrics that Matter with Samuel Parker The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube
Kyle Rippee, currently staff product security engineer at Tines, joins Seth and Ken for another episode of Absolute AppSec. Kyle has over a decade of experience both managing and working for Application Security teams, as well as working as a pentester, security consultant, and software engineer. Before Tines, he worked for PlanetArt (where he held the role of Director of Information Security), FloQast, Shutterfly, Atos, among other Product Development and Security Consulting firms. Join us as we discuss Kyle's path into application security as well as finding out more about the interesting things going on at Tines.
Looking to network in the cybersecurity world? Fortunately, there's no shortage of industry associations to choose from. Today, we're putting the spotlight on the Italian Association for Information Security, or CLUSIT. An organization that promotes cybersecurity awareness among businesses, public administration and citizens, the Italian Association for Information Security participates in the development of laws, standards and regulations related to cybersecurity. It contributes to the creation of training and certification programs for various professional roles in the cybersecurity field, and encourages the use of best practices in cybersecurity. To learn more, visit https://clusit.it. See the full list of associations at https://cybersecurityventures.com/cybersecurity-associations.
Looking to network in the cybersecurity world? Fortunately, there's no shortage of industry associations to choose from. Today, we're putting the spotlight on the Australian Information Security Association, or AISA. As the nationally recognised peak body for cyber security professionals, AISA continually develops and supports the workforce that underpins the nation's cybersecurity. With a membership of more than 13,000 people, AISA also provides a voice in national discussions about what is needed in policy and law to most effectively defend Australians from cyberattacks, including ways to improve digital privacy. To learn more, visit https://www.aisa.org.au. See the full list of associations at https://cybersecurityventures.com/cybersecurity-associations.
In this episode of AI, Government, and the Future, host Marc Leh is joined by Candy Alexander, a prominent cybersecurity leader with over 35 years of experience and current Chief Information Security Officer at NeuEon. As a two-time President of the Information Systems Security Association (ISSA) International and founding President of the ISSA Education and Research Foundation, Candy brings her extensive expertise to discuss AI trustworthiness, data governance, and enterprise security challenges.
Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
If a business has spent $100 million developing a product, it's a fair bet that they don't want it stolen in two seconds and uploaded to the web where anyone can use it for free.This problem exists in extreme form for AI companies. These days, the electricity and equipment required to train cutting-edge machine learning models that generate uncanny human text and images can cost tens or hundreds of millions of dollars. But once trained, such models may be only a few gigabytes in size and run just fine on ordinary laptops.Today's guest, the computer scientist and polymath Nova DasSarma, works on computer and information security for the AI company Anthropic with the security team. One of her jobs is to stop hackers exfiltrating Anthropic's incredibly expensive intellectual property, as recently happened to Nvidia. Rebroadcast: this episode was originally released in June 2022.Links to learn more, highlights, and full transcript.As she explains, given models' small size, the need to store such models on internet-connected servers, and the poor state of computer security in general, this is a serious challenge.The worries aren't purely commercial though. This problem looms especially large for the growing number of people who expect that in coming decades we'll develop so-called artificial ‘general' intelligence systems that can learn and apply a wide range of skills all at once, and thereby have a transformative effect on society.If aligned with the goals of their owners, such general AI models could operate like a team of super-skilled assistants, going out and doing whatever wonderful (or malicious) things are asked of them. This might represent a huge leap forward for humanity, though the transition to a very different new economy and power structure would have to be handled delicately.If unaligned with the goals of their owners or humanity as a whole, such broadly capable models would naturally ‘go rogue,' breaking their way into additional computer systems to grab more computing power — all the better to pursue their goals and make sure they can't be shut off.As Nova explains, in either case, we don't want such models disseminated all over the world before we've confirmed they are deeply safe and law-abiding, and have figured out how to integrate them peacefully into society. In the first scenario, premature mass deployment would be risky and destabilising. In the second scenario, it could be catastrophic — perhaps even leading to human extinction if such general AI systems turn out to be able to self-improve rapidly rather than slowly, something we can only speculate on at this point.If highly capable general AI systems are coming in the next 10 or 20 years, Nova may be flying below the radar with one of the most important jobs in the world.We'll soon need the ability to ‘sandbox' (i.e. contain) models with a wide range of superhuman capabilities, including the ability to learn new skills, for a period of careful testing and limited deployment — preventing the model from breaking out, and criminals from breaking in. Nova and her colleagues are trying to figure out how to do this, but as this episode reveals, even the state of the art is nowhere near good enough.Chapters:Cold open (00:00:00)Rob's intro (00:00:52)The interview begins (00:02:44)Why computer security matters for AI safety (00:07:39)State of the art in information security (00:17:21)The hack of Nvidia (00:26:50)The most secure systems that exist (00:36:27)Formal verification (00:48:03)How organisations can protect against hacks (00:54:18)Is ML making security better or worse? (00:58:11)Motivated 14-year-old hackers (01:01:08)Disincentivising actors from attacking in the first place (01:05:48)Hofvarpnir Studios (01:12:40)Capabilities vs safety (01:19:47)Interesting design choices with big ML models (01:28:44)Nova's work and how she got into it (01:45:21)Anthropic and career advice (02:05:52)$600M Ethereum hack (02:18:37)Personal computer security advice (02:23:06)LastPass (02:31:04)Stuxnet (02:38:07)Rob's outro (02:40:18)Producer: Keiran HarrisAudio mastering: Ben Cordell and Beppe RådvikTranscriptions: Katy Moore
Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices