Podcasts about Information security

Show Summary:    Mudita Khurana — Tech Lead at Airbnb and the person who always says, “I got this” No Password Required Season 7: Episode 6 - Mudita Khurana   Mudita Khurana is a Tech Lead for Automated Tooling and Vulnerability Management at Airbnb, where she focuses on building modular, scalable security systems in an era of rapidly evolving AI threats. Before Airbnb, she spent nearly a decade in security roles across Accenture, Meta, and PwC, making bold career pivots along the way, including turning down a PwC return offer to join Facebook's product security team. In this episode, Mudita shares her journey from a family of doctors in India to Carnegie Mellon and into the heart of Big Tech security. She discusses what it means to thrive as a non-traditional engineer in a deeply technical field, why she stepped back from management to get closer to the work, and how she thinks about building security tooling that won't be obsolete in three months. Jack Clabby and co-host Kayley Melton, recording live from Tampa B-Sides at the University of South Florida, talk with Mudita about imposter syndrome, AI's curveballs for security teams, leadership without a leadership title, and the importance of community in staying on top of a field that never stops moving. She also reflects on what great mentorship looks like early in a career and why clarity, ownership, and consistency are the leadership qualities she keeps coming back to. In the Lifestyle Polygraph, Mudita firmly plants her flag in the Harry Potter universe as Hermione, explains why Deadpool doesn't qualify as a superhero, debates gym vs. nature as a reset strategy, and reveals her dream remote work base: a high-altitude Buddhist mountain town in the Himalayas.   Follow Mudita on LinkedIn: https://www.linkedin.com/in/muditakhurana/     In this episode: Mudita shares her unconventional path into cybersecurity, highlighting the importance of mentorship and curiosity (0:25 - 1:37) The significance of mentorship, especially Vandana Verma, in her career development (2:26 - 4:00) Transition from management to technical IC roles and why staying close to technical work matters (9:29 - 10:23) The influence of her education at Carnegie Mellon and how it broadened her problem-solving skills (6:23 - 7:41) Navigating imposter syndrome and embracing challenges as growth opportunities (3:26 - 5:29) How AI is changing cybersecurity strategies—building modular, layered systems for agility (15:31 - 16:26) The importance of community, trust, and consensus in cybersecurity decision-making (17:06 - 17:47) Mudita's favorite places for remote work and balancing planning with spontaneity in travel (23:01 - 24:13) Her personal approach to wellness, exercise, and resets during busy days (21:32 - 22:36) Her unique perspective on superhero characters, favorite places, and cultural roots (18:54 - 19:36, 25:19 - 26:21) Timestamp Highlights: (00:25) Mudita's 10-year journey into cybersecurity starting from India (02:26) Mentorship's critical role in her growth and her admiration for Vandana Verma (09:29) Transition from management back to technical roles and why staying close to the work matters (15:31) How AI fosters layered, modular security systems for faster adaptation (17:06) The importance of community and trusted information sources in security (21:32) Reset routines—gym versus nature hikes—and staying grounded during busy days (25:19) Leh, Ladakh: Mudita's ideal remote work location nestled in Himalayan beauty Resources & Links: Vandana Verma - Influential mentor in cybersecurity ThreatLocker - Supporter of this podcast Cyber Florida – The Mother Ship

Welcome Michał Zalewski, AKA lcamtuf! The lcamtuf Substack is where Michał is writing most these days Chris first found and geeked out about the CNC guide on the lcamtuf original site (discussed many times here) Michał is interested in the craft of teaching electronics He recently published The Secret Life of Circuits with No Starch Press Use the code AMPHOUR26 for 30% off The Secret Life of Circuits valid from June 1st through June 30th It was announced on his blog here Deriving fomulas from basic trigonometry sometimes bugs people who think electronics should only work with calculus Software geeks follow the site, often getting lots of attention on Hacker News Row hammer DRAM There were no Information Security degrees in the early days, so the field was made up of folks with backgrounds in math and EEs Fuzzing for security SMBC cartoon for blming humans Books American Fuzzy Lop The Tangled Web P0f v3 Silence on the Wire Security stuff (including books on the subject) ages over time, as opposed to electronics On the subjects of Calculators (and Michał’s collection) Calculators are a footnote in the history of computing, but still intriguing Dead ends in calculators CRT displays on calculators Nixie tubes Discrete moving into logic gates into processors Mechanical calculators are rare and get a high price online Working with transistors The Secret Life of Circuits start with FET based transistors vs BJT BJTs are often right after diode chapter because of the multiple junctions in an NPN, but that doesn’t make it easier to understand Projects A recent project involved making a clock out of current meters  Woodworking and AI example Want to see all lcamtuf articles in one place? Sokoban Sir box-a-lot

In August 2024, a ransomware attack shut down baggage systems, flight displays, and Wi-Fi at Sea-Tac Airport. What did it reveal about how executives think about cyber investment? And why is “how much more security do we need?” the wrong question to ask after a major incident? Let's find out with our guest Stephanie Warren, Assistant Director of Information Security at the Port of Seattle, who lived through that attack and came out the other side with hard-won lessons about executive decision-making under pressure. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. LinkedIn profile – https://www.linkedin.com/in/stephanie-warren-0746343/

Madeline Sedgwick — Cyber Threat Analyst at Palo Alto Networks and a DUUUUVALLL lifer No Password Required Season 7: Episode 5 – Madeline Sedgwick   Madeline Sedgwick is a  Cyber threat Researcher and Threat Analyst at Palo Alto Networks Unit 42, specializing in nation-state cyber activity, covert infrastructure, and cyber intelligence analysis. Before entering the private sector, she spent six years in the U.S. Navy as an intelligence specialist, helping support some of the earliest cyber operations under United States Cyber Command. In this episode, Madeline shares her journey from joining the Navy to becoming one of the first certified cyber targeteers supporting offensive cyber operations. She discusses the realities of tracking covert threat actor infrastructure, why defenders must understand adversary behavior beyond alerts and signatures, and how intelligence analysis helps uncover the bigger picture behind cyber campaigns. 
Jack Clabby and co-host Sarina Gandy talk with Madeline about fusion analysis, cyber warfare, leadership, and the challenges of translating highly technical investigations into actionable insights for government and industry leaders. She also reflects on the importance of humility in leadership, mentoring, and learning to navigate high-pressure situations with confidence and curiosity. 
In the Lifestyle Polygraph, Madeline debates cybersecurity in the Star Wars universe, explains her Weird Al Yankovic Dragon Con costume, reflects on her time playing bass in a metal band, and proudly shares why Jacksonville, Florida, will always be home.   Follow Madeline on Linked in: https://www.linkedin.com/in/mesedgwick/ Chapters:  02:10 Intro-Madeline Sedgwick  09:00 The Role of Cybersecurity in National Security 12:08 Understanding Covert Networks and Threat Intelligence 14:52 Fusion Analysis in Cybersecurity 18:04 The Importance of Distinguishing Threats 20:52 Challenges in Cybersecurity Response 23:58 Briefing Decision Makers on Cyber Threats 27:52 Understanding Adversary Intent and Risk Communication 30:12 Leadership Lessons from the Navy 34:33 The Importance of Mentorship in Career Development 37:30 The Lifestyle Polygraph: A Fun Twist on Cybersecurity 41:04 Embracing Creativity and Personal Expression 45:50 Pride in Roots: The Jacksonville Connection

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you!   On this episode, Accidental CISO is joined by guest host Brent Hinks. Brent has spent the last decade helping customers implement AI solutions. Join them as they discuss the challenges and pitfalls of implementing AI in organizations. They explore common reasons for project failures, the importance of stakeholder buy-in, trust, governance, and best practices for successful AI projects.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show! Visit our podcast page for more information about upcoming episodes. You can sign up to be a caller and guarantee yourself a Q&A session on the show!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

This week’s Cyber Sense feature focuses on claims made in a recent TikTok video by Boikokobetso Makhetloane, also known online as Mr Fingerz, in which he alleges that a database linked to the ANC may have been compromised and data exposed online. Lester Kiewit speaks to Mr Fingerz about how cyber breaches are identified, what it means when data surfaces on the dark web, and the broader risks posed to organisations and individuals when sensitive information is potentially leaked. The discussion explores cyber leak attribution, verification challenges, and organisational response to suspected breaches. Good Morning Cape Town with Lester Kiewit is a podcast of the CapeTalk breakfast show. This programme is your authentic Cape Town wake-up call. Good Morning Cape Town with Lester Kiewit is informative, enlightening and accessible. The team’s ability to spot & share relevant and unusual stories make the programme inclusive and thought-provoking. Don’t miss the popular World View feature at 7:45am daily. Listen out for #LesterInYourLounge which is an outside broadcast – from the home of a listener in a different part of Cape Town - on the first Wednesday of every month. This show introduces you to interesting Capetonians as well as their favourite communities, habits, local personalities and neighbourhood news. Thank you for listening to a podcast from Good Morning Cape Town with Lester Kiewit. Listen live on Primedia+ weekdays between 06:00 and 09:00 (SA Time) to Good Morning CapeTalk with Lester Kiewit broadcast on CapeTalk https://buff.ly/NnFM3Nk For more from the show go to https://buff.ly/xGkqLbT or find all the catch-up podcasts here https://buff.ly/f9Eeb7i Subscribe to the CapeTalk Daily and Weekly Newsletters https://buff.ly/sbvVZD5 Follow us on social media CapeTalk on Facebook: https://www.facebook.com/CapeTalk CapeTalk on TikTok: https://www.tiktok.com/@capetalk CapeTalk on Instagram: https://www.instagram.com/ CapeTalk on X: https://x.com/CapeTalk CapeTalk on YouTube: https://www.youtube.com/@CapeTalkSee omnystudio.com/listener for privacy information.

Aubrey Masango speaks to Chad Thomas, Crime Expert at IRS Forensic Investigations on South Africa being ranked top in the continent in the number of cyberattacks on companies and institutions. They also explore some of the reasons why there's been an increased number of cyberattacks in the country over the years. Tags: 702, The Aubrey Masango Show, Aubrey Masango, Crime Time, Cyber-Crime, Cyber Security, Hacking, Data Breaches, Technology, Artificial Intelligence, Deep Fakes, Phishing, POPIA, Information Security, Encryption The Aubrey Masango Show is presented by late night radio broadcaster Aubrey Masango. Aubrey hosts in-depth interviews on controversial political issues and chats to experts offering life advice and guidance in areas of psychology, personal finance and more. All Aubrey’s interviews are podcasted for you to catch-up and listen. Thank you for listening to this podcast from The Aubrey Masango Show. Listen live on weekdays between 20:00 and 24:00 (SA Time) to The Aubrey Masango Show broadcast on 702 https://buff.ly/gk3y0Kj and on CapeTalk between 20:00 and 21:00 (SA Time) https://buff.ly/NnFM3Nk Find out more about the show here https://buff.ly/lzyKCv0 and get all the catch-up podcasts https://buff.ly/rT6znsn Subscribe to the 702 and CapeTalk Daily and Weekly Newsletters https://buff.ly/v5mfet Follow us on social media: 702 on Facebook: https://www.facebook.com/TalkRadio702 702 on TikTok: https://www.tiktok.com/@talkradio702 702 on Instagram: https://www.instagram.com/talkradio702/ 702 on X: https://x.com/Radio702 702 on YouTube: https://www.youtube.com/@radio702 CapeTalk on Facebook: https://www.facebook.com/CapeTalk CapeTalk on TikTok: https://www.tiktok.com/@capetalk CapeTalk on Instagram: https://www.instagram.com/ CapeTalk on X: https://x.com/CapeTalk CapeTalk on YouTube: https://www.youtube.com/@CapeTalk567See omnystudio.com/listener for privacy information.

Today on Defender Fridays, Katherine McNamara, Cybersecurity Technical Solutions Architect at Cisco, joins us to discuss how AI and ML adoption in enterprise infrastructure has expanded the attack surface for AI-driven systems.She'll walk through the security challenges unique to generative AI and ML-based architectures, and cover the four critical components: Model, Data, Application, and System, that organizations need to secure to maintain integrity.Katherine works for Cisco as a Cybersecurity Systems Engineer by day and by night, she's labbing and trying new things with the resources she has available. Katherine loves technology and getting her hands into the CLI or trying something new. She holds a Bachelors of Science and Masters of Information Security and Assurance from Western Governors University as well as several industry certifications. Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

SheSecures is an ILTA Women in Security podcast series dedicated to amplifying the experiences, expertise, and leadership of women shaping the future of legal security. Each episode is designed to be approachable and useful, with real takeaways you can apply in your own role. This month's episode is with Sherri Vollick.  Sherri is a strategic and accomplished cyber and risk leader with deep expertise in security operations, governance, risk and compliance, secure application development, and cloud security. Sherri currently serves as Director of Information Security & Compliance at Saul Ewing LLP and is an active mentor and contributor within the broader information security community.

Neste episódio comentamos sobre os desafios e as soluções técnicas para a aferição de idade na internet, um tema que ganhou forte destaque com as novas regras do ECA Digital. Você irá descobrir como funcionam os protocolos de conhecimento zero, também conhecidos como Zero-Knowledge Protocol ou ZKP, e de que forma eles permitem comprovar a maioridade de um usuário sem expor dados pessoais sensíveis. Você entenderá a diferença entre ferramentas invasivas, como a biometria facial, e métodos técnicos que respeitam a privacidade e a proteção de dados, utilizando criptografia aplicada e padrões internacionais de segurança da informação. Além disso, você vai aprender sobre os impactos práticos da regulamentação da ANPD no controle de acesso a conteúdos restritos e como evitar o rastreamento excessivo por grandes empresas de tecnologia. O debate também aborda táticas de engenharia social, destacando uma série educativa sobre phishing baseada na psicologia da fraude, que é um conhecimento essencial para evitar golpes online e vazamento de dados. Ao longo da discussão, você verá que é possível equilibrar a proteção no ambiente digital com a garantia da intimidade, sem adotar modelos de vigilância em massa durante a autenticação de sistemas. Para não perder nenhuma discussão sobre tecnologia, direito e sociedade, assine o podcast na sua plataforma de áudio favorita e siga nossos perfis no YouTube, Mastodon, Blue Sky, Instagram e TikTok. Aproveite para avaliar o programa e compartilhar o conteúdo com outras pessoas interessadas no assunto. Você também pode apoiar o projeto acessando a plataforma de financiamento coletivo indicada no áudio ou enviando suas dúvidas e sugestões diretamente para o nosso e-mail oficial. Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana  Visite nossa campanha de financiamento coletivo e nos apoie!  Conheça o Blog da BrownPipe Consultoria e se inscreva no nosso mailing ShowNotes The Psychology of Fraud, Persuasion and Scam Techniques LEI Nº 15.211, DE 17 DE SETEMBRO DE 2025 – Dispõe sobre a proteção de crianças e adolescentes em ambientes digitais (Estatuto Digital da Criança e do Adolescente) DECRETO Nº 12.880, DE 18 DE MARÇO DE 2026 – Regulamenta a Lei nº 15.211, de 17 de setembro de 2025, que dispõe sobre a proteção de crianças e adolescentes em ambientes digitais, e institui a Política Nacional de Promoção e Proteção dos Direitos da Criança e do Adolescente no Ambiente Digital. Mecanismos confiáveis de aferição de idade – ORIENTAÇÕES PRELIMINARES Radar tecnológico – Mecanismos de aferição de idade

In Episode 103 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Peterson Gutierrez—Vice President of Information Security at Barracuda Networks and a 28-year cybersecurity veteran with experience spanning private industry, the Big Four, and New York City Cyber Command—to examine one of the most consequential and underestimated challenges facing security leaders today: the quantum computing threat and what it truly means to become cryptographically agile.Opening with a vivid scenario—a healthcare organization whose encrypted data is exfiltrated today and decrypted after a quantum breakthrough years from now—Dr. Chatterjee introduces the concept of Q Day risk: the danger is not a dramatic breach tomorrow, but decisions made today that leave organizations exposed later. The episode moves beyond the industry's fixation on which post-quantum algorithm to adopt, making the case that algorithm selection is the wrong problem to solve. The right goal is crypto agility: the organizational discipline to abstract encryption from code and adapt continuously as the cryptographic landscape evolves.Framed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) lens, the conversation delivers a clear and actionable message: crypto agility is not a technical upgrade—it is a leadership, architecture, and governance challenge that requires executive ownership, modular system design, proactive vendor engagement, and continuous organizational discipline before Q Day makes inaction catastrophic.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-103-the-clock-is-ticking-navigating-quantum-risk-and-the-path-to-crypto-agility/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles & Cases PublishedChatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024. Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, SwitzerlandChatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.

