POPULARITY
Categories
Ever wondered where digital trust fits in your company's strategy? We live in a world that's buzzing with AI, cybersecurity, and digital innovation. Everywhere you look, there's a new app, a smarter tool, or a faster system. But in the middle of all this tech hype, there's one thing we often overlook—trust.In this insightful conversation, Punit discusses with Bruno about the crucial influence of technology, economy, and other external factors on business strategies. They delve into how companies navigate different environments, the role of digital transformation, and the importance of maintaining a balanced ecosystem approach.If you're a leader, strategist, privacy professional, or tech enthusiast trying to make sense of innovation, trust, and governance in today's world—this conversation is a must-watch.KEY CONVERSION00:02:02 What is the concept of digital trust? Was it trust enough?00:04:40 Can we expect digital trust in an emerging world of new technology in 10-20 years?00:09:15 Is the board convinced about the value of digital trust or are they still in compliance mode?00:13:15 How do we sell this concept of digital trust on the boards? 00:18:51 Linking concept of trust, security and privacy to the broader agenda 00:25:58 What is it that you can sell them with and how can they reach out? ABOUT GUESTBruno Horta Soares is a seasoned executive advisor, professor, and keynote speaker with over 20 years of experience in Governance, Digital Transformation, Risk Management, and Information Security. He is the founder of GOVaaS – Governance Advisors as-a-Service and has worked with organizations across Portugal, Angola, Brazil, and Mozambique to align governance and technology for sustainable business value.Since 2015, Bruno has served as Leading Executive Senior Advisor at IDC Portugal, guiding C-level leaders in digital strategy, transformation, governance, and cybersecurity. He is also a professor at top Portuguese business schools, including NOVA SBE, Católica Lisbon, ISCTE, ISEG, and Porto Business School, teaching in Masters, MBA, and Executive programs on topics such as IT Governance, Cybersecurity, Digital Transformation, and AI for Leadership.He holds a degree in Management and Computer Science (ISCTE), an executive program in Project Management (ISLA), and numerous professional certifications: PMP®, CISA®, CGEIT®, CRISC™, ITIL®, ISO/IEC 27001 LA, and COBIT® Trainer. As a LEGO® SERIOUS PLAY® Facilitator, he brings creativity into strategy and leadership development.Bruno received the ISACA John Kuyers Award for Best Speaker in 2019 and is the founder and current President of the ISACA Lisbon Chapter. A frequent international speaker, he shares expertise on governance and digital innovation globally.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.RESOURCES Websites www.fit4privacy.com,www.punitbhatia.com, https://www.linkedin.com/in/brunohsoares/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy
In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he's learned across decades in cybersecurity.From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.Key Topics Covered:Early career pivots, from engineering to cybersecurity leadershipLessons learned from career missteps and short-lived rolesThe five factors Steve now evaluates before taking a new jobSuccession planning and preparing teams to lead during emergenciesWhy tabletop exercises and exposure to executives matter for resilienceManaging stress, staying calm, and keeping perspective in high-pressure rolesThe long-tail business impact of breaches beyond immediate costsWhy financial services foster collaboration and innovation in securityThe importance of mentoring and introducing students to cybersecurity careersSteve's story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.
Join Automox CISO and SVP of Product Jason Kikta for a recap of Black Hat and DEF CON 2025. In this episode, Jason shares his take on the conversation around AI in cybersecurity shifting from hype to practical tools for defenders. Hear why integrating AI into your CI/CD pipeline, alert triage, and vulnerability management could be a game changer, plus thoughts on choosing the right security events for your personality and goals. Whether you're a conference veteran or a curious first-timer, this episode offers insights, humor, and encouragement to get more involved in the security community.
Podcast: ICS Cyber Talks PodcastEpisode: Shaya Feedman Ex Head of Information Security @Porsche Digital about cars functional safety & cyberPub date: 2025-08-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationכשאתם נכנסים לרכב שלכם כמה מחשבה אתם מקדישים לעובדה שאתם בתוך דאטה-סנטר עצום, איך מתמודדים בטיחותית וסייברית עם מפעל שיש בו עשרות רבות ולעיתים מאות מחשבים עם שתי רשתות תקשורת שלפחות אחת מוגדרת כקריטית וכול זה ממוזער ונדחס לרכב אחד אין ספק שבטיחות והגנת סייבר בתעשיית הרכב היא אחד האתגרים הקשיים שיש החל משלב התכנון, דרך שרשרת אספקה ועד הרכב עצמו. נחשון פינקו מארח את שייע פידמן עד לאחרונה מנהל מרכז הפיתוח והגנת הסייבר בפורשה דיגיטל בשיחה על הגנת סייבר בעולם ייצור הרכבים והרכבים עצמם. ועוד כמה מיידעים לגבי הרכבים שלכם שכנראה לא ידעתם When you get into your car, how much thought do you give to the fact that you are inside a huge data center, how do you deal with safety and cyber security with a factory that has dozens and sometimes hundreds of computers with two communication networks, at least one of which defined as critical, and all of this is minimized and compressed into one car? There is no doubt that safety and cybersecurity in the automotive industry are among the most difficult challenges, from the planning stage, through the supply chain, to the vehicle itself. Nachshon Pincu hosts Shaya Feedman, until recently the Head of Information Security at Porsche Digital, in a conversation about cybersecurity in the world of vehicle manufacturing and the vehicles themselves. And some more information about your cars that you probably didn't know The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
The Cognitive Crucible is a forum that presents different perspectives and emerging thought leadership related to the information environment. The opinions expressed by guests are their own, and do not necessarily reflect the views of or endorsement by the Information Professionals Association. During this episode, Torvald Ask discusses his 2023 co-authored paper: The UnCODE System: A Neurocentric Systems Approach for Classifying the Goals and Methods of Cognitive Warfare. The UnCODE System is an accessible and a practical tool for understanding and addressing cognitive warfare goals. Recording Date: 1 Aug 2025 Research Question: Torvald Ask suggests an interested student or researcher examine how to measure the cognitive baseline of a population to figure out if they have been influenced positively or negatively. Resources: Cognitive Crucible Podcast Episodes Mentioned #227 Matthew Canham on Agentic AI and the Cognitive Security Institute #223 Paul Buvarp on the Demand-side of Disinformation #174 Kara Masick on Assessment Insights from Program Evaluation The UnCODE System: A Neurocentric Systems Approach for Classifying the Goals and Methods of Cognitive Warfare by Torvald F. Ask, Ricardo G. Lugo, Stefan Sütterlin, Matthew Canham, Daniel Hermansen, Benjamin J. Knox The Moloch Trap of Environmental Problems Link to full show notes and resources Guest Bio: Torvald F. Ask is a Neuroscientist and co-founder of Gonzo Solutions. His research is focused within the fields of human factors in cybersecurity, cognitive security and cognitive warfare, cognitive control, psycho-neuro-immunology, and neurodevelopment. Ask holds a PhD in Information Security and Communication Technology from the Norwegian University of Science and Technology. He is currently affiliated with the Faculty of Health, Welfare and Organization at Østfold University College, Norway. About: The Information Professionals Association (IPA) is a non-profit organization dedicated to exploring the role of information activities, such as influence and cognitive security, within the national security sector and helping to bridge the divide between operations and research. Its goal is to increase interdisciplinary collaboration between scholars and practitioners and policymakers with an interest in this domain. For more information, please contact us at communications@information-professionals.org. Or, connect directly with The Cognitive Crucible podcast host, John Bicknell, on LinkedIn. Disclosure: As an Amazon Associate, 1) IPA earns from qualifying purchases, 2) IPA gets commissions for purchases made through links in this post.
Protecting against sophisticated AI-powered attacks on APIs - identifying anomalies and threatsMeeting API compliance and data protection challenges with emerging technologiesMoving towards a mature posture for API securityThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Satyam Rastogi, Director of Information Security & DevOps, BAMKOhttps://www.linkedin.com/in/hackersatyamrastogi/Mike Johnson, Global Cyber Threat & Incident Response Manager, Verifonehttps://www.linkedin.com/in/mike---johnson/Madison Dreshner, Principal of IT Risk and Compliance solutions, AuditBoardhttps://www.linkedin.com/in/madisondreshner/
In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:00:58. Introductions with Angelo and Stephanie02:07. A pro and a con of IT consulting work04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls07:08. How IT and IT security are essential to corporate strategy07:45. The use of governance to support merging three business units into an integrated security company12:04. The value of security champions in adapting to regulatory and business changes15:15. What IT and Security teams can accomplish when they work as partners17:18. The use of data to inform Board decisions and conversations around risk20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 202029:30. Advice for folks starting out in security31.28. The importance of collaboration and culture in implementing security as an organizationResourcesEpisode 144: Carrying on the MS-ISAC's Character and CultureThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1CIS Controls v8.1 Mapping to ISO/IEC 27001:2022CIS Controls v8.1 Mapping to SOC2CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3Reasonable CybersecurityEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Today's digital entertainment ecosystem spans streaming platforms, mobile applications, gaming networks and content delivery systems—creating unprecedented opportunities and security challenges. Forward-thinking leaders are working to balance seamless user experiences with robust security frameworks in an era where digital content is ubiquitous and consumers demand instant, secure access across every device. Tune in as experts discuss how the evolution of digital entertainment platforms is transforming security paradigms, creating new business models and why protecting the modern media value chain has become a C-suite priority that extends far beyond technical considerations. Featured experts Tony Lauro, Senior Director of Security Strategy, Akamai Technologies Tina Slivka, Vice President, Consult Lead for US Telecom, Media and Technology, Kyndryl
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Tib3rius. Tib3rius is a hacker, penetration tester, and content creator. He is passionate about helping folks learn about cybersecurity, and he loves sharing his knowledge to help others secure their businesses and systems. You can find links to Tib3rius' website, content, and social media profiles on his Linktree page. Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now! Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.
Chief Persuasion Officer: The New CISO MindsetNetSPI Field CISO and host of Agent of Influence podcast Nabil Hannan sat down with Rick McElroy to talk about the role of the CISO, leveraging AI in the cybersecurity space, vendor collaboration, and career advice.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
What does it take to build a resilient cybersecurity strategy in higher education - especially with limited resources and rising threats?Tobey Coffman, Chief Information Security Officer at Ball State University, and Ron Pelletier, founder of Pondurance, share how their partnership grew from a single pen test into a fully managed, 24/7 detection and response program. Together, they break down the real-world challenges campuses face, the tipping point that led Ball State to invest in around-the-clock protection, and what makes a vendor-university relationship truly work.Whether you're just getting started or looking to deepen your institution's cybersecurity posture, this conversation delivers insight, strategy, and lessons learned from the front lines.Guests: Tobey Coffman, Executive Director of Information Security and Chief Information Security Officer, Ball State University & Ron Pelletier, Founder & Chief Customer Officer, Pondurance Host: Matt Levine, Category Marketing Manager, E&I Cooperative Services Relevant Links:E&I's Pondurance ContractCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.
You click on a link in an email—as one does. Suddenly you see a message from your organization, “You've been phished! Now you need some training!” What do you do next? If you're like most busy humans, you skip it and move on.Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker) uncovered similar results in their study “Understanding the Efficacy of Phishing Training in Practice.” The solution? Ariana suggests focusing on a more effective fix: designing safer systems.In the episode we talk about:Annual cybersecurity awareness training doesn't reduce the likelihood of clicking on phishing links, even if completed recently. Employees who finished training recently show similar phishing failure rates to those who completed it months ago. The study notes, “Employees who recently completed such training, which has significant focus on social engineering and phishing defenses, have similar phishing failure rates compared to other employees who completed awareness training many months ago.”Phishing simulations combined with training (where companies send out fake phishing emails to employees and, for those who click on the links, lead those employees through training) had little impact on whether participants would click phishing links in the future. Ariana was hopeful about interactive training but found that too few participants engaged with it to draw meaningful conclusions. The type of phishing lure (e.g., password reset vs. vacation policy change) influenced whether users clicked. Ariana warned that certain lures could artificially lower click rates.Ultimately, Ariana suggests focusing on designing safer systems—where the burden is taken off the end users. She recommends two-factor authentication, using phishing-resistant hardware keys (like YubiKeys), and blocking phishing emails before they reach users.This quote from the study stood out to me: “Our results suggest that organizations like ours should not expect training, as commonly deployed today, to substantially protect against phishing attacks—the magnitude of protection afforded is simply too small and employees remain susceptible even after repeated training.”This highlights the need for safer system design, especially for critical services like email, which—and this is important—inherently relies on users clicking links.Ariana Mirian is a senior security researcher at Censys. She completed her PhD at UC San Diego and co-authored the paper, “Understanding the Efficacy of Phishing Training in Practice.”G. Ho et al., "Understanding the Efficacy of Phishing Training in Practice," in 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2025, pp. 37-54, doi: 10.1109/SP61157.2025.00076.
Cybersecurity Lessons on the Path to Private EquityDive into the world of private equity and cybersecurity with Paul Harragan, Global Cybersecurity Lead at KKR. In this episode, we cover strategies for managing risks, navigating M&A diligence, and aligning security with business growth.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
In this episode, I speak with three guests from diverse backgrounds who share a common goal: Building trust in human-AI partnerships in security. We originally came together for a panel at the Institute of Electrical and Electronics Engineers (IEEE) Conference on AI in May 2025, and this episode recaps that discussion.Key takeaways:Security practitioners tend to be natural-born skeptics (can you blame them?!). They struggle to trust and adopt AI-powered security products, especially in higher-risk scenarios with overly simplified decision-making processes.AI can be a tool for threat actors and a threat vector itself, and its non-deterministic nature makes it unpredictable and vulnerable to manipulation.All AI models are biased, but not all bias is negative. Recognized and carefully managed bias can provide actionable insights. Purposefully biased (opinionated) models should be transparent.Clearer standards and expectations are needed for “human-in-the-loop” and human oversight. What does the human actually do, are they qualified, and do they have the right experience and information?What happens when today's graduates are tomorrow's security practitioners? On one end of the spectrum we have a lot of skepticism, on the other end not enough. We talk about over-reliance on AI, de-skilling, and loss of situational awareness.Dr. Margaret Cunningham is the Technical Director, Security & AI Strategy at Darktrace. Margaret was formerly Principal Product Manager at Forcepoint and Senior Staff Behavioral Engineer at Robinhood.Dr. Divya Ramjee is an Assistant Professor at Rochester Institute of Technology (RIT). She also leads RIT's Technology and Policy Lab, analyzing security, AI policy, and privacy challenges. She previously held senior roles in US government across various agencies.Dr. Matthew Canham is the Executive Director, Cognitive Security Institute. He is a former FBI Supervisory Special Agent, with over twenty years of research in cognitive security.
This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Kyle Friedman, who leads Security Contracting and Request for Proposal Support for our Information Security Client Data Protection team. She ensures that we have the right provisions in our proposal responses and contracts to run engagements in a secure fashion that works for both Accenture and our clients. Learn about Kyle's unconventional start at Accenture, passion for client data protection, and ability to translate information security topics to people outside the field. Her career advice? Always listen and keep an open mind.
We're past the point of simply saying you're committed to sustainability, it's time for tangible and verified action. This is what many are calling for in response to the recent rise in Greenwashing and subsequent erosion of trust from consumers and other stakeholders regarding any green claims. As a result, a number of voluntary disclosure schemes have been created to help benchmark and verify organisation's claims, should they choose to participate. One example being the focus of today's episode: EcoVadis. In this episode Mel Blackmore continues with our voluntary disclosure's series, discussing the ESG rating scheme EcoVadis, what is required to earn a Platinum rating and provides some tips on how to get that Platinum rating. You'll learn · What is EcoVadis? · What are the requirements to achieve a Platinum rating? · Top tips for earning an Platinum rating for EcoVadis · What are the advantages of earning a Platinum rating? · What are the disadvantages of getting involved with EcoVadis? Resources · EcoVadis · Carbonology · Contribute to Mel's carbon verification commitment research by taking her Survey In this episode, we talk about: [02:05] Episode Summary – Mel discusses the voluntary disclosure scheme: EcoVadis, including what's involved with taking part, how to achieve a Platinum rating and the pros and cons of being benchmarked. [03:00] Why is there a need for EcoVadis? An increased number of investors and financial institutions, in addition to clients are demanding more than just financial reports. They want to know what a company's environmental footprint is, and at this point, it's time to move on beyond simply making pledges. This extends to other elements of governance as EcoVadis doubles as a crucial ESG rating scheme. [04:30] What is EcoVadis? EcoVadis is a globally recognised provider of business sustainability ratings. They assess companies' environmental, social, and ethical performance across 21 indicators and four main themes: Environment, Labor & Human Rights, Ethics, and Sustainable Procurement. EcoVadis aims to help organisations manage their supply chain sustainability risks and opportunities. If you're a supplier, you've likely received a request from a customer to complete an EcoVadis assessment. The assessment process involves completing a detailed questionnaire, submitting supporting documentation, and then EcoVadis analysts review your submission and assign a scorecard. This scorecard provides a detailed breakdown of your performance across the four themes and assigns an overall score and a medal status: Bronze, Silver, Gold, or Platinum. It's this medal status that's crucial, especially those coveted Gold and Platinum badges, which signal to your customers that you are a top-tier performer in sustainability. [05:40] We want to hear from you: Mel is currently running some research around CDP and the key drivers behind carbon emission verification, and would appreciate your feedback if you have a few minutes to spare. The results are completely anonymous, and it should only take 5 – 10 minutes. You can take the survey here. Thank you in advance to any contributors! [06:05] What is required to achieve an Platinum Rating? – While EcoVadis assesses across four themes, the 'Environment' theme often carries significant weight, and within that, greenhouse gas (GHG) emissions management is paramount for the higher ratings. To earn an EcoVadis Platinum rating, you'll generally need to achieve an overall score between 78-100 out of 100. Key areas that you need to excel in include:- 1) Comprehensive Environmental Management System: This includes policies, actions, and reporting on a wide range of environmental issues. For Platinum, EcoVadis expects to see highly structured and systematic approaches to environmental management. 2) Robust GHG Emissions Management: For this you need to: · Measure your GHG Emissions: Accurately calculate your Scope 1, Scope 2, and significant Scope 3 emissions. EcoVadis places increasing emphasis on Scope 3, as it often represents the largest portion of a company's footprint. · Set Ambitious Targets: Have clear, quantitative targets for GHG emission reduction. Aligning these with a science-based target (SBTi) is highly advantageous and often a de facto requirement for Platinum. · Implement Reduction Initiatives: Demonstrate concrete actions you are taking to reduce emissions, such as investing in renewable energy, improving energy efficiency, optimizing logistics, or engaging your supply chain. 3) Independent Verification of GHG Emissions Data: This is a non-negotiable for Platinum and often for Gold. EcoVadis awards significant points for having your Scope 1 and Scope 2 GHG emissions (and increasingly, relevant Scope 3 categories) independently verified by a third-party accredited body. This provides assurance that your reported data is accurate and reliable. As a CDP accredited verification body, we routinely help companies through this process, and it makes a profound difference in their EcoVadis and overall ESG scores. 