Podcasts about Information security

In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:00:58. Introductions with Angelo and Stephanie02:07. A pro and a con of IT consulting work04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls07:08. How IT and IT security are essential to corporate strategy07:45. The use of governance to support merging three business units into an integrated security company12:04. The value of security champions in adapting to regulatory and business changes15:15. What IT and Security teams can accomplish when they work as partners17:18. The use of data to inform Board decisions and conversations around risk20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 202029:30. Advice for folks starting out in security31.28. The importance of collaboration and culture in implementing security as an organizationResourcesEpisode 144: Carrying on the MS-ISAC's Character and CultureThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityGuide to Implementation Groups (IG): CIS Critical Security Controls v8.1CIS Controls v8.1 Mapping to ISO/IEC 27001:2022CIS Controls v8.1 Mapping to SOC2CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3Reasonable CybersecurityEpisode 110: How Security Culture and Corporate Culture MeshIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Today's digital entertainment ecosystem spans streaming platforms, mobile applications, gaming networks and content delivery systems—creating unprecedented opportunities and security challenges. Forward-thinking leaders are working to balance seamless user experiences with robust security frameworks in an era where digital content is ubiquitous and consumers demand instant, secure access across every device.  Tune in as experts discuss how the evolution of digital entertainment platforms is transforming security paradigms, creating new business models and why protecting the modern media value chain has become a C-suite priority that extends far beyond technical considerations.  Featured experts Tony Lauro, Senior Director of Security Strategy, Akamai Technologies Tina Slivka, Vice President, Consult Lead for US Telecom, Media and Technology, Kyndryl 

ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! ‍‍Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Tib3rius. Tib3rius is a hacker, penetration tester, and content creator. He is passionate about helping folks learn about cybersecurity, and he loves sharing his knowledge to help others secure their businesses and systems.   You can find links to Tib3rius' website, content, and social media profiles on his Linktree page.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

Chief Persuasion Officer: The New CISO MindsetNetSPI Field CISO and host of Agent of Influence podcast Nabil Hannan sat down with Rick McElroy to talk about the role of the CISO, leveraging AI in the cybersecurity space, vendor collaboration, and career advice.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

What does it take to build a resilient cybersecurity strategy in higher education - especially with limited resources and rising threats?Tobey Coffman, Chief Information Security Officer at Ball State University, and Ron Pelletier, founder of Pondurance, share how their partnership grew from a single pen test into a fully managed, 24/7 detection and response program. Together, they break down the real-world challenges campuses face, the tipping point that led Ball State to invest in around-the-clock protection, and what makes a vendor-university relationship truly work.Whether you're just getting started or looking to deepen your institution's cybersecurity posture, this conversation delivers insight, strategy, and lessons learned from the front lines.Guests: Tobey Coffman, Executive Director of Information Security and Chief Information Security Officer, Ball State University & Ron Pelletier, Founder & Chief Customer Officer, Pondurance Host: Matt Levine, Category Marketing Manager, E&I Cooperative Services Relevant Links:E&I's Pondurance ContractCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.

You click on a link in an email—as one does. Suddenly you see a message from your organization, “You've been phished! Now you need some training!” What do you do next? If you're like most busy humans, you skip it and move on.Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker) uncovered similar results in their study “Understanding the Efficacy of Phishing Training in Practice.” The solution? Ariana suggests focusing on a more effective fix: designing safer systems.In the episode we talk about:Annual cybersecurity awareness training doesn't reduce the likelihood of clicking on phishing links, even if completed recently. Employees who finished training recently show similar phishing failure rates to those who completed it months ago. The study notes, “Employees who recently completed such training, which has significant focus on social engineering and phishing defenses, have similar phishing failure rates compared to other employees who completed awareness training many months ago.”Phishing simulations combined with training (where companies send out fake phishing emails to employees and, for those who click on the links, lead those employees through training) had little impact on whether participants would click phishing links in the future. Ariana was hopeful about interactive training but found that too few participants engaged with it to draw meaningful conclusions. The type of phishing lure (e.g., password reset vs. vacation policy change) influenced whether users clicked. Ariana warned that certain lures could artificially lower click rates.Ultimately, Ariana suggests focusing on designing safer systems—where the burden is taken off the end users. She recommends two-factor authentication, using phishing-resistant hardware keys (like YubiKeys), and blocking phishing emails before they reach users.This quote from the study stood out to me: “Our results suggest that organizations like ours should not expect training, as commonly deployed today, to substantially protect against phishing attacks—the magnitude of protection afforded is simply too small and employees remain susceptible even after repeated training.”This highlights the need for safer system design, especially for critical services like email, which—and this is important—inherently relies on users clicking links.Ariana Mirian is a senior security researcher at Censys. She completed her PhD at UC San Diego and co-authored the paper, “Understanding the Efficacy of Phishing Training in Practice.”G. Ho et al., "Understanding the Efficacy of Phishing Training in Practice," in 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2025, pp. 37-54, doi: 10.1109/SP61157.2025.00076.