Jeff McJunkin, Founder of Rogue Valley Information Security, joins Defender Fridays to talk AI-powered code scanning for vulnerabilities. Jeff walks through real examples including using AI to find privilege escalation bugs in the Linux kernel.Jeff McJunkin is the founder of Rogue Valley Information Security, a consulting firm specializing in penetration testing and red team engagements. Jeff found the offensive side of cyber security very alluring during one the first penetration tests of his career. Feeling the challenge of host defenses like AV and centralized logging, and, at the time, knowing nothing about AV evasion or avoiding events that are likely to cause alerts, it was all very exciting. The challenge of successfully accomplishing the goal of that pen test, using essentially only native tools, was addictive for Jeff. He was hooked. Since those first penetration tests, Jeff has gone on to become an expert in the field, doing assessments for Fortune 100 companies, architecting two major versions of Core NetWars Experience, and contributing a vast amount of material to SANS Penetration Testing.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Fagan Afandiyev — Elite Cybersecurity Competitor and Legendary Whitehatter No Password Required: Breakout Room: Episode 1 — Fagan Afandiyev Fagan Afandiyev is a cybersecurity student at the University of South Florida and a member of the CyberHerd competition team, known for his strategic mindset and passion for solving complex challenges. From competing in international robotics competitions to discovering cybersecurity through hands-on platforms, Fagan has built his skills through curiosity, persistence, and a love for problem solving. Fagan shares how competitions, community, and continuous learning shaped his journey into cybersecurity. He walks through his growth within USF's cyber community, and how that led to a penetration testing internship at Microsoft. He also offers insight into the mindset needed to succeed in cybersecurity, encouraging others to embrace challenges, learn through failure, and find enjoyment in the process. Follow Fagan on Linked in here: https://www.linkedin.com/in/fagan-afandi/ Presented by ThreatLocker Chapters:  00:00 Introduction to Cybersecurity Passion 3:02   Journey to Cyber Herd and University Life 06:12 Internship at Microsoft and Career Aspirations 08:59 Hackathon Experience and Community Engagement 12:39 Behind the Scenes of Cyber Competitions 14:30  Overcoming Challenges in Cyber Competitions 18:00 Gratitude and Mentorship in Cybersecurity  

In this conversation, I sit down with Adewale Adeife an Information Security manager to unpack a powerful shift in thinking about work, growth, and long-term success. We talk about the difference between a job and a career, and why many people stay stuck because they keep moving too quickly instead of building something that compounds over time. He introduces the idea of treating your career like a stock rather than something you keep trading for short-term gain. If you've ever felt like you're working hard but not really growing, or you're constantly starting over, this conversation is for you.Connect with Adewale:Instagram- https://www.instagram.com/adewale.adeife?LinkedIn- https://www.linkedin.com/in/adewaleadeife?Subscribe for more honest, faith-rooted conversations.

Michael Hamilton, Chief Technology Officer at PISCES International, joins us to discuss the benefits of providing real world experience to students while they protect existing public infrastructure. The resilient future of local government security rests in our ability to adapt to changing threats and adopt new technologies, including AI.Learn more at https://pisces-intl.org/30 years in Information Security as a practitioner, entrepreneur, consultant, and in executive management. Direct experience in retail, manufacturing, government, defense, academic, semiconductor, energy, law enforcement, transportation, publishing and financial sectors - from Fortune 1 to small nonprofits. Formerly: Policy Advisor to Washington State, Chief Information Security Officer for the City of Seattle, and Managing Consultant for VeriSign Global Security Consulting. Former Vice-Chair of the DHS State, Local, Tribal and Territorial Government Coordinating Council.Currently: Field CISO, Lumifi CyberSupport our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

Information is increasingly becoming the number one priority for businesses. With so many of us reliant on tech to stay in operation, there is an inevitable increase in data breaches and incidents year-on-year. The addition of new AI driven technology has added a new layer of complexity to the information security landscape, regarding both the new risks using the technology brings as well as falling prey to more complex AI led scams.   Thankfully ISO Standards are here to help, with ISO 27001 tackling general information security and ISO 42001 for effective AI Management. But how do these two compare, and is there merit in implementing both? In this episode, Ian Battersby is joined by Bas Von Hertom, Cyber Security Specialist at TUV Nord, to discuss what ISO 27001 and ISO 42001 are, the main differences between the Standards and how they can complement each other when integrated.   You'll learn ·      Who is Bas Von Hertom? ·      Who are TUV Nord? ·      What are ISO 27001 and ISO 42001? ·      How does ISO 42001 support regulatory frameworks such as the EU AI Act? ·      How do ISO 27001 and ISO 42001 differ in managing information security risks? ·      Other key differences between ISO 27001 and ISO 42001 ·      How much more work is involved for Implementing ISO 42001 if you already have ISO 27001 in place? ·      Can ISO 27001 and ISO 42001 be integrated? ·      What organisations should be implementing both Standards? ·      How are Certification Bodies quoting for ISO 27001 and ISO 42001? ·      Bas's advice to leadership teams looking to build a case for full certification   Resources ·      TUV Nord ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Ian is joined by Bas Von Hertom, Cyber Security Specialist at TUV Nord, to explore the differences between ISO 27001 and ISO 42001 and the benefits of integrating both Standards. [02:30] Who is Bas Von Hertom? Bas is the Cyber Security Specialist at TUV Nord. He is a lead auditor for Standards including ISO 27001, ISO 42001, TISAX and standards specifically for industrial automation. Bas had once stated around 5 years ago that he would never pursue a career in auditing, but once he came into contact with TUV Nord he decided to give it a go. Before joining TUV, he was a very hands-on systems administrator and many of those skills transferred well into auditing. [04:45] Who are TUV Nord? TUV Nord are a UKAS accredited Certification Body. They also offer services for testing and inspection. TUV have worked with a large range of sectors, from manufacturing and energy to IT, healthcare and even space. [06:25] What are ISO 27001 and ISO 42001? ISO 27001 is the Standard for Information Security Management, with compliant management systems being called an ISMS. It provides structure for identifying, assessing, and managing risks related to the information security while also ensuring availability and resilience on the information security. ISO 42001 AI Management is a much more recent Standard, being published in December of 2024. It focuses on ethical and effective AI management, with a system that applies to relevant products in addition to the wider business. [07:30] How does ISO 42001 support regulatory frameworks such as the EU AI Act? The EU AI Act sets out legal obligations that organisations offering AI products must comply with, however it only defines the rules rather than providing any implementation guidance. This is where ISO 42001 can fill the gaps, by providing a framework that will meet these regulatory requirements. [08:45] How do ISO 27001 and ISO 42001 differ in managing information security risks? Both Standards take a risk-based approach to their subject matter, but the nature of the risks that each address are what differ. ISO 27001 focuses on risks that relate to the protection of information assets based on confidentiality, integrity and availability of information. It's also ensures that business objectives are clearly defined and aligned with business strategy. ISO 42001 on the other hand deals with a broader and more complex set of risks, because it also looks at ethical considerations. This can includes the monitoring and measurement of ethical risks such as AI bias and discrimination. It also looks at societal, legal and reputational risks as one of ISO 42001's key values is creating trust within the AI space. [10:10] Other key differences between ISO 27001 and ISO 42001: Besides their subject matter, another key difference is the way objectives are framed and evaluated. In ISO 42001 these objectives have to be aligned with the Annexes within the Standard, which is something not commonly done when implementing ISO 27001. ISO 42001 also requires an 'AI Impact Assessment', which again, aligns with the systems objectives as the results of the AI Impact Assessment will describe the way bias, ethical and societal considerations impact other requirements within ISO 42001. [11:00] How much more work is involved for Implementing ISO 42001 if you already have ISO 27001 in place? If you already have ISO 27001 in place, you have a strong foundation for ISO 42001. ISO 27001 puts the fundamental base in place, with a governance structure, risk assessment processes, internal audits, corrective actions and methods for continual improvement. There's a lot of overlap where the high-level requirements are concerned. However, ISO 42001 also looks at AI products and services, which differs from ISO 27001.   ISO 42001 may also require additional training for those involved with the management systems and the AI products and services. [12:15] Can ISO 27001 and ISO 42001 be integrated? Yes, and in fact, Bas highly encourages it! If you intend to implement both Standards, it's much more efficient to do so as an integrated management system. They both utilise the Annex SL format, a high-level structure that's shared with most ISO Standards, so they're designed to be integrated. This also saves on duplication of effort where documentation is concerned and also potentially on cost if you require additional support with implementation. [13:30] What organisations should be implementing both Standards? Both ISO 27001 and ISO 42001 can apply to any business. Most businesses are now utilising AI in some form, and ISO 42001 can apply to those using it just as much as it does to those developing their own AI tools or selling related services. However, sectors where ISO 42001 will likely become fundamental include the financial sector, where AI tools for fraud detection are becoming popular. There's also a growing need for it within the medical field as AI is increasingly used for research and development. [14:30] How are Certification Bodies quoting for ISO 27001 and ISO 42001? There are a number of variables that Certification Bodies use to work out certification costs, these include size of the organisation and business complexity. This can be tricky to calculate for ISO 42001 as you need to consider the amount of AI systems used before you can provide a quote. The full requirements for this are described in ISO 42006, which is a guidance Standard. Most certification bodies will offer a discount for the combined certification to both Standards. An integrated approach is certainly something that Bas recommends, in addition to ensuring that you keep the same auditor or audit team throughout the implementation. By having one team for both systems, you can complete combined internal audits to save on time and resources.   [16:20] Bas's advice to leadership teams looking to build a case for full certification: First of all, don't wait, just make a start. A lot of businesses make the mistake of waiting until it's a common requirement within their market, which can leave you lagging behind the curve. Instead, strive to be one of the early adopters as that will give you a strategic advantage in the market. This is especially the case if you already have ISO 27001 in place. You already have the foundational knowledge to implement ISO 42001, so just make a start on looking at risks relevant to ISO 42001. Many businesses opt to implement certain Standard due to the demands of their clients, and ISO 42001 is likely to be added to that list. So it's better to get a head start! Bas also recommends finding sources of guidance on ISO 42001 implementation. Whether that's sourcing training or an external party to advise, it's good to have other sources of knowledge of you're not familiar with the Standard or ISO implementation as a whole. [21:30] Bas's favourite quote: We don't rise to the level of our expectation, but we fall to the level of the systems that we use. If you'd like to find out more TUV Nord or are looking for ISO 27001 and ISO 42001 certification, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Big changes are coming to the show that will make it easier than ever to participate! In this short update, Accidental CISO discusses those changes as well as the plan for episode topics for the remainder of 2026. Tune in and get the scoop!   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

