Podcasts about nist

When NIST released the first post-quantum cryptography standards in August 2024, it set off a domino effect that will hopefully result in protecting the world from the quantum computing threat. Now that we're beginning to migrate and trust our data to lattice-based cryptography, it's a good time to examine how ML-KEM works and get some hints about how to implement it well. And who better to ask than one of the coauthors of the PQC standard? Join host Konstantinos Karagiannis for a wide-ranging chat with Joppe Bos from NXP, where they discuss the past and future of ML-KEM.  For more information on NXP, visit www.nxp.com/.  Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech.     Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.

In episode 141 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security®(CIS®); and Julie Haney, Computer Scientist & Human-Centered Cybersecurity Researcher at the National Institute of Standards and Technology (NIST). Together, they use a human-centered understanding of security to discuss password policies, including their benefits, drawbacks, and efficacy. Here are some highlights from our episode:01:03. Introductions to Phyllis and Julie03:34. How "human-centered cybersecurity" goes beyond just usability05:35. The use of NIST and other authoritative sources to dispel confusion in cybersecurity09:09. How password policies positively and negatively impact human behavior15:06. Three anecdotes that showcase the importance of context when enacting security policy21:49. The process of using NIST SP 800-63 to recommend password security best practices27:11. Our changing understanding of "the human element"29:23. The need to do cybersecurity awareness training "right" and measure its effectiveness31:30. Recognition of the absence of natural systems thinking in cybersecurity33:14. Psychological safety, feedback, and trust as foundations of security culture39:03. Human touchpoints as a starting point to help usability and security work togetherResourcesCIS Password Policy GuideNIST SP 800-63 Digital Identity GuidelinesEpisode 98: Transparency as a Tool to Combat Insider ThreatsEpisode 110: How Security Culture and Corporate Culture MeshWhy Employee Cybersecurity Awareness Training Is ImportantIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

This conversation delves into the intersection of quantum computing and cryptography, focusing on the implications of quantum computers for current encryption methods and the necessity for post-quantum cryptography. Dr. Dustin Moody from NIST discusses the threats posed by quantum computing, particularly through Shor's algorithm, and the ongoing efforts to develop new cryptographic standards that can withstand these threats. The discussion also covers the role of NIST in standardizing post-quantum algorithms, the mathematical challenges involved, and the importance of preparing businesses for the transition to these new systems. All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Takeaways Quantum computers harness principles of quantum physics for computation. Shor's algorithm can efficiently factor large numbers, threatening RSA encryption. Post-quantum cryptography aims to develop algorithms resistant to quantum attacks. NIST is leading the effort to standardize post-quantum cryptographic algorithms. Lattice-based algorithms are promising for post-quantum cryptography due to their efficiency. Businesses must be proactive in transitioning to post-quantum cryptography. The Harvest Now, Decrypt Later threat highlights the urgency of transitioning. Quantum key distribution offers theoretically perfect security. Different cryptographic algorithms are needed for various applications and devices. The future of cryptography will rely on new mathematical challenges to ensure security.Keywordsquantum computing, cryptography, post-quantum cryptography, NIST, cybersecurity, Shor's algorithm, digital signatures, lattice-based algorithms, encryption, quantum threatsSubscribe to Breaking Math wherever you get your podcasts. Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com