Cybersecurity Lessons on the Path to Private EquityDive into the world of private equity and cybersecurity with Paul Harragan, Global Cybersecurity Lead at KKR. In this episode, we cover strategies for managing risks, navigating M&A diligence, and aligning security with business growth.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

In this episode, I speak with three guests from diverse backgrounds who share a common goal: Building trust in human-AI partnerships in security. We originally came together for a panel at the Institute of Electrical and Electronics Engineers (IEEE) Conference on AI in May 2025, and this episode recaps that discussion.Key takeaways:Security practitioners tend to be natural-born skeptics (can you blame them?!). They struggle to trust and adopt AI-powered security products, especially in higher-risk scenarios with overly simplified decision-making processes.AI can be a tool for threat actors and a threat vector itself, and its non-deterministic nature makes it unpredictable and vulnerable to manipulation.All AI models are biased, but not all bias is negative. Recognized and carefully managed bias can provide actionable insights. Purposefully biased (opinionated) models should be transparent.Clearer standards and expectations are needed for “human-in-the-loop” and human oversight. What does the human actually do, are they qualified, and do they have the right experience and information?What happens when today's graduates are tomorrow's security practitioners? On one end of the spectrum we have a lot of skepticism, on the other end not enough. We talk about over-reliance on AI, de-skilling, and loss of situational awareness.Dr. Margaret Cunningham is the Technical Director, Security & AI Strategy at Darktrace. Margaret was formerly Principal Product Manager at Forcepoint and Senior Staff Behavioral Engineer at Robinhood.Dr. Divya Ramjee is an Assistant Professor at Rochester Institute of Technology (RIT). She also leads RIT's Technology and Policy Lab, analyzing security, AI policy, and privacy challenges. She previously held senior roles in US government across various agencies.Dr. Matthew Canham is the Executive Director, Cognitive Security Institute. He is a former FBI Supervisory Special Agent, with over twenty years of research in cognitive security.

The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Alyssa Miller. Alyssa is the CISO of a multi-billion-dollar global company, board member, conference organizer, author, and speaker. Blending her deep technical expertise with sharp business acumen, she has taken her passion for hacking and turned it into a very successful 28-year career in the industry.   During the episode, Alyssa mentioned a TEDx talk that she gave about sustainability in cybersecurity careers. A video recording of the talk is available on YouTube.   You can connect with Alyssa on Bluesky: @alyssam-infosec.com, LinkedIn, or via her website, https://alyssasec.com.   Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now!   Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.

This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Kyle Friedman, who leads Security Contracting and Request for Proposal Support for our Information Security Client Data Protection team. She ensures that we have the right provisions in our proposal responses and contracts to run engagements in a secure fashion that works for both Accenture and our clients. Learn about Kyle's unconventional start at Accenture, passion for client data protection, and ability to translate information security topics to people outside the field. Her career advice? Always listen and keep an open mind.

We're past the point of simply saying you're committed to sustainability, it's time for tangible and verified action. This is what many are calling for in response to the recent rise in Greenwashing and subsequent erosion of trust from consumers and other stakeholders regarding any green claims. As a result, a number of voluntary disclosure schemes have been created to help benchmark and verify organisation's claims, should they choose to participate. One example being the focus of today's episode: EcoVadis. In this episode Mel Blackmore continues with our voluntary disclosure's series, discussing the ESG rating scheme EcoVadis, what is required to earn a Platinum rating and provides some tips on how to get that Platinum rating. You'll learn ·      What is EcoVadis? ·      What are the requirements to achieve a Platinum rating? ·      Top tips for earning an Platinum rating for EcoVadis ·      What are the advantages of earning a Platinum rating? ·      What are the disadvantages of getting involved with EcoVadis?   Resources ·      EcoVadis ·      Carbonology ·      Contribute to Mel's carbon verification commitment research by taking her Survey   In this episode, we talk about: [02:05] Episode Summary – Mel discusses the voluntary disclosure scheme: EcoVadis, including what's involved with taking part, how to achieve a Platinum rating and the pros and cons of being benchmarked.    [03:00] Why is there a need for EcoVadis? An increased number of investors and financial institutions, in addition to clients are demanding more than just financial reports. They want to know what a company's environmental footprint is, and at this point, it's time to move on beyond simply making pledges. This extends to other elements of governance as EcoVadis doubles as a crucial ESG rating scheme. [04:30] What is EcoVadis? EcoVadis is a globally recognised provider of business sustainability ratings. They assess companies' environmental, social, and ethical performance across 21 indicators and four main themes: Environment, Labor & Human Rights, Ethics, and Sustainable Procurement. EcoVadis aims to help organisations manage their supply chain sustainability risks and opportunities. If you're a supplier, you've likely received a request from a customer to complete an EcoVadis assessment. The assessment process involves completing a detailed questionnaire, submitting supporting documentation, and then EcoVadis analysts review your submission and assign a scorecard. This scorecard provides a detailed breakdown of your performance across the four themes and assigns an overall score and a medal status: Bronze, Silver, Gold, or Platinum. It's this medal status that's crucial, especially those coveted Gold and Platinum badges, which signal to your customers that you are a top-tier performer in sustainability. [05:40] We want to hear from you: Mel is currently running some research around CDP and the key drivers behind carbon emission verification, and would appreciate your feedback if you have a few minutes to spare. The results are completely anonymous, and it should only take 5 – 10 minutes. You can take the survey here. Thank you in advance to any contributors! [06:05] What is required to achieve an Platinum Rating? – While EcoVadis assesses across four themes, the 'Environment' theme often carries significant weight, and within that, greenhouse gas (GHG) emissions management is paramount for the higher ratings. To earn an EcoVadis Platinum rating, you'll generally need to achieve an overall score between 78-100 out of 100. Key areas that you need to excel in include:- 1) Comprehensive Environmental Management System: This includes policies, actions, and reporting on a wide range of environmental issues. For Platinum, EcoVadis expects to see highly structured and systematic approaches to environmental management. 2) Robust GHG Emissions Management: For this you need to: ·      Measure your GHG Emissions: Accurately calculate your Scope 1, Scope 2, and significant Scope 3 emissions. EcoVadis places increasing emphasis on Scope 3, as it often represents the largest portion of a company's footprint. ·      Set Ambitious Targets: Have clear, quantitative targets for GHG emission reduction. Aligning these with a science-based target (SBTi) is highly advantageous and often a de facto requirement for Platinum. ·      Implement Reduction Initiatives: Demonstrate concrete actions you are taking to reduce emissions, such as investing in renewable energy, improving energy efficiency, optimizing logistics, or engaging your supply chain. 3) Independent Verification of GHG Emissions Data: This is a non-negotiable for Platinum and often for Gold. EcoVadis awards significant points for having your Scope 1 and Scope 2 GHG emissions (and increasingly, relevant Scope 3 categories) independently verified by a third-party accredited body. This provides assurance that your reported data is accurate and reliable. As a CDP accredited verification body, we routinely help companies through this process, and it makes a profound difference in their EcoVadis and overall ESG scores. 4) Strong Policies and Actions Across All Themes: While we're focusing on environment, remember Platinum requires excellence across all four EcoVadis themes: ·      Labor & Human Rights ·      Ethics ·      Sustainable Procurement Implementing Standards such as ISO 37001 (Anti-Bribery and Corruption), ISO 27001 (Information Security), ISO 20400 (Sustainable Procurement) can help put some of these in place. 5) Effective Reporting and Transparency: You need to clearly articulate your policies, actions, and performance data within the EcoVadis questionnaire. This includes providing high-quality, relevant supporting documentation. To get the best result, don't just tick boxes; provide evidence! 6) Continuous Improvement: EcoVadis looks for evidence of ongoing improvement. It's not a one-off assessment; it's about demonstrating a commitment to continually raising your standards. [14:20] How to get an EcoVadis Platinum Rating with verified data? – Here's a few tips: ·      Start Early and Plan Strategically: Don't wait until the last minute. The EcoVadis assessment requires significant time and effort. Plan your data collection, policy development, and verification process well in advance. ·      Understand the EcoVadis Methodology: Download the EcoVadis methodology and scoring criteria. These double as guidance documents that explain what they're looking for in each section. Tailor your responses and documentation accordingly. ·      Invest in carbon accounting software: Accurate and consistent data is paramount. Implement systems (whether software or well-organized spreadsheets) to track your energy consumption, waste, water use, and especially your GHG emissions. ·      Prioritize GHG Emissions Verification: Engage a reputable, accredited third-party verification body (like Carbonology

The Future of HubSpot is PasswordlessLearn how HubSpot's CISO Alyssa Robinson breaks down passwordless authentication, innovative security strategies, and the art of balancing usability with protection on the latest episode. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Meet Chris Brandt, the new host of IT Visionaries.In this special episode, outgoing host Albert Chou passes the mic to Chris—a seasoned Technology Strategist with a passion for connecting bold ideas to real business outcomes.Chris's career spans startups to global enterprises, from building an EMP-shielded data center deep underground to deploying 200PB HPC environments in Fintech. His expertise includes business strategy, IT operations, security, and network architecture.Outside of work, he enjoys life with his wife Julie, their two kids, Lily and Camden, and their dog, Hobs.Get to know the new voice behind IT Visionaries—and what's coming next. ---Produced by the team at Mission.org and brought to you by Brightspot.