https://www.youtube.com/watch?v=wvSRX-na_Ho .entry-img img{ display:none !important; } .single .hentry .entry-img{ display:none !important; } https://open.spotify.com/episode/5viwKl2fFV1BFDZGyag2rN In episode 276 of the GrowCFO Show, host Kevin Appleby is joined by Howard Francioni, Lead Auditor at Akton Boundrie Group, to explore why information security has become a core responsibility for today's CFO. The conversation frames cyber risk not just as an IT problem but as a strategic, financial, and reputational threat that CFOs must own. Using high‑profile breaches such as Jaguar Land Rover and others, Kevin and Howard illustrate how attacks can halt production, disrupt supply chains, destroy value, and inflict long‑term brand damage, issues that sit squarely in the CFO's remit of safeguarding enterprise value. From there, the discussion moves into practical guidance for finance leaders who may not have a CISO or large security team. Howard explains how CFOs can embed information security into risk registers, adopt a “defense in depth” mindset across customers and suppliers, and drive culture change around password hygiene, endpoint security, backups, and data leakage prevention. The episode concludes with forward‑looking insights on AI, data governance, and why standards such as ISO 27001 and ISO 42001 offer powerful frameworks—even for smaller, growing finance organizations—to systematically reduce cyber and data risks. Key topics covered: Why information security has shifted from a pure IT concern to a strategic CFO responsibility, given its impact on operations, finances, and reputation. Real‑world breach examples (e.g., Jaguar Land Rover, Marks & Spencer, Co‑op) showing how attacks on suppliers can cascade through the entire value chain. Practical foundations of defense in depth: robust password hygiene, secure endpoint configuration, dual user/admin accounts, disk encryption, patching, VPN use, and regular device hygiene. The critical difference between data leakage and data loss, and how everyday behaviors, such as conversations on trains or visible screens, can quietly leak sensitive information. How immutable offline backups and structured risk registers enable organizations to survive ransomware incidents without paying attackers. Emerging risks from AI and agents: systems built without security by design, hallucinations, IP ownership issues, and the need for AI‑specific governance frameworks like ISO 42001. About Howard Francioni Howard Francioni is an Information Security specialist with nearly two decades of experience in the card-payments industry—one of the most heavily targeted sectors for cyber-attacks—working across ATMs, POS, online payments, and MOTO environments. He led projects including pioneering contactless EMV acceptance in mass transit for Transport for London and building secure X.509 infrastructures for payment terminals, while also heading a PCI DSS function supporting around 140,000 merchants with data-driven compliance and breach investigations. Today, he helps organizations develop ISO/IEC 27001-aligned information security frameworks and serves as an independent auditor for UKAS-accredited certification bodies, combining consultancy and auditing to strengthen organizational security practices. Links Howard Francioni on LinkedIn Kevin Appleby on LinkedIn GrowCFO Mentoring Timestamps:  00:00:38 – Howard explains how breaches cause production outages, operational disruption, and severe reputational harm—core concerns for any CFO. 00:02:21 – Discussion of how threat actors target less secure suppliers to reach larger organizations, and why CFOs must think in terms of ecosystem‑wide defense in depth. 00:05:00 – Howard outlines the three recurring problem areas he sees: poor password hygiene, insecure endpoints, and lack of a healthy “suspicious mindset” among staff. 00:10:19 – Concrete measures for devices, including PIN/biometric login, dual standard/admin accounts, disk encryption, patching, reboots, local backups, and use of VPNs on public networks. 00:18:23 – Stories about overheard conversations, visible screens, and password Post‑its illustrate how data can be leaked without being “lost,” and why leakage is often more insidious. 00:21:26 – Howard stresses that once files are encrypted, recovery is only possible if immutable, offline backups and clear mitigation actions were in place beforehand. 00:28:27 – Comparison between how the internet was built without security in mind and how AI is repeating the pattern, plus why AI‑specific standards are now essential. 00:35:52 – Kevin summarizes what CFOs should do next: understand potential large‑scale and insider risks, quantify reputational impact, and implement practical controls ahead of any incident. Find out more about GrowCFO If you enjoyed this podcast, you can subscribe to the GrowCFO Show with your favorite podcast app. The GrowCFO show is listed in the Apple podcast directory, Spotify and many others. Why not subscribe there today? That way, you never miss an episode. GrowCFO is a great place to extend your professional network. Join GrowCFO as a free member today and participate in our regular networking events and webinars. Premium members can also access our extensive training center and CFO Digital Toolkit. You can enroll in our flagship Future CFO or Finance Leader programs here. You can find out more and join today at growcfo.net

Today's guest is Jane Corr, Head of Cyber Security at CIE (Córas Iompair Éireann). Founded in 1945, CIE is Ireland's state-owned public transport group, providing rail and bus services nationwide through its operating companies Iarnród Éireann, Dublin Bus and Bus Éireann. Headquartered in Dublin, the group plays a central role in connecting communities, supporting economic activity and delivering sustainable mobility, carrying hundreds of millions of passenger journeys across Ireland each year.Jane is an accomplished Information Security and IT leader with a proven track record of building high-performing teams and delivering results. Known for her “can-do” attitude and strong customer focus, Jane brings a structured approach to solving complex challenges. Her expertise spans information security, technology risk, programme delivery, IT operations and data centre management within large organisations. She is also highly experienced in presenting to Boards and executive leadership.In the episode, Jane discusses:0:00 Her journey from Infrastructure leader to cybersecurity2:55 Why cyber leaders must communicate concisely and confidently5:36 Her broad CSO role including AI, regulation, talent and influence7:14 Advice to start with strategy, align people, roadmap and governance8:55 The need to embed cyber as accessible service, balance risk and compliance11:52 How cyber is maturing toward measurable, compliance-driven continuous improvementTo find out more about all the great work happening at CIE (Córas Iompair Éireann), check out the website www.cie.ie.

In this episode of the Cybersecurity at ViVE series on The Beat Podcast, host Sandy Vance sits down with Chad Alessi, Managing Director of Cybersecurity at CTG, for a wide-ranging conversation about what it really takes to protect healthcare organizations in today's threat landscape. With a background spanning chemical engineering, the U.S. Marines, energy sector Operational Technology security, and IT consulting, Chad brings a unique cross-industry perspective to healthcare cybersecurity. From the difference between cybersecurity and cyber resilience to the rise of AI-powered attacks, this episode is packed with practical insights for healthcare leaders who want to stay ahead of what is coming. In this episode, they talk about how: Cyber resilience focuses on operational continuity when an attack happens, not just prevention Breaches resolved within 200 days can save organizations over $1 million Bad actors often sit idle inside networks for months, collecting data before launching an attack Baseline requirements are identity-first security, including multi-factor authentication (MFA) and privileged access management Human-only Security Operations Center (SOC) models are too slow to keep up with today's automated, AI-powered attacks CTG uses Microsoft's Unified Security Operations (SecOps) platform to eliminate tool sprawl and improve response time Zero-trust architecture is expanding from department-level to enterprise-wide in healthcare New HIPAA regulations now require provable network segmentation for legacy medical devices AI-assisted security operations will continue to grow in the next few years A Little About Chad: As CTG's Managing Director of Cybersecurity, Chad Alessi leverages decades of experience in technology, cybersecurity, and operational strategy across enterprise and mid-market sectors to meet the evolving cybersecurity needs of clients in the U.S. During his time in IT consulting, Chad was instrumental in driving IT transformation in the company's regulated pipeline and gas processing business units. He holds a BS in Chemical Engineering, an MBA from the University of Alabama, an MS in Information Systems with a concentration in Information Security from Syracuse University, and post-graduate certifications in leadership, full stack development, cybersecurity, and cloud computing. Chad is known for his strong work ethic, integrity, resourcefulness, and service-based leadership, which he attributes to his time in the U.S. Marine Corps.

What does it actually take to secure a payments company in an era of sophisticated, well-funded cybercriminals? In this first episode of The Trust Advantage Series, brought to you by Payroc, host Greg Myers sits down with David Edwards, Payroc's Senior Vice President of Information Security, for a candid and eye-opening conversation about modern cybersecurity in the payments industry.With 30 years in technology — spanning private banking, retail, and payments — David brings hard-won perspective to the questions keeping payments executives up at night. Sparked by a real-world ransomware attack on a payments company, this episode cuts through the compliance checkbox mentality to explore what genuine, operational security actually looks like.David and Greg cover a wide range of critical topics: why passing audits doesn't equal being secure, how AI has radically changed the phishing threat landscape, the three pillars of identity and vulnerability management, and why resilience — not prevention — is the new gold standard. David also breaks down Payroc's layered approach to ransomware defense, how the company integrates acquired platforms without creating security gaps, and the right questions ISVs, ISOs, banks, and merchants should be asking their payment partners.Whether you're a developer, a risk officer, or a business owner processing transactions, this episode delivers a masterclass in why security isn't just an IT issue — it's everyone's job.

For years, information security was largely centered on protecting confidentiality. But as our world becomes more digital and increasingly dependent on always-available, trustworthy systems, integrity and availability are taking on equal importance. In this episode of Cyber at the Top, Dr. Hugh Thompson is joined by Bjørn Watne, Global CISO of INTERPOL, to explore how this shift is changing the way security leaders think about risk. Together, they discuss why disruption is becoming a defining threat, how emerging technologies are reshaping security priorities, and what it means to balance all three pillars of information security. The conversation offers a thoughtful look at how CISOs can reframe security as a driver of resilience, reliability, and organizational trust.

For those in the automotive industry, namely suppliers working with European OEM's, you're likely familiar with TISAX but not necessarily with the Standard that many of its requirements originate from. ISO 27001 is the leading Information Management Standard, and its Annex A forms the basis of TISAX, however there are many differences between the two. For Automotive suppliers looking to create a more holistic Information Security Management System, it can be beneficial to implement elements of both even if you don't intend to certify to both. In this episode, Ian Battersby is joined by Emma Coxhill, isologist at Blackmores, to explore the differences between TISAX and ISO 27001, how existing ISO 27001 compliant management systems can be leveraged for TISAX compliance and the benefits of implementing both Standards for automotive suppliers. You'll learn ·      How does TISAX differ from ISO 27001? ·      How does the recertification / annual surveillance for TISAX and ISO 27001 differ? ·      Can a company have TISAX without ISO 27001 and vice versa? ·      How can an existing ISO 27001 certification be leveraged for TISAX? ·      What are the additional benefits of implementing both TISAX & ISO 27001? ·      What is a reasonable timeframe for implementing TISAX? ·      The key role of Internal Audits ·      How can Blackmores support companies in implementing TISAX? Resources ·      Register for our TISAX webinar here ·      ENX ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Emma Coxhill joins Ian to dive into the key differences between ISO 27001v Information Security and TISAX, including the benefits of implementing both and how each can be leveraged to assist in the implementation of the other.   [03:10] What is TISAX? TISAX was developed for the automotive industry by the German Association of the Automotive Industry, VDA, and it's managed by the ENX Association. It's based on the ISO 27001 Annex A controls, and was created for the automotive industry because they were looking to standardise the framework for assessing and sharing information security results between manufacturers and their suppliers. [04:20] How does TISAX differ from ISO 27001? ISO 27001 is a general Information Security management Standard, it can be applied to any business, whereas TISAX is only applicable to the automotive industry. ISO 27001 includes a framework of requirements that everyone must implement, whereas TISAX has a more customisable element. With TISAX you can select an applicable level and relevant subject areas for your operations. The last main difference is the fact that ISO 27001 certification ends in a certificate which can be shared and displayed wherever you want. TISAX in comparison has Labels, which are only available through the ENX portal where you have control over who can access them. [05:15] How does the recertification / annual surveillance for TISAX and ISO 27001 differ? The good news is that TISAX is a bit more forgiving than ISO when it comes to a recertification cycle. TISAX does not require an annual Surveillance like ISO 27001, instead once you've earned a Label it remains valid for 3 years. ISO 27001 in comparison requires an annual Surveillance for each year until the 3rd when you have your Recertification Audit. If you have a significant change to scope part way through your 3 years of TISAX, you will need to have a chat with your auditor to see if extra work is required. This will depend on your level, with higher levels likely to require some additional work and for you to adjust your scope within the ENX portal. Overall, a TISAX label is less of a burden than traditional Management System Standards like ISO 27001. However, TISAX is a lot more strict and will require more upfront preparation ahead of earning your Label. [07:30] Are Internal Audits required for TISAX? They are, but the amount and frequency are a lot more flexible than ISO 27001. You can do as many as you like, but at a bare minimum we recommend you conduct internal audits 6 months ahead of your TISAX label expiring to ensure you're ready for re-certification. You can of course carry on with annual internal audits to make sure you're on track. This can be handy if specific clients ask for further evidence of you following processes in accordance with TISAX requirements.   [08:35] Can a company have TISAX without ISO 27001 and vice versa? You can! Both are independent Standards, however they do compliment each other. Organisations that hold both have a competitive advantage, as ISO 27001 applies to all industries and is more widely recognised. However, if you only operate in the automotive space, TISAX may be sufficient. If you supply to multiple sectors, it's worth considering implementing both TISAX and ISO 27001. [09:25] How can an existing ISO 27001 certification be leveraged for TISAX? If you already hold an existing ISO 27001 certification, than you're already 80% of the way there to TISAX compliance. As TISAX is based off of ISO 27001's Annex A controls, a lot of the requirements cross over, so you will already have most of the foundations in place to cover TISAX. It will just be the more automotive specific requirements that will require some additional work. These requirements include considerations for: ·      Data Protection ·      Prototype protection ·      Assets ·      3rd Party Suppliers The amount of additional work will also depend on the TISAX Level you're aiming for, with Level 3 being the most demanding for these specific requirements. [10:55] What are the additional benefits of implementing both TISAX & ISO 27001? Benefits include: Robust Information Security – Having both TISAX and ISO 27001 forms a strong and versatile information security infrastructure that will cover all of your operations. Easy Integration – These two Standards complement each other, and can easily be integrated. If you already have ISO 27001 in place, you have already completed a majority of the framework and will be familiar with what's required to earn and keep both your ISO certificate and TISAX Label. Customer Trust and Long-Term Resilience – TISAX is desired, if not an outright requirement for European based OEM's to work with suppliers. They require this because TISAX is a trusted Standard, a Label displays your commitment to information security within the automotive industry. It also helps to put you in a better position to both safeguard data as well as respond in the event of a data / security incident. Wider market access – If you supply to more than just the automotive industry, than having ISO 27001 in place will grant you access to the wider market that will recognise that Standard over TISAX. [12:05] What is a reasonable timeframe for implementing TISAX? This will depend on a number of factors including the type of organisation, the number of sites, resources available etc. The key thing to note is that this is note a 2 week project, it will take a number of months to get everything in place for your external assessment. A good measure of if you're ready is if you can score at least more than 2.71 on your self-assessment, and have completed a few internal audits to double check. If you already have ISO 27001 in place, than you're looking at between 3 – 6 months. If you do not have ISO 27001 in place than you're looking at 6 months minimum. For Level 2, you will need proof that ,you have everything in place, it's all been communicated and the relevant individuals have been trained. Level 3 requires everything to be in place and operating for a certain amount of time, typically around 3 months is ideal to start building a library of evidence ahead of your external assessment. Emma's top tip: Be honest in your self-assessment. It's there to be a benchmark, and you need to reflect on the reality of your position if you're to accurately assess what Level you are ready to be assessed against. [14:20] Core elements for success: As with any Standard, ISO or otherwise, TISAX will require leadership commitment in order to be successful. The requirements of TISAX need to come from the top down, just like with ISO 27001. The Leadership ultimately drive TISAX's success, by ensuring the relevant resources are in place, and involved individuals have the necessary time to implement and maintain the Label. For those within the Automotive Sector, TISAX is becoming an absolute requirement. It's being pushed as a tender requirement, so you may lose out on business if you opt to not earn a Label. [16:35] The key role of Internal Audits: As mentioned earlier, Internal Audits are a key part of the process for both TISAX and ISO 27001. It acts as a business health check to ensure you're on the right path. They can help identify areas which may be non-conforming or simply highlight opportunities for improvement. For TISAX, there is not outright requirement for 3rd party audits ahead of your assessment, however we would recommend them as a fresh pair of eyes can reveal things you may have overlooked. An external auditor will also be more unbias and can provide an honest review and feedback as to what TISAX Level you are ready for.   [18:25] How can Blackmores support you with TISAX Implementation?: We can provide as little or as much support as needed. This can include a fully guided implementation where we assist you through each step. This can apply to both TISAX and ISO 27001 if you wish to certify to both Standards. Other options include: ·      Assisting with your TISAX self-assessment (aka a Gap Analysis) ·      Conducting a Maturity Assessment ·      Conducting internal audits ·      On-site support during your TISAX assessment audit We are happy to provide whatever level of support you need. Blackmores do not provide a tick-box exercise, we pride ourselves on ensuring an implemented system works for you. [21:10] Upcoming TISAX Webinar – Join us on the 18th March 2026 at 2pm for a webinar where we'll dive into TISAX further and provide practical guidance on how to complete the VDA Self-Assessment. Attendees will also get access to some freebies. So don't delay, register your place here today. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Transferable lessons - how overlooking fundamental security and data trust leads to Generative and Agentic AI failuresSteps for embedding security checkpoints and governance directly into your AI pipelineStrategies to scale AI safely - avoiding costly retrofits - and positioning security as a key competitive advantageThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Tim Roberts, Managing Director, AlixPartnershttps://www.linkedin.com/in/thrrobertsSatyam Rastogi, Director of Information Security & DevOps, BAMKOhttps://www.linkedin.com/in/hackersatyamrastogi/Deryck Mitchelson, Head of Global CISO Team & C-Suite Advisor, Check Pointhttps://www.linkedin.com/in/deryckmitchelson