On this episode of The Founder's Sandbox, Brenda speaks with David Hirschfeld, owner of 18 year old business Tekyz, that boasts a hyperexceptional development team building high “ticket” products in the B2B space. They speak about ways in which AI is a gamechanger, how Tekyz backs their work for clients with relentless pursuit of quality, and how Tekyz practices ruthless compassion,to protect the company and enable it to grow Having collaborated with over 90 startups, he developed the Launch 1st Method—a systematic approach that minimizes risks and accelerates software company success with reduced reliance on investor funding, after observing that many companies launch a product first and then fail at a later stage – With Tekyz approach of Launch 1st exceptional founders are in love with the problem not the product.   David's expertise bridges cutting-edge AI technologies, workflow optimization, and startup ecosystem dynamics. When not transforming business strategies, he enjoys woodworking, golfing, and drawing leadership insights from his experience raising four successful sons. You can find out more about David and Tekyz at: https://sites.google.com/tekyz.com/david-hirschfeld?usp=sharing https://tekyz.podbean.com/ - Scaling Smarter Episodes. www.scalingsmarter.net - Schedule an interview https://www.linkedin.com/in/dhirschfeld/ https://x.com/tekyzinc https://www.linkedin.com/in/dhirschfeld/ https://www.facebook.com/dmhirschfeld       transcription:  00:04 Welcome  back to the Founders Sandbox.  I am Brenda McCabe, the host here on this monthly podcast, now in its third season. This podcast reaches entrepreneurs, business owners that are scaling. 00:31 professional service providers that provide services to these  entrepreneurs, and corporate board directors who, like me, are building resilient, purpose-driven, and scalable businesses with great corporate governance. My guests to this podcast are business owners themselves, professional service providers, and corporate directors who, like me, want to  use the power of the private company to build a better 01:01 world through storytelling with each of my guests in the sandbox. My goal is to provide a fun sandbox environment where we can equip one founder at a time to build a better world through great corporate governance. So today I'm absolutely delighted to have as my guest, David Hirschfeld. David is the owner and CEO of Techies, 17 or 18 year old business now that boasts 01:29 a hyper exceptional development team that are building high ticket products in the B2B space.  Welcome David to the Founder Sandbox. Hi Brenda and thanks for having me. Great. So I'm delighted that we  actually did a dry run in February.  We've known each other for some time  and AI, we're going to be touching on AI.  And I think that the world of AI 01:58 particularly in software development,  has changed significantly since we last spoke in February. So we're going to be getting into  some, I think, novel concepts for  the listeners of the Founder Sandbox. So I wanted to, you I always talk about how I like to work with  growth stage companies  that  typically are bootstrapped  and 02:26 It's only at a later stage do they seek institutional investment  by building great corporate governance  and reducing the reliance on investor funding  until such a time that they choose the right type of investors that can help them scale. So when I found out what you do at Techies with Launch First  and the type of work you do in B2B businesses, I absolutely wanted to have you here  on the  founder sandbox. 02:56 So let's jump right in, right? I think I'm eager to learn more about how to scale your bespoke development at Techies, right? To scale my own business? Okay. So there's a lot of different aspects to scaling my business and I bootstrapped for the last 18 years. 03:25 I've never taken any investment  with techies.  And I've  done that very specifically because  it gives me a lot of freedom. I don't have  a reporting structure that I have to worry about. That doesn't mean that I can be lazy with my team.  To grow my team, I have a philosophy 03:52 that I only hire people that are smarter than I am.  And the  ones that are in a position to hire, they can only hire people that are smarter than them. And by  really sticking to this philosophy, even though sometimes it makes us grow a little slower than we would like, it means that when we bring in people, those people  contribute immediately and contribute in a way 04:21 that it's our job to get the impediments out of their way and to facilitate them  so that they can contribute and  help us grow the company. So I call it  the ball rolls uphill  here because  my job is to support everybody that is above me, which is everybody. And then the people that I support directly, their job is to support the people that are above them. 04:51 Because if we're hiring correctly, then  people that we bring in can contribute in the area that we're bringing them in way more than the person that's hiring them. Okay. Thank you for that. So before you launched Techies, you had a career in companies like,  I  believe, Computer Associates, right? Texas Experiments and TelaMotorola. 05:19 There was a period of time between your  experience in these large corporations before your launch tech is where you actually had your own startup  and  you sold it in 2000, right? And I believe you also learned perhaps with the second startup about how hard it is to find product market fit. Can you talk to that for my listeners, please? 05:46 I don't know that it's that hard to find product market fit. It depends if that's your focus or not. If your focus is to nail down product market fit, then  it's not that hard to determine whether you can achieve that or not fairly quickly.  You can do that by  selling your product to potential customers.  That sounds strange. Of course, we all want to sell our products, but 06:14 What I'm suggesting is you start selling your product before you have a product, before you have a  full product. And I don't mean an MVP, but a design prototype. You go out to the market and you start to sell it. If you have product market fit and you've identified the early adopter in your market and you know that they have a very high  need from a perception perspective  and there's a big cost to the problem that you're solving. 06:45 then you can offer them a big enough value upfront that they'll buy your product early and you can prove that there's a market for your product and they'll buy it in enough numbers that you  can achieve a measurable  metric, which I kind of call the golden ratio, which is three to one in terms of what is the lifetime value of a customer versus what does it cost to acquire that customer? And you can get to that three to one ratio. 07:13 in a prelaunch sale model before you ever started developing your product as a way of proving product market fit. Or you pivot quickly and cheaply because you're not having to rebuild a product that you've built in the wrong way. Or you  fail fast and cheap. And every entrepreneur's first goal should be to fail fast and cheap. know that sounds backwards, but that should be your goal is that you can fail fast and cheap or if you 07:42 If you fail to fail fast and cheap, that means you've found a path to revenue  and  product market fit. And now you know you have a viable business. making the investment to build the product  is a no brainer.  And you came upon this methodology, right? Yes.  because you did yourself when you had your first company, you did not understand the funding part, right?  Can you talk? 08:12 a bit about your specific example and then how that's informed now 17 years of techies and over 90 projects with startups. Okay. So my first company was Bootstrap. Okay.  And that one was successful and we grew it despite  me, it was me and a partner. And  despite ourselves, we grew it  over eight years. 08:39 where he ended up with 800 customers in 22 countries and sold it to a publicly traded firm out of Toronto. That was in the product food, snack food distribution business because that was what our product was focused on. So I started another company about five years later, not realizing the things that I did the first time. 09:08 that made it  so successful,  which really fit the launch first model to a large degree.  But the second time I built a product that would have been successful had I followed my first model,  but I didn't. So I went the route of building an MVP and getting customers on a free version of it, and then going out and trying to raise money, which is the very classic approach that the SaaS products 09:38 take now.  And the problem is with that approach is that you end up digging a really deep hole  in terms of the investment that you make to build the product with enough functionality that you can convince people it's worth putting an investment in and you're not generating any revenue at the time. And I should have just started selling the product and generating subscription revenue right from the beginning. First of all, I would have been able to  raise money much more easily. 10:08 Secondly, I would have not needed to raise money as much if I'd focused on sales. The problem with a lot of founders is they fall in love with their product. They believe that people will buy it at enough numbers and that investors will see the potential. they're afraid of sales. I've fallen into this trap before too. I've done it both ways. And I can tell you selling early 10:38 and staying focused on the customer and the problem are the way to be successful. So founders who I find are consistently successful, they are focused on the problem, they love the problem. The product is just the natural conclusion to solving the problem, not something to be in love with. They spend their time talking to customers about the problems.  So how does a potential customer find you and work with you? 11:08 Oh, they can find me at Techies or they can find me at LaunchFirst, was spelled launch1st.com. And they can find me on LinkedIn. And then to work with me, it's just give me a call, send me an email, we'll set up a Zoom. I'll start to learn about what you're trying to accomplish and what your requirements are. And I'll typically spend quite a bit of time with any potential clients. 11:39 in  one to usually multiple calls or Zooms, learning and  creating estimates and doing a lot of work in advance with the idea that there'll be a natural conclusion at the end of this that they'll wanna start working with me in a paid fashion. So there's a lot of value that my clients get from me whether they end up contracting me or not.  And how, again, back to,  thank you for that and that. 12:08 how to contact you will be in the show notes. But what types of sectors do you work in?  You know, in your introduction, I talk about high ticket B2B, right?  who are the,  so  what founder that's has some idea today?  What would be  their call to action to find techies? And what would you, is it launch first before you go down? 12:35 No, it's not necessarily. It may be an existing company that  is trying to implement AI or implement workflow automation, or they have a project and they don't have the IT team or capacity to handle it.  We love those types of projects. It might be an existing startup that is struggling with their software development team and they're not 13:04 getting  to the end goal that they're expecting and the product's buggy, it's taking too long,  there's constant delays, they're way over budget  and they  need to get this thing done. And  I call those recovery projects,  they're probably my favorite because people  recognize very quickly  the difference  that we bring. 13:33 and they really, really appreciate us.  As far as what sectors,  business sectors,  healthcare, law enforcement,  prop tech, real estate, finance,  entertainment, I mean, we work in  many, many different sectors over the last 18 years.  So  regardless in  B2B, B2B2C,  not so much e-commerce unless there's some 14:03 complex workflow associated with your particular e-commerce, but there's lots of really good solutions for e-commerce that  don't require developers to be involved.  But  mobile, web, IoT,  definitely everything is AI now. Absolutely. And in fact, when we last spoke,  I'd like to say that you started to drink your own Kool-Aid at Techies. 14:33 you're starting to actually use AI automation for internal functions as well as projects at Techies. So can you walk my listeners through how you're using  AI automation  and what's the latest with agentic AI?  So let's do the first.  Yeah,  okay.  So there are a bunch of questions there. So  let me start with 15:02 that we're building products internally  at Techies to help us with our own workflows.  These products though  are  applicable to almost any development company or any company with a development team.  Some of them are, and some of them are applicable to companies that are, well, so one product  is  putting voice capability in front of project management tool. 15:32 and we use JIRA and JIRA is an incredibly technical tool for project managers and development teams to use to  their projects, requirements, their  track bugs, all of that.  And so your relationship with what I call relationship with project management is very technical one. If you're a client, some clients are willing to  go through the learning curve so that they can enter their own... 15:59 bugs and feature requests and things like that directly into JIRA. Most don't.  They  want to send us emails, which is fine,  and just give us a list of what's going on and the problems that they're finding or the things that they need  for a future version and the planning and the documentation, everything else. This is a real technical thing. We're going to make it a very natural personal relationship by  adding voice in front of all this so that you can 16:29 be sharing your screen with your little voice app and say, just found a problem on the screen.  And  the voice app can see the screen. It knows your project. It knows your requirements. And it can identify problems on the screen that you may not have even noticed.  And it can also prevent you from reporting bugs that have already been reported and tell you when they're planned to be built.  And all of this just with a verbal discussion with the app. 16:58 that basically knows your project.  Kind of like talking to a project manager in real time, but they don't have to write down notes and  they can instantly  look up anything about your project in terms of what's been reported in terms of bugs or feature requests  and update them or create new ones for you or just report them to you and tell you when things are planned to be built and released or. 17:24 where they've already been released and maybe you need to clear your cache so you can see the change, whatever.  Yeah. So it be like an  avatar, but it's trained and it's  specific to Jira  in your case?  In the first version, it's actually being built architected so that we'll be able to add other project management tools to it besides Jira in the future.  to begin with, because we use Jira,  it's going to work directly with Jira to start. 17:54 And this, by the way, you asked about agentic workflows,  right? So we're  building an agentic workflow  in this tool where we have more  different agents  that work together to resolve these issues.  so we have an agent that reads and writes documentation to JIRA.  We have an agent that communicates with  the user and the user might be the programmer 18:23 might be a person in QA, it might be a client for a lot of different things. And we have an analyst agent that when the person talks, the voice agent says to the analyst agent, here's what I understand. Here's the information I just got. Go do your work and come back and get me the answer. And it'll speak to the JIRA agent to get the information. It will also speak directly to us. 18:52 a vector database, which is a database where all the documentation from that project  is ingested into our own  separate AI model so that the context of all the communication is about their project and doesn't go off into other directions.  And then can  get back. So this is an agentic workflow.  The idea of 19:20 agents is like everybody keeps talking about agents. Not everybody is really clear on what that even means. Can you define  that?  an agent is an AI  model  that you can interact with that is focused on  one specific area of expertise.  So if it's a travel agent, the word agent fits very well there, then their expertise would be on everything related to 19:49 travel and booking travel and looking up  options and comparing prices. And  that would be an AI  travel agent.  So that's very different from an AI project management agent, very different from an AI financial analyst agent.  So each agent specializes in its own area of expertise and may draw from specific 20:18 repositories of information that are  specific to that particular agent's area of expertise.  And they actually look from the perspective of that type of person, if it was a person. So,  and so they'll respond in a way that is consistent with how somebody who is a project manager would respond to you when you're talking to them, asking you questions about your requirements, knows what 20:46 information it needs to be able to assess it properly, things like that.  wouldn't be very good about travel because that's  not its area of expertise. Right.  So is it  common to have companies that are creating with their own large language model, right? Or their workflow processes internally to the company to create their own agent AI? 21:14 Or is there a marketplace now where you can say, want this type of agent to get in. This is a very basic question, but  do build it? Right. Or do you buy it? Or is it something in between? It's something in between.  So there are tools that allow you to  basically collect agents out there.  And there's a difference between an agent and a context.  Cause you hear a lot about model context switching and things like, don't know. 21:44 if your audience knows these things.  Or model context protocol. A context is not an agent, but it has some agent capabilities because it's kind of specializing your model in a certain area. But you would use this, but you're not, if it's a true agent, then  it's probably tied to its own vector database. 22:12 that gets trained with specific information. It might be company's information. It might be information, let's say if I'm a security agent, then I'm going to be trained on the entire NIST system as well as all of my security architecture that's currently in place. And that so that it could monitor and 22:41 assess instantly whether there's  security vulnerabilities, which you wouldn't ask Chet GPT to do that. No. Right? Because it couldn't. Because it doesn't know  anything about your organization or environment. And  it  really also doesn't know how to prioritize  what matters and what doesn't at any given moment. Whereas a  security agent, that would be what it does. 23:10 I don't know if I answered that question. Oh, bad thing about building or buying.  there are- Or something in between,  Yeah. So there are tools that you can use to build workflows  and  bring in different agents that already exist. And  you can use something like OpenAI or Claude  and  use it to create an agent and give it some intelligence and- 23:37 give it a specific, in this case, you're giving it a specific context.  You could even  tie a special machine learning database to it  and make it even more agentic in that way.  And then  build these workflows where you're  like, let's say a marketing workflow,  where you're saying you first go out and research all the people who are your  ideal customer profile. 24:07 I was going to say ICP, but I'm trying not to use acronyms because not everybody knows every acronym.  Ideal customer profile.  And then it finds all these people that fit your ideal customer profile. Then it says, well, which of these people  are  in the countries that I do business? And then it illuminates the ones that aren't. then which ones, and it may be using  the same agent or different agents to do this.  Then once it's nailed it down to the very discrete 24:37 set of customers. Now  the next step in the workflow is, okay, now  enrich their data  of these people to find their email and other ways of contacting them as well as other information about them so that I have a really full picture of what kind of activity are they active  socially? they speak? Do they post? What are they speaking about? What are they posting about? What events are they going to? Things like that. 25:07 So that would be the next step and that'd be an agent that's doing all the enriching.  And then after that, the next step would be to call basically call a writing agent to go do, am I writing an email? Am I writing a LinkedIn connection post? Am I doing both?  Set up a drip campaign and start reaching out to these people one at a time  with very customized specific language, right? That  is in your voice. 25:34 It doesn't sound like it's written by a typical AI outreach thing. All right, so these would be  steps in a workflow that you could use with several different tools to build the workflows and then calling these different agents. 25:48 Let's go back to the launched first. What would be a typical engagement with a company? you know, they, um, the founders that have the greatest success in your experiences are the ones that love the problem space and not the product. All right. So walk my listeners through. 26:17 What a typical engagement. it's staff augmentation. it  full out  outsourcing? it tech?  because it's very complex. I can touch so many. can touch high  tech and high ticket B2B products,  sector agnostic. what,  put some legs on this for my listeners, please. Sure, sure. We're not. 26:46 so much a staff augmentation company, although we'll do that if asked to, but that's not  the kind of business that we  look for.  We look for project type work. So a typical engagement for launch first would be  somebody wants to launch a product, they're in the concept phase. We help refine the concept and we build out,  help that we do the design and then we build a high fidelity prototype, which is a design prototype. 27:16 When I demo a design prototype to somebody, they think that they're looking at a finished product,  but  it's not. It doesn't actually do anything. It just looks like it  does everything.  So it's very animated set of mock-ups is another way to look at it.  And it's important because you can build out the big vision of the product this way in a couple of months, whereas 27:46 it takes instead of, you so you're looking at the two year roadmap when we're done of the product. If we were to build an MVP, then you're going to see a very limited view of the product and it's going to cost a lot more to build that MVP than it takes to build this design prototype. Now we're in the process of doing this. We're also nailing down who that early adopter is. And there's a, there's a very, 28:14 metrics driven methodology for doing this.  your launch first. Within launch first, right. Okay. All right. And then  we'll help the client build a marketing funnel and help them start to generate sales.  