Podcasts about nist

Shandy is thrilled to welcome Theresa Nist for an EXCLUSIVE in-studio conversation. You know Theresa as the winner of the mega-hit season 1 of The Golden Bachelor. She wound up engaged to Gerry Turner, their televised wedding was watched by millions, but they announced their divorce only 3 months later. What *really* happened behind the scenes, after the wedding, and after the cameras turned off?In light of Gerry's new tell-all book describing his version of events, Theresa sits down with Shandy for her most raw, unfiltered interview to date. How did it feel for Theresa to learn that Gerry wondered if he should have chosen his runner-up, Leslie? Did she mislead Gerry about quitting her career, did she misrepresent her finances, and did she read "How To Win The Bachelor" during filming, as he claimed in the book? Did she really make Gerry sleep on the sofa?! Theresa is normally very private but could not stay silent in light of the book's many accusations. Do not miss her brutally honest account.Thanks to our sponsors!- Go to https://www.squarespace.com/SHANDY and use code SHANDY for 10% off your first website or domain!- Get up to 40% off your entire order at https://laundrysauce.com/SHANDY (their biggest sale of the year!)- Go to https://mudwtr.com and use code SHANDY to get up to 43% off your entire order, Free Shipping and a Free Rechargeable Frother!More Theresa:- Instagram: https://www.instagram.com/theresa_nist- TikTok: https://www.tiktok.com/@theresa_nistPast Dear Shandy episodes covering Gerry & Theresa:- Love Fest: https://youtu.be/hWCr91mBGb0?si=LOOwxXqEToxIpIBY- Golden Divorce: https://youtu.be/PyiFysUZJMc?si=OzqnEI2Ee4_gm8gSTime Stamps:0:00 - Welcome To Theresa Nist10:08 - Leslie19:32 - Temper22:22 - “East Coast Mentality”27:44 - Finances, Her Work, The Prenup42:18 - Lifestyle45:00 - House Shopping47:50 - Her Home49:26 - Physical Intimacy55:50 - Her Intentions1:05:59 - Her Character1:16:05 - Regrets1:20:18 - Message To GerryIf you have a relationship question, write us at: dearshandy@gmail.comSubscribe and watch the episodes on YouTube! https://bit.ly/SubscribeDearShandyMore Dear ShandyInstagram - https://www.instagram.com/dearshandyFacebook - https://fb.me/dearshandyMore SharleenInstagram - https://www.instagram.com/sharleenjoyntBlog - http://www.alltheprettypandas.comMore AndyInstagram - https://www.instagram.com/machinelevineProduced by Gabrielle Galon - https://www.instagram.com/gabsamillionSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

Send us a textA single Windows shortcut can open the door to espionage—and that's exactly where we begin. We break down a fresh LNK exploit campaign to show how hidden command execution and DLL sideloading slip past busy teams, then pivot into the core defense most organizations underuse: disciplined configuration management. From baselines and version control to change boards and rapid rollback, we map the habits and tools that turn chaos into control.We walk through building secure, realistic baselines with CIS Benchmarks and NIST 800‑128, and why “simple and enforceable” beats “perfect and ignored.” You'll hear how least privilege for change stops shadow tweaks, how EDR and application firewalls catch command and control, and how automation with Ansible, SCCM, and Terraform keeps fleets consistent. We spotlight the CMDB as a living source of truth—only valuable if you maintain ownership, automate updates, and report on drift so leadership and risk teams can act.Change governance becomes your stabilizer. A change control board aligns IT, security, operations, risk, and compliance before big moves, while an emergency change advisory board authorizes fast action for zero‑days and incidents with a strict post‑implementation review. We break down the full change lifecycle—request, impact analysis, staging, implementation, verification, CMDB updates—and the common pitfalls to avoid, including undocumented changes, brittle rollbacks, and ignoring post‑change scan results. Expect practical guidance on when to auto‑patch Windows, how to iterate quarterly without overengineering, and what metrics prove progress.If you're aiming to master CISSP Domain 7 or just want fewer outages and faster recovery, this conversation gives you a clear blueprint to reduce attack surface and increase stability. If it helps, share it with a teammate, subscribe for more deep dives, and leave a quick review so we can keep improving for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

NIST recently selected a second Key Exchange Module (KEM) among the PQC algorithms, HQC. We explain this code-based algorithm.

First Resonance provides factory orchestration and coordination software for scaling hardware companies. Founded by SpaceX veterans in 2019, the company focused on filling the gap between legacy manufacturing systems and the needs of emerging hard tech startups. In a recent episode of Category Visionaries, we sat down with Karan Talati, CEO & Co-Founder of First Resonance, to learn about the company's journey building Ion—their manufacturing operations platform—and how they're enabling companies scaling from R&D prototypes to production manufacturing across aerospace, defense, nuclear energy, and advanced manufacturing. Topics Discussed: Karan's time at SpaceX during hypergrowth (employee 2,000 to 6,000+) and the transition from single rocket design to production operations Why First Resonance walked away from pursuing legacy aerospace and defense giants The failed PLG experiment and pivot to enterprise sales with product analytics for expansion How the "new space" pattern is repeating in nuclear energy and other hard tech verticals Market expansion from aerospace into nuclear energy over the past three to four years Advanced manufacturing technology convergence enabling electric aviation (battery density, composite manufacturing, 3D printing) AI's role in breaking down knowledge silos between mechanical, electrical, and software engineering Defense contractor security requirements: CMMC, FedRamp, and NIST 800-171 Brand strategy targeting the new manufacturing workforce versus the retiring old guard GTM Lessons For B2B Founders: Kill upmarket plans when your core segment outpaces them: First Resonance planned to move from scale-ups to traditional defense and aviation giants. They didn't execute. Karan found that staying with scaling startups delivered faster growth and higher ROI than "long sales cycles" with customers "averse to modern technology." The lesson isn't about patience with enterprise—it's about recognizing when your initial segment is expanding faster than you can capture it. If your TAM is growing 40%+ annually from customer expansion alone, moving upmarket is a distraction. Test PLG fast, kill it faster in multi-stakeholder environments: First Resonance ran a PLG experiment and "quickly learned it does not" work in manufacturing. The buying process involves "centralized, coordinated, orchestrated, many decision makers, many influencers." But they kept the instrumentation. They use "product utilization and usage and engagement" data to "package subsequent value" for renewals and expansion. The tactical move: instrument your product like PLG, sell like enterprise, and use analytics to drive net dollar retention during annual renewals. Treat cloud service provider status as a wedge, not overhead: As a cloud service provider to defense contractors, First Resonance maintains compliance with CMMC, FedRamp, and NIST 800-171. Rather than viewing this as cost center, Karan noted "regulations are getting easier, not harder" and that this is "a benefit to innovators." For B2B founders selling to regulated industries: invest in compliance infrastructure early, monitor regulatory roadmaps (like FedRamp 20x), and position compliance as competitive moat when competitors can't move as quickly. Pattern match your wedge vertical to adjacent disruption: First Resonance saw their aerospace playbook repeat in nuclear energy "literally in the last three, four years." The pattern: legacy incumbents "too big to fail" but "so large and inertial, so hard to move, that startups are going to have to come in and close that gap." When one vertical shows this pattern, adjacent industries with similar incumbent dynamics are expansion candidates. The key signal: former SpaceX/Tesla talent founding companies in that vertical. Design brand for the incoming generation, not the incumbent buyer: With the old guard "rapidly retiring" and manufacturing becoming "cool," First Resonance built a brand with "bold colors and straight lines" that "combines cybernetic systems with inspiration from the Matrix." Karan explicitly rejected softer design trends: "throw all that out." For technical products in industries with demographic shifts, design for the 30-year-old engineer who will champion your tool, not the 55-year-old executive who signs the contract. Deepen rather than proliferate when customers expand physically: First Resonance doesn't worry about logo count because their customers are "scaling in terms of factory square footage and the number of teams." Their expansion motion: "observe product analytics and customer signals and package subsequent value" for upselling during renewals. The tactic works because aerospace and energy have "a tailwind of decades." For infrastructure software with usage tied to physical operations: if customers are adding factories or production lines, you don't need new logos—you need seat expansion and module attach. // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM    

In the kickoff episode of the Risk and Cybersecurity podcast's AI Compliance series, host Lauren Ross welcomes Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services, for a deep dive into the frameworks shaping responsible artificial intelligence (AI). The conversation unpacks how standards like SOC 2, ISO 42001, and the National Insititue of Standards and Technology's (NIST) AI Risk Management Framework are evolving to address the unique risks and governance challenges of artificial intelligence. They discuss the intersection of AI with privacy regulations like the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), as well as practical strategies for harmonizing multiple frameworks in complex environments. Whether you're just starting your AI journey or looking to strengthen your compliance posture, this episode offers foundational insights to help you build trust and resilience in your AI initiatives.Tune in to learn more about:The role of SOC 2, ISO 42001, and NIST in AI governance and risk managementHow ethical principles are operationalized in AI development and deploymentAligning AI compliance with privacy regulations such as GDPR and HIPAAThe importance of model registries, bias monitoring and continuous oversightStrategies for harmonizing multiple frameworks and reducing audit fatigueView All Podcasts from this Series

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

Just when you thought DNS cache poisoning was a thing of the past, Steve and Leo reveal why this 17-year-old bug is making a dramatic comeback—and why most DNS resolvers still can't manage high-quality random numbers after all this time. The unsuspected sucking power of a Linux-based robot vacuum. Russia to follow China's vulnerability reporting laws. A pair of Scattered Spider UK teen hackers arrested. Facebook,Instagram and TikTok violating the EU's DSA. Microsoft Teams bringing user WiFi tracking bypolicy. You backed up. That's great. Did you test that backup? Coveware reports all-time lowransomware payment rate. Ransomware negotiator reports how the bad guys get in. Lots of listener thoughts and feedback about NIST passwords. And against all reason and begging credulity, it seems we still haven't managed to put high-quality random number generators into our DNS resolvers. Show Notes - https://www.grc.com/sn/SN-1049-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow zapier.com/securitynow 1password.com/securitynow veeam.com zscaler.com/security

La Inteligencia Artificial (IA) es un "trending topic" que transforma la ciberseguridad, aplicándose en las defensas para la detección de ataques y automatización de procesos. Sin embargo, los ciberdelincuentes la utilizan para generar ataques más sofisticados, como deepfakes (suplantación de voz/vídeo), CEO fraud y campañas de phishing convincentes, logrando un alto retorno de inversión. Se enfatiza la necesidad de una detección temprana y la formación continua del usuario para evitar fugas de información. El programa también aborda la amenaza de la Computación Post-Cuántica, que romperá la criptografía actual en minutos u horas, en lugar de siglos. Las entidades ya están almacenando información encriptada para desencriptarla en el futuro, lo que obligará a reescribir marcos globales como el NIST, ISO y ENS. Respecto a los desafíos empresariales, se trató la seguridad en infraestructuras críticas (entornos OT), a menudo muy antiguos y difíciles de securizar. La inminente Directiva NIS 2 es vista como un fuerte impulso a la ciberseguridad, pero también como un "dolor" para las empresas. La NIS 2 es ley, y su incumplimiento puede acarrear multas de hasta el 2.5 de la facturación anual. Su cumplimiento exige grandes inversiones, apoyo tecnológico, un levantamiento de activos riguroso y la gestión de la cadena de suministro de terceros. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

In this episode, Ryan and Henry welcome Paul Depmore for an in-depth discussion tracing his path from the U.S. Marine Corps into commercial and national-level calibration work. Paul shares how his experience evolved through Southwest Research Institute, Transcat, Morehouse, and Applied Technical Services, leading to later support of U.S. Navy calibration programs. Key discussion points include: Transitioning from military to civilian metrology roles Early mentorship and lab culture Piston-gauge and dead-weight tester practices Differences between ASTM E4 / E74 and ISO 376 / 7500 calibrations Managing primary-pressure standards and effective-area verification Collaboration among commercial labs, NIST, and Navy facilities Communication, documentation, and supporting new technicians

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Think your mouse is harmless? Steve and Leo uncover how modern optical mice might be secretly "listening" in, and reveal why satellite data pouring down on us is almost entirely unsecured. The long awaited lawsuit to block Texas SB2420. Embattled Texas SB2420 also impacts Google Play. At long last, NIST modernizes their password policy. Scattered LAPSUS$ Hunters demise was exaggerated. China claims that the NSA has been hacking them. Half of all geosynchronous satellite traffic is unencrypted. The AWS outage highlights the rising risk of Internet monoculture. A terrific collection of listener feedback and... Could your PC's mousehave much bigger ears than you know? https://www.grc.com/sn/SN-1048-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit hoxhunt.com/securitynow threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT bitwarden.com/twit

This week, the GovNavigators welcome Gordon Gillerman, former Director of the Standards Coordination Office at NIST, to talk about how standards and testing programs quietly keep the federal government and the products it relies on running safely and efficiently. Gordon shares how collaboration between government and industry helps ensure innovation, interoperability, and public trust.Show NotesOMB: Circular A-119Data Foundation: 2025 Shutdown RIF Impacts TrackerNSPM-8: Military pay during the shutdown Events on the GovNavigators' RadarCheck out GovExec's new events calendar Oct 27-29: Nvidia's GTC Annual AI Conference  Nov 2-4: National Academy of Public Administration's National Conference 

In this episode of Hashtag Trending, host Jim Love covers the latest in tech news: Microsoft's recent Windows 11 update that disrupted local host functions for developers, Salesforce's ambitious AI agent initiatives at Dreamforce, Google's upcoming Gemini 3.0 Pro rollout with significant AI advancements, Tor browser removing AI features for privacy reasons, and NIST's new advice on password security emphasizing longer passphrases. He also references a popular segment from Cybersecurity Today's weekend show on the Dark Web. 00:00 Introduction and Headlines 00:42 Microsoft's Windows 11 Update Issues 02:42 Salesforce's AI Revolution at Dreamforce 04:44 Google's Gemini 3.0: A Major Upgrade 06:31 Tor Browser Strips AI for Privacy 08:02 NIST's New Password Guidelines 10:09 Conclusion and Listener Engagement

Gareth Davies, Chairman of F3 (First Forensic Forum), joins the Forensic Focus Podcast to explore how a grassroots, vendor-neutral community has helped shape digital forensics in the UK for three decades. He traces F3's origins in the 1990s, when affordable training and tool-agnostic knowledge-sharing were scarce, and explains why the forum still focuses on byte-level, lab-ready techniques over sales pitches. Looking ahead, Gareth previews F3's 2025 conference in Warwickshire (Nov 18–20), the not-for-profit pricing model, and upcoming trainings on UAVs, software-defined radio, implants/biomed devices, smartwatch and vehicle forensics, and video authentication/deepfakes. He also discusses international growth (including interest in an Australian chapter) and an open call for volunteers to help run events and keep training affordable. #DigitalForensics #DFIR #ForensicsTraining #IncidentResponse #VehicleForensics #CryberCrime #DigitalEvidence #DigitalInvestigtion #DigitalEvidence

Mezi Pákistánem a Afghánistánem se tento týden odehrála krátká válka, která je možná už zažehnána. Pryč ze stolu ale nejsou příčiny, které k posledním ozbrojeným rozmíškám vedly. Napětí tedy pravděpodobně bude pokračovat.Všechny díly podcastu Názory a argumenty můžete pohodlně poslouchat v mobilní aplikaci mujRozhlas pro Android a iOS nebo na webu mujRozhlas.cz.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for federal agencies to update their F5 products following a significant breach where hackers accessed source code and undisclosed vulnerabilities. This incident, discovered in August, poses a serious risk to federal networks, as the threat actor could exploit these vulnerabilities to gain unauthorized access and exfiltrate sensitive data. Agencies are required to apply the latest updates by October 22nd and report their F5 deployments by October 29th, highlighting the urgency of addressing these security concerns.In a related development, the National Institute of Standards and Technology (NIST) is encouraging federal agencies to take calculated risks with artificial intelligence (AI) under new federal guidance. Martin Stanley, an AI and cybersecurity researcher, emphasized the importance of risk management in AI deployment, particularly in comparison to more established sectors like financial services. As agencies adapt to this guidance, they must identify high-impact AI applications that require thorough risk management to ensure both innovation and safety.A report from Cork Protection underscores the need for small and medium-sized businesses (SMBs) to adopt a security-first approach in light of evolving cyber threats. Many SMBs remain complacent, mistakenly believing they are not targets for cybercriminals. The report warns that this mindset, combined with the rising financial risks associated with breaches, necessitates a shift towards a security-centric operational model. The cybersecurity services market is projected to grow significantly, presenting opportunities for IT service providers that prioritize security.Apple has announced a substantial increase in its bug bounty program, now offering up to $5 million for critical vulnerabilities. This move reflects the growing importance of addressing security challenges within its ecosystem, which includes over 2.35 billion active devices. The company has previously awarded millions to security researchers, emphasizing its commitment to user privacy and security. As the landscape of cybersecurity evolves, managed service providers (MSPs) are urged to tighten vendor monitoring, incorporate AI risk assessments, and focus on continuous assurance to meet the increasing demands for security. Three things to know today00:00 Cybersecurity Crossroads: F5 Breach, AI Risk, and Apple's $5M Bug Bounty Signal Security Accountability06:44 Nearly a Third of MSPs Admit to Preventable Microsoft 365 Data Loss, Syncro Survey Finds09:22 AI Reality Check: Workers' Overconfidence, Cheaper Models, and Microsoft's Scientific Breakthrough Signal Maturity in the Market This is the Business of Tech.     Supported by:  https://mailprotector.com/mspradio/ 