In Jan. 2025, then-Vice President Kamala Harris announced a final rule by the Consumer Financial Protection Bureau to remove medical debt from consumers’ credit reports. The policy was to take effect in March, but just like many other Biden-era actions, the Trump administration is changing course. Now, a federal judge is expected to decide in mid-June about whether to vacate the consumer protection rule. Georgia ranks among the top five states with the most medical debt, with 13% of adults in the state owing money. Former health tech executive and consumer advocate Scott Speranza, the CEO of HealthLock, discusses what this could mean for Georgians. For “Closer Look’s” Class of 2025 graduation series, we hear from Bon Varlet. The standout Kennesaw State University graduate majored in information technology. She talks with Rose about her academic journey, including earning a Fulbright Study Award, and her aspirations to attend law school and to protect public institutions, particularly libraries.See omnystudio.com/listener for privacy information.

You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.

Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about what admins need to know about Agentforce and how to build secure AI experiences. You should subscribe for the full episode, but here are a few takeaways from our conversation with […] The post Why Secure AI Starts With You: What Admins Must Know About Agentforce appeared first on Salesforce Admins.

In this podcast session, the speaker will provide a deeper dive into all the prospective questions organizations must ask their technology providers prior to moving forward with a deal.   Although, the technology works, great, but does the company as a whole?   Moderator: @Christina Wojcik - Head of Innovation & Partnerships, Pierson Ferdinand LLP   Speaker: @Krishna Vyas - Director of Third Party Risk Management and Information Security, CITI   Recorded 5-15-2025

Understanding information security standards is the first step toward building a resilient and trustworthy organization. Cyber-attacks, data leaks, and rule-breaking are becoming more common. Businesses and people need to keep their information safe—but how can they do that? One way is by following security standards like ISO 27001. 

Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about:The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems.Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them.The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.”Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience.Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.During this episode, we reference:Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022).Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66, Issue 1 (2022): 1116-1120.

In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage  (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

#036 – In this next episode, I was joined by Erin Grippo, Senior Manager of Product Operations at Brivo, who brings nearly a decade of experience in the security industry across marketing, business strategy, partnerships, and product operations.Today's conversation explored Erin's career journey and how she navigated major transitions across roles, companies, and countries. We discussed her philosophy about career growth, overcoming early career challenges, and her advice for aspiring professionals. Erin also shared her perspective on leadership development, the value of networking, and why mentorship is important in our careers. I think you'll find this to be an honest and inspiring discussion!After graduating from DePauw University with a degree in Communication, Erin launched her career at Allegion in the U.S. and later relocated to Toronto to lead multifamily and PropTech initiatives for Allegion Canada. She continued to expand her expertise at Latch, managing partnerships and launching new products and programs before joining Brivo in 2023.Erin is active in the security industry's professional community, serving on the Security Industry Association's RISE Steering Committee and previously on the Foundation for Advancing Security Talent (F.A.S.T) board from 2020 to 2024. She was recently named one of the 2024 Women in Security Forum Power 100. Erin is passionate about mentoring early-career professionals and building stronger pathways for the next generation of security leaders—and it was a pleasure having her on the podcast.-- Get the resources and show notes mentioned in this episode --https://thesecuritystudent.com/shownotes

The 2023 FBI Internet Crime Report reveals that nearly 21% of ransomware attacks targeted the healthcare and public health sectors—making them the top victims.   This week on Feds At The Edge, we explore how agencies can defend against these growing threats.   Benjamin Koshy, Chief Information Security Officer and Director, Division of Information Security of Indian Health Service, explains the unique identity management challenge in healthcare: balancing open patient access with strict data protection.  Keith Busby, Acting CISO at CMS, outlines how to go beyond Zero Trust with real-world risk assessments and robust incident response plans - not just a three-ring binder gathering dust on a shelf.  And Alec Lizanetz, Identity Protection Specialist from CrowdStrike, emphasizes the importance of prioritizing threats and using frameworks like CISA's to respond efficiently.   Tune in on your favorite podcasting platform today to hear practical, high-impact strategies to secure critical systems and protect patient care, perfect for healthcare leaders who must protect both data and lives.      

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance

Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC  info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Our feature guest this week is Jason Haddix, CEO/Hacker @ Arcanum Information Security. We're also trying something new with our interviews and Jason will be doing an Ask Me Anything in the #AMA channel on Slack. Head on over there to ask him any questions you might have! News from and a lot more! Come join us on the Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver airport seeks $150M contract for new consolidated rental car facility Metro Denver a leader nationally for how fast unsold homes are piling up Centennial-based Boom Technology chooses Adams County as test site for its supersonic jet engines Denver coding school to close Denver dialysis giant DaVita hit with ransomware attack Davita 8-K (ransomware attack) Proposed changes to Colorado's AI regulation draw mixed reactions from business leaders Cybersecurity metrics that matter (and how to measure them) The New Security Model: A Blueprint for Successful SASE Deployment Protecting Your Business – Ransomware Prevention and Recovery Best Practices Why Strong Digital Identity is Essential—With or Without Executive Order 14144 Upcoming Events: Check out the full calendar ASIS Denver - Colorado Corporate Security Symposium - 5/7 ISSA COS - May Chapter Meeting - 5/13 Let's Talk Software Security - Is Using AI Really That Insecure? - 5/14 ISSA Denver - ISC2 Certified Cloud Security Professional (CCSP) Exam Preparation - 5/17/-5/18 LIFT - Hike #1 - 5/20 ISC2 Denver - Enhancing Privacy and Security in the Age of AI-Driven Social Engineering - 5/27 Rocky Mountain Information Security Conference (RMISC) - 5/28-30 ISC2 Pikes Peak - Chapter Meeting - 5/28 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Andrew Guasp talks with Alex Gacheche about the importance of emotional intelligence (EQ) in the internal audit profession, especially in the context of AI advancements. They discuss how EQ can enhance internal audit effectiveness, the role of empathy and communication, and the impact of cultural differences on EQ. From active listening to handling difficult conversations, this episode unpacks the human side of internal auditing. HOST:Andrew Guasp, CIA Senior Manager, Standards & Professional Guidance, The IIA GUEST:Alex Gacheche, CISAHead of Internal Audit, Information Security, Technology Infrastructure, Emerging Technology, and AI, Meta   Key Points Introduction [00:00–00:01:16] What Is Emotional Intelligence? [00:01:17–00:03:34] Human Judgment with AI [00:03:35–00:05:01] Balancing Hard and Soft Skills [00:05:02–00:06:27] Developing EQ in Auditing [00:08:42–00:11:51] EQ in Communication and Reporting [00:11:52–00:13:16] Training for EQ Skills [00:13:17–00:14:31] Blending AI and EQ [00:14:32–00:15:49] Resources to Grow EQ [00:15:50–00:18:24] Using EQ in Remediation [00:18:25–00:21:42] EQ in Planning and Information Gathering [00:21:43–00:24:01] Cultural Sensitivity and Word Choice [00:24:02–00:26:32] Leading Multigenerational Teams [00:26:33–00:30:17] EQ's Role in the AI Era [00:30:18–00:32:25] Leadership, Retention, and EQ [00:32:26–00:35:02] EQ in Walkthroughs and Meetings [00:35:03–00:40:47] Final Thoughts [00:40:48–00:41:53] The IIA Related Content Interested in this topic? Visit the links below for more resources:  2025 AuditSphere Virtual Conference Building a Better Auditor: The Powerful Synergy of EQ and AI Knowledge Centers: Artificial Intelligence 'Mastering Soft Skills in Internal Auditing,' All Things Internal Audit Podcast The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

Christina Morillo, Head of Information Security at the National Football League's New York Giants joins Ann on this week's episode of Afternoon Cyber Tea. Christina discusses the ins and outs of building a resilient cybersecurity strategy, the importance of entering organizations with curiosity—not checklists—and why listening is always her first step. Christina breaks down common cybersecurity misconceptions, shares how to move from strategy to implementation, discusses the importance of storytelling in governance and shares how she addresses burnout and mental health in her teams.  Resources:  View Christina Morillo on LinkedIn    View Ann Johnson on LinkedIn   Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast  The BlueHat Podcast   Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.   