We're not doing the selling, they're doing the selling. And it's important that founders do the selling because they need to hear what customers are saying about the thing they're demoing, why they want it, why they don't. 28:43 So that  if we need to pivot, which we can do easily and quickly with a design prototype,  then we can  pivot and then go and test the model again, two or three or four times in the space of a couple of months.  And we'll either find a path to revenue or accept the fact that this probably isn't the right product for the right time.  But in the process of doing this, you're learning a lot about the market and about the potential customer. 29:13 I want to be clear about something. Almost every founder that comes to  that I meet with, they love the product, not the problem. They started out with a problem that they realized they had a good solution for and they forgot all about the problem at that point. And so I spend a lot of time with founders  reminding them why the  problem is all that matters  and what that means and how to approach customers, potential customers so that 29:41 you're syncing with their problems, not telling them about this product that you're building because nobody cares about your product. All they care about is what they're struggling with.  And if they believe that you really understand that, then they  care about whether you can solve that problem for them or 30:01 And can  I be  audacious and ask you what a typical engagement duration is like? So this would be for launch first. Yes. If it's a,  and our hope is that they'll  find a path to revenue and start building the product and engage us for the development. Cause that's really our business is building the products.  So, but it's not a requirement.  And,  and our typical engagement with our clients are several years. 30:32 Not all of them, but most of them, would say. Once they start working with us, they just continue to work with us until they decide to bring in their own in-house team  or they fail eventually, which many of our clients do, which is why I  created Launch First. Right. You often talk about your hyper exceptional team at Techies. What is it that's so highly exceptional? Talk to me about your team. Where are they? Yeah. 31:02 And if you go to my website, which is tekyz.com,  you'll see at the very top of it  in the header above the fold, it says hyper exceptional development team. And I don't expect people to believe me  because I write that down or I tell them that I expect them to ask me, well, what does that mean? Do you have evidence? And  that's the question I want to get because I do.  Because when you work in an exceptional manner, 31:31 as a natural consequence of working that way, you produce certain artifacts  that the typical development teams don't produce. And I'm not saying there aren't other exceptional teams, but they're really few and far between. And what makes a team exceptional is a constant need to  improve their ability to deliver  and the level of quality that they deliver as well and the speed at which they develop. It's all of these things. 31:59 So,  and, you know, after 18 years, we've done a lot of improving and a lot of automation internally,  because  that allows our team to work in a really disciplined protocol manner without having to feel like they're under the strict  discipline and protocol of,  you  know, a difficult environment to work in.  And so we  create automation everywhere we can. The voice... 32:27 tool is one of those automations.  The way we  do status reports, it's very clear at the level of detail that we provide every week  to every client in terms of status reports  where we're showing here's what we estimated, here's the actual, here's our percent variance  on how much time we spent and how much it's costing.  We want to always be within 10 % above or below. 32:56 Either  being above or below is not,  know,  the fact that we're ahead of that doesn't necessarily mean that's a good thing, right? So we want to be accurate with our estimates.  And we are typically within 10%. In fact, our largest customer last year, we did a retrospective and we were within six and a half percent of what our estimates were for the whole year.  and that's a,  we're pretty happy with that number. 33:24 I think most teams are looking at many, many times that in terms of variance.  it's not that uncommon for teams to be double or triple what they're or even higher what the actual estimate was. So  when we do invoicing, we invoice for each person at their rate. 33:50 based on their level of expertise, which is all part of our agreement upfront. So the client is very transparent every month for the hours that they work. And we attach the daily time sheets to every invoice. I'm the only company I know of right now that does that. I know there are others. I've seen monthly, but I've never seen daily. Yeah. Yeah. Because for me, if I could ask, well, 34:18 why did this person ask a work that many hours that last month? What did they do? I hate that feeling that I get when somebody asks that question. I know they're only asking because they have to justify it to somebody else or whatever the reason, but I don't like the way it feels because it feels like my integrity is being questioned. I don't get upset at people for asking me that. I just feel like I'm not giving them enough information if they have to ask me that question. So we started about eight years ago. 34:47 providing the daily time sheets because I don't like that question. And we never get questioned on our  invoices ever anymore. I bet you it's informed you  as well in  future  projects,  maybe on  including workflow automation in your own internal processes, right? When you see people's time sheets, right? And you've gone over budget. So it informs you internally. So it's not only for the client. 35:16 I suspect, right? No, it's not. Right. And we use it ourselves to also, because it also helps us looking at our overhead costs because not everything gets built to the client. And so we track all our own times, you know, what we're spending doing what. And we don't get to, it's not like a developer has to spend a lot of time or a QA person or whatever, putting in a lot of detail. We just need a couple of bullets, you know, every day in the time sheet with the, whatever they spend. 35:45 If they spent four hours on one thing and three on another, they'll just break it into two entries just to make it easy.  And that's important for us, or they may be working on two different projects and each project. So when we do the timesheets also every month, we give our clients a breakdown by project. So if we're working on four different projects  for a client  or even one project, but it has four different really 36:15 functional elements that are very clearly different. Like let's say a mobile app and a web app  and a  particular client implementation. Each one of those gets assigned its own project and we break down summaries of the time spent on each of those every month and who spent the time on those, along with the daily time sheets, along with the invoice.  And nobody else does that because it takes a lot of discipline and protocol and you have to have lot of systems in place 36:45 to do that without  literally getting everybody to quit, right? That works for you. And nobody minds doing it because it's easy because of all the systems we put in place to do that.  That's the whole point, right? Right. were  not particularly happy of getting asked that question oftentimes. So eight years ago, you set out to  provide the information on a daily basis, which is incredible.  We started that with blended rates like a lot of companies do. 37:14 And then I didn't like that because at the end of a project when most of it's QA, people would start to get frustrated that they're still getting billed the same blended rate, even though for the more expensive period at the beginning of the project,  I thought, okay, forget this. Well, just bill based on individual.  And then I didn't get those questions anymore, but then I would get questions about individuals on the month. And that's when I started doing the time sheets. 37:43 And like I said, I'm sure there's other companies that do it, but I haven't run into  one or somebody that works with one. So  that's an exceptional thing that we do. But it also allows us to do  really, really good reporting to the client on status on what we've spent our time on, what we're expecting to spend our time on  next week, what we just spent our time on this week, where we are. 38:12 in terms of our plan for the month, things like that.  So let's switch gears, David.  Yeah. Back to  actually the podcast and  some of my guests and listeners  are corporate board directors. So they're sitting on either advisory boards or fiduciary corporate boards.  And with all the hype around AI. 38:39 it's not uncommon for them to be asking, what are we doing, right? For existing companies, right? And  I'd like you to walk my listeners through while it's in the, you know,  in the imaginary realm, what is it? I think any founder today that's actually scaling, right? Has to have some AI element. At least I've even heard you need to have it. 39:08 an AI officer in the company. So what's your take on that? What would you respond to either to your board of advisors, your advisory board, or your board of directors?  So,  and of course, a lot of it depends on the type of company you are. Absolutely. Right. If  you're making  alternative material I-beams, for example,  for skyscraper construction, then 39:37 AI, other than maybe in the design process of these specialized materials,  AI may not be as big a critical factor, although for invoice reconciliation and  distribution and  scheduling and all that, AI could be a huge value to you if you don't have super efficient systems already.  For most everybody else though, if you have not embraced the need to 40:06 leverage AI and everything you're doing,  then you're way behind already.  That doesn't mean you have to be in a race to do this. just, because  I'm  of the belief that  you have to slow down to speed up. But you do need to make it a priority.  And in a lot of different ways. Number one is, 40:36 The most obvious is workflow automation. You should be probably tackling  workflow automation as just a part of your constant improvement program  to become more efficient, whether it's with AI or not.  But AI is particularly good at workflow automation  because it can tackle steps in that workflow that couldn't be tackled without AI.  So the  first thing 41:06 the companies should be doing if they're not doing it is documenting all of their processes,  all of their tribal knowledge into playbooks. So when you have somebody who's an expert in something in your company and they're the person who's the only one that knows how to do it and so we can't live without them, that's a bottleneck for scaling. Because if you bring somebody else in to expand their capacity, they're going to... 41:32 put a big dependency on that person with all the expertise, which is going to cause problems.  So  anybody in a position like that should be documenting all of their  procedures and protocols and especially all the nuances and all the edge cases into playbooks.  And there should be some centralized playbook repository for the company. And this becomes part of your intellectual property and part of your value if you ever 42:02 you're trying to raise money or you're trying to sell your company. So it increases your value. So you do that, then AI,  you start to look at automating those workflows because now they're documented. So now what can be automated in them from just a workflow automation perspective. And then how much can you implement AI in there? Because now AI can learn to make the same kinds of decisions that this person is making. 42:31 And this is like the low hanging fruit that I'm talking about right now. Right. Exactly. Right. Because the bigger stuff is if we implement AI in here, what workflows would we totally  throw away and start from scratch?  Because we can think of way more sophisticated ways of addressing this now that we have intelligence involved in all these steps.  But that's later. 42:57 worry about that once you get your arms around implementing AI,  automated workflows and then- So workflow automation. So playbooks, workflows and AI in your automated workflows. That's sort of the stepped wise process. Excellent. You heard it here  on the founder sandbox. Thank you, David.  And if you're not sure how to do all that, 43:25 ask AI, okay, here's my company. What should I be focusing on if I wanna implement playbooks, workflow automation and AI? And AI will help you figure this all out. Right. That's a jewel here. So what'd you do? Chat GBT, co-pilot, what's your complexity? Where would you go to? All right. Well, it just depends on the flavor of the day. Right now. 43:53 I was using chat GPT primarily for this stuff just because it was a first and I'm very comfortable with the apps. have them everywhere. And Claude's recently come out with a  new version and it's in some ways I'm just finding the output way more organized and smarter. And so I've been using Claude more in the last couple of weeks, but that'll change in another week or two.  Any one of them will do a pretty decent job. 44:21 I'm  not using perplexity because it's built on top of the other ones.  But perplexity is a great tool if you're newer with this because it makes some of the... It's a little bit more accessible for somebody who doesn't know how to use AI.  Gemini is also  really good, but that's  more of a technical... And there's so many things you can do. 44:49 with AI that you wouldn't even think about. And I'll give you an example, more as a brain opening exercise for everybody than anything else. Because this is something I did about seven weeks ago.  I,  chat GPT had just come out a week or two before with their vision capability in the mobile app. And for  those of you who don't know it,  with chat GPT, there's a talk 45:19 button. It's not  the microphone. It's the one that looks like a sound wave  in the mobile app. You tap that, and now you have a voice conversation with chat, which I use this constantly. Even when I'm working with,  I've got some contractors at my house whose English isn't very good, so I ask it to do real-time translation for me. And it does matter the language.  And I start talking, and it translates to their language. And they respond 45:49 in their language and it translates to English and it's doing it perfectly. And so I can have a very natural conversation with anybody just holding my phone up in front of them now.  Right?  But it has this vision capability  where when you go into that voice mode, you tap the camera next to it, and now it's looking out the front of your screen while you're talking to it. And so I'll give you a couple of examples where I've used it  six weeks ago and again, like 46:18 weeks later and I now used it many times like this.  I was in  Lowe's, which is a  store for home improvement.  And  for some project I was on, my wife calls me and says, I need fertilizer for a hibiscus. And I say, well, what do I get? She says, anything that says hibiscus on it, it'll be fine. I said, okay, fine. And if anybody that knows these big box stores, there's like hundreds of bags of fertilizer of different brands. 46:48 And I couldn't find one that said hibiscus. This is a typical thing with my wife. Oh, just look for this. And of course, there isn't that. So I asked Chess GPT, okay, I'm in  Lowe's  and I'm looking for a fertilizer for hibiscus.  What would you suggest? And it said, oh, there's a number of brands that are high acid.  And I said, we'll recommend a brand. Tonal is a really good brand. And I said, okay. So I'm looking and I can't find it. 47:18 So I walked 30 feet back and I'm talking, right? I'm having this, know, people are looking at me like, what the hell is he doing? And I walked 30 feet back because there's many, many shelves, you know, columns of shelves with fertilizer. I walked back and I turned on the vision and I say, okay, there's all the fertilizers. And I'm moving my phone across all these shelves. say, do you see tonal here? And it says, yes, look for the one in the red and white bag. 47:48 And  I see it on the shelf. So I walk straight forward. see a red and white bag. That's not tonal. said, this isn't it. And she, cause it's a woman's voice that I have, she says,  it's two shelves to the left, second from the top.  I walk over there and it's right where she said it was. Crazy. And you're not a beta user. So this is available today. This is available. It's been available for a couple of months. And then 48:18 My daughter-in-law asked me to get something from the pharmacy, from CVS, another  big box pharmacy store, right? And this is something I don't even know if I'm in the right aisle because it's something I've never bought. So I ask it, I say, I'm looking for this brand  and I'm not sure if I'm in the right aisle or not, but I'm going to walk down the aisle and tell me if you see it. As I'm walking down the aisle, holding it straight forward so it can see both sides.  And it says, well, 48:45 Yes, I'm familiar with the brand. You should look for it in a green and white box. then she goes like this. Oh, I see it. It's down there on the right on the bottom shelf. And I turn and I look and it's right by my right foot. 48:58 You heard it here. This is crazy. think it's a bit creepy.  How many times have you been looking for something on a shelf? You know, and you're like, oh, how long, how many hours is this going to take me to spot it?  Good internet connection and all that. So, oh my goodness. It's creepy and it's wonderful. So  same time.  the same time. Yeah. Yeah. For quality of life and even for,  um, yeah.  So 49:25 That's a mind opening thing is all the reason I bring that up. Excellent. Hey, let's go. Let's continue on in the founder sandbox. I'd like to ask each of my guests to  share with me.  I'm all about working with resilient, purpose driven and scalable companies in the growth phase. So what does resilience mean to you? You can either answer, you know, what's the first thing that comes out of your, you cannot use chat, GBT. I'm not fancy. No hands. 49:55 No hands, and I don't have the voice version going because you'd hear it. Podcast we could do it.  And we are real. We're not. Yeah, we are real. We're not. So I think that's, I don't think that's a difficult question to answer. Resilience means opportunity. So no matter what happens, even if it seems terrible, what  opportunity does that create? Excellent. If you ask that. 50:22 keep reframing everything from that perspective,  it creates resilience. Right. Thank you. What about purpose-driven?  Purpose-driven  means having  a clear  long-term path and goal  and  asking yourself if the things you're doing keep you on purpose to that. 50:56 Scalable. What's scalable mean for you? Scalable for me means  eliminating tribal knowledge or not eliminating it, but documenting tribal knowledge.  First of all, figuring out how you generate revenue and then how you expand your ability to generate revenue, which means growing your 51:25 growing your team, growing your capacity  and identifying the bottlenecks and focusing all your energy on the bottlenecks. And usually the bottlenecks have to do  with tribal knowledge or with  lack of workflow automation. Wow, you know, it's easier said than done though, that tribal knowledge, it is resistant, right? Oh yeah,  because it's  career,  what's the word I'm trying to think of? 51:55 It  keeps you in your job forever if you're the only one that knows how to do the thing. Absolutely. That's for another podcast, David. My  final question today is,  did you have fun in the Founder Sandbox? Oh, yes.  I had a lot of fun. Thanks. That's a great question too. Thank you, Brenda. Did you have fun? 52:20 Did you? I had had fun. And particularly in this last part, right? Cause we're talking about some heavy duty, you know, uses of, um, agentic AI, right. And scalable, you know, LTV, CAC and all that. And then we get to hear these real life, you know, kind of creepy, um, uh, uses of, um, on our phones today with, um, with AI, which is, which is quite amazing. But I also know that in your world of techies, 52:50 your team, which is distributed, have a lot of fun events too. So you probably- have one more thing on the whole scalable thing. You have to be compassionately ruthless or ruthlessly compassionate, however you want to say it. Okay. So that the people, every, and the ruthless is anything that's going to get in the way of you growing your company, which benefits everybody in the company. 53:19 it needs to be addressed in a ruthless way. But if you build a culture of ruthlessly compassionate, then all the people that work for you feel that same level of ruthlessness to protect the company and make it grow. And you practice what you preach, I suspect, at Techies. Yes. Yes. It took me a while, but if we accidentally hire the wrong person, either because 53:45 we made a mistake in the process or they faked us out and we recognize they're not smart enough. Literally, that's usually the problem. They're not smart enough to carry their weight. We fire them immediately. We don't try to bring them along because you can't improve somebody's IQ. You can improve any other aspect, but their IQ is their IQ.  And  that will be a bottleneck forever. 54:13 in our team and it'll require other people to carry that person. And it sends the wrong message to the team that I don't value them enough to make sure that we only surround them with people that are going to inspire them and help them grow. Excellent. And I suspect they are not fungible by AI, your employees, not techies. I mean, we've gotten better and better. 54:40 at not making those mistakes over the years. So that doesn't typically happen. takes us, we're much more careful about how we hire.  AI gives us the ability to recruit faster, more broadly,  along with workflow automation. But  what I mean by real, this is the compassionate. Once my team understood this, now they embody that and  they will get rid of somebody if they made a mistake. I don't have to force the issue ever anymore because 55:10 they recognize how much, important it is to protect their teams. So to my listeners, if you liked this episode today with the CEO and founder of Techies, sign up for the monthly release of founders, business owners, corporate directors, and professional service providers who provide their examples of how they're building companies or consulting with companies  to make them more resilient, scalable, and purpose-driven. 55:40 to make profits for good.  Signing off for today. See you next month in the Founder Sandbox. Thank you.  

 Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Adaptive Security As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training — instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI-driven threats. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com  

Send us a textSchedule an Rx AssessmentSubscribe to Master The MarginCyberattacks targeting healthcare are rising, with pharmacies increasingly in the crosshairs. From ransomware to phishing scams, the threats are real...and constant.But how can independent pharmacies defend themselves against a digital siege?In this episode of The Bottom Line Pharmacy Podcast we have 3 people of the Sykes & Company team, Scotty Sykes, CPA, CFP®, Chris Sykes, IT Director, and Austin Murray, Marketing Director explore the evolving cybersecurity landscape with a practical lens. This episode covers:The NIST 2.0 Cyber Security FrameworkWhat to ask your script system vendor about securityHow to build a breach response plan that actually worksSocial engineering 101: What is it and how to protect your pharmacyBest practices for employee training, access control, and device auditsMore About Our Guest:Chris Sykes is the Director of IT at Sykes & Company, P.A., where he has been a key part of the team since 2006. With nearly 25 years in the IT industry, Chris combines deep technical expertise with a passion for helping both the firm and its clients become more efficient, secure, and technology-driven. Chris holds a Bachelor of Science in Business Administration with a concentration in Management Information Systems and a Master of Science in Technology Systems, both from East Carolina University. Outside of work, Chris enjoys running marathons, fishing and hunting with his boys, and spending quality time with his family at the beach.Learn more about Chris:Chris Sykes LinkedInCheck out all our social media:FacebookTwitterLinkedInScotty Sykes – CPA, CFP LinkedInScotty Sykes – CPA, CFP TwitterMore resources on this topic:Podcast - AI, Audits, & Advocacy: The Pharmacy Survival Guide with Trenton TheideBlog - Technology, Security and Your PharmacyBlog - Protect You and Your Pharmacy: The Growing Threat of RansomwareBlog - Backing Up Your Business DataBlog - Spot a Hacked Email or Bad WebsiteBlog - Protect Your Pharmacy Data from Hackers

In this episode, Autumn interviews Dr. Ileana Pazos, an expert in dosimetry, discussing the critical role of radiation measurement in various industries, including healthcare and food safety. They explore the science behind dosimetry, the applications of radiation, the challenges faced in accurate measurements, and the misconceptions surrounding food irradiation. Ileana emphasizes the importance of public education and the need for global standards in radiation measurement, while also sharing her personal connection to the field and the future of radiation technologies.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com

With cyber threats growing more sophisticated, NIST has overhauled its incident response guidance to help organizations better prepare, respond and recover. Join Jay Stampfl, David Finz and Grace Michael, Alliant Cyber, as they explore the NIST Special Publication 800-61 Revision 3 and its link to the updated Cybersecurity Framework (CSF) 2.0. They explore the expanded role of incident response, the new “govern” function and the shift toward continuous improvement. The team also explains how these changes affect cyber insurance underwriting and how Alliant helps clients stay ahead through planning, tabletop exercises and risk-focused engagement.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Post Flight in Community

Standardy bezpieczeństwa to nie dzikie zwierzęta, chociaż developerzy traktują je jak drapieżniki. Łukasz i Szymon wyjaśniają, dlaczego NIST i CIS Controls to nie biurokratyczne przeszkody, tylko gotowe recepty na bezpieczeństwo. Bo po co wymyślać koło na nowo, skoro ktoś już pomyślał za nas? Framework mówi co robić, benchmark jak to zrobić konkretnie. Shared Responsibility Model w chmurze? Dostawca chmury zabezpiecza budynek, ty pamiętaj zamknąć drzwi - proste jak budowa cepa. Przestań traktować compliance jak karę za grzechy i dowiedz się, czemu automatyzacja zgodności może wreszcie zadziałać bez męczenia się z papierkami. Czy security musi pozostać czarną magią dostępną tylko wtajemniczonym? A może jednak da się zrobić to bez wydawania fortuny na wielotygodniowe audyty? Sprawdź, czy standardy mogą być przyjacielem, a nie wrogiem - chyba że wolisz dalej wymyślać koło na nowo.     A teraz nie ma co się obijać!

SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router,  and setting up a first NAS with 4 disks.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for […]

SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router,  and setting up a first NAS with 4 disks.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for... Read More

"First day, worst day, every day — that's what we're built for." — Patrick Quirk, President & GM, Opengear At Cisco Live 2025 in San Diego, Patrick Quirk, President and General Manager of Opengear, joined Technology Reseller News publisher Doug Green to unveil a major innovation in network resilience: Opengear's new Foundational Support platform. Designed to meet the growing demands of increasingly complex, high-density network environments, the SLA-backed solution debuts as part of Opengear's commitment to full-lifecycle customer support. “It's not just about selling equipment,” said Quirk. “It's about walking with the customer through every stage of the network's lifecycle — from deployment to daily operations to disaster recovery.” A long-standing Cisco partner, Opengear has evolved from traditional console servers to a critical infrastructure provider, helping companies maintain uptime in an era where milliseconds matter — especially amid today's AI-driven network traffic spikes. “Outages aren't just inconvenient,” Quirk noted. “They're expensive. We're seeing potential losses of $21,000 per minute during downtime.” Opengear's edge? Out-of-band management. Unlike in-band VLAN control planes, which can be compromised during incidents or overloaded by data traffic, out-of-band infrastructure operates on a completely separate path. This architecture allows for immediate network visibility and control during even the worst disruptions, such as fiber cuts or cyberattacks. Supporting both operational and compliance objectives, Opengear enables organizations to maintain certifications like ISO, SOC 2, and NIST. “We're the wrapper around your network,” said Quirk, emphasizing the company's ability to enforce security and governance alongside performance. The conversation also spotlighted Opengear's recent AI-focused global research, which found a “lens gap” between network engineers and the C-suite. While both groups recognize AI's potential, engineers view it as a productivity tool, whereas executives prioritize compliance and customer value. “There's alignment,” Quirk said. “It just needs more conversation.” At Cisco Live, Opengear is exhibiting at booth 4324 and hosting sessions on topics like agentic AI and network strategy. More details are available at opengear.com.

Dr Randy McDermott takes us behind the scenes of fire science's most critical software tool in this conversation about the Fire Dynamic Simulator (FDS) developed at NIST. As one of the developers, Randy offers valuable insights into how this essential modelling tool is maintained, improved, and adapted to meet the evolving challenges of the fire safety community.The conversation begins with a look at the development process itself, based on a greater picture roadmap and also addressing practical issues reported by users. This balance between vision and responsiveness has helped FDS maintain its position as the gold standard in fire modelling. Randy unpacks the massive validation guide (over 1,200 pages) and explains how users should approach it to understand model capabilities and uncertainties. The guide, along with all the validation cases, is available at Github repository here: https://github.com/firemodels/fdsRather than blindly applying FDS to any problem, he emphasises the importance of identifying similar validated cases and understanding the limitations of the software for specific applications. The discussion tackles emerging challenges like battery fires and mass timber construction – areas where traditional fire modelling approaches face significant hurdles. Randy addresses the limitations of current models while outlining pathways for future development, including potential integration with external specialised models and improvements in chemistry modelling.Finally, we also get to talk about computational costs and efficiency. As Randy explains the implementation of GPU acceleration and the challenges of incorporating detailed chemistry, listeners gain a deeper appreciation of the tradeoffs involved in advanced fire modelling.Whether you're an FDS user, fire safety engineer, or simply curious about computational modelling, this episode offers valuable perspectives on the past, present and future of the tool that underpins modern fire safety science. Oh, and Randy is not just an FDS developer - he is also a prolific researcher. You can find more about his scientific works here: https://www.nist.gov/people/randall-j-mcdermottAs always, MASSIVE THANKS TO THE NIST GROUP AND THEIR COLLABORATORS FOR BUILDING AND MAINTAINING THE SINGLE MOST IMPORTANT PIECE OF SOFTWARE WE HAVE!!! You guys are not thanked enough!----The Fire Science Show is produced by the Fire Science Media in collaboration with OFR Consultants. Thank you to the podcast sponsor for their continuous support towards our mission.

Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »

In this conversation, Dr. Elizabeth Strychalski discusses the fascinating field of synthetic biology, particularly focusing on synthetic cells. She shares her journey into this research area, the challenges of defining life, and the ethical considerations surrounding synthetic biology. The conversation also explores the potential applications of synthetic cells in environmental science and medicine, as well as the importance of engineering standards and biomanufacturing for sustainability. Dr. Strychalski emphasizes the need for collaboration and communication in the scientific community to advance this field responsibly and effectively.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com

Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »

High-performance computing (HPC) systems provide fundamental computing infrastructure for government and industry. Security is critical for these systems that play a pivotal role in economic competitiveness and scientific discovery. At the AWS Summit in Washington, D.C., National Institute of Standards and Technology (NIST) Computer Scientist Yang Guo said that efficient encryption and zone-based reference architectures can enhance HPC security without impacting performance. Guo, who leads the NIST HPC Security Working Group, said that collaboration and knowledge sharing can help buttress HPC security, even in cloud environments. Guo also discussed HPC focus areas like confidential computing, zero trust, supply chain security and integrating AI for early detection of anomalies.

Welcome to the daily304 – your window into Wonderful, Almost Heaven, West Virginia. Today is Tuesday, June 10, 2025.     Story #1 – From WVU / MEP West Virginia's manufacturers are gaining national attention in the "Heroes of American Manufacturing" series by NIST. The spotlight features Gestamp and NGK Spark Plugs, two companies supported by WVU's Manufacturing Extension Partnership, which are leading by example and driving innovation and excellence in production. The series celebrates the resilience and ingenuity of American manufacturing—and West Virginia is right at the center of it. Read more: https://mailchi.mp/mail.wvu.edu/heroes-of-american-manufacturing?e=236c2d471c       Story #2 – From WV SOS Office On this week's “Just Three Questions!” West Virginia Secretary of State Kris Warner hosts Louis Weisberg, President and CEO of Service Wire, a family-owned wire and cable manufacturer that's been doing business in West Virginia since 1968.  Weisberg and Warner discuss job growth, economic development and what Weisberg calls “Appalachian Grit.” Listen now: https://www.youtube.com/watch?v=poppGKMvEng       Story #3 – From WV MetroNews Focused investment in tourism is transforming Tucker County. New funding is boosting broadband, trails, and infrastructure, creating more recreational opportunities and economic growth. With strong state support, Tucker County is becoming one of the premier destinations in Almost Heaven. Read more: https://wvmetronews.com/2025/05/31/states-focus-on-tourism-brings-new-investment-to-tucker-county/   Find these stories and more at wv.gov/daily304. The daily304 curated news and information is brought to you by the West Virginia Department of Commerce: Sharing the wealth, beauty, and opportunity in West Virginia with the world. Follow the daily304 on Facebook, Twitter, and Instagram @daily304. Or find us online at wv.gov and just click the daily304 logo. That's all for now. Take care. Be safe. Get outside and enjoy all the opportunity West Virginia has to offer.

What if the world's most trusted cryptographic systems could be broken in just minutes instead of centuries? In this thought-provoking episode of the Brilliance Security Magazine Podcast, David Close, Chief Solutions Architect at Futurex, joins host Steven Bowcut to discuss the very real—and rapidly accelerating—threat that quantum computing poses to modern encryption. With quantum advancements progressing faster than many expected, Close explains why organizations need to act now to safeguard long-term data, and how hybrid and agile cryptographic systems are the key to staying ahead.SummaryDavid Close opens the conversation by tracing his own journey from embedded firmware engineering to his current role leading cryptographic innovation at Futurex. He shares how his work with Hardware Security Modules (HSMs)—specialized devices that securely manage encryption keys—laid the groundwork for Futurex's leadership in enterprise-grade encryption.The core of the episode centers on the quantum computing threat to current encryption standards like RSA and elliptic curve cryptography. David breaks down the technical implications in accessible terms: quantum computers can solve problems exponentially faster than classical computers, meaning encryption methods that would take millennia to break with today's machines might be cracked in minutes by quantum processors.A key highlight is the concept of “Harvest Now, Decrypt Later”—a tactic where attackers steal encrypted data today, intending to decrypt it once quantum technology matures. David emphasizes that this threat is not futuristic; it's already underway, with critical long-life data like medical records, financial information, and government secrets at risk.David outlines how Futurex and other leading organizations are proactively adapting. For example, Google and Cloudflare have already implemented hybrid cryptography using both classical and quantum-safe algorithms. Futurex is doing the same across its suite of HSMs and key management solutions, supporting new standards ratified by NIST (including Kyber and Dilithium) and enabling “crypto agility”—the ability to quickly adopt new encryption standards without overhauling infrastructure.He also shares how Futurex is helping clients through cryptographic discovery, which allows organizations to identify where and how cryptography is being used across their environments. This step is essential for prioritizing risk areas and laying a foundation for a secure, phased migration to post-quantum cryptography.Finally, David stresses that while the quantum threat is real and imminent, organizations shouldn't panic—but they must act now. The transition to post-quantum cryptography is already underway, and those who prepare today will be far more secure and resilient tomorrow.

Guiding Question:How might we empower students to organize an event to share, celebrate, and inspire younger students in our school community through service learning.Key Takeaways:Peer to peer learning in the context of service learningAuthentic engagement with service learning in elementary education co-facilitated by high school student leaders Planting the seeds with our youngest learners to develop the service learning mindsetSustainability of service learning initiatives through whole school events like Community Partners WeekIf you have enjoyed the podcast please take a moment to subscribe, and also please leave a review on your favorite podcast platform. The way the algorithm works, this helps our podcast reach more listeners. Thanks from IC for your support. Learn more about how Inspire Citizens co-designs customized student leadership and changemakers programsConnect with more stories from the Inspire Citizens network in our vignettesMeasuring the IMPACT of Service Learning projects and initiatives Access free resources for global citizenship educationYou can book a discovery call with Inspire Citizens at this linkShare on social media using #EmpathytoImpactEpisode Summary On this episode, I meet Omaira and Tul, members of ServiceCo and service learning leaders at NIST. Following up on our previous episode with Y6 students, in Part 2 Tul and Omaira share a behind-the-scenes look at Community Partners  Week, the organization of this impactful event, and their role as service learning leaders designing and leading learning experiences with Y6 students. This was the 3rd annual Community Partners Week at NIST, and by all accounts, the best one yet. During Community Partners Week, students in the primary years program had opportunities to connect with community partners like Helping Heart (EY-Y1), a local nursery (EY-Y1), Student-led service groups Eco and Plastic-free NIST (Y2), Operation Smile (Y3), Student-led service group FemiNIST (Y4), and Student-led service group FashioNIST (Y5). Join me for a great conversation with these student leaders to get a deeper insight on the impact of CPW at their school and how peer to peer learning leads to a service mindset, the ongoing sustainability of service learning initiatives, and a culture of service across the whole school community.Discover a transformative podcast on education and learning from a student perspective and student voice, exploring media, media literacy, and media production to inspire citizens in schools through a media lab focused on 21st-century learning, empathy to impact, Global citizenship, collaboration, systems thinking, service learning, PBL, CAS, MYP, PYP, DP, Service as Action, futures thinking, project-based learning, sustainability, well-being, harmony with nature, community engagement, experiential learning, and the role of teachers and teaching in fostering well-being and a better future.

"Compliance is the security referee - frameworks are the playbooks."In this episode, I'm joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.Tim shares what he's learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.Here are some highlights from the episode:What GRC actually means - and why governance is the most misunderstood partWhy people who say "compliance isn't security" are missing the pointHow explaining the "why" of cybersecurity controls aids in acceptanceWhy data retention policies can protect you from major legal headachesAnd yes… a story about how Tim accidentally ransomwared himself

Welcome back to the Evolved Radio Podcast! In today's episode, I'm joined by Anup Ghosh with Threatmate. Anup and I deep dive into one of the MSP industry's hottest—and sometimes most confusing—topics: cybersecurity. But instead of focusing on the aftermath of a security incident (what they call “right of the boom”), we shift the conversation to proactive measures—what it really means to operate “left of the boom.” We unpack the concept of security as a utility, discuss how to utilize NIST and CIS frameworks, and explore fear-based selling. This episode is packed with insights that will help you strengthen your security posture before disaster strikes. So listen in to stay ahead of the next big threat. This episode is brought to you by Opsleader Pro. A place for MSP owners and managers to get the systems and tools they need to build a stable and growing MSP. Part group coaching, part peer group, everything you need to run a successful MSP.

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333

In this episode of Breaking Math, hosts Autumn and Gabriel explore the innovative intersections of fire science and technology with experts Amy Mensch and Ryan Falkenstein-Smith who work at NIST. They discuss the groundbreaking photoacoustic technique for measuring soot deposition, its applications in fire safety and forensic investigations, and the broader implications for fire research. The conversation highlights the importance of integrating advanced technologies into firefighting and the potential for future developments in the field.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com

Dive deep into the world of cloud security with Rocky Giglio and special guest Sean Atkinson, CISO at the Center for Internet Security (CIS), on this episode of Cloud and Clear! We examine the crucial role of CIS benchmarks and hardened images in establishing a robust and secure cloud infrastructure. In this insightful discussion, Sean breaks down: ✅ What CIS is and its mission to create a safer connected world. ✅ The evolution of CIS Controls from 20 to 18 for greater efficiency. ✅ Understanding CIS Benchmarks and how they standardize security configurations. ✅ The power of Hardened Images: Start secure from day zero in your cloud environment. ✅ Shifting security left and proactively integrating security into design. ✅ How CIS simplifies compliance with NIST, PCI, HIPAA, and other frameworks. ✅ The importance of community and partnership in cybersecurity. Whether you're a security professional, cloud engineer, or anyone concerned about keeping data safe in the cloud, this episode is packed with valuable knowledge. Learn how to leverage CIS resources to strengthen your security posture and simplify compliance. Tune in to discover how CIS is making cloud security more accessible and effective! Don't forget to subscribe to Cloud and Clear for more expert insights on cloud transformation. #CloudSecurity #CIS #Cybersecurity #CloudComputing #HardenedImages #SecurityBenchmarks #CloudAndClear #GoogleCloud #Compliance #NIST #PCI #HIPAA #CISO #TechPodcast Join us for more content by liking, sharing, and subscribing!

The theme of the current administration is to do more with less. Today, we hear from experts on how they have assisted in implementing Zero Trust by leveraging all resources possible.  We know implementing Zero Trust is a continuous process; David Bottom from the SEC provides guidelines on what to review constantly. He suggests focusing on decreasing privileges, patching systems, and learning how to extract meaningful signals from the flood of data entering the federal government. None of this can be done without cooperation across the agency. As an example of working with others, David Bottom references the SEC's EDGAR (Electronic Data Gathering, Analysis, and Retrieval). Jennifer Franks, GAO, recommends that listeners take advantage of federal guidelines to spend as little as possible while meeting compliance goals. For example, CISA, OMB, and NIST all offer guidance in implementation. She has an excellent eight-word summary of Zero Trust: right users, proper access, at the right time. Many agencies are understaffed. As a result, one way to meet goals is to leverage the right tools. Brian "Stretch" Meyers believes the most "bang for the buck" will be achieved by using tools to establish visibility. From there, one can identify key items to reach compliance. Zero Trust is an initiative that is here to stay. Listen to the podcast to get ideas on how to optimize the staff and resources at hand.

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Show Notes: https://securityweekly.com/asw-333

Mutant super-powers give Korean sea women diving abilitiesThe Haenyeo, or sea women, of the Korean island of Jeju have been celebrated historically for their remarkable diving abilities. For hour after hour they dive in frigid waters harvesting sea-life, through pregnancy and into old age. A new study has shown they are able to do this because of specific genetic adaptations that appeared in their ancestors more than a thousand years ago. These genes make them more tolerant to the cold, and decrease diastolic blood pressure. The women also spend a lifetime training, beginning to dive at age 15 and continuing on until their 80s or even 90s. Melissa Ilardo of Utah University and her team published their findings in the journal Cell Reports.This dessert is automatic and autonomous Care for a slice of robo-cake? Scientists in Europe have baked up a cake with pneumatically powered animated gummy bears, and candles lit by chocolate batteries. They think their edible robotics could develop in the future to food that could bring itself to the hungry and medicine could deliver itself to the sick. Mario Caironi of the Italian Institute of Technology and his colleagues presented their creation at Expo 2025 Osaka.Shrinking Nemo — heat is causing clownfish to downsizeScientists have found that clownfish, made famous by the Disney movie Finding Nemo, have an ability never seen before in fish in the coral reefs. When the water they live in gets warmer, they are able to shrink their bodies — becoming a few per cent of their body length shorter — to cope with the stress of the heat. Melissa Versteeg of Newcastle University says the size of the clown anemonefish is important for their survival and their ranking within their hierarchical society. The research was published in the journal Science Advances.When the music moves you — the brain science of grooveYou know that groove feeling you get when you listen to certain music that compels you to shake your bootie? Scientists in France investigated how our brains experience groovy music to better understand how we anticipate rhythms in time. They discovered that we perceive time in the motor region that controls movement. Benjamin Morillion from Aix Marseille Université said they also found a specific rhythm in the brain that helps us process information in time, that could predict if a person thought the music was groovy. The study was published in the journal Science Advances.Scientists hope a new storm lab will help us understand destructive weatherExtreme weather is far less predictable than it used to be, and now a new research centre at Western University wants to transform our understanding of Canada's unique weather systems. The Canadian Severe Storms Laboratory will collect nation-wide data on extreme weather, including hailstorms, tornadoes, and flash flooding, and look for patterns to help predict where they'll be hitting and how to prevent the most damage. Producer Amanda Buckiewicz spoke with:Greg Kopp, ImpactWX Chair in Severe Storms Engineering and CSSL founding director at Western UniversityHarold Brooks, senior research scientist at NOAA's National Severe Storms LaboratoryJohn Allen, associate professor of meteorology at Central Michigan UniversityPaul Kovacs, executive director of the Institute for Catastrophic Loss Reduction at Western University.Tanya Brown-Giammanco, director of Disaster and Failure Studies at NIST

In this unfiltered episode of Unspoken Security, host A. J. Nash explores the looming threat quantum computing poses to our digital infrastructure with experts Robert Clyde, Managing Director of Clyde Consulting and Chair of crypto-security firm CryptoQuanti, and Jamie Norton, a Board Director at ISACA with extensive cybersecurity credentials. They cut through the technical jargon to explain how quantum computing fundamentally differs from classical computing and why its exponential processing power threatens to break current encryption standards."While current quantum computers operate at around 150 qubits, once they reach sufficient power, everything from banking transactions to secure communications could be compromised instantly," warns Robert during the discussion of "Q Day" — the moment when quantum computers become powerful enough to defeat public-key cryptography underpinning internet security.Despite the alarming scenario, the experts offer practical guidance on preparing for this threat. They outline how organizations should begin implementing post-quantum cryptography solutions developed by NIST, emphasizing that proactive preparation, not panic, is the critical response security professionals should adopt today. Listen to the full episode to understand the quantum threat and learn the concrete steps your organization should take now before Q Day arrives.Send us a textSupport the show

This week on "Playing the Field" Ryan Field and Gina Sirico spoke to "The Golden Bachelor's" Theresa Nist. Nist famously won over Gerry Turner's heart on the show's first season. Unfortunately, they divorced three months after their lavish TV wedding. Despite that, the former pair remain friends and she said that being on the show was "one of the greatest, most interesting experiences of my life." These days, you'll find the grandmother of seven delighting in her new baby grandson, Augie, in New Jersey. She's also taken up golf and pickleball. In fact, one of the dates on "The Golden Bachelor" was playing pickleball! Gerry recently called her before going public with the news that he had a new girlfriend in his life. Nist said that she "wishes them the best." One of the lasting relationships she made on the show was a wonderful friendship with runner-up Leslie. While Theresa decided that appearing on "Bachelor in Paradise" wasn't for her, she's ready to cheer her friend on as she goes to the beach. She says she has a bit of FOMO, but is excited to go to a watch party at Leslie's house and plans to watch every episode. As for Nist, she said that when it comes to her own love life, she doesn't plan to talk about it in public. That's something she now wants to keep private. Learn more about your ad choices. Visit podcastchoices.com/adchoices

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397

“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware.  On today's Threat Vector, ⁠David Moulton⁠ speaks with ⁠his Palo Alto Networks colleagues Tanya Shastri⁠ and ⁠Navneet Singh about a strategy for secure AI by design.  CIA's secret spy site was… a Star Wars fan page? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Tanya Shastri⁠, SVP of Product Management, and ⁠Navneet Singh⁠, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record) GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News) Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News) Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register) US Government Launches Audit of NIST's National Vulnerability Database (Infosecurity Magazine) Law Firms Warned of Silent Ransom Group Attacks  (SecurityWeek) Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine) Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread) Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers) The CIA Secretly Ran a Star Wars Fan Site (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

¿Qué es un ataque de reconstrucción? ¿Aumentan sus riesgos por el uso de datos personales en el entrenamiento de modelos de IA? ¿Qué marco de gestión de riesgos resulta más apropiado para su gestión? Ángela Manceñido tiene diez años de experiencia en la prestación de servicios de consultoría orientados a la privacidad y protección de datos. Durante este tiempo, ha ayudado, trabajando para KPMG, a numerosas compañías de distintos sectores adaptándose y ofreciendo soluciones efectivas y óptimas en un entorno en constante evolución. En el presente, Ángela también se ha especializado en el impacto de la IA desde una perspectiva regulatoria y de riesgo tecnológico. Actualmente guía a varios clientes en este campo, permitiendo a estos afrontar los desafíos y oportunidades que presentan las nuevas tecnologías garantizando el cumplimiento normativo y la mitigación de riesgos. Nuestra invitada participa además en varias asociaciones y grupos de referencia. Referencias: Ángela Manceñido en LinkedIn Marco de gestión de riesgos de NIST (inglés) Caso Holmen: un ciudadano noruego es acusado falsamente por ChatGPT de matar a sus dos hijos (BBC, inglés) NIST: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations (2024) Matriz RACI de roles y responsabilidades (Monday)

If you like what you hear, please subscribe, leave us a review and tell a friend!

A major exodus of leadership is underway at CISA, the US government will audit NIST over its vulnerability backlog; an ancient and mysterious APT has been linked to Spain's government, and the SVG image format is great for phishing. Show notes

If you like what you hear, please subscribe, leave us a review and tell a friend!

President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael Hill is Program Manager of College Workforce Programs at the Unmanned Safety Institute.  The Unmanned Safety Institute or USI is an approved training partner of ASTM International and the International Business Aviation Council. The Institute is dedicated to improving safety in unmanned aviation by applying time-honored aviation safety practices to unmanned aircraft systems. USI accomplishes this mission by developing workforce readiness programs, providing training to UAS crews, and helping flight service providers meet their safety goals. Michael is a certified UAV pilot in three countries with over 6,000 flight hours and more than 7,800 successful, incident-free missions as a Remote Pilot-in-Command. He holds industry and safety certifications from FEMA, OSHA, NIST, and USI. He is a highly sought-after public speaker and industry influencer, passionate about sharing his expertise on UAV technology applications for land, air, and sea operations. He brings a wealth of experience to USI, including aerial mapping, telecom and wind turbine inspections, oil and gas and critical infrastructure assessments, search and rescue operations, as well as involvement with state and federal regulations. An active advocate for the drone industry, he has served as the Policy and Legislative Chairman for the North Central Texas Council of Governments UAS Taskforce and as the Training Officer for the North Texas Public Safety Unmanned Response Team.  Additionally, he holds the role of 2nd Lieutenant and the former Director of Unmanned Operations for the Texas Wing of the Civil Air Patrol. In this addition of the Drone Radio Show, Michael talks about the Unmanned Safety Institute and how it helps prepare students for viable careers in the drone industry.

Guiding Question:How might we take creative action towards a reimagined future?Key TakeawaysDifferent types of service and ways we can take actionPYP Exhibition and how we might empower students to take age-appropriate, creative, sustainable actionsHow meaningful actions can start a “chain reaction” in our school communities as we work to develop as global citizens If you have enjoyed the podcast please take a moment to subscribe, and also please leave a review on your favorite podcast platform. The way the algorithm works, this helps our podcast reach more listeners. Thanks from IC for your support. Learn more about how Inspire Citizens co-designs customized student leadership and changemakers programsConnect with more stories from the Inspire Citizens network in our vignettesCheck out other PYPx stories from ARIS, CIS Beijing, and WABMeasuring the IMPACT of Service Learning projects and initiatives Access free resources for global citizenship educationYou can book a discovery call with Inspire Citizens at this linkShare on social media using #EmpathytoImpactEpisode Summary On this episode, I meet Charlotte, Saar, Stella, and Viviana (Vivi) to talk about Community Partners Week and their work leading up to the PYP exhibition at NIST. This was the 3rd annual Community Partners Week, and by all accounts, the best one yet. During Community Partners Week, students in the primary years program had opportunities to connect with community partners like Helping Heart (EY-Y1), a local nursery (EY-Y1), Student-led service groups Eco and Plastic-free NIST (Y2), Operation Smile (Y3), Student-led service group FemiNIST (Y4), and Student-led service group FashioNIST (Y5). Join me for a great conversation with these students from Y6 to learn what they were up to for CPW working with community partners and high school students from ServiceCo and don't miss our next episode that will feature Omaira and Tul from ServiceCo sharing some behind the scenes information on this amazing peer-to-peer learning experience. A big sh opportunitiesout out to Magic Mind for sponsoring this episode. Take advantage of our limited offer to get up to 48% offyour first subscription or 20% off one time purchases with code ETI20 at checkout.Claim your discount at: https://www.magicmind.com/ETI20Discover a transformative podcast on education and learning from a student perspective and student voice, exploring media, media literacy, and media production to inspire citizens in schools through a media lab focused on 21st-century learning, empathy to impact, Global citizenship, collaboration, systems thinking, service learning, PBL, CAS, MYP, PYP, DP, Service as Action, futures thinking, project-based learning, sustainability, well-being, harmony with nature, community engagement, experiential learning, and the role of teachers and teaching in fostering well-being and a better future.

The National Security Hour with Blanquita Cullum – Architects and engineers question how the Twin Towers collapsed in ‘essential free fall' despite Newton's Third Law. 18 years ago, a petition challenged NIST's report under the Information Quality Act, demanding explanations for total collapse. Join Blanquita Cullum with Richard Gage and Kamal Obeid as they probe hidden data and rare research into this mystery.

Post-quantum cryptography is rapidly moving from the realm of NIST standards to running in production. The threat of quantum computing advances and coming regulations are driving this acceleration. One major component on the PQC migration plan for companies is VPN. In this episode we look at the Ambit corporate VPN client, which uses a standardized NIST PQC cipher: ML-KEM. Did you know there are potential gotchas with trying hybrids of classical and PQC instead? Find out the technical and philosophical reasons why the developers chose to skip offering a hybrid option. Join host Konstantinos Karagiannis for a wide-ranging chat with Kevin Kane and Andrew McElroy from American Binary.  For more information on American Binary, visit https://www.ambit.inc/.  Visit Protiviti at https://www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech.               Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.

The National Security Hour with Blanquita Cullum – Architects and engineers question how the Twin Towers collapsed in ‘essential free fall' despite Newton's Third Law. 18 years ago, a petition challenged NIST's report under the Information Quality Act, demanding explanations for total collapse. Join Blanquita Cullum with Richard Gage and Kamal Obeid as they probe hidden data and rare research into this mystery.

What has happened in the past 100 days to America's science and technology ecosystem? What are China's ambitions and how is the government trying to take advantage of American uncertainty? And what can we learn from China's war mobilization exercises? To explore these questions, we're joined by Divyansh Kaushik and Alex Rubin, who both work at Beacon Global Strategies. Divyansh holds an AI PhD from Carnegie Mellon, and Alex spent the past decade at the CIA focusing on China and emerging technologies. We discuss… The Historical origins of the US R&D model, and the division of labor between universities, government, and industry, How budget cuts will impact the NSF, NIH, NIST, and DoD basic research, Why and how China attempts to emulate US research institutions, What a leaked wargame exercise from Guangdong province can tell us about China's grand strategy, How institutions like ChinaTalk can complement the IC with fresh, independent research. Outro music: The Elements - Tom Lehrer (YouTube Link) Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a text⚾ In this engaging episode of Joey Pinz Conversations, we dive deep into the timeless debates of baseball and business with guest Josh Hoffman. From the designated hitter controversy to modern rule changes, Joey and Josh reminisce about iconic players like Yaz, Otani, and Thurman Munson while exploring how baseball's evolution mirrors today's shifting business landscape.But the conversation doesn't stop at the ballpark!