Send us a textQuantum isn't a distant sci‑fi threat—it's shaping security decisions right now. We open with what NIST's new post‑quantum FIPS 203/204/205 actually mean for your crypto roadmap, why “harvest now, decrypt later” raises the stakes for long‑lived data, and how the 2035 federal mandate will ripple through contractors, audits, and CMMC. Then we get practical, translating policy pressure into the access decisions you make every day and the concepts you'll see on the CISSP exam.We break down mandatory access control (labels, clearance, strict need‑to‑know), discretionary access control (owner grants, permission creep), role‑based access control (job functions, least privilege at scale), attribute‑based access control (context, dynamic conditions), and rule‑based control (fine‑grained logic and exceptions). Along the way, we highlight the keywords that unlock tricky multiple‑choice items—“classification,” “owner,” “job role,” “attributes,” “rules”—so you can map questions to the correct model fast. More importantly, we explain how to combine models without creating chaos: use RBAC for baseline entitlements, layer ABAC for context and risk signals, lean on rule-based policies for surgical exceptions, and reserve MAC for highly classified domains where enforcement must be absolute.If attackers are stockpiling ciphertext for a quantum tomorrow, the answer is a two‑track plan: crypto agility to adopt quantum‑resistant algorithms and disciplined access governance to limit blast radius today. We share actionable cues for exam success, practical design tips for avoiding privilege escalation, and a reminder that good security is repeatable security—clear roles, auditable policies, and continuous review.Subscribe for weekly CISSP prep you can use on the job, share this with a teammate who's wrangling access models, and leave a review to help others find the show. Your support also fuels our charity‑funded training that gives back while you level up.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

“Quantum computing is taking the laws of nature — light, heat, entanglement — and turning them into a new kind of computer. When that happens, the way we think about Bitcoin's security will have to change forever.” — Charlie ShremThis week on The Charlie Shrem Show, we go deep into the strangest frontier yet: the intersection of Bitcoin, cryptography, and quantum computing.Charlie sits down with Olivier Roussy Newton, OG Bitcoiner and CEO of BTQ Technologies (NASDAQ: BTQ) — a company building at the edge where photons meet blockchains. From his early exposure to D-Wave's first quantum computers in Canada to raising capital from Chinese state funds (and getting blocked by the CIA's venture arm), Olivier's story tracks the entire rise of the post-quantum security industry.Together, Charlie and Olivier unpack what it really means when we say “the end of ECDSA,” why the U.S. government plans to deprecate Bitcoin's signature standard by 2035, and how quantum systems could make traditional mining obsolete.They explore how the analog world of nature — light, gravity, superconductors — can replace brute-force hashing, how “Boson sampling” could one day stand in for SHA-256, and why the biggest breakthroughs in computing may come from mimicking God's own architecture.Plus, Charlie shares insights from a recent dinner with Dr. Adam Back and his own stealth research into quantum-mining convergence. This episode isn't just about crypto's future — it's about the future of computation itself.Topics Discussed:From Node.js startups to quantum cryptographyWhat happens when the CIA's VC fund blocks your dealWhy the U.S. and China's quantum race matters for BitcoinThe birth of post-quantum cryptography and NIST's standardsHow quantum encryption could replace proof-of-workWhy consensus itself might become irrelevantHow AI's mainstream boom paves the way for quantum adoptionThe analog vs. digital computing paradigm shift Thank you for listening to The Charlie Shrem Show. For more free content and access to over 400 episodes, visit www.CharlieShrem.com. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Trump administration pushed forward Friday with plans to fire federal employees amid the government shutdown, directing reductions-in-force at the Departments of Health and Human Services, Education, and Housing and Urban Development, among other agencies. Prior to and during the current shutdown, the White House repeatedly threatened to lay off additional federal workers in a bid to further its efforts to shrink the size of the government. The Trump administration maintains Democrats are to blame for the shutdown, though Democrats contend that a spending bill from Republicans — who control all levers of power — wouldn't adequately fund health care. Russ Vought, the director of the Office of Management and Budget, posted on X early Friday afternoon that the “RIFs have begun,” without offering additional details. An OMB spokesperson told FedScoop the RIFs began and are “substantial.” In a preview of his discussions with Vought last week, President Donald Trump said in a post to his social media platform that they would target “Democrat Agencies,” calling them “a political SCAM.” According to a court filing from the Trump administration late Friday, at least 4,100 federal workers across eight federal agencies may have been sent RIF notices, with the bulk of the staff reductions at HHS, with 1,100 to 1,200 workers impacted, and the Department of Treasury, with 1,446 workers impacted. Deploying artificial intelligence requires taking on the right amount of risk to achieve a desired end result, a National Institute of Standards and Technology official who worked on its risk management framework for the technology said on a panel last week. While federal agencies, and particularly IT functions, are generally risk averse, risks can't entirely be avoided with AI, Martin Stanley, an AI and cybersecurity researcher at the Commerce Department standards agency, said during a FedInsider panel on “Intelligent Government” last week. Stanley said: “You have to manage risks, number one,” adding that the benefits from the technology are compelling enough that “you have to go looking to achieve those.” Stanley's comments came in response to a question about how the federal government compares to other sectors that have been doing risk management for longer, such as financial services. On that point specifically, he said the NIST AI Risk Management Framework “shares a lot of DNA” with Federal Reserve guidance on algorithmic models in financial services. He said NIST attempted to leverage those approaches and the same plain, simple language. “We talk about risks, we talk about likelihoods, and we talk about impacts, both positive and negative, so that you can build this trade space where you are taking on the right amount of risk to achieve a benefit,” Stanley said. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Katherine Henry of Bradley, Arant, Boult, Cummings, and Harold (Hal) Weston of Georgia State University, Greenberg School of Risk Science, who are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview.” Katherine and Hal take the discussion beyond the pages and delve into best cybersecurity practices, cyber insurance, and Safe Harbor laws offered by some states and possibly to be offered soon by others. They discuss frameworks and standards, and what compliance means for your organization, partly based on your state law.   Listen for advice to help you be prepared against cybercrime.   Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. We will be joined by the authors of the legislative review, “A 2025 Cybersecurity Legal Safe Harbor Overview”, Katherine Henry and Harold Weston. Katherine and Harold are also prominent members of the RIMS Public Policy Committee. [:48] Katherine and Harold are also here to talk about Cybersecurity Awareness Month and safe practices. But first…  [:53] RIMS-CRMP Prep Workshops! The next RIMS-CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:05] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:23] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [1:37] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on the virtual workshops! [1:56] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:08] Several RIMS Webinars are being hosted this Fall. On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [2:28] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [2:40] Before we get on with the show, I wanted to let you know that this episode was recorded in the first week of October. That means we are amid a Federal Government shutdown. RIMS has produced a special report on “Key Considerations Regarding U.S. Government Shutdown.” [2:58] This is an apolitical problem. It is available in the Risk Knowledge section of RIMS.org, and a link is in this episode's show notes. Visit RIMS.org/Advocacy for more updates. [3:12] Remember to save March 18th and 19th on your calendars for the RIMS Legislative Summit 2026, which will be held in Washington, D.C. I will continue to keep you informed about that critical event. [3:24] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:40] That is why I'm delighted that Katherine Henry and Harold (Hal) Weston are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [3:52] This report provides a general overview of expected cybersecurity measures that organizations must take to satisfy legal Safe Harbor requirements. [4:01] It summarizes state Safe Harbor laws that have been developed to ensure organizations are proactive about cybersecurity and that digital, financial, and intellectual assets are legally protected when that inevitable cyber attack occurs. [4:15] We are here to extend the dialogue. Let's get started! [4:21] Interview! Katherine Henry and Hal Weston, welcome to RIMScast! [4:41] Katherine was one of he first guests on RIMScast. Katherine is Chair of the Policyholder Insurance Coverage Practice at Bradley, Arant, Boult, Cummings. Her office is based in Washington, D.C. She works with risk managers all day on insurance issues. [5:05] Katherine has been a member of the RIMS Public Policy Committee for several years. She serves as an advisor to the Committee. [5:12] Justin thanks Katherine for her contributions to RIMS. [5:25] Hal is with Georgia State University. He has been with RIMS for a couple of decades. Hal says he and Katherine have served together on the RIMS Public Policy Committee for maybe 10 years. [5:48] Hal is a professor at Georgia State University, a Clinical Associate in the Robinson College of Business, Greenberg School of Risk Science, where he teaches risk management and insurance. Before his current role, Hal was an insurance lawyer, both regulatory and coverage. [6:05] Hal has a lot of students. He is grading exams this week. He has standards for his class. In the real world, so does a business. [6:46] Katherine and Hal met through the RIMS Public Policy Committee. They started together on some subcommittees. Now they see each other at the annual meeting and on monthly calls. [7:05] Katherine and Hal just released a legislative review during RIMS's 75th anniversary, “A 2025 Cybersecurity Legal Safe Harbor Overview”. It is available on the Risk Knowledge page of RIMS.org. [7:20] We're going to get a little bit of dialogue that extends beyond the pages. [7:31] Katherine explains Safe Harbor: When parties are potentially liable to third parties for claims, certain states have instilled Safe Harbor Laws that say, If you comply with these requirements, we'll provide you some liability protection. [7:45] Katherine recommends that you read the paper to see what the laws are in your state. The purpose of the paper is to describe some of those Safe Harbor laws, as well as all the risks. [8:04] October 14th, the date this episode is released, is World Standards Day. Hal calls that good news. Justin says the report has a correlation with the standards in the risk field. [8:43] Justin states that many states tie Safe Harbor eligibility to frameworks like NIST, the ISO/IEC 27000, and CIS Controls. [9:27] Hal says, There are several standards, and it would be up to the Chief Information Security Officer to guide a company on which framework might be most appropriate for them. There are the NIST, UL, and ISO, and they overlap quite a bit. [9:56] These are recognized standards. In some states, if a company has met this standard of cybersecurity, a lawsuit against the company for breach of its standard of care for maintaining its information systems would probably be defensible for having met a recognized standard. [10:23] Katherine adds that as risk managers, we can't make the decision about which of these external standards is the best. Many organizations have a Cybersecurity Officer responsible for this. [10:44] For smaller organizations, there are other options, including outsourcing to a vendor. Their insurance companies may have recommendations. So you're not on your own in making this decision. [11:14] Katherine says firms should definitely aim for one recognized standard. Katherine recommends you try to adhere to the highest standard. If you are global, you need to be conscious of standards in other countries. [11:46] Hal says California tends to have the highest standards for privacy and data protection. If you're a financial services company, you're subject to New York State's Department of Financial Services Cyber Regulation. [12:02] If you're operating in Europe, GDPR is going to be the guiding standard for what you should do. Hal agrees with Katherine: Any company that spans multiple states should pick the highest standard and stick to that, rather than try to implement five or 52 standards. [12:23] When you're overseas, you may not be able to just pick the highest standard; there are challenges in going from one country or region of Europe back to the U.S. If one is higher, it will probably be easier. [12:38] There are major differences between the U.S., which has little Federal protection, vs. state protection. [13:10] Katherine says if you don't have the internal infrastructure, and you can't afford that infrastructure, the best thing is to pivot to an outside vendor. There are many available, with a broad price range. Your cyber insurer may also have some vendors they already work with. [13:40] Hal would add, Don't just think about Safe Harbors. That's just a legal defense. Think about how you reduce the risk by adopting standards or hiring outside firms that will provide that kind of risk protection and IT management. [13:59] If they're doing it right, they may tell you the standards they use, and they may have additional protocols, whether or not they fall within those standards, that would also be desirable. A mid-sized firm is probably outsourcing it to begin with. [14:21] They have to be thinking about it as risk, rather than just Safe Harbor. You have to navigate to the Safe Harbor. You don't just get there. [14:31] Quick Break! RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through the 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [14:50] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [15:03] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [15:16] The RIMS Legislative Summit 2026 is mentioned during today's episode. Be sure to mark your calendar for March 18th and 19th in Washington, D.C. Keep those dates open. [15:28] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates.  [15:41] Let's return to our interview with Katherine Henry and Hal Weston! [15:54] We're talking about their new paper, “A 2025 Cybersecurity Legal Safe Harbor Overview”. Katherine mentions that some businesses are regulated. They have to comply with external regulatory standards. [16:38] Other small brick-and-mortar businesses may not have any standards they have to comply with. They look for what to do to protect themselves from cyber risk, and how to tell others they are doing that. [16:54] If you can meet the standards of Safe Harbor laws, a lot of which are preventative, before a breach, you can inform your customers, “These are the protections we have for your data.” You can tell your board, “These are the steps we're taking in place.” [17:13] You can look down the requirements of the Safe Harbor law in your state or a comparable state, and see steps you can take in advance so you can say, “We are doing these things and that makes our system safer for you and protects your data.” [17:34] Hal says you don't want to have a breach, and if you do, it would be embarrassing to admit you were late applying a patch, implementing multi-factor authentication, or another security measure. By following standards of better cyber protection, you avoid those exposures. [18:07] Hal says every company has either been hacked and knows it, or has been hacked and doesn't know it. If you're attacked by a nation-state that is non-preventable, you're in good shape. [18:26] If you're attacked because you've left some ports open on your system, or other things that are usually caught in cybersecurity analyses or assessments, that's the embarrassing part. You don't want to be in that position. [18:43] Katherine says it's not just your own systems, but if you rely on vendors, you want to ensure that the vendors have the proper security systems in place so that your data, to the extent that it's transmitted to them, is not at risk. [19:07] Also, make sure that your vendors have cyber insurance and that you're an additional insured on that vendor's policy if there's any potential exposure. [19:22] Hal says If you're using a cloud provider, do you understand what the cloud provider is doing? In most cases, they will provide better security than what you could do on your own, but there have been news stories that even some of those have not been perfect. [20:22] Hal talks about the importance of encryption. It's in the state statutes and regulations. There have been news stories of companies that didn't encrypt their data on their servers or in the cloud, and didn't understand encryption, when a data breach was revealed. [20:52] Hal places multi-factor authentication up with encryption in importance. There was a case brought against a company that did not have MFA, even though it said on its application on the cyber policy that the company used it. [21:13] Hal says these are standard, basic things that no company should be missing. If you don't know that your data is encrypted, get help fast to figure that out. [21:51] Hal has also seen news stories of major companies where the Chief Technology Officer has been sued individually, either by the SEC or others, for not doing it right. [22:07] Katherine mentions there are insurance implications. If you mistakenly state you're providing some sort of protection on your insurance application that you're not providing, the insurer can rescind your coverage, so you have no coverage in place at all. [22:23] Katherine says, These are technical safeguards, but we know the human factor is one of the greatest risks in cybersecurity. Having training for everyone who has access to your computer system, virtually everyone in your organization, is very important. [22:49] Have a test with questions like, Is this a spam email or a real email? There are some vendors who can do all this for you. Statistics show that the human element is one of the most significant problems in cybersecurity protection. [23:05] Justin says it's October, Cybersecurity Awareness Month in the U.S. Last week's guest, Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL, said the number one cyber risk is human error, like clicking the phishing link.  [23:45] Justin brings up that when he was recently on vacation, he got an email on his personal email account, “from his CEO,” asking him to handle something for them. Justin texted somebody else at RIMS, asking if they got the same email, and they hadn't. [24:14] Justin sent the suspect email to the IT director to handle. You have to be vigilant. Don't let your guard down for a second. [24:48] Katherine has received fake emails, as well. [24:51] Hal says it has happened to so many people. Messages about gift cards or the vendor having a new bank account. Call the vendor that you know and ask what this is. [25:12] Hall continues. It's important to train employees in cybersecurity, making sure that they are using a VPN when they are outside of the office, or even a VPN that's specific to your company. [25:32] Hal saw in the news recently that innocent-looking PDF files can harbor lots of malware. If you're not expecting a PDF file from somebody, don't click on that, even if you know them. Get verification. Start a new thread with the person who sent it and ask if it is a legitimate PDF. [26:08] Justin says of cybercriminals that they are smart and their tactics evolve faster than legislation. How can organizations anticipate the next generation of threats? [26:34] Katherine says, You need to have an infrastructure in your organization that does that, or you need to go to an outside vendor. You need some sort of protection, internally or externally. [27:11] Katherine says she works with CFOs all the time. If an organization isn't large enough to have a risk manager, it's a natural fit for the CFO, who handles finances, to handle insurance. When it comes to cybersecurity, a CFO needs help. [27:46] The CFO should check the cyber policy to see what support services are already there and see if there are any that are preventative, vs. after a breach. If there are not, Katherine suggests pivoting to an outside vendor. [28:07] Hal continues, This interview is for RIMS members who are risk managers and the global risk community. Risk managers don't claim to know all the risk control measures throughout a company. They rely upon the experts in the company and outside. [28:29] If the CFO is the risk manager, he or she has big gaps in expertise needed for risk management. It's the same for the General Counsel running risk management. Risk managers are known for having small staffs and working with everybody else to get the right answers. [28:55] If you're dealing with the CFO or General Counsel in those roles, they need to be even more mindful to work with the right experts for guidance. [29:09] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [29:26] He is back, just to deliver a quick message about what you can expect from his keynote on “AI and the Future of Risk.” Dan, welcome back to RIMScast! [29:37] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th at the RIMS ERM Conference 2025 in Seattle, Washington. [29:52] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [30:10] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, “AI and the Future of Risk Management,”  and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [30:29] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [30:40] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [30:48] Let's Conclude Our Interview about Navigating Cyber and IT Practices to Legal Safe Harbors with Katherine Henry and Hal Weston! [31:17] Katherine tells about how Safe Harbor compliance influences cyber insurance. If your organization applies for cyber insurance and you can't meet some minimum threshold that will be identified on the application, the insurer will not even offer you cyber insurance. [31:34] You need to have some cyber protections in place. That's just to procure insurance. Cyber insurance availability is growing. Your broker can bring you more insurers to quote if you can show robust safeguards. [32:05] After the breach, your insurer is supposed to step in to help you. Your insurer will be mindful of whether or not your policy application is correct and that you have all these protections in place. [32:21] The more protections you have, the quicker you might be able to shut down the breach, and the resulting damage from the breach, and that will lower the resulting cost of the claim and have less of an impact on future premiums. [32:36] If the cyber insurer just had to pay out the limits because something wasn't in place, that quote next year is not going to look so pretty. Your protections have a direct impact on both the availability and cost of coverage. [32:50] Justin mentions that the paper highlights Connecticut, Tennessee, Iowa, Ohio, Utah, and Oregon as the states with Safe Harbor laws. The Federal requirements are also listed. Katherine expects that more states will offer Safe Harbor laws as cybercrime lawsuits increase. [33:42] Hal says Oregon, Ohio, and Utah were the leaders in creating Safe Harbors. Some of the other states have followed. Safe Harbor is a statutory protection against liability claims brought by the public. [34:06] In other states, you can't point to a statute that gives protection, but you can say you complied with the highest standards in the nation, and you probably have a pretty defensible case against a claim for not having kept up with your duty to protect against a cyber attack. [34:55] Hal adds that every company is going to be sued, and the claim is that you failed to do something. If you have protected yourself with all the known best practices, as they evolve, what more is a company supposed to do? [35:18] The adversaries are nation-states; they are professional criminals, sometimes operating under the protection of nation-states, and they're using artificial intelligence to craft even more devious ways to get in. [36:19] Katherine speaks from a historical perspective. A decade ago, cyber insurance was available, but there was no appetite for it. There wasn't an understanding of the risk. [36:32] As breaches began to happen and to multiply, in large amounts of exposure, with companies looking at millions of dollars in claims, interest grew. Katherine would be surprised today if any responsible board didn't take cyber risk extremely seriously. [36:55] The board's decision now is what limits to purchase and from whom, and not, “Should we have cyber insurance at all?” Katherine doesn't think it's an issue anymore in any medium-sized company. [37:17] The risk manager should present to the board, “We benchmark. Our broker benchmarks. Companies of our size have had this type of claim, with this type of exposure, and they've purchased this amount of limits. We need to be at least in that place.” Boards will be receptive. [37:43] If they are not receptive, put on a PowerPoint with all the data that's out there about how bad the situation is. The average cost of a breach is well over $2 million. The statistics are quite alarming. A wise decision-maker will understand that you need to procure this coverage. [38:10] Katherine says, from the cybersecurity side, you procure the coverage, you protect the company, and take advantage of the Safe Harbors. All of those things come together with the preventative measures we've been talking about. [38:24] You can show your decision-makers and stakeholders that if you do all those things, comply with these Safe Harbor provisions, you're going to minimize your exposure, increase the availability of insurance, and keep your premiums down. It's a win-win package. [38:41] Justin says, It has been such a pleasure to meet you, Hal, and thank you for joining us. Katherine, it is an annual pleasure to see you. We're going to see you, most likely, at the RIM Legislative Summit, March 18th and 19th, 2026, in Washington, D.C. [39:01] Details to come, at RIMS.org/Advocacy. Katherine, you'll be there to answer questions. Katherine looks forward to the Summit. She has gone there for years. It's a great opportunity for risk managers to speak directly to decision-makers about things that are important to them. [39:42] Special thanks again to Katherine Henry and Hal Weston for joining us here today on RIMScast! Remember to download the new RIMS Legislative Review, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [39:58] We are past the 30-day mark now, so the review is publicly available through the Risk Knowledge Page of RIMS.org. You can also visit RIMS.org/Advocacy for more information. In this episode's notes, I've got links to Katherine's prior RIMScast appearances. [40:18] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [40:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [41:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [41:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [41:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [41:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [42:05] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS Professional Report: “A 2025 Cybersecurity Legal Safe Harbor Overview” RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS ERM Conference 2025 — Nov. 17‒18 RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now Cybersecurity Awareness Month World Standards Day — Oct 14, 2025 Upcoming RIMS Webinars: RIMS.org/Webinars “Jury Dynamics: How Juries Shape Today's Legal Landscape” | Oct. 16, 2025 | Sponsored by Zurich “Parametric Insurance: Providing Financial Certainty in Uncertain Times” | Oct. 30, 2025 | Sponsored by Swiss Re “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World” | Nov. 6 | Sponsored by Hub   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about Cyber and with Katherine Henry: “National Cybersecurity Awareness Month 2025 with Gwenn Cujdik” “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” “Legal and Risk Trends with Kathrine Henry (2023)”   Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company Demystifying Multinational Fronting Insurance Programs | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Katherine Henry, Partner and Chair of the Policyholder Coverage Practice, Bradley, Arant, Boult, and Cummings   Harold Weston, Clinical Associate Professor and WSIA Distinguished Chair in Risk Management and Insurance, Georgia State University College of Law Production and engineering provided by Podfly.  

Listen in as your host Just Nate talks with Mike Crandal, CEO and co-founder of Digital Beachhead. The Urgency of CMMC 2.0: November 10th is the date for Article 48 implementation, making CMMC a mandatory default clause in all new DoD solicitations. Many small businesses are panicked because they didn't believe it would actually happen.A History Lesson in Compliance: The discussion traces the evolution from DFARS 7012 to DFARS 7019, which introduced NIST 800-171 controls and the PoAM (Program of Action and Milestones) system. CMMC was created to replace the unreliable self-attestation and perpetual PoAMs.CMMC 2.0 Levels and Requirements:Level 1 (FCI): For Federal Contract Information (FCI) only. Requires 15 controls and allows for self-assessment by a senior company representative.Level 2 (CUI): For Controlled Unclassified Information (CUI). Requires all 110 NIST 800-171 controls and 320 objectives. Self-attestation is allowed for the first 12 months, but prime contractors (like Lockheed or Boeing) can still demand 3CPAO certification immediately.Understanding CUI: CUI (Controlled Unclassified Information) is a major gray area often defined differently by each government customer. They stress that CUI is not a security classification but a marking, and contractors should only mark information as CUI if the government has explicitly designated it as such.The Insurance Factor: Cyber insurance companies are now increasingly requiring CMMC-Level certification before they will pay out on a ransomware or data breach claim, making compliance an essential part of risk management.The Assessment Process: Mike outlines the four phases of a CMMC assessment by a C3PAO (like Digital Beach Head):Pre-assessment: Initial review of your data and readiness.Interview & On-site Visit: A deep dive into paperwork, controls, and physical security.Certification: Receiving a final or conditional certification.EMAS Upload: Submitting the results to the government's official system.The typical process for a small business takes three to four weeks.Cost & Strategy for Small Businesses: The average cost for a Level 2 assessment for a small business is between $40K and $50K (a one-time payment for the three-year certification). For companies with only a small portion of DoD work, they recommend creating a secure, isolated enclave (like a GCC High or Cloud PC VDI solution) to reduce the scope—and cost—of the assessment.

VHEADLINE: DeepSeek AI: Chinese LLM Performance and Security Flaws Revealed Amid Semiconductor Export Circumvention GUEST NAME: Jack Burnham SUMMARY: John Batchelor speaks with Jack Burnham about competition in Large Language Models between the US and China's DeepSeek. A NIST study found US models superior in software engineering, though DeepSeek showed parity in scientific questions. Critically, DeepSeek models exhibited significant security flaws. China attempts to circumvent US export controls on GPUs by smuggling and using cloud computing centers in Southeast Asia. Additionally, China aims to dominate global telecommunications through control of supply chains and legal mechanisms granting the CCP access to firm data. 1942

VHEADLINE: DeepSeek AI: Chinese LLM Performance and Security Flaws Revealed Amid Semiconductor Export Circumvention GUEST NAME: Jack Burnham SUMMARY: John Batchelor speaks with Jack Burnham about competition in Large Language Models between the US and China's DeepSeek. A NIST study found US models superior in software engineering, though DeepSeek showed parity in scientific questions. Critically, DeepSeek models exhibited significant security flaws. China attempts to circumvent US export controls on GPUs by smuggling and using cloud computing centers in Southeast Asia. Additionally, China aims to dominate global telecommunications through control of supply chains and legal mechanisms granting the CCP access to firm data.E 1959

CBS EYE ON THE WORLD WITH JOHN BATCHELOR 1900 KYIV THE SHOW BEGINS IN THE DOUBTS THAT CONGRESS IS CAPABLE OF CUTTING SPENDING..... 10-8-25 FIRST HOUR 9-915 HEADLINE: Arab Intellectuals Fail Palestinians by Prioritizing Populism and Victimhood Narrative in Gaza ConflictGUEST NAME: Hussain Abdul-Hussain SUMMARY: John Batchelor speaks with Hussain Abdul-Hussain about Hamas utilizing the power of victimhood to justify atrocities and vilify opponents. Arab and Muslim intellectuals have failed Palestinians by prioritizing populism over introspection and self-critique. Regional actors like Egypt prioritize populist narratives over national interests, exemplified by refusing to open the Sinai border despite humanitarian suffering. The key recommendation is challenging the narrative and fostering a reliable, mature Palestinian government. 915-930 HEADLINE: Arab Intellectuals Fail Palestinians by Prioritizing Populism and Victimhood Narrative in Gaza ConflictGUEST NAME: Hussain Abdul-Hussain SUMMARY: John Batchelor speaks with Hussain Abdul-Hussain about Hamas utilizing the power of victimhood to justify atrocities and vilify opponents. Arab and Muslim intellectuals have failed Palestinians by prioritizing populism over introspection and self-critique. Regional actors like Egypt prioritize populist narratives over national interests, exemplified by refusing to open the Sinai border despite humanitarian suffering. The key recommendation is challenging the narrative and fostering a reliable, mature Palestinian government. 930-945 HEADLINE: Russian Oil and Gas Revenue Squeezed as Prices Drop, Turkey Shifts to US LNG, and China Delays Pipeline GUEST NAME: Michael Bernstam SUMMARY: John Batchelor speaks with Michael Bernstam about Russia facing severe budget pressure due to declining oil prices projected to reach $40 per barrel for Russian oil and global oil surplus. Turkey, a major buyer, is abandoning Russian natural gas after signing a 20-year LNG contract with the US. Russia refuses Indian rupee payments, demanding Chinese renminbi, which India lacks. China has stalled the major Power of Siberia 2 gas pipeline project indefinitely. Russia utilizes stablecoin and Bitcoin via Central Asian banks to circumvent payment sanctions. 945-1000 HEADLINE: UN Snapback Sanctions Imposed on Iran; Debate Over Nuclear Dismantlement and Enrichment GUEST NAME: Andrea Stricker SUMMARY: John Batchelor speaks with Andrea Stricker about the US and Europe securing the snapback of UN sanctions against Iran after 2015 JCPOA restrictions expired. Iran's non-compliance with inspection demands triggered these severe sanctions. The discussion covers the need for full dismantlement of Iran's nuclear program, including both enrichment and weaponization capabilities, to avoid future conflict. Concerns persist about Iran potentially retaining enrichment capabilities through low-level enrichment proposals and its continued non-cooperation with IAEA inspections. SECOND HOUR 10-1015 HEADLINE: Commodities Rise and UK Flag Controversy: French Weather, Market Trends, and British Politics GUEST NAME: Simon Constable SUMMARY: John Batchelor speaks with Simon Constable about key commodities like copper up 16% and steel up 15% signaling strong economic demand. Coffee prices remain very high at 52% increase. The conversation addresses French political turmoil, though non-citizens cannot vote. In the UK, the St. George's flag has become highly controversial, viewed by some as associated with racism, unlike the Union Jack. This flag controversy reflects a desire among segments like the white working class to assert English identity. 1015-1030 HEADLINE: Commodities Rise and UK Flag Controversy: French Weather, Market Trends, and British Politics GUEST NAME: Simon Constable SUMMARY: John Batchelor speaks with Simon Constable about key commodities like copper up 16% and steel up 15% signaling strong economic demand. Coffee prices remain very high at 52% increase. The conversation addresses French political turmoil, though non-citizens cannot vote. In the UK, the St. George's flag has become highly controversial, viewed by some as associated with racism, unlike the Union Jack. This flag controversy reflects a desire among segments like the white working class to assert English identity. 1030-1045 HEADLINE: China's Economic Contradictions: Deflation and Consumer Wariness Undermine GDP Growth ClaimsGUEST NAME: Fraser Howie SUMMARY: John Batchelor speaks with Fraser Howie about China facing severe economic contradictions despite high World Bank forecasts. Deflation remains rampant with frequently negative CPI and PPI figures. Consumer wariness and high youth unemployment at one in seven persist throughout the economy. The GDP growth figure is viewed as untrustworthy, manufactured through debt in a command economy. Decreased container ship arrivals point to limited actual growth, exacerbated by higher US tariffs. Economic reforms appear unlikely as centralization under Xi Jinping continues. 1045-1100 HEADLINE: Takaichi Sanae Elected LDP Head, Faces Coalition Challenge to Become Japan's First Female Prime Minister GUEST NAME: Lance Gatling SUMMARY: John Batchelor speaks with Lance Gatling about Takaichi Sanae being elected head of Japan's LDP, positioning her to potentially become the first female Prime Minister. A conservative figure, she supports visits to the controversial Yasukuni Shrine. Her immediate challenge is forming a majority coalition, as the junior partner Komeito disagrees with her conservative positions and social policies. President Trump praised her election, signaling potential for strong bilateral relations. THIRD HOUR 1100-1115 VHEADLINE: DeepSeek AI: Chinese LLM Performance and Security Flaws Revealed Amid Semiconductor Export Circumvention GUEST NAME: Jack Burnham SUMMARY: John Batchelor speaks with Jack Burnham about competition in Large Language Models between the US and China's DeepSeek. A NIST study found US models superior in software engineering, though DeepSeek showed parity in scientific questions. Critically, DeepSeek models exhibited significant security flaws. China attempts to circumvent US export controls on GPUs by smuggling and using cloud computing centers in Southeast Asia. Additionally, China aims to dominate global telecommunications through control of supply chains and legal mechanisms granting the CCP access to firm data.E V 1115-1130 HEADLINE: DeepSeek AI: Chinese LLM Performance and Security Flaws Revealed Amid Semiconductor Export Circumvention GUEST NAME: Jack Burnham SUMMARY: John Batchelor speaks with Jack Burnham about competition in Large Language Models between the US and China's DeepSeek. A NIST study found US models superior in software engineering, though DeepSeek showed parity in scientific questions. Critically, DeepSeek models exhibited significant security flaws. China attempts to circumvent US export controls on GPUs by smuggling and using cloud computing centers in Southeast Asia. Additionally, China aims to dominate global telecommunications through control of supply chains and legal mechanisms granting the CCP access to firm data. 1130-1145 HEADLINE: Taiwanese Influencer Charged for Threatening President; Mainland Chinese Influence Tactics ExposedGUEST NAME: Mark Simon SUMMARY: John Batchelor speaks with Mark Simon about internet personality Holger Chen under investigation in Taiwan for calling for President William Lai's decapitation. This highlights mainland Chinese influence operations utilizing influencers who push themes of military threat and Chinese greatness. Chen is suspected of having a mainland-affiliated paymaster due to lack of local commercial support. Taiwan's population primarily identifies as Taiwanese and is unnerved by constant military threats. A key propaganda goal is convincing Taiwan that the US will not intervene. 1145-1200 HEADLINE: Sentinel ICBM Modernization is Critical and Cost-Effective Deterrent Against Great Power CompetitionGUEST NAME: Peter Huessy SUMMARY: John Batchelor speaks with Peter Huessy about the Sentinel program replacing aging 55-year-old Minuteman ICBMs, aiming for lower operating costs and improved capabilities. Cost overruns stem from necessary infrastructure upgrades, including replacing thousands of miles of digital command and control cabling and building new silos. Maintaining the ICBM deterrent is financially and strategically crucial, saving hundreds of billions compared to relying solely on submarines. The need for modernization reflects the end of the post-Cold War "holiday from history," requiring rebuilding against threats from China and Russia. FOURTH HOUR 12-1215 HEADLINE: Supreme Court Battles Over Presidential Impoundment Authority and the Separation of Powers GUEST NAME: Josh Blackman SUMMARY: John Batchelor speaks with Josh Blackman about Supreme Court eras focusing on the separation of powers. Currently, the court is addressing presidential impoundment—the executive's authority to withhold appropriated funds. Earlier rulings, particularly 1975's Train v. City of New York, constrained this power. The Roberts Court appears sympathetic to reclaiming presidential authority lost during the Nixon era. The outcome of this ongoing litigation will determine the proper balance between executive and legislative branches. 1215-1230 HEADLINE: Supreme Court Battles Over Presidential Impoundment Authority and the Separation of Powers GUEST NAME: Josh Blackman SUMMARY: John Batchelor speaks with Josh Blackman about Supreme Court eras focusing on the separation of powers. Currently, the court is addressing presidential impoundment—the executive's authority to withhold appropriated funds. Earlier rulings, particularly 1975's Train v. City of New York, constrained this power. The Roberts Court appears sympathetic to reclaiming presidential authority lost during the Nixon era. The outcome of this ongoing litigation will determine the proper balance between executive and legislative branches. 1230-1245 HEADLINE: Space Force Awards Contracts to SpaceX and ULA; Juno Mission Ending, Launch Competition Heats UpGUEST NAME: Bob Zimmerman SUMMARY: John Batchelor speaks with Bob Zimmerman about Space Force awarding over $1 billion in launch contracts to SpaceX for five launches and ULA for two launches, highlighting growing demand for launch services. ULA's non-reusable rockets contrast with SpaceX's cheaper, reusable approach, while Blue Origin continues to lag behind. Other developments include Firefly entering defense contracting through its Scitec acquisition, Rocket Lab securing additional commercial launches, and the likely end of the long-running Juno Jupiter mission due to budget constraints. 1245-100 AM HEADLINE: Space Force Awards Contracts to SpaceX and ULA; Juno Mission Ending, Launch Competition Heats UpGUEST NAME: Bob Zimmerman SUMMARY: John Batchelor speaks with Bob Zimmerman about Space Force awarding over $1 billion in launch contracts to SpaceX for five launches and ULA for two launches, highlighting growing demand for launch services. ULA's non-reusable rockets contrast with SpaceX's cheaper, reusable approach, while Blue Origin continues to lag behind. Other developments include Firefly entering defense contracting through its Scitec acquisition, Rocket Lab securing additional commercial launches, and the likely end of the long-running Juno Jupiter mission due to budget constraints.

Fraud rates in the public sector are estimated at 20%, compared to 3% in the private sector. Some estimate the loss to the federal government at over $500 billion. Today, we sat down with Haywood Talcove, the CEO of LexisNexis Special Services. He presents listeners with shocking statistics on fraud, shares personal stories, and offers suggestions to help taxpayers overcome this loss of money. FRAUD Talcove begins by noting the fraud rate in the federal government before COVID was a paltry 0.1%. No news there. However, during the COVID-19 pandemic, federal employees were legally obligated to disperse funds promptly. They became more concerned about sending out money than maintaining precise accounting. PERSONAL STORY During the interview, Talcove recounts the story of how a bank teller defrauded his mother. He details the frustration in just trying to uncover the fraud. After many attempts, he collaborated with local police to discover the method of the attack. SOLUTIONS The fact of the matter is that an employee of AMEX has a strong interest in preventing fraud. In contrast, many in the federal government are more concerned about compliance with directives than avoiding loss. NIST has a recent update standard, NIST SP 800-64 Digital Identity Guidelines, but criminals move faster than federal regulations can keep up. The solution is obvious: to improve data sharing between government agencies. Next, learn from the private sector how to identify and stop fraud more effectively. What can a consumer do? ·      One   credit bureau  freeze closed. ·      Two  informed delivery  post offices ·      Three  county alerts on title ·      Four  text messages alert any transaction  -- know quickly.  

Tyler chats with Andrew Black, co-founder and CEO of Kovr.ai and former AWS Emerging Tech lead, about the unsexy work that makes mission software real: turning security and compliance into something fast, predictable, and built into the dev loop. Andrew explains how Kovr.ai reads system docs, maps to NIST 800-53, drafts control implementations, flags gaps, and recommends fixes, so engineers focus on high-judgment problems while AOs and risk owners get reliable packages that move.What's happening on the Second Front:The true Valley of Death, speed and scale in productionAI that automates SSPs, findings, and control mappingHow to make compliance native to CI and CD with JIRA, Jenkins, SIEMWhy fixed-price software and clear architecture matter for customersCulture over strategy, setting weekly “big rocks,” hiring for gritConnect with AndrewLinkedIn: Andrew BlackConnect with TylerLinkedIn: Tyler Sweatt

This is a recap of the top 10 posts on Hacker News on October 05, 2025. This podcast was generated by wondercraft.ai (00:30): Fire destroys S. Korean government's cloud storage system, no backups availableOriginal post: https://news.ycombinator.com/item?id=45483386&utm_source=wondercraft_ai(01:54): Americans increasingly see legal sports betting as a bad thing for societyOriginal post: https://news.ycombinator.com/item?id=45478749&utm_source=wondercraft_ai(03:18): Social Cooling (2017)Original post: https://news.ycombinator.com/item?id=45479165&utm_source=wondercraft_ai(04:42): Personal data storage is an idea whose time has comeOriginal post: https://news.ycombinator.com/item?id=45480106&utm_source=wondercraft_ai(06:06): The deadline isn't when AI outsmarts us – it's when we stop using our own mindsOriginal post: https://news.ycombinator.com/item?id=45480622&utm_source=wondercraft_ai(07:30): Way past its prime: how did Amazon get so rubbish?Original post: https://news.ycombinator.com/item?id=45479103&utm_source=wondercraft_ai(08:54): Beginner Guide to VPS Hetzner and CoolifyOriginal post: https://news.ycombinator.com/item?id=45480506&utm_source=wondercraft_ai(10:18): Ambigr.amOriginal post: https://news.ycombinator.com/item?id=45478780&utm_source=wondercraft_ai(11:42): Retiring Test-Ipv6.comOriginal post: https://news.ycombinator.com/item?id=45481609&utm_source=wondercraft_ai(13:06): NIST's DeepSeek "evaluation" is a hit pieceOriginal post: https://news.ycombinator.com/item?id=45482106&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Major federal cybersecurity programs expire amidst the government shutdown. Global leaders and experts convene in Riyadh for the Global Cybersecurity Forum. NIST tackles removable media. ICE buys vast troves of smartphone location data. Researchers claim a newly patched VMware vulnerability has been a zero-day for nearly a year. ClickFix-style attacks surge and spread across platforms. Battering RAM defeats memory encryption and boot-time defenses. A new phishing toolkit converts ordinary PDFs into interactive lures. A trio of breaches exposes data of 3.7 million across North America. Tim Starks from CyberScoop unpacks a report from Senate Democrats on DOGE. The Lone Star State proves even the internet isn't bulletproof.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks, Senior Reporter from CyberScoop, is back and joins Dave to discuss a report from Senate Democrats on the Department of Government Efficiency (DOGE). You can read Tim's article on the subject here. Selected Reading Cyber information-sharing law and state grants set to go dark as Congress stalls over funding (The Record) Live - Global Cybersecurity Forum in Riyadh tackles how technology can shape future of cyberspace (Euronews) NIST Publishes Guide for Protecting ICS Against USB-Borne Threats (SecurityWeek) ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day (404 Media) Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability (SecurityWeek) Don't Sweat the ClickFix Techniques: Variants & Detection Evolution (Huntress) Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device (SecurityWeek) New MatrixPDF toolkit turns PDFs into phishing and malware lures (Bleeping Computer) 3.7M breach notification letters set to flood North America's mailboxes (The Register) A Bullet Crashed the Internet in Texas (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Crime, Cocktails & BS, we're joined by the radiant Theresa Nist, fresh from Golden Bachelor fame, to break down Season 2, Episode 1. From first impressions and standout entrances to the biggest surprises of the night, Theresa shares her unique perspective on the Golden journey, life after the spotlight, and what it really feels like to step into Bachelor Nation.Grab a cocktail and settle in as Kajsa and Alex mix laughs, hot takes, and a little BS with one of the most beloved women in Bachelor history. Whether you're here for the roses, the drama, or the insider tea, this is an episode you won't want to miss.

It's been over a year since we've talked about cybersecurity on Manufacturing Happy Hour, and with AI changing the game completely, we're overdue for a refresh. Around 80-85% of the global industry doesn't have basic defense at the edge of their networks; that's a sobering statistic.Felipe Sabino Costa, Senior Product Manager for Networking and Cybersecurity at Moxa, joins the show to break down why Operational Technology (OT) security matters more than ever. Manufacturers need to transmit massive amounts of data for AI and predictive analytics, but they're working with 15–20-year-old infrastructure that wasn't built for this.The good news is, Felipe shares practical frameworks like NIST and IEC 62443 (which he compares to nutrition labels) that help manufacturers build security into their operations. The key takeaway? There's no silver bullet; it's about building layers of defense and finding the right partners.In this episode, find out:Why OT data has shifted from historical logging to real-time predictive powerThe bandwidth issue hitting intelligent transportation systems and semiconductor manufacturingHow AI enables attackers to adapt their attacks in real-timeWhy 80-85% of global industry lacks protectionFelipe's nutrition label analogy for understanding security certificationsThe difference between thinking your air-gapped and actually being air-gappedWhy defense requires multiple layers of securityFelipe's outlook on the future of OT networksEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“We used to be air-gapped or isolated. And many of the companies, they still think that they are, but they are not anymore. To be really air-gapped, I shouldn't have any way to send data.”“Give and take, 80% of the global industry, including the US, does not have these specific layers of defense. They have some defense, but they have nearly zero protection close to the process itself.”“There is no silver bullet. We are seeing this shift right from how we used to do security. A strategy should be way more sophisticated.”Links & mentions:OT Network Security: Investment & Segmentation Strategies, a webinar that addresses the financial and operational risks posed by cyber threats while offering hands-on guidance for OT network security Futureproof Industrial Networks, a website shares how to design and implement a robust, secure, and efficient network infrastructure that can meet the demands of modern industrial environments and optimize operational processesMoxa, delivering the reliable and secure connectivity foundation that advanced analytics and AI depend on, with solutions in edge connectivity, industrial computing, and network infrastructure Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

Podcast: Manufacturing Happy Hour (LS 43 · TOP 1% what is this?)Episode: 255: How AI is Reshaping Security and OT Network Requirements featuring Felipe Sabino Costa, Sr. Product Manager for Networking & Cybersecurity at MoxaPub date: 2025-09-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIt's been over a year since we've talked about cybersecurity on Manufacturing Happy Hour, and with AI changing the game completely, we're overdue for a refresh. Around 80-85% of the global industry doesn't have basic defense at the edge of their networks; that's a sobering statistic.Felipe Sabino Costa, Senior Product Manager for Networking and Cybersecurity at Moxa, joins the show to break down why Operational Technology (OT) security matters more than ever. Manufacturers need to transmit massive amounts of data for AI and predictive analytics, but they're working with 15–20-year-old infrastructure that wasn't built for this.The good news is, Felipe shares practical frameworks like NIST and IEC 62443 (which he compares to nutrition labels) that help manufacturers build security into their operations. The key takeaway? There's no silver bullet; it's about building layers of defense and finding the right partners.In this episode, find out:Why OT data has shifted from historical logging to real-time predictive powerThe bandwidth issue hitting intelligent transportation systems and semiconductor manufacturingHow AI enables attackers to adapt their attacks in real-timeWhy 80-85% of global industry lacks protectionFelipe's nutrition label analogy for understanding security certificationsThe difference between thinking your air-gapped and actually being air-gappedWhy defense requires multiple layers of securityFelipe's outlook on the future of OT networksEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“We used to be air-gapped or isolated. And many of the companies, they still think that they are, but they are not anymore. To be really air-gapped, I shouldn't have any way to send data.”“Give and take, 80% of the global industry, including the US, does not have these specific layers of defense. They have some defense, but they have nearly zero protection close to the process itself.”“There is no silver bullet. We are seeing this shift right from how we used to do security. A strategy should be way more sophisticated.”Links & mentions:OT Network Security: Investment & Segmentation Strategies, a webinar that addresses the financial and operational risks posed by cyber threats while offering hands-on guidance for OT network security Futureproof Industrial Networks, a website shares how to design and implement a robust, secure, and efficient network infrastructure that can meet the demands of modern industrial environments and optimize operational processesMoxa, delivering the reliable and secure connectivity foundation that advanced analytics and AI depend on, with solutions in edge connectivity, industrial computing, and network infrastructure Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Topics covered in this episode: * pandas is getting pd.col expressions* * Cline, At-Cost Agentic IDE Tooling* * uv cheatsheet* Ducky Network UI Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pandas is getting pd.col expressions Marco Gorelli Next release of Pandas will have pd.col(), inspired by some of the other frameworks I'm guessing Pandas 2.3.3? or 2.4.0? or 3.0.0? (depending on which version they bump?) “The output of pd.col is called an expression. You can think of it as a delayed column - it only produces a result once it's evaluated inside a dataframe context.” It replaces many contexts where lambda expressions were used Michael #2: Cline, At-Cost Agentic IDE Tooling Free and open-source Probably supports your IDE (if your IDE isn't a terminal) VS Code VS Code Insiders Cursor Windsurf JetBrains IDEs (including PyCharm) You pick plan or act (very important) It shows you the price as the AI works, per request, right in the UI Brian #3: uv cheatsheet Rodgrigo at mathspp.com Nice compact cheat sheet of commands for Creating projects Managing dependencies Lifecycle stuff like build, publish, bumping version uv tool (uvx) commands working with scripts Installing and updating Python versions plus venv, pip, format, help and update Michael #4: Ducky Network UI Ducky is a powerful, open-source, all-in-one desktop application built with Python and PySide6. It is designed to be the perfect companion for network engineers, students, and tech enthusiasts, combining several essential utilities into a single, intuitive graphical interface. Features Multi-Protocol Terminal: Connect via SSH, Telnet, and Serial (COM) in a modern, tabbed interface. SNMP Topology Mapper: Automatically discover your network with a ping and SNMP sweep. See a graphical map of your devices, color-coded by type, and click to view detailed information. Network Diagnostics: A full suite of tools including a Subnet Calculator, Network Monitor (Ping, Traceroute), and a multi-threaded Port Scanner. Security Toolkit: Look up CVEs from the NIST database, check password strength, and calculate file hashes (MD5, SHA1, SHA256, SHA512). Rich-Text Notepad: Keep notes and reminders in a dockable widget with formatting tools and auto-save. Customizable UI: Switch between a sleek dark theme and a clean light theme. Customize terminal colors and fonts to your liking. Extras Brian: Where are the cool kids hosting static sites these days? Moving from Netlify to Cloudflare Pages - Will Vincent from Feb 2024 Traffic is a concern now for even low-ish traffic sites since so many bots are out there Netlify free plan is less than 30 GB/mo allowed (grandfathered plans are 100 GB/mo) GH Pages have a soft limit of 100 GB/mo Cloudflare pages says unlimited Michael: PyCon Brazil needs some help with reduced funding from the PSF Get a ticket to donate for a student to attend (at the button of the buy ticket checkout dialog) I upgraded to macOS Tahoe Loving it so far. Only issue I've seen so far has been with alt-tab for macOS Joke: Hiring in 2025 vs 2021 2021: “Do you have an in-house kombucha sommelier?” “Let's talk about pets, are you donkey-friendly?”, “Oh you think this is a joke?” 2025: “Round 8/7” “Out of 12,000 resumes, the AI picked yours” “Binary tree? Build me a foundational model!” “Healthcare? What, you want to live forever?”

In this episode, James Maude sits down with Kevin E. Green, Chief Security Strategist at BeyondTrust, whose 25+ year career stretches from configuring Nokia firewalls in basements to shaping federal research initiatives. Kevin recalls how crashing systems during penetration tests at Ernst & Young was once considered a win - a “capture the flag” moment - and how he crossed paths with future industry leaders like Stuart McClure and George Kurtz, who went on to found Cylance. He shares his pivotal work in mapping NIST 800-53 controls to the MITRE ATT&CK framework, transforming static security catalogs into threat-informed heat maps that show which defenses light up against real-world attacks. Blending technical depth with cultural insight, Kevin also draws unexpected parallels between cybersecurity and hip-hop — from how attacker techniques echo rapper “signatures” to why his alter ego "Kevtorious" and his "Secure Coding by Nature" brand reflect the creativity and pattern recognition needed in both fields.

Do you want to use AI without losing trust? What frameworks help build trust and manage AI responsibly?  Can we really create trust while using AI?In this episode of the FIT4PRIVACY Podcast, host Punit Bhatia and digital trust expert Mark Thomas explain how to govern and manage AI in ways that build real trust with customers, partners, and society.This episode breaks down what it means to use AI responsibly and how strong governance can help avoid risks. You'll also learn about key frameworks like the ISO 42001, the EU AI Act, and the World Economic Forum's Digital Trust Framework—and how they can guide your AI practices.Mark and Punit also talk about how organizational culture, company size, and leadership affect how AI is used—and how trust is built (or lost). They discuss real-world tips for making AI part of your existing business systems, and how to make decisions that are fair, explainable, and trustworthy.

Join 23-year architect Richard Gage, AIA, in this feature-length documentary featuring cutting-edge 9/11 evidence from more than 50 top experts in their fields, including high-rise architects, structural engineers, physicists, chemical engineers, firefighters, metallurgists, explosives experts, controlled demolition technicians, and more. Each is highly qualified in his/her respective fields. Several have Ph. D.s -- including National Medal of Science awardee Lynn Margulis. She, along with the other experts, exposes the fraud of NIST and discusses how the scientific method should have been applied, and acknowledges the "overwhelming" evidence of high-temperature incendiaries in all dust samples of the WTC. High-rise architects and structural engineers lay out the evidence in the features of the destruction of these three high-rises that point inevitably to explosive controlled demolition. 9/11 family members and psychologists ground the technical information with heart-centered support for a new investigation and a close look at the psychology of 9/11in this milestone production of AE911Truth: http://911ExpertsSpeakOut.orgCopyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for ‘fair use' for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational, or personal use tips the balance in favor of fair use.

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

What AI website summaries mean for Internet economics. Time to urgently update Plex Servers (again). Allianz Life stolen data gets leaked. Chrome test Incognito-mode fingerprint script blocking. Chrome 140 additions coming in 2 weeks. Data brokers hide opt-out pages from search engines. Secure messaging changes in Russia. NIST rolls-out lightweight IoT crypto. SyncThing moves to v2.0 and beyond. Alien:Earth -- first take. What can we learn from another critical vulnerability? Show Notes - https://www.grc.com/sn/SN-1039-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit bitwarden.com/twit go.acronis.com/twit joindeleteme.com/twit promo code TWIT vanta.com/SECURITYNOW