4) Strong Policies and Actions Across All Themes: While we're focusing on environment, remember Platinum requires excellence across all four EcoVadis themes: · Labor & Human Rights · Ethics · Sustainable Procurement Implementing Standards such as ISO 37001 (Anti-Bribery and Corruption), ISO 27001 (Information Security), ISO 20400 (Sustainable Procurement) can help put some of these in place. 5) Effective Reporting and Transparency: You need to clearly articulate your policies, actions, and performance data within the EcoVadis questionnaire. This includes providing high-quality, relevant supporting documentation. To get the best result, don't just tick boxes; provide evidence! 6) Continuous Improvement: EcoVadis looks for evidence of ongoing improvement. It's not a one-off assessment; it's about demonstrating a commitment to continually raising your standards. [14:20] How to get an EcoVadis Platinum Rating with verified data? – Here's a few tips: · Start Early and Plan Strategically: Don't wait until the last minute. The EcoVadis assessment requires significant time and effort. Plan your data collection, policy development, and verification process well in advance. · Understand the EcoVadis Methodology: Download the EcoVadis methodology and scoring criteria. These double as guidance documents that explain what they're looking for in each section. Tailor your responses and documentation accordingly. · Invest in carbon accounting software: Accurate and consistent data is paramount. Implement systems (whether software or well-organized spreadsheets) to track your energy consumption, waste, water use, and especially your GHG emissions. · Prioritize GHG Emissions Verification: Engage a reputable, accredited third-party verification body (like Carbonology
The Future of HubSpot is PasswordlessLearn how HubSpot's CISO Alyssa Robinson breaks down passwordless authentication, innovative security strategies, and the art of balancing usability with protection on the latest episode. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Meet Chris Brandt, the new host of IT Visionaries.In this special episode, outgoing host Albert Chou passes the mic to Chris—a seasoned Technology Strategist with a passion for connecting bold ideas to real business outcomes.Chris's career spans startups to global enterprises, from building an EMP-shielded data center deep underground to deploying 200PB HPC environments in Fintech. His expertise includes business strategy, IT operations, security, and network architecture.Outside of work, he enjoys life with his wife Julie, their two kids, Lily and Camden, and their dog, Hobs.Get to know the new voice behind IT Visionaries—and what's coming next. ---Produced by the team at Mission.org and brought to you by Brightspot.
In Jan. 2025, then-Vice President Kamala Harris announced a final rule by the Consumer Financial Protection Bureau to remove medical debt from consumers’ credit reports. The policy was to take effect in March, but just like many other Biden-era actions, the Trump administration is changing course. Now, a federal judge is expected to decide in mid-June about whether to vacate the consumer protection rule. Georgia ranks among the top five states with the most medical debt, with 13% of adults in the state owing money. Former health tech executive and consumer advocate Scott Speranza, the CEO of HealthLock, discusses what this could mean for Georgians. For “Closer Look’s” Class of 2025 graduation series, we hear from Bon Varlet. The standout Kennesaw State University graduate majored in information technology. She talks with Rose about her academic journey, including earning a Fulbright Study Award, and her aspirations to attend law school and to protect public institutions, particularly libraries.See omnystudio.com/listener for privacy information.
You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about what admins need to know about Agentforce and how to build secure AI experiences. You should subscribe for the full episode, but here are a few takeaways from our conversation with […] The post Why Secure AI Starts With You: What Admins Must Know About Agentforce appeared first on Salesforce Admins.
In this podcast session, the speaker will provide a deeper dive into all the prospective questions organizations must ask their technology providers prior to moving forward with a deal. Although, the technology works, great, but does the company as a whole? Moderator: @Christina Wojcik - Head of Innovation & Partnerships, Pierson Ferdinand LLP Speaker: @Krishna Vyas - Director of Third Party Risk Management and Information Security, CITI Recorded 5-15-2025
Understanding information security standards is the first step toward building a resilient and trustworthy organization. Cyber-attacks, data leaks, and rule-breaking are becoming more common. Businesses and people need to keep their information safe—but how can they do that? One way is by following security standards like ISO 27001.
Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about:The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems.Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them.The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.”Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience.Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.During this episode, we reference:Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022).Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66, Issue 1 (2022): 1116-1120.
In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
#036 – In this next episode, I was joined by Erin Grippo, Senior Manager of Product Operations at Brivo, who brings nearly a decade of experience in the security industry across marketing, business strategy, partnerships, and product operations.Today's conversation explored Erin's career journey and how she navigated major transitions across roles, companies, and countries. We discussed her philosophy about career growth, overcoming early career challenges, and her advice for aspiring professionals. Erin also shared her perspective on leadership development, the value of networking, and why mentorship is important in our careers. I think you'll find this to be an honest and inspiring discussion!After graduating from DePauw University with a degree in Communication, Erin launched her career at Allegion in the U.S. and later relocated to Toronto to lead multifamily and PropTech initiatives for Allegion Canada. She continued to expand her expertise at Latch, managing partnerships and launching new products and programs before joining Brivo in 2023.Erin is active in the security industry's professional community, serving on the Security Industry Association's RISE Steering Committee and previously on the Foundation for Advancing Security Talent (F.A.S.T) board from 2020 to 2024. She was recently named one of the 2024 Women in Security Forum Power 100. Erin is passionate about mentoring early-career professionals and building stronger pathways for the next generation of security leaders—and it was a pleasure having her on the podcast.-- Get the resources and show notes mentioned in this episode --https://thesecuritystudent.com/shownotes
The 2023 FBI Internet Crime Report reveals that nearly 21% of ransomware attacks targeted the healthcare and public health sectors—making them the top victims. This week on Feds At The Edge, we explore how agencies can defend against these growing threats. Benjamin Koshy, Chief Information Security Officer and Director, Division of Information Security of Indian Health Service, explains the unique identity management challenge in healthcare: balancing open patient access with strict data protection. Keith Busby, Acting CISO at CMS, outlines how to go beyond Zero Trust with real-world risk assessments and robust incident response plans - not just a three-ring binder gathering dust on a shelf. And Alec Lizanetz, Identity Protection Specialist from CrowdStrike, emphasizes the importance of prioritizing threats and using frameworks like CISA's to respond efficiently. Tune in on your favorite podcasting platform today to hear practical, high-impact strategies to secure critical systems and protect patient care, perfect for healthcare leaders who must protect both data and lives.
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance
Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Our feature guest this week is Jason Haddix, CEO/Hacker @ Arcanum Information Security. We're also trying something new with our interviews and Jason will be doing an Ask Me Anything in the #AMA channel on Slack. Head on over there to ask him any questions you might have! News from and a lot more! Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver airport seeks $150M contract for new consolidated rental car facility Metro Denver a leader nationally for how fast unsold homes are piling up Centennial-based Boom Technology chooses Adams County as test site for its supersonic jet engines Denver coding school to close Denver dialysis giant DaVita hit with ransomware attack Davita 8-K (ransomware attack) Proposed changes to Colorado's AI regulation draw mixed reactions from business leaders Cybersecurity metrics that matter (and how to measure them) The New Security Model: A Blueprint for Successful SASE Deployment Protecting Your Business – Ransomware Prevention and Recovery Best Practices Why Strong Digital Identity is Essential—With or Without Executive Order 14144 Upcoming Events: Check out the full calendar ASIS Denver - Colorado Corporate Security Symposium - 5/7 ISSA COS - May Chapter Meeting - 5/13 Let's Talk Software Security - Is Using AI Really That Insecure? - 5/14 ISSA Denver - ISC2 Certified Cloud Security Professional (CCSP) Exam Preparation - 5/17/-5/18 LIFT - Hike #1 - 5/20 ISC2 Denver - Enhancing Privacy and Security in the Age of AI-Driven Social Engineering - 5/27 Rocky Mountain Information Security Conference (RMISC) - 5/28-30 ISC2 Pikes Peak - Chapter Meeting - 5/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Andrew Guasp talks with Alex Gacheche about the importance of emotional intelligence (EQ) in the internal audit profession, especially in the context of AI advancements. They discuss how EQ can enhance internal audit effectiveness, the role of empathy and communication, and the impact of cultural differences on EQ. From active listening to handling difficult conversations, this episode unpacks the human side of internal auditing. HOST:Andrew Guasp, CIA Senior Manager, Standards & Professional Guidance, The IIA GUEST:Alex Gacheche, CISAHead of Internal Audit, Information Security, Technology Infrastructure, Emerging Technology, and AI, Meta Key Points Introduction [00:00–00:01:16] What Is Emotional Intelligence? [00:01:17–00:03:34] Human Judgment with AI [00:03:35–00:05:01] Balancing Hard and Soft Skills [00:05:02–00:06:27] Developing EQ in Auditing [00:08:42–00:11:51] EQ in Communication and Reporting [00:11:52–00:13:16] Training for EQ Skills [00:13:17–00:14:31] Blending AI and EQ [00:14:32–00:15:49] Resources to Grow EQ [00:15:50–00:18:24] Using EQ in Remediation [00:18:25–00:21:42] EQ in Planning and Information Gathering [00:21:43–00:24:01] Cultural Sensitivity and Word Choice [00:24:02–00:26:32] Leading Multigenerational Teams [00:26:33–00:30:17] EQ's Role in the AI Era [00:30:18–00:32:25] Leadership, Retention, and EQ [00:32:26–00:35:02] EQ in Walkthroughs and Meetings [00:35:03–00:40:47] Final Thoughts [00:40:48–00:41:53] The IIA Related Content Interested in this topic? Visit the links below for more resources: 2025 AuditSphere Virtual Conference Building a Better Auditor: The Powerful Synergy of EQ and AI Knowledge Centers: Artificial Intelligence 'Mastering Soft Skills in Internal Auditing,' All Things Internal Audit Podcast The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams. Resources: View Christina Morillo on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online - LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors - Shawn Edwards - Jay Leek 27:02 - Book Recommendations - R. E. Lee: A Biography - Douglas Southall Freeman 29:34 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
There Is No Information Security Any More Karel Cast 25-56 I received a letter this weekend, a letter that I've gotten before. In fact, I've gotten six of them total. And you know what it says. It says that all the verification of who you are, all the information of yours that your health care provider has, including your charts, your conditions, your medications, might as well be at the public library. Because it certainly isn't safe. Is anything being done? Or is it a lost cause? Also, we now live in a society where our children can go through not one, but TWO mass shootings, and STILL nothing at all is done. The story of the Parkland survivor that ended up in the Florida shooting. Another study about plant based diets...what will it take for you to finally change? The Karel Cast is heard on all streaming services from Apple Music to iHeart Media, Spotify to Spreaker. The show is Monday through Thursday at 10:30 am Live PST. It can also be seen on TikTok and Instagram. Karel is a history-making broadcaster and entertainer currently in Las Vegas with his little service girl Ember. The Karel Cast is supported by your donations at patreon.com/reallykarel Please watch, like and subscribe to the videos at youtube.com/reallykarel
In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.
Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about his recent presentation at TDX and how to build secure, reliable AI experiences with Agentforce. You should subscribe for the full episode, but here are a few takeaways from our conversation […] The post Building Secure AI Agents with Salesforce Agentforce appeared first on Salesforce Admins.
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Show Notes: https://securityweekly.com/bsw-389
Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389
Rachel Maddow looks at Donald Trump's ridiculously poor track record of mishandling sensitive information, with the scandal of several of his top officials thoughtlessly discussing military plans in an insecure group text raising questions of criminality on top of the widespread outrage over the sheer sloppiness of their actions.
Welcome back to the To the Point cybersecurity podcast, presented by Forcepoint! In this episode, hosts Rachael Lyon and Jonathan Knepper continue their engaging conversation with Michele Rigby Assad, a former CIA intelligence officer and renowned author of "Breaking Cover" and "Get Off the X." Join us as Michele shares her unique insights into the global threat landscape and the security challenges we face domestically. From discussing the imperative of modernizing the intelligence workforce with STEM education to her message of embracing discomfort and taking risks for meaningful growth, Michele offers a compelling perspective that is both inspiring and thought-provoking. We'll explore the impact of cultural and linguistic isolation on the U.S.'s ability to engage globally and the pressing threats poised by countries like Iran. Plus, Michele reveals her personal philosophy on overcoming adversity and the importance of getting "off the X" to achieve extraordinary things, no matter how ordinary you start. Tune in for an enlightening discussion filled with personal anecdotes and actionable advice for navigating today's complex world. Don't miss this opportunity to hear Michele's compelling stories and invaluable expertise on the intricacies of intelligence and cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e324
On this episode of Blood, Sweat & Balance Sheets, host Mike Whitmire sits down with Vicky LeVay, Sr. Director of Compliance, Risk, and Information Security at FloQast, and Jaysen Dyal, Product Marketing Manager at FloQast and former accountant. Together, they discuss the growing role of AI in accounting and FloQast's achievements, including earning ISO 42001 certification.Vicky provides insights into what it takes to secure this critical certification and why it's essential for building trust and ensuring accountability in AI-driven processes. The conversation dives into the ethical challenges of implementing AI in the accounting field and how FloQast's vision paves the way for innovation, efficiency, and solving industry challenges. Learn how AI-powered tools are reshaping the profession, empowering accountants to move beyond manual tasks and tackle strategic work with confidence.Key TakeawaysAI's Role in Accounting: How artificial intelligence is streamlining accounting processes and enabling accountants to focus on strategic initiatives.ISO 42001 and Trust in AI: Why FloQast pursued ISO 42001 certification and its significance in ensuring trust and compliance in AI workflows.Addressing Ethical Challenges: Exploring risks like prompt injection, AI hallucinations, and the importance of integrating robust safeguards.FloQast's Vision for AI: How FloQast is driving innovation with AI-powered products, reducing workloads, boosting efficiency, and preventing burnout for accounting teams.Preparing for the Future: Insights into how ethical AI is shaping the future for accountants and helping them take on more impactful roles within their organizations.Listen in for actionable insights and perspectives on the intersection of AI, compliance, and innovation in accounting.
In this episode of the "To the Point cybersecurity podcast," hosts Rachael Lyon and Jonathan Knepper dive into a compelling conversation with Michele Rigby Assad, a former CIA intelligence officer with vast experience in The Middle East. Michele shares insights from her latest book, "Get Off the X," which explores the importance of getting out of one's comfort zone and reassessing effectiveness in both personal and professional contexts. The discussion navigates the complexities of the current threat landscape, highlighting the dangers posed by nation-states like Iran and China, and the evolving challenges in cybersecurity. Michele underscores the significance of collaboration between public and private sectors to tackle these threats. With her background in intelligence, Michele offers a unique perspective on the interplay between traditional espionage techniques and modern technology, including the role of social engineering and the challenges of artificial intelligence in amplifying cyber threats. Tune in for an enlightening conversation about the need for innovation, proactive measures, and adept leadership in the realm of global cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e323
If a business has spent $100 million developing a product, it's a fair bet that they don't want it stolen in two seconds and uploaded to the web where anyone can use it for free.This problem exists in extreme form for AI companies. These days, the electricity and equipment required to train cutting-edge machine learning models that generate uncanny human text and images can cost tens or hundreds of millions of dollars. But once trained, such models may be only a few gigabytes in size and run just fine on ordinary laptops.Today's guest, the computer scientist and polymath Nova DasSarma, works on computer and information security for the AI company Anthropic with the security team. One of her jobs is to stop hackers exfiltrating Anthropic's incredibly expensive intellectual property, as recently happened to Nvidia. Rebroadcast: this episode was originally released in June 2022.Links to learn more, highlights, and full transcript.As she explains, given models' small size, the need to store such models on internet-connected servers, and the poor state of computer security in general, this is a serious challenge.The worries aren't purely commercial though. This problem looms especially large for the growing number of people who expect that in coming decades we'll develop so-called artificial ‘general' intelligence systems that can learn and apply a wide range of skills all at once, and thereby have a transformative effect on society.If aligned with the goals of their owners, such general AI models could operate like a team of super-skilled assistants, going out and doing whatever wonderful (or malicious) things are asked of them. This might represent a huge leap forward for humanity, though the transition to a very different new economy and power structure would have to be handled delicately.If unaligned with the goals of their owners or humanity as a whole, such broadly capable models would naturally ‘go rogue,' breaking their way into additional computer systems to grab more computing power — all the better to pursue their goals and make sure they can't be shut off.As Nova explains, in either case, we don't want such models disseminated all over the world before we've confirmed they are deeply safe and law-abiding, and have figured out how to integrate them peacefully into society. In the first scenario, premature mass deployment would be risky and destabilising. In the second scenario, it could be catastrophic — perhaps even leading to human extinction if such general AI systems turn out to be able to self-improve rapidly rather than slowly, something we can only speculate on at this point.If highly capable general AI systems are coming in the next 10 or 20 years, Nova may be flying below the radar with one of the most important jobs in the world.We'll soon need the ability to ‘sandbox' (i.e. contain) models with a wide range of superhuman capabilities, including the ability to learn new skills, for a period of careful testing and limited deployment — preventing the model from breaking out, and criminals from breaking in. Nova and her colleagues are trying to figure out how to do this, but as this episode reveals, even the state of the art is nowhere near good enough.Chapters:Cold open (00:00:00)Rob's intro (00:00:52)The interview begins (00:02:44)Why computer security matters for AI safety (00:07:39)State of the art in information security (00:17:21)The hack of Nvidia (00:26:50)The most secure systems that exist (00:36:27)Formal verification (00:48:03)How organisations can protect against hacks (00:54:18)Is ML making security better or worse? (00:58:11)Motivated 14-year-old hackers (01:01:08)Disincentivising actors from attacking in the first place (01:05:48)Hofvarpnir Studios (01:12:40)Capabilities vs safety (01:19:47)Interesting design choices with big ML models (01:28:44)Nova's work and how she got into it (01:45:21)Anthropic and career advice (02:05:52)$600M Ethereum hack (02:18:37)Personal computer security advice (02:23:06)LastPass (02:31:04)Stuxnet (02:38:07)Rob's outro (02:40:18)Producer: Keiran HarrisAudio mastering: Ben Cordell and Beppe RådvikTranscriptions: Katy Moore
Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices