Podcasts about insider threats

Guests: Alexander  Pabst, Global Deputy CISO, Allianz SE Michael Sinno, Director of D&R, Google Topics: We've spent decades obsessed with MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond). As AI agents begin to handle the bulk of triage at machine speed, do these metrics become "vanity metrics"? If an AI resolves an alert in seconds, does measuring the "mean" still tell us anything about the health of our security program, or should we be looking at "Time to Context" instead? You mentioned the Maturity Triangle. Can you walk us through that framework? Specifically, how does AI change the balance between the three points of that triangle—is it shifting us from a "People-heavy" model to something more "Engineering-led," and where does the "Measurement" piece sit? Google is famous for its "Engineering-led" approach to D&R. How is Google currently measuring the success of its own internal D&R program? Specifically, how are you quantifying "Toil Reduction"? Are we measuring how many hours we saved, or are we measuring the complexity of the threats our humans are now free to hunt? Toil reduction is a laudable goal for the team members, what are the metrics we track and report up to document the overall improvement in D&R for Google's board? When you talk to your board about the success of AI in your security program, what are the 2 or 3 "Golden Metrics" that actually move the needle for them? How do you prove that an AI-driven SOC is actually better, not just faster? We often talk about AI as an "assistant," but we're moving toward Agentic SOCs. How should organizations measure the "unit economics" of their SOC? Should we be tracking the ratio of AI-handled vs. Human-handled incidents, and at what point does a high AI-handle rate become a risk rather than a success? Resources: Video version EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP91 "Hacking Google", Op Aurora and Insider Threat at Google EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP189 How Google Does Security Programs at Scale: CISO Insights EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil The SOC Metrics that Matter…or Do They? blog An Actual Complete List Of SOC Metrics (And Your Path To DIY) blog Achieving Autonomic Security Operations: Why metrics matter (but not how you think) blog

Sue Serna - Social Media Security and Governance Leader and Lover of All BeaglesNo Password Required Season 7: Episode 2 - Sue SernaSue Serna is the CEO and Founder of Serna Social and the former head of global social media at Cargill. She brings more than two decades of experience at the intersection of storytelling, strategy, and security.In this episode, she shares her journey from business reporter to leading her own consultancy serving companies around the world on social media strategy.Jack Clabby of Carlton Fields, P.A, joined by guest co-host Rex Wilson of Cyber Florida, welcomes Sue for a candid discussion about the realities of enterprise social media. From managing more than 150 Facebook pages for a single company, to navigating internal politics, agency relationships, and regulatory pressure, Sue explains why social media is far from “free” and why most organizations still under-resource it.Sue dives deep into the gap between social media teams and cybersecurity departments. She outlines how personal account compromises can escalate into enterprise-level incidents, why governance frameworks matter, and how large organizations can regain control of sprawling digital footprints. Drawing from real-world examples, she argues that social media must be treated like finance or HR, a core business function requiring structure, ownership, and accountability.The episode wraps with the Lifestyle Polygraph, where Sue reveals her love of Apollo-era space history, debates iconic Philadelphia traditions, and imagines what magical talent her beagle would bring to Hogwarts.Follow Sue at SernaSocial.com or connect with her on LinkedIn: https://www.linkedin.com/in/sueserna/ Chapters: 00:00 Introduction and First Impressions   02:45 The Evolving Role of Social Media in Corporations   04:58 Transitioning from Journalism to Social Media  11:11 Building Social Media from Scratch   13:00 Becoming a CEO and Founder   16:28 The Importance of Networking   16:54 Bridging the Gap Between Social Media and Cybersecurity  20:51 Real-World Social Media Security Incidents  28:35 Navigating Internal Conflicts in Social Media  30:32 The Lifestyle Polygraph Begins   31:17 Nerd Things That Expose Sue: Space and Harry Potter!  35:16 Sue's Love For Beagles  37:50 Wreckless Intern or Overconfident Executive?  40:42 Hogwarts and Magical Beagles 

Citizens are demanding a move to mobile. Governments are reacting to this demand by adopting existing systems; however, there are gaps in this process. Today, we examined how to overcome some of those challenges. ONE:  MFA is not enough Password attacks forced institutions to adopt a stronger authentication method. One of the most popular "next steps" was Multi-Factor Authentication. We have all been asked to get a numerical code from your phone or email. This was fine until malicious actors discovered ways to overcome MFA. During the discussion, listeners will learn many organizations have found success by moving from identity verification to authentication. TWO  Single permission is not enough SailPoint's Bob Neidermeyer repeated an appropriate phrase, "fire and forget."  This is a military technical descriptor for a weapons system that is launched and for which further guidance is not required. Unfortunately, permissions can be granted and revoked. This means a system must be put in place to monitor a person's permission levels. THREE    Fantastic technology is not enough. What good is a better mousetrap if nobody uses it? Ajay Gupta, from California, reminds listeners of that journey must include a focus on adoption. He suggests one can contact users to show the benefit. The overall advice is now is the time to act: evaluate your current systems, identify your most urgent gaps, and implement solutions that foster secure access and trust. Success comes from a commitment to leading your organization's digital transformation today.        

A mix of escalating geopolitical cyber risks, the changing landscape of defensive security, and a series of high-profile incidents demonstrating the enduring threat of human-driven flaws.Cyber Espionage and Geopolitics:A year-long, sprawling espionage campaign by a state-backed actor (TGR-STA-1030) compromised government and critical infrastructure networks in 37 countries, utilizing phishing and unpatched security flaws, and deploying stealth tools like the ShadowGuard Linux rootkit to collect sensitive emails, financial records, and military details. Simultaneously, the threat environment has extended to orbit, where Russian space vehicles, Luch-1 and Luch-2, have been reported to have intercepted the communications of at least a dozen key European geostationary satellites, prompting concerns over data compromise and potential trajectory manipulation.AI and Security:AI has entered a new chapter in defensive security as Anthropic's Claude Opus 4.6 model autonomously discovered over 500 previously unknown, high-severity security flaws (zero-days) in widely used open-source software, including GhostScript and OpenSC. This demonstrates AI's rapid potential to become a primary tool for vulnerability discovery. On the cautionary side, the highly publicized Moltbook, a social network supposedly run by self-aware AI bots, was revealed as a masterclass in security failure and human manipulation. Cybersecurity researchers uncovered a misconfigured database that exposed 1.5 million API keys and 35,000 human email addresses, and found that the dramatic bot behavior was largely orchestrated by 17,000 human operators running bot fleets for spam and coordinated campaigns.Automotive Security and Autonomy:New US federal rules are forcing a major, complex shift in the automotive supply chain, requiring carmakers to remove Chinese-made software from connected vehicles before a 2026 deadline due to national security concerns. This move is redefining what "domestic technology" means in critical industries. In a related development, Waymo's testimony revealed that when its "driverless" cars encounter confusing situations, they communicate with remote assistance operators, some based in the Philippines, for guidance—a disclosure that immediately raised lawmaker concerns about safety, cybersecurity vulnerabilities from remote access, and the labor implications of overseas staff influencing US vehicles.Insider Threat and Legal Lessons:The importance of the security principle of "least privilege" was highlighted by an insider incident at Coinbase, where a contractor with too much access improperly viewed the personal and transaction data of approximately 30 customers. This incident reinforces that the highest risk often comes not from external nation-state hackers, but from overprivileged internal humans. Finally, two security researchers arrested in 2019 for an authorized physical and cyber penetration test of an Iowa courthouse settled their civil lawsuit with the county for $600,000. However, the county attorney's subsequent warning that any future similar tests would be prosecuted delivers a chilling message to the security testing community about legal risks even when work is authorized.

Is cybersecurity just a technical problem, or a human one?In this episode, we debut our new format: bridging the gap between deep academic research and boots-on-the-ground security practice. We dive into Zoe M. King et al., 2018 paper, "Characterising and Measuring Maliciousness for Cybersecurity Risk Assessment," to uncover why we need to stop looking at code and start looking at intent.From the "Dark Triad" of personality traits to the rise of the "patriotic hacker" in global geopolitics, we peel back the layers of the human onion to understand what actually drives a person to cause harm.In This Episode, We Discuss:The Maliciousness Assessment Metric (MAM): Why traditional risk assessments fail by ignoring "intent to harm" and how to integrate human factors into your security posture.The Four Layers of Maliciousness: A deep dive into the Individual, Micro, Meso, and Macro levels—from personal psychology to national narratives.Hacking as Patriotism: How cultural contexts in the US, Russia, and China dictate whether a hacker is seen as a criminal or a hero.The "War Games" Effect: How 80s cinema shaped US cybersecurity legislation (CFAA) and continues to influence public perception.Insider Threats & Organizational Hygiene: Why disgruntlement is a security vulnerability and how the "Principle of Least Privilege" is your best defense.Risk as a Moral Construct: Why the risks your company chooses to mitigate reveal your organisation's true values and concept of justice.Show NotesCharacterizing and Measuring Maliciousness for Cybersecurity Risk Assessment by Zoe M. King et al., featured in the journal Frontiers in Psychology (2018)Risk and Blame: Essays in Cultural Theory by Mary DouglasRisk and Culture: An Essay on the Selection of Technological and Environmental Dangers by Mary Douglas and Aaron Wildavsky

Got a question or comment? Message us here!Insider threats don't start with malware ... they start with access. From disgruntled employees to overlooked contractors, this episode breaks down real-world cases, common patterns, and how organizations can better protect what matters most.

In today's episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: The most underappreciated leadership skill is listening. Compliance must never be an afterthought or just a check-box exercise.  Anybody has the potential to become an insider threat. Tune in to hear more about: The fraud triangle (4:10) How cybersecurity leaders can build a culture that discourages insider risk (7:12) Striking a balance between trust and control (15:12) Standout Quotes: “But you don't get people to speak up by telling them to speak up. You actually have to, if you're gonna tell them to do that, you have to listen up. So I always encourage leadership to work on their listening skills.” - Tom Hardin “If you have a rule that a few people break, you have a people problem. If you have a rule that a lot of people are breaking, you have a rule problem.” - Tom Hardin “You could be one decision away. Never feel like it couldn't be you. Just have a healthy paranoia when you're in situations and not to feel like that could never be me crossing a line, because that's when we're most susceptible to that.” - Tom Hardin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: The most underappreciated leadership skill is listening. Compliance must never be an afterthought or just a check-box exercise.  Anybody has the potential to become an insider threat. Tune in to hear more about: The fraud triangle (4:10) How cybersecurity leaders can build a culture that discourages insider risk (7:12) Striking a balance between trust and control (15:12) Standout Quotes: “But you don't get people to speak up by telling them to speak up. You actually have to, if you're gonna tell them to do that, you have to listen up. So I always encourage leadership to work on their listening skills.” - Tom Hardin “If you have a rule that a few people break, you have a people problem. If you have a rule that a lot of people are breaking, you have a rule problem.” - Tom Hardin “You could be one decision away. Never feel like it couldn't be you. Just have a healthy paranoia when you're in situations and not to feel like that could never be me crossing a line, because that's when we're most susceptible to that.” - Tom Hardin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Check out host Bidemi Ologunde's new show: The Work Ethic Podcast, available on Spotify and Apple Podcasts.In this episode, host Bidemi Ologunde pulls back the curtain on a fast-growing threat to U.S. remote hiring: applicants who claim they live in the United States, but are actually overseas, using semi-synthetic or fully legitimate personas complete with U.S. VOIP numbers, "real" apartment-complex addresses, credible degrees, and high-engagement LinkedIn profiles.Why are so many suspicious profiles tracing back to Nigeria, India, and Pakistan: is it simply population scale, or are there specific enablers that make these routes more common? What changes when the motive shifts from "get paid in dollars" to something darker—organized crime, state-sponsored access, or even sanctions-evasion tactics modeled after North Korea's fake IT worker playbook? And how might post-2024 policy shifts, including tighter visa and travel restrictions, be reshaping the incentives and tactics behind this trend?Bidemi explores what these schemes mean for insider risk, why traditional background checks can fail in a remote-first world, and what leadership teams should do now to harden hiring pipelines—before the next "perfect candidate" becomes the next breach.Email: bidemiologunde@gmail.comSupport the show

פרק מספר 511 של רברס עם פלטפורמה, שהוקלט ב-18 בינואר 2026. אורי ורן מקליטים בכרכור (הגשומה והקרה) ומארחים את נמרוד וקס - CPO ו-Co-Founder של BigID - שחצה את כביש 6 בגשם זלעפות כדי לדבר על אתגרים טכנולוגיים בעולם המופלא של Data Production ו-Security.

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »

Got a question or comment? Message us here!When the threat isn't external, it's personal. This episode breaks down insider threats and corporate espionage: how trusted access turns into real risk, what warning signs to watch for, and how organizations can protect themselves.

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalHub Cybersecurity Summit! 17-20 Feb, Jacksonville, Florida• Crypto ISAC & Crypto Crime Reaches Record High in 2025 as Nation-State Sanctions Evasion Moves On-Chain at Scale (and so many breach and incident reports)• MFA follow up and the alleged Instagram breach: Instagram user data leak: scraped records from 2022 resurface Main Topics:Complex realities for the workplace:• Venezuela, geopolitics and domestic considerations• Immigration and ICE-related incidents and protests• Considerations for leaders in the workplaceInsider Threats: • Malicious employees for hire: How dark web criminals recruit insiders • Hiding in plain sight: What the death of Aldrich Ames teaches us about insider threats The State of Ransomware in the U.S.: Report and Statistics 2025. “Since 2023, the number of globally claimed victims has increased from approximately 5400 annually to over 8000 in 2025… the number of victims has grown, so has the number of ransomware groups… ransomware has become more decentralized, more competitive, and more resilient. As long as affiliates remain plentiful and social engineering remains effective, victim counts are likely to continue rising.”Quick Hits:• FBI FLASH: North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities • How China and Russia are using Maduro's capture to sway U.S. discourse • U-Haul truck drives into crowd at Westwood rally against Iranian government • The Government Cyber Action Plan: strengthening resilience across the UK • CISA - Secure Your Business; Protect your business, employees and customers with smart cybersecurity practices

Frank Figliuzzi was the assistant director for counterintelligence at the FBI, where he served 25 years as a special agent and directed all espionage investigations across the government. He held senior FBI leadership positions in major American cities and was appointed the FBI's Chief Inspector by then Director Robert Mueller to oversee sensitive internal inquiries, shooting reviews, and performance audits. Following his FBI career, Frank became a corporate security executive for a Fortune 10 company and led global Investigations, Insider Threat, Workplace Violence Prevention, and Special Event security for 200,000 employees in 180 countries. He is the author of “The FBI Way: Inside the Bureau's Code of Excellence and “Long Haul: Hunting the Highway Serial Killers” Frank's unique, invaluable expertise makes for a highly compelling discussion and analysis of the Minneapolis shooting death by ICE of 37-year-old wife and mother Renee Good; the administration's gaslighting the reality of this tragedy; and what must happen going forward to ensure a thorough and impartial investigation. Got somethin' to say?! Email us at BackroomAndy@gmail.com Leave us a message: 845-307-7446 Twitter: @AndyOstroy Produced by Andy Ostroy, Matty Rosenberg, and Jennifer Hammoud @ Radio Free Rhiniecliff Design by Cricket Lengyel

We explore the transformative impact of AI on insider threat dynamics. Learn about how AI agents manipulate systems and evade detection through interviews with industry leaders.

In this episode of the podcast, the hosts, Ryan Williams Sr., Shannon Tynes, and Chris Abacon, discuss various topics related to cybersecurity, including a significant malware attack affecting millions of browser users, the implications of insider threats within the cybersecurity industry, and the ongoing workforce gap in cybersecurity roles. They also highlight the unique skills veterans bring to the cybersecurity field and the challenges they face in transitioning to civilian roles. The conversation emphasizes the importance of awareness and proactive measures in cybersecurity. Article: DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware https://cybersecuritynews.com/darkspectre-hackers-infected-8-8-million-chrome-users/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExbEVDV003S2Y4dlJtc0s2cHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5X8Evzz9QA9HOLsx4fe6dtQhZziLMAC0OJfwDUPv98p28WAxxrBvx3bhgDWg_aem_pUJqWtwqq5V7BIj4U3_Npw Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks https://www.securityweek.com/two-us-cybersecurity-pros-plead-guilty-over-ransomware-attacks/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExbEVDV003S2Y4dlJtc0s2cHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7pHpMfr8LA3q0LDvtZATpSHq9WOm-uCjNGzDDNRAuJz77pHC0S9A9ALIWQNw_aem_ylWz-pLhFFNTk7umA-Zv5Q The Pentagon's short more than 20,000 cyber pros. Veterans could help fill the gap. https://federalnewsnetwork.com/cybersecurity/2026/01/the-pentagons-short-more-than-20000-cyber-pros-veterans-could-help-fill-the-gap/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExbEVDV003S2Y4dlJtc0s2cHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR5Ym_FycsKImd7t48C_6n3EzwWjUJZkY2x1p9gC1o8dMjk7Z1h9RcnLdhjF1w_aem_IOtWTh8Nveu9K0Gv6DshyQ Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

In this episode of Hiring to Firing, hosts Tracey Diamond and Emily Schifter use the film Inception as a springboard to unpack the very real world of corporate espionage and trade secret theft. Joined by Troutman Pepper Locke partner and former Hiring to Firing co-host Evan Gibbs, co-chair of the firm's Corporate Espionage Response Team, they examine how insider threats arise in the workplace, the surge in trade secret litigation, and the high‑stakes emergency injunctions that can follow. The conversation offers practical guidance on onboarding and offboarding employees, tightening data security, and training managers to spot red flags before confidential information walks out the door. Tune in to learn how to protect your organization from data theft and avoid becoming the unwitting beneficiary — or victim — of corporate espionage.For a deeper dive into trade secret damages, attend the firm's webinar "Damages Decoded: How Receiving and Losing Trade Secrets Can Cost Your Company Millions" taking place on January 21. Click here to register.Troutman Pepper Locke's Labor + Employment Practice Group provides comprehensive thought leadership through various channels. We regularly issue advisories that offer timely insights into the evolving employment law landscape, and maintain the HiringToFiring.Law Blog, a resource spotlighting best practices for employers. Our Hiring to Firing Podcast, hosted by Tracey Diamond and Emily Schifter, delves into pressing labor and employment law topics, drawing unique parallels from pop culture, hit shows, and movies. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Question? Text our Studio direct.

Question? Text our Studio direct.New Episode

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

In this episode of the Fearless Mindset Podcast, we delve into the importance of security and open communication within organizations. With a record number of elections and global distrust in institutions, security teams must foster collaboration and personal connectivity to build trust and ensure everyone's safety. The discussion covers the challenges of balancing security measures with human interaction, the significance of training programs, and how to manage and mitigate workplace anger effectively. The conversation also delves into the role of emotional intelligence in leadership and the need for comprehensive inside threat analysis to preemptively identify and address potential risks.Key TakeawaysSecurity is about collaboration, trust, and meeting people where they are—not just rules and restrictions.Open, honest conversations about difficult topics (like anger and workplace safety) are essential for a healthy organization.Security professionals should serve as culture-bearers, modeling the values and behaviors they want to see.Emotional intelligence and empathy are critical leadership skills, especially post-COVID.Security knowledge should be shared beyond the workplace to benefit families and communities.Addressing insider threats requires long-term, holistic approaches, not just reactive measures.Notable Quotes"The message is not always guns, guards, gates, lock it down. The message is: how do we work together to collectively secure everyone?""You have to meet people where they are. You can't be a robot.""Collaboration and trust are the foundation of civilization—and we need to get back to that.""Security is a primary culture bearer of what we do here.""Anger is real. It's in your organization. We have to be able to have these conversations and deal with it.""It all starts with you."To hear more episodes of The Fearless Mindset podcast, you can go to https://the-fearless-mindset.simplecast.com/ or listen on major podcasting platforms such as Apple, Google Podcasts, Spotify, etc. You can also subscribe to the Fearless Mindset YouTube Channel to watch episodes on video. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As a business leader, you'd like to believe that your staff are entirely trustworthy. Effective enterprises run on workforce confidence – but in some cases, that trust can be misplaced.In November, CrowdStrike admitted one of its own employees had provided screenshots of internal systems to hackers in exchange for a sizable payout. Industry experts have told ITPro the incident should act as a wake up call to the all-too-serious risk of insider threats.Earlier in the month, websites all over the world went offline after a major outage at the content delivery network service provider Cloudflare. What was the cause of the incident: had Cloudflare fallen victim to the kind of DDoS attack it's famous for preventing?In this episode, Jane and Rory welcome back Ross Kelly, ITPro's news and analysis editor, to explore some of November's biggest stories.FootnotesIf you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNearly 700,000 customers impacted after insider attack at US fintech firmAI means cyber teams are rethinking their approach to insider threats‘Insiders don't need to break in': A developer crippled company networks with malicious code and a ‘kill switch' after being sacked – and experts warn it shows the huge danger of insider threatsEverything you need to know about CloudflareThe Cloudflare outage explained: What happened, who was impacted, and what was the root cause?Cloudflare says AI companies have been “scraping content without limits” – now it's letting website owners block crawlers and force them to paySecurity experts issue warning over the rise of 'gray bot' AI web scrapersCloudflare is fighting back against AI web scrapersNearly half of all digital initiatives still fail – here's how you can learn from the ‘digital vanguard' and deliver successSubscribe to the IT Pro newsletter

A young undercover FBI operative risks everything to expose America's most devastating traitor — revealing how Cold-War spycraft evolved into today's cybercrime economy.The shocking true story of Robert Hanssen — the FBI mole who sold America's deepest secrets to Russia for over 20 years, leading to the execution of multiple double agents and triggering the worst intelligence breach in U.S. history.

Eric O'Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today's sophisticated cyber threats. Drawing on O'Neill's experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead. The episode covers actionable frameworks, real-world stories, and practical advice for building cyber resilience in an age of AI-driven scams and industrialized ransomware.

Got a question or comment? Message us here!This week, we're digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

  In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance of basic security measures like strong passwords and regular audits despite advanced technological systems in place. 00:00 Introduction and Sponsor Message 00:48 Ransomware Negotiators Turned Hackers 02:08 AI Stack Vulnerabilities in Windows 04:04 Backdoor Exploits OpenAI's API 05:24 AMD's Encryption Key Flaw 06:59 Louvre Heist and Security Lapses 08:24 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love covers a series of alarming cybersecurity incidents. Key highlights include Ernst and Young exposing a massive 4TB database to the open internet, a former L3 Harris executive guilty of selling zero-day exploits to a Russian broker, a sophisticated zero-day spyware campaign hitting Chrome, and a nation-state cyberattack on US telecom provider Ribbon Communications. Tune in to understand the critical lessons from these breaches and the emerging risks in cybersecurity. 00:00 EY's Massive Data Exposure 02:05 US Defense Contractor's Insider Threat 03:33 Chrome's Zero Day Vulnerability 05:24 Nation-State Hackers Breach US Telecom 06:51 Conclusion and Contact Information

In this episode of 'Cybersecurity Today: Our Month in Review,' host Jim welcomes a panel including Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley, CEO of Beauceron Securities. The discussion kicks off with an overview of their plans for Cybersecurity Month, including reviving the MapleSEC show and the CIO of the Year awards. David shares his experiences at SECTOR, Canada's largest cybersecurity conference, discussing the importance of security awareness training and the risks of irresponsible tech journalism on public perception. The panel also delves into the resurgence of the Clop ransomware group, their shift to data extortion, and their exploitation of vulnerabilities in Oracle EBS applications. Laura highlights a concerning case of insider threats at RBC, emphasizing the importance of process-driven controls. The episode also touches on the human side of cybersecurity, particularly the impact of romance scams and the growing violence in cybercrime. The panelists underscore the need for improved security awareness and the role of AI in identifying scams. Tammy, Laura, and David conclude by discussing the role of insider threats and the ethical boundaries in cybercrime, sharing insights from recent real-world cases. 00:00 Introduction and Panelist Introductions 00:43 Cybersecurity Month Initiatives 02:46 Security Awareness and Phishing Training 04:03 Impact of Irresponsible Tech Journalism 08:27 AI and Cybersecurity: Hype vs. Reality 10:43 Conference Experiences and Networking 18:33 Clop Ransomware and Data Extortion 23:45 Tammy's Insights on Clop's Tactics 24:58 Scattered Lasus and Cyber Warfare 26:32 Media Savvy Cybercriminals 31:36 Human Impact of Cyber Scams 37:17 Insider Threats and Security Awareness 43:21 Physical Security and Cyber Threats 48:33 Cybercrime Targeting Children 50:58 Conclusion and Upcoming Topics

In this insightful episode of The Future of ERP, Ryan Throop from IBM joins hosts Richard Howells and Oyku Ilgar to explore the critical role of cybersecurity in the cloud ERP landscape. As businesses move from traditional on-premise solutions to cloud-centric environments, cybersecurity challenges grow more complex. Ryan shares how AI-driven threat detection and shared security models empower organizations to protect sensitive data while boosting operational efficiency. Listener takeaways include the importance of security awareness training, the evolving role of AI in security operations, and the growing emphasis on integrating ERP systems into broader identity governance frameworks. With compelling insights on managing insider threats, third-party risks, and emerging technologies, this episode is a must-hear for any business leader or IT professional focused on digital transformation success. Stay secure, stay innovative, and join the conversation!

Trigger warning: This episode includes discussion of suicide in the context of researching measurable predictive indicators and the lack thereof in the context of cyber. Episode NotesDr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.Why multidisciplinary teams beat solo efforts in insider-risk operations.About our guest:Dr. Deanna D. Caputo MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/ LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputoPapers or resources mentioned in this episode:Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/ MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes • Cyberattacks remain big threat for tribes: survey • CISA to furlough 65% of staff if government shuts down this week• Cyber shutdown showdownMain Topics:Domestic Hostile Events:• Deadly attack on Michigan church leaves investigators searching for motive• Michigan church shooter was Marine veteran who White House official says "hated people of the Mormon faith"• Update from FBI Detroit on Shooting and Fire at a Michigan Church• Michigan church shooting suspect went on anti-LDS tirade, political candidate said• Armed man busted after plowing car through police barricade outside Michigan church day after deadly shooting, blaze• Iraq War veteran Thomas Sanford ID'd as gunman who attacked Grand Blanc LDS church, killing 4 and setting it ablaze• What we know about Michigan church shooter Thomas Sanford. Authorities have provided no motive for the attack.• Who is Michigan church attacker Thomas Jacob Sanford: Iraq war vet 'suffered from PTSD' and wore 'Make Liberals Cry Again' shirt• A List of Notable Shooting Attacks on Houses of Worship in the US in the Past 20 Years• Marine veteran in custody after 3 killed, at least 8 injured in shooting at a waterfront bar in North Carolina, officials say & Southport mass shooting: Suspect identified in gunfire from boat that killed 3, injured 8, officials say• Eagle Pass casino shooting: 2 killed, 5 hurt; suspect in custody, authorities say & Two dead, six hurt in shooting at Texas tribal casino; suspect in custodyRansomware• 'You'll never need to work again': Criminals offer reporter money to hack BBC• Co-op says cyber-attack cost it £206m in lost sales Quick Hits:• CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices• Threat Insights: Active Exploitation of Cisco ASA Zero Days • CISA - SonicWall Releases Advisory for Customers after Security Incident• Widespread Supply Chain Compromise Impacting npm Ecosystem• Russia dares NATO to shoot • New Kremlin-Linked Influence Campaign Targeting Moldovan Elections Draws 17 Million Views on X and Infects AI Models• Bot Networks Are Helping Drag Consumer Brands Into the Culture Wars• Outrage Cycle: Cracker Barrel and its CEO Targeted Amidst Logo Controversy• CISA Releases Advisory on Lessons Learned from an Incident Response Engagement• Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations• Designating Antifa as a Domestic Terrorist Organization• Fact Sheet: President Donald J. Trump Designates Antifa as a Domestic Terrorist Organization• Ranking Member Thompson Statement on Trump Incorrectly Designating ‘Antifa' as a Domestic Terrorism Organization• DHS Issues Statement on Targeted Attack on Dallas ICE Facility3 people shot at Dallas ICE field office: ICE official • Trump Says He Is Ordering Troops to Portland, Escalating Domestic Use of Military• Trump Says He's Sending Troops To ‘War Ravaged' America City — Authorizes ‘Full Force'• Pentagon calls up 200 National Guard troops after Trump Portland announcement• Oregon leaders object to Trump's deployment of 200 National Guard troops in the state• Feds march into downtown Chicago; top border agent says people are arrested based on ‘how they look'• ICE tactics inflame tensions in New York, Chicago and other cities• Shane Tamura, gunman in shooting at NFL headquarters, had CTE: Medical examiner

Cybersecurity isn't just about firewalls and passwords anymore. It's an all-out battle where hackers run businesses with customer support desks, insider threats can be disguised as your newest hire, and artificial intelligence is both the weapon and the shield. In this special episode of IT Visionaries, host Chris Brandt switches roles and sits in the hot seat while Lacey Peace, host of Experts of Experience, interviews him about the three biggest cyber threats IT leaders must prepare for in 2025. From the rise of ransomware-as-a-service to North Korean nationals infiltrating U.S. companies, and AI reshaping the entire security landscape, Chris reveals what's really happening behind the scenes of today's most dangerous attacks. With stories from his career building high-security facilities — including an EMP-shielded data center buried under a mountain — Chris shares the lessons that every business leader needs to hear about resilience, recovery, and why it's no longer a matter of “if” but “when.” Don't miss this candid and eye-opening conversation. Watch the full episode now and learn how to protect your organization before it's too late. Key Moments: 00:00: Lacey Peace Interviews Chris Brandt04:45 Cyber Extortion and Ransomware08:17 Supply Chain Attacks18:20 Creating an Isolated Recovery Environment20:08 Threat Number Two: IT Worker Attacks22:14 The Rise of Phishing Attacks27:26 The Evolution of Social Engineering30:19 The Role of AI in Cybersecurity33:01 Challenges in Reporting Cyber Incidents33:46 The Complexity of Cyber Incident Recovery34:45 The Role of Governments in Cybersecurity -- This episode of IT Visionaries is brought to you by Meter - the company building better networks. Businesses today are frustrated with outdated providers, rigid pricing, and fragmented tools. Meter changes that with a single integrated solution that covers everything wired, wireless, and even cellular networking. They design the hardware, write the firmware, build the software, and manage it all so your team doesn't have to. That means you get fast, secure, and scalable connectivity without the complexity of juggling multiple providers. Thanks to meter for sponsoring. Go to meter.com/itv to book a demo.---Mission.org is a media studio producing content alongside world-class clients. Learn more at mission.org Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Kim Sutherland has 14 different email addresses. She doesn't suggest you do the same, but she does think a lot about fraud in her job as the Global Head of Fraud & Identity at LexisNexis Risk Solutions. As a follow-up to the last episode, Caleb and Kim discuss the various dimensions and the growing prevalence of reward point / loyalty fraud. SponsorsRoutable - http://ohmyfraud.promo/routable(00:00) - Introduction and CPE Opportunity (00:26) - Meet Kimberly Sutherland from LexisNexis (01:43) - Listener Reviews and Feedback (04:07) - Conversation with Kimberly Sutherland Begins (06:06) - Understanding Loyalty Points and Fraud (22:13) - Synthetic Identity Fraud (29:57) - Insider Threats in Loyalty Programs (32:26) - Imagining Fraud to Prevent It (34:39) - Detection and Prevention Strategies (36:20) - Understanding Digital Risk (42:45) - Fraud Databases and Shared Intelligence (45:24) - Responding to Fraud Incidents (53:57) - The Role of Government in Fraud Prevention (59:49) - Future of Fraud and Prevention Technologies (01:02:01) - Ongoing Challenges in Identity Verification (01:03:39) - Conclusion and Credits HOW TO EARN FREE CPEIn less than 10 minutes, you can earn NASBA-approved accounting CPE after listening to this episode. Download our mobile app, sign up, and look for the Oh My Fraud channel. Register for the course, complete a short quiz, and get your CPE certificate.https://www.earmark.app/Download the app:Apple: https://apps.apple.com/us/app/earmark-cpe/id1562599728Android: https://play.google.com/store/apps/details?id=com.earmarkcpe.appLearn More About LexisNexishttps://risk.lexisnexis.com/ CONNECT WITH KIMLinkedIn: https://www.linkedin.com/in/ksutherland365 CONNECT WITH CALEBLinkedIn: https://www.linkedin.com/in/calebnewquist/Email us at ohmyfraud@earmarkcpe.com

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Devon Ackerman, a highly respected figure in the digital forensics and incident response (DFIR) community. Devon shares his background, starting from his upbringing in upstate New York, moving to Georgia, and how a chance encounter with an article about digital forensics at Champlain College sparked his interest in the field. He explains his early career in IT and web design during the dot-com boom, and how his curiosity and passion for troubleshooting led him to pursue digital forensics as a career. Devon elaborates on the core concepts of digital forensics and incident response, describing digital forensics as the scientific discipline of preserving, validating, and interpreting digital data, often for legal purposes. Incident response builds on this foundation by focusing on reacting to cyber incidents, preserving evidence, and supporting organizations during and after attacks. He recounts his FBI career, highlighting a significant case involving espionage where a trusted insider stole sensitive data for a foreign government, demonstrating the real-world impact and importance of DFIR work. The conversation shifts to emerging cyber threats and the evolving landscape of cyber risk. Devon emphasizes that threat actors are highly motivated, whether financially or politically, and continuously adapt to stay ahead of defenders. He discusses the widespread availability of offensive cyber capabilities among nation-states and criminal groups, and how geopolitical tensions can influence cyber activity. The discussion also touches on the role of AI in cybersecurity, acknowledging its potential benefits but warning about risks related to rapid adoption without adequate security controls. Devon addresses the insider threat, distinguishing between malicious insiders and those who pose risks unintentionally through mistakes or misconfigurations. He stresses that human factors remain a critical vulnerability in cybersecurity, as trusted employees can inadvertently expose sensitive data. He offers advice for newcomers to the DFIR field, encouraging a mindset of continuous learning, experimentation, and resilience in the face of failure, noting the complexity and ever-changing nature of digital forensics. Finally, Devon describes his current role at Cybereason, a cybersecurity company known for its endpoint detection and response technology. He explains how Cybereason has expanded its services to include both proactive advisory and reactive incident response capabilities, supporting clients globally across the entire cyber risk lifecycle. He provides contact information for listeners interested in learning more or engaging their services, and the episode concludes with Marc thanking Devon for sharing his insights and experiences. Key Points 1. Career Path to Digital Forensics: Devon's journey from IT and web design to becoming a leading expert in digital forensics and incident response, sparked by early exposure to the field and a passion for troubleshooting. 2. Definition and Scope of DFIR: Explanation of digital forensics as a scientific discipline and incident response as the reactive process to cyber incidents, including their importance in legal and investigative contexts. 3. Notable FBI Case: A detailed recount of a high-profile espionage investigation involving insider theft of sensitive data, illustrating the practical application and impact of DFIR work. 4. Evolving Cyber Threat Landscape: Discussion on the motivations and capabilities of threat actors, the proliferation of offensive cyber tools among nation-states and criminals, and the influence of geopolitical factors. 5. Insider Threat and Human Factor: Insight into insider threats, both malicious and accidental, emphasizing the ongoing risk posed by human error and the need for vigilance and security awareness. Key Quotes 1.

Insider threats represent one of the most dangerous cybersecurity risks facing organizations today - and they're way more common than you think. In this episode of The Backup Wrap-up, we explore the three main types of insider threats: compromised employees who get extorted or have their credentials stolen, disgruntled workers who want revenge after getting fired, and outside attackers who infiltrate your company to become malicious insiders. We break down real-world scenarios and discuss how to protect against them using least privilege principles, monitoring systems, and immutable backups. You'll learn why 31% of insider threat incidents could have been prevented if someone had spoken up, and why immutable backups are your last line of defense when an insider goes rogue. This is a must-listen for anyone responsible for data protection and cybersecurity.

Dang whippersnappers

In this episode, Jason Kikta discusses the critical relationship between IT and security, emphasizing that great security begins with a solid IT foundation. He explores the importance of establishing a baseline for normalcy, the role of user safety in preventing security breaches, and the need to understand insider threats. Jason concludes with discussing the 'big three' of cybersecurity, which are: Network Inventory: Knowing what's on your network is crucial. This involves having a comprehensive inventory of all devices and systems connected to the network.Configuration and Patching: Keeping systems configured correctly and up-to-date with patches is essential to prevent vulnerabilities that could be exploited by malicious actors.Identity and Authentication Protection: Ensuring robust identity and authentication measures are in place to protect against unauthorized access and maintain the integrity of user accounts.This episode originally aired October 10, 2024

In this episode of Security Matters, host David Puner speaks with Andy Parsons, CyberArk's Director of EMEA Financial Services and Insurance, whose career spans from the British Army to CISO and CTO roles in global financial institutions. Andy shares hard-earned lessons on leadership, risk management, and the evolving cybersecurity landscape in banking—from insider threats to machine identity governance and the rise of agentic AI.Discover why “you can't secure what you can't see,” how manual processes fail at scale, and why treating machine identities as “first-class citizens” is no longer optional. Andy also explores the privileged access paradox, dynamic access management, and how AI is reshaping compliance, trading, and operational resilience.Whether you're a security leader, technologist, or financial executive, this episode offers strategic insights and practical steps to future-proof your organization in an era of accelerating digital risk.

Raj Koo, CTO of DTEX Systems, discusses how their enterprise-grade generative AI platform detects and disarms insider threats and enables them to stay ahead of evolving risks.Topics Include:Raj Koo, CTO of DTEX Systems, joins from Adelaide to discuss insider threat detectionDTEX evolved from Adelaide startup to Bay Area headquarters, serving Fortune 500 companiesCompany specializes in understanding human behavior and intention behind insider threatsMarket shifting beyond cyber indicators to focus on behavioral analysis and detectionRecent case: US citizen sold identity to North Korean DPRK IT workersForeign entities used stolen credentials to infiltrate American companies undetectedDTEX's behavioral detection systems helped identify this sophisticated identity theft operationGenerative AI becomes double-edged sword - used by both threat actors and defendersBad actors use AI for fake resumes and deepfake interviewsDTEX uses traditional machine learning for risk modeling, GenAI for analyst interpretationGoal is empowering security analysts to work faster, not replacing human expertiseAWS GenAI Innovation Center helped develop guardrails and usage boundaries for enterpriseChallenge: enterprises must follow rules while hackers operate without ethical constraintsDTEX gains advantage through proprietary datasets unavailable to public AI modelsAWS Bedrock partnership enables private, co-located language models for data securityPrivate preview launched February 2024 with AWS Innovation Center acceleration supportSoftware leaders should prioritize privacy-by-design from day one of GenAI adoptionFuture threat: information sharing shifts from files to AI-powered data queriesMonitoring who asks what questions of AI systems becomes critical security concernDTEX contributes to OpenSearch development while building vector databases for analysisParticipants:Rajan Koo – Chief Technology Officer, DTEX SystemsFurther Links:DTEX Systems WebsiteDTEX Systems AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of CISO Tradecraft, host G Mark Hardy is joined by cybersecurity expert Casey Marquette to discuss effective HR and recruiting strategies for building a top-notch cybersecurity team. They dive into career development, the importance of networking, and how to navigate the challenges of hiring in cybersecurity. Casey shares his personal journey from law enforcement to becoming a leading figure in the cybersecurity world, highlighting the role of mentorship and continuous learning. The episode also covers innovative uses of AI in the hiring process and provides practical advice for both hiring managers and job seekers in the cybersecurity field. Tune in for valuable insights on how to hire the best talent and advance your career in cybersecurity.   Transcripts https://docs.google.com/document/d/1c-3qy6KkQuhjuHquycQ3rRwMdSlZBfz4    Chapters 00:00 Introduction to Cybersecurity Recruitment 00:31 Guest Introduction: Casey Marquette 01:46 Casey's Career Journey 04:41 Hiring for Attitude vs. Skillset 05:30 Promoting from Within vs. Hiring Externally 07:34 Leadership and Morale 20:20 The Importance of Networking and Mentorship 22:19 AI in Recruitment 23:30 The Talent Pool and Recruitment Challenges 24:04 Introducing Scout: The AI Recruitment Tool 24:51 Security Measures in AI Recruitment 25:32 Addressing Fraudulent Candidates 26:10 Remote Hiring and Deepfake Concerns 28:52 Insider Threats and Tabletop Exercises 31:51 Enhancing Career Marketability for CISOs 37:47 Building Effective Networks and Relationships 42:04 The Importance of Specialized Recruitment 44:21 Final Thoughts and Contact Information

In this episode of CISO Tradecraft, host G Mark Hardy is joined by cybersecurity expert Casey Marquette to discuss effective HR and recruiting strategies for building a top-notch cybersecurity team. They dive into career development, the importance of networking, and how to navigate the challenges of hiring in cybersecurity. Casey shares his personal journey from law enforcement to becoming a leading figure in the cybersecurity world, highlighting the role of mentorship and continuous learning. The episode also covers innovative uses of AI in the hiring process and provides practical advice for both hiring managers and job seekers in the cybersecurity field. Tune in for valuable insights on how to hire the best talent and advance your career in cybersecurity. Transcripts https://docs.google.com/document/d/1c-3qy6KkQuhjuHquycQ3rRwMdSlZBfz4 Chapters 00:00 Introduction to Cybersecurity Recruitment 00:31 Guest Introduction: Casey Marquette 01:46 Casey's Career Journey 04:41 Hiring for Attitude vs. Skillset 05:30 Promoting from Within vs. Hiring Externally 07:34 Leadership and Morale 20:20 The Importance of Networking and Mentorship 22:19 AI in Recruitment 23:30 The Talent Pool and Recruitment Challenges 24:04 Introducing Scout: The AI Recruitment Tool 24:51 Security Measures in AI Recruitment 25:32 Addressing Fraudulent Candidates 26:10 Remote Hiring and Deepfake Concerns 28:52 Insider Threats and Tabletop Exercises 31:51 Enhancing Career Marketability for CISOs 37:47 Building Effective Networks and Relationships 42:04 The Importance of Specialized Recruitment 44:21 Final Thoughts and Contact Information

When AI systems hallucinate, run amok, or fail catastrophically, the consequences for enterprises can be devastating. In this must-watch CXOTalk episode, discover how to anticipate and prevent AI failures before they escalate into crises.Join host Michael Krigsman as he explores critical AI risk management strategies with two leading experts:• Lord Tim Clement-Jones - Member of the House of Lords, Co-Chair of UK Parliament's AI Group• Dr. David A. Bray - Chair of the Accelerator at Stimson Center, Former FCC CIOWhat you'll learn:✓ Why AI behaves unpredictably despite explicit programming✓ How to implement "pattern of life" monitoring for AI systems✓ The hidden dangers of anthropomorphizing AI✓ Essential board-level governance structures for AI deployment✓ Real-world AI failure examples and their business impact✓ Strategies for building appropriate skepticism while leveraging AI benefitsKey ideas include treating AI as "alien interactions" rather than human-like intelligence, the convergence of AI risk with cybersecurity, and why smaller companies have unique opportunities in the AI landscape.This discussion is essential viewing for CEOs, board members, CIOs, CISOs, and anyone responsible for AI strategy and risk management in their organization.Subscribe to CXOTalk for more expert insights on technology leadership and AI:

What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Trent Waterhouse. Trent is the CMO of GlobalMeet, a leading virtual event technology company with a scalable, flexible, and secure hybrid event streaming platform built and supported by experienced event experts. Trent has a proven track record of driving growth and innovation with 35 years of expertise leveraging a field sales marketing model that aligns sales, marketing, and R&D to think like a customer, act like a partner, and measure success through customer satisfaction and net promoters. Built for growth, Trent's unique blend of technology understanding and B2B marketing skills have been proven to help companies grow revenue profitably, improve customer experiences, build new partnerships, and expand opportunity pipelines. [July 21, 2025]   00:00 - Intro 00:50 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                02:30 - Trent Waterhouse Intro 03:11 - Starting Out Pre-Video 04:53 - A Brave New World 08:07 - Going Public 10:21 - Rise of the DeepFakes 13:03 - Video Watermarking 15:23 - A Simple Warning Will Do 19:11 - Staying Up to Date 21:22 - Insider Threat 23:42 - Find Trent Waterhouse Online    -          Website: https://www.globalmeet.com/ -          Instagram: https://www.instagram.com/globalmeet/ -          LinkedIn: https://www.linkedin.com/in/trentonwaterhouse/ 24:44 - Book Recommendations -          Pattern Breakers - Mike Maples, Jr, Peter Ziebelman 27:16 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

The insider threat represents one of the most dangerous and overlooked cybersecurity challenges facing organizations today. In this episode of The Backup Wrap-up, W. Curtis Preston and Prasanna explore the three distinct types of insider threats that can devastate your organization from within.From malicious employees seeking revenge to careless workers who fall for social engineering, insider threats come in many forms. The hosts examine real-world cases including the Coinbase breach through compromised contractors, Apple's lawsuit against an employee who stole Vision Pro secrets, and the infamous logic bomb attack that destroyed an entire company's data.Learn practical strategies for implementing least privilege access, immutable backup protection, and multi-person authentication controls. Discover why 83% of companies experienced some form of insider threat attack in 2024, and get actionable advice on security training, vendor management, and incident response planning to protect your organization's most critical assets.

In this special live episode of Autonomous IT, Live! we walk through a high-stakes incident response drill that mimics a disturbingly realistic threat scenario: an attacker gains access to your internal tools — not by breaking in, but by logging in.Here's the setup: a user unknowingly reuses compromised credentials with the company's SSO provider. An attacker logs in, flies under the radar, and impersonates internal IT support using Slack, email, and calendar invites. Their goal? Convince employees to install a fake remote access tool—all while avoiding anyone likely to report suspicious behavior.Join Landon Miles, Tom Bowyer, and Ryan Braunstein as they:

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Join the Kyle Seraphin Show LIVE 9:30a ET on Rumble, orfind me on Spotify for ad-free video: https://KyleSeraphinShow.com__________________________________________________Our Sponsors make this program possible:https://SLNT.com/KYLE (Save 15% off everyday Faraday bags)http://patriot-protect.com/KYLE (15% off Protecting yourself from scams/Identity theft)https://BlackoutCoffee.com/KYLE (20% off your First Order) keywords:Insider,Threat,Kash,Patel,Fox,Interview,Bongino,Epstein,FBI,Recruiting,

Chris and Hector break down recent crypto security breaches, including Coinbase's insider-driven data leak and the SEC's SIM swap hack. They explore the rise of “Zishing” (Zoom phishing), deepfake scams, and the real-world dangers facing crypto holders. Join our new Patreon! ⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠questions@hackerandthefed.com