This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Dan Cosceari, the delivery lead for the Accenture Client Data Protection program, which helps internal teams treat client data properly and manage information security risk. Dan sees client data protection through customers' eyes. This customer-first mindset started in his restaurant days in New York City, and it drives how Dan protects client data today. Hear how he puts this into practice, advocates across the organization, and stays ahead of technology and regulatory changes.

Sue Serna - Social Media Security and Governance Leader and Lover of All BeaglesNo Password Required Season 7: Episode 2 - Sue SernaSue Serna is the CEO and Founder of Serna Social and the former head of global social media at Cargill. She brings more than two decades of experience at the intersection of storytelling, strategy, and security.In this episode, she shares her journey from business reporter to leading her own consultancy serving companies around the world on social media strategy.Jack Clabby of Carlton Fields, P.A, joined by guest co-host Rex Wilson of Cyber Florida, welcomes Sue for a candid discussion about the realities of enterprise social media. From managing more than 150 Facebook pages for a single company, to navigating internal politics, agency relationships, and regulatory pressure, Sue explains why social media is far from “free” and why most organizations still under-resource it.Sue dives deep into the gap between social media teams and cybersecurity departments. She outlines how personal account compromises can escalate into enterprise-level incidents, why governance frameworks matter, and how large organizations can regain control of sprawling digital footprints. Drawing from real-world examples, she argues that social media must be treated like finance or HR, a core business function requiring structure, ownership, and accountability.The episode wraps with the Lifestyle Polygraph, where Sue reveals her love of Apollo-era space history, debates iconic Philadelphia traditions, and imagines what magical talent her beagle would bring to Hogwarts.Follow Sue at SernaSocial.com or connect with her on LinkedIn: https://www.linkedin.com/in/sueserna/ Chapters: 00:00 Introduction and First Impressions   02:45 The Evolving Role of Social Media in Corporations   04:58 Transitioning from Journalism to Social Media  11:11 Building Social Media from Scratch   13:00 Becoming a CEO and Founder   16:28 The Importance of Networking   16:54 Bridging the Gap Between Social Media and Cybersecurity  20:51 Real-World Social Media Security Incidents  28:35 Navigating Internal Conflicts in Social Media  30:32 The Lifestyle Polygraph Begins   31:17 Nerd Things That Expose Sue: Space and Harry Potter!  35:16 Sue's Love For Beagles  37:50 Wreckless Intern or Overconfident Executive?  40:42 Hogwarts and Magical Beagles 

In this episode of The Builders Club Podcast, Sohail Khan sits down with Arshad Ahmad, Director of Information Security at ZS, to decode one of the most critical challenges of our time: protecting data in the age of Artificial Intelligence.The rapid rise of GenAI has created a paradox for modern enterprises. While AI offers unprecedented productivity, it also opens new doors for sophisticated cyber threats. Arshad breaks down how security leaders are shifting from a "defensive" posture to an "adaptive" one, ensuring that innovation doesn't come at the cost of integrity.Key Insights from Arshad Ahmad:1. AI as a Double-Edged Sword: How AI-driven automation is revolutionizing threat detection while simultaneously enabling hackers to launch more complex, personalized attacks.2. The Privacy Paradox: Strategies for organizations to leverage Large Language Models (LLMs) and internal data without leaking proprietary secrets into the public domain.3. The "Human Firewall" in a Tech-First World: Why technical controls are only half the battle and why building a security-first culture is more important than ever.4. The Evolving CISO Role: How security leadership has shifted from being "the department of No" to a strategic business partner that enables safe growth.Whether you are a cybersecurity professional, a tech leader, or an entrepreneur navigating the digital landscape, this conversation offers a masterclass in staying resilient in an AI-powered world.#CyberSecurity #AI #DataSecurity #InformationSecurity #TheBuildersClub #CISO #TechLeadership #GenAI

Understanding the anatomy, infrastructure and automation of modern information-stealing malwareTracking delivery methods, evasion technique and high-value data targetsBuilding effective, multi-layered defences against the prevalent info-stealer familiesThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Jim Walter, Senior Threat Researcher, SentinelOneBrett Taylor, SE Director UK&I, SentinelOnehttps://www.linkedin.com/in/effectiveleaderandmentor/Satyam Rastogi, Director of Information Security & DevOps, BAMKOhttps://www.linkedin.com/in/hackersatyamrastogi/

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Chris Camacho. Chris is Abstract Security's Co-Founder and Chief Operating Officer (COO). In this role, Chris is responsible for the go-to-market strategy, company vision, growth, collaboration, and client engagement. He is a leader, innovator and community builder. Before co-founding Abstract Security, Chris served as both Chief Strategy Officer and Chief Revenue Officer at Flashpoint and was responsible for helping grow the company to an acquisition by Audax PE and supporting three acquisitions to Flashpoint's portfolio, which helped the company be an industry market leader in the information security market. Before his time at vendors like Abstract Security and Flashpoint, Chris was the Senior Vice President of Information Security at Bank of America, where he oversaw the Threat Management Program. An entrepreneur, Chris also served as CEO for NinjaJobs, a career-matching community for elite cybersecurity talent. As he continues to build trust and relationships throughout the cybersecurity community, he's now building C2 Corner, a space for security leaders to share stories, connect through experience, and build what's next together. Chris on LinkedIn.In the podcast Chris and Andy discuss:Chris's background and the road from financial services to becoming a vendor.Chris shares some threat perspective from deepfakes to the complexities of geopolitics and polarization.Chris talks about managing ever-increasing amounts of data and how Abstract Security is helping organizations to reduce risk.We discuss the idea of AI SOCs helping to enhance security operations.The importance of community building: from trust groups and ISACs to C2 Corner to in-person meet-ups!Chris shares some career advice, andWe play 3 Questions! and talk Chris's favorite meats, reading books (and writing books?), and the glory of the 90s.Selected links:Abstract Security. “Security teams should stop adversaries—not manage security data. Abstract's streaming-first platform simplifies the entire security data pipeline, from ingestion to detection to storage. By eliminating noise and delays, we help your team move faster, stay focused, and outpace attackers in real time.”Introducing C2 Corner: By Practitioners, For the IndustryApplied Security Data Strategy: A Leader's Guide: a practical toolkit designed to help organizations of all sizes

Adam Keown is the CISO at Eastman. In this episode, he joins host Scott Schober and Kendra Cooley, Senior Director of Information Security and IT at Doppel, to discuss humans and the evolving cyber threat landscape, including what tailored, environment-specific training looks like, ideal resilience programs, and more. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

Read the shownotes and full transcript on our site: growyourcreditunion.com Deepfake technology has become so accessible that threat actors need only 10 to 30 seconds of audio and a $5 monthly subscription to convincingly impersonate executives, bypass authentication, and trick employees into catastrophic decisions. Credit unions face record ransomware attacks while most lack AI governance policies to address emerging threats. In this episode of Grow Your Credit Union, host Joshua Barclay welcomes sponsored guest Brian Hinze, President & CEO at NCU-ISAO, along with co-host Oto Ricardo, Director of Information Security and Cyber Risk at Advia Credit Union, to explore: Why ransomware attacks hit record levels despite preparedness efforts How credit unions approach AI governance policies What deepfake threats mean for credit union security How NCU-ISAO supports credit unions through community and collaboration   A huge thanks to our sponsor, NCU-ISAO Cybersecurity threats are evolving faster than ever, and credit unions are increasingly in the crosshairs. NCU-ISAO is the only organization fully dedicated to protecting credit unions through real-time threat intelligence, actionable alerts, expert-led analysis, and a community of security-minded professionals. Strengthen your defenses with collaboration. Learn more at NCUISAO.org/GYCU.

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In the third episode of our ‘Cyber Security De-mystified Podcast Series', Steve Ramsden, President Information Security at Intertek meets with guest speaker Irfan Hemani -Deputy Director for UK Cyber Security & Resilience Policy at Department for Science, Innovation and Technology –  DSIT to talk about UK Govt initiatives aiming to strengthen cyber resilience and what this means for UK organisations.Speakers:Steven Ramsden:  President of Information Security at IntertekIrfan Hemani : Deputy Director for UK Cyber Security & Resilience Policy,  DSITFollow us on- Intertek's Assurance In Action || Twitter || LinkedIn.

This week on Destination Linux, we are joined by a special guest host: Craig Rowland, the CEO of Sandfly Security! We're diving deep into the reality of modern security—specifically when third-party code knocks over your castle. From malicious VSCode extensions to the "React2Shell" vulnerability, we discuss why "Open Source" doesn't automatically mean "Safe" and how to protect your supply chain. Then, is it possible to have the macOS experience without the Apple ecosystem? Ryan explores ravynOS, a daring new project with "macOS vibes and a BSD soul." It's attempting to bring the Aqua interface—and eventually Mac app compatibility—to the open-source world. Plus, Jill brings us massive news from Canonical and AMI. You might soon be installing Ubuntu directly from your motherboard's BIOS without ever needing a USB drive. We break down how this partnership changes the game for hardware. Finally, we read an incredible listener story. Show Notes: 00:00:00 Intro 00:02:39 Extended Intro: Open Source or Bust 00:03:08 Community Feedback: A Pentester's Origin Story 00:10:03 Guest Host: Sandfly Security & Agentless Protection 00:15:53 Security Deep Dive: Supply Chain Attacks, Malicious VSCode Extensions & React2Shell 00:44:31 ravynOS: The Open Source Mac Killer? 00:56:05 News: Canonical + AMI: Installing Ubuntu from the BIOS 01:08:07 Outro 01:09:33 Post-Show Shenanigans Support the Show: Sponsored by Sandfly Security: destinationlinux.net/sandfly - Get 50% off the Home Edition with code DESTINATION50 Special Guest: Craig Rowland.

We break down the most common holiday scams and show how small choices—slowing down, going direct, and verifying—protect your money and your identity. Russell Barger, VP of Information Security, shares simple rules that stop most attacks at home and at work.• seasonal lures through fake deals, social posts and tracking links• warning signs: urgency, odd senders, spoofed domains, impersonal tone• safer shopping by navigating directly to trusted sites• workplace risks from HR and payroll phishing during year end• how to verify without clicking and use second channels• what to do after a risky click and quick password resets• saving cards on big retailers versus small shops• gift card scams: tampering checks and “boss” requests• social engineering spikes and holistic message evaluation• two golden rules: don't click and were you expecting thisSubscribe to the Money Matters PodcastHave an idea for a show or a question for Kim? Send us a text messageSupport the showWelcome to Money Matters, the podcast that focuses on how to use the money you have, make the money you need and save the money you want – brought to you by Neighbors Federal Credit Union. The information, opinions, and recommendations presented in this Podcast are for general information only and any reliance on the information provided in this Podcast is done at your own risk. This Podcast should not be considered professional advice.

Send us a textIn this episode, Joe sits down with Vishnu Varma to explore the evolving landscape of cybersecurity and data management. Vishnu shares his journey from India to the US, detailing his experiences at Cisco and the rise of cloud security. They delve into the challenges of managing vast amounts of data in the age of AI, discussing how BonFi AI is innovating in data security. Tune in to learn about the importance of context in data protection and the future of cybersecurity in a rapidly changing digital world.00:00:19 Introduction to Vishnu's Journey00:00:30 Entering the US and Cisco00:02:18 Cloud Security and AI00:02:48 Data Governance and Challenges00:08:47 The Expansiveness of Cloud00:11:00 AI's Appetite for Data00:12:11 Data Security in the JNI Era00:14:29 The Importance of Context00:16:13 Data Used by Enterprises00:22:24 Conclusion and Future Trendshttps://www.bonfy.ai/Bonfy.aiBonfy ACS is a next-gen DLP platform built for the AI era. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

CMMC 2.0 explained in plain English — what it means for small businesses, defense contractors, and vendors across the DoD supply chain. Learn about Level 1 vs Level 2, self-attestation risks, C3PAO shortages, compliance deadlines, and how to stay audit-ready before 2025.Don't miss out on crucial information about the CMMC 2025 deadline. The Cybersecurity Maturity Model Certification is a vital requirement for businesses dealing with the Department of Defense. If you miss the deadline, you risk losing contracts and facing severe penalties. In this video, we'll explore the consequences of missing the CMMC 2025 deadline and provide valuable insights on how to prepare and stay compliant. Stay ahead of the game and ensure your business is CMMC-ready. Find out what happens if you missed the deadline and learn how to avoid costly mistakes. Tune in now and take the first step towards CMMC compliance. CHAPTERS00:00 – The 4 Letters That Can End Your Business00:15 – CMMC 2.0: Why November 10, 2025 Changes Everything01:35 – Meet the Expert: Frontline View from a CMMC Assessor02:59 – What Is CMMC (In Plain English)?04:20 – FCI vs CUI: The Data That Decides Your Level07:05 – Are You Level 1 or Level 2? How the Flow-Down Really Work10:05 – Why the DoD Stopped “Trusting” Small Contractors11:40 – Supply-Chain Breaches: How Third Parties Take You Down13:00 – Level 1: The 17 “Basic” Controls Everyone Ignores17:00 – The Dangerous Game of Fudging Your Self-Attestation21:15 – Level 2: 110 Controls, SSPs, and the Reality of NIST 800-17123:40 – C3PAO Bottleneck: Why Waiting Means Losing Contracts26:30 – POA&M and the 180-Day “Grace” Trap32:05 – Surprise: Printers, MSPs, and “Non-Defense” Vendors in the Blast Radius35:15 – CMMC Is Not Going Away (And Other Hard Truths)37:05 – Countdown to FallSend us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

New Episode

This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Renée Fletcher, a program manager in Accenture Information Security. Renée is at a turning point in her career, moving from Governance, Risk and Compliance to a new strategic programs role as the Cyberstrategy, Geopolitical and Regulatory lead. Having been on the frontlines of strengthening Accenture's regulatory readiness, she reflects on starting from what you know to assess risk, building cross-functional teams, and communicating effectively. Learn why her career is a lesson in what can happen when the detour becomes the destination—and how her degree in forensic science still helps her today. Renée's career advice? You're more capable than you think.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025]   00:00 - Intro 00:31 - Carter Zupancich Intro -          Website: https://carterzupancich.com/ 01:30 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:35 - Tools, Tactics and Procedures 05:19 - Tech Advances 08:16 - The Classics 10:01 - The Need for Testing 12:16 - Callback Phishing 17:26 - Setting Expectations 21:56 - Approved Language 23:56 - Verify! 25:16 - Empowerment 26:17 - And Now a Horrible Story 28:47 - Investing In Employees 31:19 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements.The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode:01:12. Why CIS “drinks its own champagne” when it comes to cybersecurity02:56. Three ways the CIS Controls help modern enterprises defend against threat actors04:02. The importance of pulling together security lessons learned in a way that's translatable10:03. Our use of the CIS Controls to align to SOC 2, ISO 27001, and other frameworks12:01. How governance, risk, and compliance (GRC) engineering works with automation to help build repeatable processes22:43. The role of collaboration and communication in building a cybersecurity program27:17. Privacy regulations as a catalyst for security innovation30:24. The CIS Community Defense Model and evidence-based practices32:40. How CIS leverages lessons learned to improve our security best practicesResourcesEpisode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Experienced CISOs from MongoDB and Gusto reveal proven frameworks for translating complex cybersecurity metrics into board-friendly presentations that drive decision-making.Topics Include:Security leaders discuss challenges of presenting technical cybersecurity topics to boardsMongoDB CISO presents three times in six months, Gusto director five timesThree-angle metrics framework: environmental threats, prevention quality, and detection/response speed capabilitiesBoard members switch contexts frequently, requiring extensive education and simplified heat mapsRepeatable presentation models help board members follow consistent data across meetingsAudit committees get different depth than general board updates on programsNew technologies like AI require educating boards on risks versus opportunitiesFoundational security principles like zero trust remain constant regardless of technologySecurity buzzwords need translation appendices since board members forget technical definitionsFinancial services background helps translate cyber risks into dollar amounts boards understandThird-party penetration testing provides independent validation but requires vendor rotation strategiesLimited 30-minute board time means trusting security leaders' vendor diligence decisionsFirst-time CISOs should educate on threat landscape then tailor strategy to companyBalance discussing shiny new technologies with essential foundational security blocking and tacklingAI implementation spans customer features, infrastructure security, and augmenting security capabilities internallyParticipants:Sean Josephson - Sr. Director of Information Security, GustoJulien Soriano – Sr. Vice President, CISO, MongoDBGee Rittenhouse - Vice President, Security Services, Amazon Web ServicesFurther Links:Gusto: Website – LinkedInMongoDB: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

In this episode of The New CISO, host Steve Moore speaks with Dr. Timo Wandhöfer, Group CISO and Head of Information Security & Business Continuity Management at Klöckner & Co, about the evolving responsibilities of modern CISOs and why influencing—not just convincing—stakeholders is essential for success.From his early career as a researcher in computer science to leading global security and resiliency efforts in the steel industry, Timo shares how critical thinking, skepticism, and cross-functional collaboration shaped his leadership style. He reflects on the dangers of overconfidence in detection, the risks of over-relying on tools, and the lessons learned from merging information security with business continuity. Timo also explores how AI can both accelerate remediation and introduce new risks, and why resilience planning and transparent communication are at the core of effective leadership.Key Topics Covered:The evolving role of the CISO: from protection to resilience and adaptabilityHow research skills translate into critical thinking and cross-functional collaborationWhy overconfidence and lack of visibility remain major pitfalls in security programsThe importance of transparency, maturity, and asset inventory for strong defensesResiliency planning: ransomware recovery, crisis management, and operating modelsInsider threat investigations and the role of HR, Legal, and IT in responseThe shift from convincing to influencing stakeholders through dialogueThe promise and risks of AI and automation in remediation and decision-makingWhy today's CISO must be a communicator, storyteller, and business leaderTimo's journey highlights how resilience, adaptability, and influence define the “new CISO.” His insights provide a roadmap for leaders who want to strengthen security programs, build trust with stakeholders, and guide their organizations with both technical and business acumen.

Ever wondered where digital trust fits in your company's strategy? We live in a world that's buzzing with AI, cybersecurity, and digital innovation. Everywhere you look, there's a new app, a smarter tool, or a faster system. But in the middle of all this tech hype, there's one thing we often overlook—trust.In this insightful conversation, Punit discusses with Bruno about the crucial influence of technology, economy, and other external factors on business strategies. They delve into how companies navigate different environments, the role of digital transformation, and the importance of maintaining a balanced ecosystem approach.If you're a leader, strategist, privacy professional, or tech enthusiast trying to make sense of innovation, trust, and governance in today's world—this conversation is a must-watch.KEY CONVERSION00:02:02 What is the concept of digital trust? Was it trust enough?00:04:40 Can we expect digital trust in an emerging world of new technology in 10-20 years?00:09:15 Is the board convinced about the value of digital trust or are they still in compliance mode?00:13:15 How do we sell this concept of digital trust on the boards? 00:18:51 Linking concept of trust, security and privacy to the broader agenda 00:25:58 What is it that you can sell them with and how can they reach out?  ABOUT GUESTBruno Horta Soares is a seasoned executive advisor, professor, and keynote speaker with over 20 years of experience in Governance, Digital Transformation, Risk Management, and Information Security. He is the founder of GOVaaS – Governance Advisors as-a-Service and has worked with organizations across Portugal, Angola, Brazil, and Mozambique to align governance and technology for sustainable business value.Since 2015, Bruno has served as Leading Executive Senior Advisor at IDC Portugal, guiding C-level leaders in digital strategy, transformation, governance, and cybersecurity. He is also a professor at top Portuguese business schools, including NOVA SBE, Católica Lisbon, ISCTE, ISEG, and Porto Business School, teaching in Masters, MBA, and Executive programs on topics such as IT Governance, Cybersecurity, Digital Transformation, and AI for Leadership.He holds a degree in Management and Computer Science (ISCTE), an executive program in Project Management (ISLA), and numerous professional certifications: PMP®, CISA®, CGEIT®, CRISC™, ITIL®, ISO/IEC 27001 LA, and COBIT® Trainer. As a LEGO® SERIOUS PLAY® Facilitator, he brings creativity into strategy and leadership development.Bruno received the ISACA John Kuyers Award for Best Speaker in 2019 and is the founder and current President of the ISACA Lisbon Chapter. A frequent international speaker, he shares expertise on governance and digital innovation globally.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.RESOURCES Websites www.fit4privacy.com,www.punitbhatia.com, https://www.linkedin.com/in/brunohsoares/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he's learned across decades in cybersecurity.From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.Key Topics Covered:Early career pivots, from engineering to cybersecurity leadershipLessons learned from career missteps and short-lived rolesThe five factors Steve now evaluates before taking a new jobSuccession planning and preparing teams to lead during emergenciesWhy tabletop exercises and exposure to executives matter for resilienceManaging stress, staying calm, and keeping perspective in high-pressure rolesThe long-tail business impact of breaches beyond immediate costsWhy financial services foster collaboration and innovation in securityThe importance of mentoring and introducing students to cybersecurity careersSteve's story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage  (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rachel Maddow looks at Donald Trump's ridiculously poor track record of mishandling sensitive information, with the scandal of several of his top officials thoughtlessly discussing military plans in an insecure group text raising questions of criminality on top of the widespread outrage over the sheer sloppiness of their actions.