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025]   00:00 - Intro 00:18 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online -          LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors -          Shawn Edwards -          Jay Leek 27:02 - Book Recommendations -          R. E. Lee: A Biography  - Douglas Southall Freeman 29:34 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

There Is No Information Security Any More Karel Cast 25-56 I received a letter this weekend, a letter that I've gotten before. In fact, I've gotten six of them total. And you know what it says. It says that all the verification of who you are, all the information of yours that your health care provider has, including your charts, your conditions, your medications, might as well be at the public library. Because it certainly isn't safe. Is anything being done? Or is it a lost cause? Also, we now live in a society where our children can go through not one, but TWO mass shootings, and STILL nothing at all is done. The story of the Parkland survivor that ended up in the Florida shooting. Another study about plant based diets...what will it take for you to finally change? The Karel Cast is heard on all streaming services from Apple Music to iHeart Media, Spotify to Spreaker. The show is Monday through Thursday at 10:30 am Live PST. It can also be seen on TikTok and Instagram. Karel is a history-making broadcaster and entertainer currently in Las Vegas with his little service girl Ember. The Karel Cast is supported by your donations at patreon.com/reallykarel Please watch, like and subscribe to the videos at youtube.com/reallykarel

In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.

Today on the Salesforce Admins Podcast, we talk to Sri Srinivasan, Senior Director of Information Security at Salesforce. Join us as we chat about his recent presentation at TDX and how to build secure, reliable AI experiences with Agentforce. You should subscribe for the full episode, but here are a few takeaways from our conversation […] The post Building Secure AI Agents with Salesforce Agentforce appeared first on Salesforce Admins.

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Show Notes: https://securityweekly.com/bsw-389

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss the importance of context, including asset inventory and configuration management, in truly prioritizing vulnerabilities. But it's not that easy. We'll discuss the challenges and approaches to help solve this ever evasive topic. This segment is sponsored by Sevco Security. Visit https://securityweekly.com/sevco to learn more about them! Segment Resources: https://www.sevcosecurity.com/vulnerability-prioritization/ https://www.sevcosecurity.com/continuous-threat-exposure-management/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-389

Rachel Maddow looks at Donald Trump's ridiculously poor track record of mishandling sensitive information, with the scandal of several of his top officials thoughtlessly discussing military plans in an insecure group text raising questions of criminality on top of the widespread outrage over the sheer sloppiness of their actions.

The freight industry is evolving fast—so how do we keep it secure, innovative, and people-focused? In this episode of Supply Chain Decoded, we sit down with two powerhouse leaders from DAT Freight & Analytics: Kary Jablonski, VP & GM of Trucker Tools and Broker Growth, and Dr. Erika Voss, VP of Information Security. We dive into everything from tackling fraud and cybersecurity threats to driving innovation in freight technology. Kary and Erika share insights on building a people-first workforce, why trust is the backbone of supply chain relationships, and how DAT is creating smarter, more secure solutions for brokers and carriers. Plus, we explore the growing impact of women in leadership and what it takes to lead with vision in a historically male-dominated industry. Whether you're a broker, carrier, or logistics professional, this episode is packed with must-know insights that could change the way you think about security in freight. -- Disclaimer: All views and opinions expressed in this podcast are those of the speakers and do not necessarily reflect the views or positions of Transfix, Inc. or any parent companies or affiliates or the companies with which the participants are affiliated, and may have been previously disseminated by them. The views and opinions expressed in this podcast are based upon information considered reliable, but neither Transfix, Inc. nor its affiliates, nor the companies with which such participants are affiliated, warrant its completeness or accuracy, and it should not be relied upon as such. All such views and opinions are subject to change.

Welcome back to the To the Point cybersecurity podcast, presented by Forcepoint! In this episode, hosts Rachael Lyon and Jonathan Knepper continue their engaging conversation with Michele Rigby Assad, a former CIA intelligence officer and renowned author of "Breaking Cover" and "Get Off the X." Join us as Michele shares her unique insights into the global threat landscape and the security challenges we face domestically. From discussing the imperative of modernizing the intelligence workforce with STEM education to her message of embracing discomfort and taking risks for meaningful growth, Michele offers a compelling perspective that is both inspiring and thought-provoking. We'll explore the impact of cultural and linguistic isolation on the U.S.'s ability to engage globally and the pressing threats poised by countries like Iran. Plus, Michele reveals her personal philosophy on overcoming adversity and the importance of getting "off the X" to achieve extraordinary things, no matter how ordinary you start. Tune in for an enlightening discussion filled with personal anecdotes and actionable advice for navigating today's complex world. Don't miss this opportunity to hear Michele's compelling stories and invaluable expertise on the intricacies of intelligence and cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e324

On this episode of Blood, Sweat & Balance Sheets, host Mike Whitmire sits down with Vicky LeVay, Sr. Director of Compliance, Risk, and Information Security at FloQast, and Jaysen Dyal, Product Marketing Manager at FloQast and former accountant. Together, they discuss the growing role of AI in accounting and FloQast's achievements, including earning ISO 42001 certification.Vicky provides insights into what it takes to secure this critical certification and why it's essential for building trust and ensuring accountability in AI-driven processes. The conversation dives into the ethical challenges of implementing AI in the accounting field and how FloQast's vision paves the way for innovation, efficiency, and solving industry challenges. Learn how AI-powered tools are reshaping the profession, empowering accountants to move beyond manual tasks and tackle strategic work with confidence.Key TakeawaysAI's Role in Accounting: How artificial intelligence is streamlining accounting processes and enabling accountants to focus on strategic initiatives.ISO 42001 and Trust in AI: Why FloQast pursued ISO 42001 certification and its significance in ensuring trust and compliance in AI workflows.Addressing Ethical Challenges: Exploring risks like prompt injection, AI hallucinations, and the importance of integrating robust safeguards.FloQast's Vision for AI: How FloQast is driving innovation with AI-powered products, reducing workloads, boosting efficiency, and preventing burnout for accounting teams.Preparing for the Future: Insights into how ethical AI is shaping the future for accountants and helping them take on more impactful roles within their organizations.Listen in for actionable insights and perspectives on the intersection of AI, compliance, and innovation in accounting.

In this episode of the "To the Point cybersecurity podcast," hosts Rachael Lyon and Jonathan Knepper dive into a compelling conversation with Michele Rigby Assad, a former CIA intelligence officer with vast experience in The Middle East. Michele shares insights from her latest book, "Get Off the X," which explores the importance of getting out of one's comfort zone and reassessing effectiveness in both personal and professional contexts. The discussion navigates the complexities of the current threat landscape, highlighting the dangers posed by nation-states like Iran and China, and the evolving challenges in cybersecurity. Michele underscores the significance of collaboration between public and private sectors to tackle these threats. With her background in intelligence, Michele offers a unique perspective on the interplay between traditional espionage techniques and modern technology, including the role of social engineering and the challenges of artificial intelligence in amplifying cyber threats. Tune in for an enlightening conversation about the need for innovation, proactive measures, and adept leadership in the realm of global cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e323

Greg Crowley is the CISO at eSentire. In this episode, he joins host Heather Engel and Dwayne Smith, Sr. VP Information Security and Global CISO at Vensure Employer Solutions, to discuss M&A integration, including how CISOs can ensure a secure process, tackling inherited vulnerabilities, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

Erika Voss and Joe Lynch discuss taking the uncertainty and risk out of freight. Erika is Vice President of Information Security at DAT Freight & Analytics, the largest truckload freight marketplace in North America. About Erika Voss Dr. Erika Voss, with over two decades of experience, has held high-level positions at companies including Capital One, Microsoft, and Amazon Web Services. Currently Vice President of Information Security at DAT Freight & Analytics, she leads the vision, strategy, and execution of advanced security protections. Recognized as a leader in her field, Erika has been honored with the CISO's Top 100 Accelerated CISOs Award (A100) and the 2024 Women in Supply Chain Award in the DEI Pioneer category. Erika holds a Ph.D. in Cybersecurity from Northcentral University, while teaching Cyber courses in the evening and advising Women in Leadership at the University of San Francisco. About DAT Freight & Analytics DAT Freight & Analytics operates the largest truckload freight marketplace in North America. Shippers, transportation brokers, carriers, news organizations and industry analysts rely on DAT for trends and data insights based on more than 400 million freight matches and a database of $150 billion in annual market transactions.Founded in 1978, DAT is a business unit of Roper Technologies (Nasdaq: ROP), a constituent of the Nasdaq 100, S&P 500, and Fortune 1000. Key Takeaways: Taking the Uncertainty and Risk Out of Freight Network Integrity Unit: DAT has a dedicated team, the Network Integrity Unit, which works around the clock to monitor the network for suspicious activity, investigate potential threats, and enforce security measures to protect users from fraud and cybercrime. Proactive Security Measures: DAT employs a range of proactive measures, including multi-factor authentication, advanced monitoring tools, and regular security testing, to safeguard user accounts and data, and to prevent fraudulent activities like identity theft and double brokering. Data-Driven Insights: DAT offers advanced analytics, providing shippers with actionable insights to optimize transportation decisions and mitigate risks. Comprehensive Freight Visibility: With access to vast transaction data, shippers can track rates across various modes (TL, LTL, Intermodal, Ocean) and equipment types (Dry Van, Flatbed, Temp-Control). RateView Analytics: DAT helps manage transportation costs with accurate market data, allowing shippers to set realistic budgets and adjust rates during volatile conditions. Network Analytics: Shippers gain granular visibility into capacity, helping them optimize sourcing and manage their transportation network more efficiently. Custom Analytics Services: DAT offers tailored analytics, API integrations, and consultative services to address specific business needs and improve decision-making. Proven Trust by Leading Companies: Over 1,400 shippers, including major brands like Walmart and Freshpet, rely on DAT's data for logistics decision-making. Market Benchmarking: DAT provides benchmarking tools that allow shippers to compare their freight spend against the broader market, identifying opportunities for cost savings and risk management. Learn More About Taking the Uncertainty and Risk Out of Freight Erika Voss | Linkedin DAT Freight & Analytics | Linkedin DAT security team: How to make safe connections online Transparency you can trust: A new approach to maximize your network Fraud Protection DAT Freight | Facebook DAT Freight | X DAT Freight | Instagram DAT Freight | YouTube DAT iQ: The Metrics that Matter with Samuel Parker The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube

In this episode of AI, Government, and the Future, host Marc Leh is joined by Candy Alexander, a prominent cybersecurity leader with over 35 years of experience and current Chief Information Security Officer at NeuEon. As a two-time President of the Information Systems Security Association (ISSA) International and founding President of the ISSA Education and Research Foundation, Candy brings her extensive expertise to discuss AI trustworthiness, data governance, and enterprise security challenges.

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

If a business has spent $100 million developing a product, it's a fair bet that they don't want it stolen in two seconds and uploaded to the web where anyone can use it for free.This problem exists in extreme form for AI companies. These days, the electricity and equipment required to train cutting-edge machine learning models that generate uncanny human text and images can cost tens or hundreds of millions of dollars. But once trained, such models may be only a few gigabytes in size and run just fine on ordinary laptops.Today's guest, the computer scientist and polymath Nova DasSarma, works on computer and information security for the AI company Anthropic with the security team. One of her jobs is to stop hackers exfiltrating Anthropic's incredibly expensive intellectual property, as recently happened to Nvidia. Rebroadcast: this episode was originally released in June 2022.Links to learn more, highlights, and full transcript.As she explains, given models' small size, the need to store such models on internet-connected servers, and the poor state of computer security in general, this is a serious challenge.The worries aren't purely commercial though. This problem looms especially large for the growing number of people who expect that in coming decades we'll develop so-called artificial ‘general' intelligence systems that can learn and apply a wide range of skills all at once, and thereby have a transformative effect on society.If aligned with the goals of their owners, such general AI models could operate like a team of super-skilled assistants, going out and doing whatever wonderful (or malicious) things are asked of them. This might represent a huge leap forward for humanity, though the transition to a very different new economy and power structure would have to be handled delicately.If unaligned with the goals of their owners or humanity as a whole, such broadly capable models would naturally ‘go rogue,' breaking their way into additional computer systems to grab more computing power — all the better to pursue their goals and make sure they can't be shut off.As Nova explains, in either case, we don't want such models disseminated all over the world before we've confirmed they are deeply safe and law-abiding, and have figured out how to integrate them peacefully into society. In the first scenario, premature mass deployment would be risky and destabilising. In the second scenario, it could be catastrophic — perhaps even leading to human extinction if such general AI systems turn out to be able to self-improve rapidly rather than slowly, something we can only speculate on at this point.If highly capable general AI systems are coming in the next 10 or 20 years, Nova may be flying below the radar with one of the most important jobs in the world.We'll soon need the ability to ‘sandbox' (i.e. contain) models with a wide range of superhuman capabilities, including the ability to learn new skills, for a period of careful testing and limited deployment — preventing the model from breaking out, and criminals from breaking in. Nova and her colleagues are trying to figure out how to do this, but as this episode reveals, even the state of the art is nowhere near good enough.Chapters:Cold open (00:00:00)Rob's intro (00:00:52)The interview begins (00:02:44)Why computer security matters for AI safety (00:07:39)State of the art in information security (00:17:21)The hack of Nvidia (00:26:50)The most secure systems that exist (00:36:27)Formal verification (00:48:03)How organisations can protect against hacks (00:54:18)Is ML making security better or worse? (00:58:11)Motivated 14-year-old hackers (01:01:08)Disincentivising actors from attacking in the first place (01:05:48)Hofvarpnir Studios (01:12:40)Capabilities vs safety (01:19:47)Interesting design choices with big ML models (01:28:44)Nova's work and how she got into it (01:45:21)Anthropic and career advice (02:05:52)$600M Ethereum hack (02:18:37)Personal computer security advice (02:23:06)LastPass (02:31:04)Stuxnet (02:38:07)Rob's outro (02:40:18)Producer: Keiran HarrisAudio mastering: Ben Cordell and Beppe RådvikTranscriptions: Katy Moore

Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices