Measurement standards laboratory in the United States
POPULARITY
Categories
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton, COO and industry analyst, GigaOm Thanks to our show sponsor, Adaptive Security As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training — instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI-driven threats. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com
Send us a textSchedule an Rx AssessmentSubscribe to Master The MarginCyberattacks targeting healthcare are rising, with pharmacies increasingly in the crosshairs. From ransomware to phishing scams, the threats are real...and constant.But how can independent pharmacies defend themselves against a digital siege?In this episode of The Bottom Line Pharmacy Podcast we have 3 people of the Sykes & Company team, Scotty Sykes, CPA, CFP®, Chris Sykes, IT Director, and Austin Murray, Marketing Director explore the evolving cybersecurity landscape with a practical lens. This episode covers:The NIST 2.0 Cyber Security FrameworkWhat to ask your script system vendor about securityHow to build a breach response plan that actually worksSocial engineering 101: What is it and how to protect your pharmacyBest practices for employee training, access control, and device auditsMore About Our Guest:Chris Sykes is the Director of IT at Sykes & Company, P.A., where he has been a key part of the team since 2006. With nearly 25 years in the IT industry, Chris combines deep technical expertise with a passion for helping both the firm and its clients become more efficient, secure, and technology-driven. Chris holds a Bachelor of Science in Business Administration with a concentration in Management Information Systems and a Master of Science in Technology Systems, both from East Carolina University. Outside of work, Chris enjoys running marathons, fishing and hunting with his boys, and spending quality time with his family at the beach.Learn more about Chris:Chris Sykes LinkedInCheck out all our social media:FacebookTwitterLinkedInScotty Sykes – CPA, CFP LinkedInScotty Sykes – CPA, CFP TwitterMore resources on this topic:Podcast - AI, Audits, & Advocacy: The Pharmacy Survival Guide with Trenton TheideBlog - Technology, Security and Your PharmacyBlog - Protect You and Your Pharmacy: The Growing Threat of RansomwareBlog - Backing Up Your Business DataBlog - Spot a Hacked Email or Bad WebsiteBlog - Protect Your Pharmacy Data from Hackers
In this episode, Autumn interviews Dr. Ileana Pazos, an expert in dosimetry, discussing the critical role of radiation measurement in various industries, including healthcare and food safety. They explore the science behind dosimetry, the applications of radiation, the challenges faced in accurate measurements, and the misconceptions surrounding food irradiation. Ileana emphasizes the importance of public education and the need for global standards in radiation measurement, while also sharing her personal connection to the field and the future of radiation technologies.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
With cyber threats growing more sophisticated, NIST has overhauled its incident response guidance to help organizations better prepare, respond and recover. Join Jay Stampfl, David Finz and Grace Michael, Alliant Cyber, as they explore the NIST Special Publication 800-61 Revision 3 and its link to the updated Cybersecurity Framework (CSF) 2.0. They explore the expanded role of incident response, the new “govern” function and the shift toward continuous improvement. The team also explains how these changes affect cyber insurance underwriting and how Alliant helps clients stay ahead through planning, tabletop exercises and risk-focused engagement.
If you like what you hear, please subscribe, leave us a review and tell a friend!
Post Flight in Community
Standardy bezpieczeństwa to nie dzikie zwierzęta, chociaż developerzy traktują je jak drapieżniki. Łukasz i Szymon wyjaśniają, dlaczego NIST i CIS Controls to nie biurokratyczne przeszkody, tylko gotowe recepty na bezpieczeństwo. Bo po co wymyślać koło na nowo, skoro ktoś już pomyślał za nas? Framework mówi co robić, benchmark jak to zrobić konkretnie. Shared Responsibility Model w chmurze? Dostawca chmury zabezpiecza budynek, ty pamiętaj zamknąć drzwi - proste jak budowa cepa. Przestań traktować compliance jak karę za grzechy i dowiedz się, czemu automatyzacja zgodności może wreszcie zadziałać bez męczenia się z papierkami. Czy security musi pozostać czarną magią dostępną tylko wtajemniczonym? A może jednak da się zrobić to bez wydawania fortuny na wielotygodniowe audyty? Sprawdź, czy standardy mogą być przyjacielem, a nie wrogiem - chyba że wolisz dalej wymyślać koło na nowo. A teraz nie ma co się obijać!
SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks. Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for […]
SharePoint is exploitable by Microsoft's AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks. Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes The Maintainer's Dilemma: Strategies for... Read More
"First day, worst day, every day — that's what we're built for." — Patrick Quirk, President & GM, Opengear At Cisco Live 2025 in San Diego, Patrick Quirk, President and General Manager of Opengear, joined Technology Reseller News publisher Doug Green to unveil a major innovation in network resilience: Opengear's new Foundational Support platform. Designed to meet the growing demands of increasingly complex, high-density network environments, the SLA-backed solution debuts as part of Opengear's commitment to full-lifecycle customer support. “It's not just about selling equipment,” said Quirk. “It's about walking with the customer through every stage of the network's lifecycle — from deployment to daily operations to disaster recovery.” A long-standing Cisco partner, Opengear has evolved from traditional console servers to a critical infrastructure provider, helping companies maintain uptime in an era where milliseconds matter — especially amid today's AI-driven network traffic spikes. “Outages aren't just inconvenient,” Quirk noted. “They're expensive. We're seeing potential losses of $21,000 per minute during downtime.” Opengear's edge? Out-of-band management. Unlike in-band VLAN control planes, which can be compromised during incidents or overloaded by data traffic, out-of-band infrastructure operates on a completely separate path. This architecture allows for immediate network visibility and control during even the worst disruptions, such as fiber cuts or cyberattacks. Supporting both operational and compliance objectives, Opengear enables organizations to maintain certifications like ISO, SOC 2, and NIST. “We're the wrapper around your network,” said Quirk, emphasizing the company's ability to enforce security and governance alongside performance. The conversation also spotlighted Opengear's recent AI-focused global research, which found a “lens gap” between network engineers and the C-suite. While both groups recognize AI's potential, engineers view it as a productivity tool, whereas executives prioritize compliance and customer value. “There's alignment,” Quirk said. “It just needs more conversation.” At Cisco Live, Opengear is exhibiting at booth 4324 and hosting sessions on topics like agentic AI and network strategy. More details are available at opengear.com.
Dr Randy McDermott takes us behind the scenes of fire science's most critical software tool in this conversation about the Fire Dynamic Simulator (FDS) developed at NIST. As one of the developers, Randy offers valuable insights into how this essential modelling tool is maintained, improved, and adapted to meet the evolving challenges of the fire safety community.The conversation begins with a look at the development process itself, based on a greater picture roadmap and also addressing practical issues reported by users. This balance between vision and responsiveness has helped FDS maintain its position as the gold standard in fire modelling. Randy unpacks the massive validation guide (over 1,200 pages) and explains how users should approach it to understand model capabilities and uncertainties. The guide, along with all the validation cases, is available at Github repository here: https://github.com/firemodels/fdsRather than blindly applying FDS to any problem, he emphasises the importance of identifying similar validated cases and understanding the limitations of the software for specific applications. The discussion tackles emerging challenges like battery fires and mass timber construction – areas where traditional fire modelling approaches face significant hurdles. Randy addresses the limitations of current models while outlining pathways for future development, including potential integration with external specialised models and improvements in chemistry modelling.Finally, we also get to talk about computational costs and efficiency. As Randy explains the implementation of GPU acceleration and the challenges of incorporating detailed chemistry, listeners gain a deeper appreciation of the tradeoffs involved in advanced fire modelling.Whether you're an FDS user, fire safety engineer, or simply curious about computational modelling, this episode offers valuable perspectives on the past, present and future of the tool that underpins modern fire safety science. Oh, and Randy is not just an FDS developer - he is also a prolific researcher. You can find more about his scientific works here: https://www.nist.gov/people/randall-j-mcdermottAs always, MASSIVE THANKS TO THE NIST GROUP AND THEIR COLLABORATORS FOR BUILDING AND MAINTAINING THE SINGLE MOST IMPORTANT PIECE OF SOFTWARE WE HAVE!!! You guys are not thanked enough!----The Fire Science Show is produced by the Fire Science Media in collaboration with OFR Consultants. Thank you to the podcast sponsor for their continuous support towards our mission.
Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »
In this conversation, Dr. Elizabeth Strychalski discusses the fascinating field of synthetic biology, particularly focusing on synthetic cells. She shares her journey into this research area, the challenges of defining life, and the ethical considerations surrounding synthetic biology. The conversation also explores the potential applications of synthetic cells in environmental science and medicine, as well as the importance of engineering standards and biomanufacturing for sustainability. Dr. Strychalski emphasizes the need for collaboration and communication in the scientific community to advance this field responsibly and effectively.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »
High-performance computing (HPC) systems provide fundamental computing infrastructure for government and industry. Security is critical for these systems that play a pivotal role in economic competitiveness and scientific discovery. At the AWS Summit in Washington, D.C., National Institute of Standards and Technology (NIST) Computer Scientist Yang Guo said that efficient encryption and zone-based reference architectures can enhance HPC security without impacting performance. Guo, who leads the NIST HPC Security Working Group, said that collaboration and knowledge sharing can help buttress HPC security, even in cloud environments. Guo also discussed HPC focus areas like confidential computing, zero trust, supply chain security and integrating AI for early detection of anomalies.
Welcome to the daily304 – your window into Wonderful, Almost Heaven, West Virginia. Today is Tuesday, June 10, 2025. Story #1 – From WVU / MEP West Virginia's manufacturers are gaining national attention in the "Heroes of American Manufacturing" series by NIST. The spotlight features Gestamp and NGK Spark Plugs, two companies supported by WVU's Manufacturing Extension Partnership, which are leading by example and driving innovation and excellence in production. The series celebrates the resilience and ingenuity of American manufacturing—and West Virginia is right at the center of it. Read more: https://mailchi.mp/mail.wvu.edu/heroes-of-american-manufacturing?e=236c2d471c Story #2 – From WV SOS Office On this week's “Just Three Questions!” West Virginia Secretary of State Kris Warner hosts Louis Weisberg, President and CEO of Service Wire, a family-owned wire and cable manufacturer that's been doing business in West Virginia since 1968. Weisberg and Warner discuss job growth, economic development and what Weisberg calls “Appalachian Grit.” Listen now: https://www.youtube.com/watch?v=poppGKMvEng Story #3 – From WV MetroNews Focused investment in tourism is transforming Tucker County. New funding is boosting broadband, trails, and infrastructure, creating more recreational opportunities and economic growth. With strong state support, Tucker County is becoming one of the premier destinations in Almost Heaven. Read more: https://wvmetronews.com/2025/05/31/states-focus-on-tourism-brings-new-investment-to-tucker-county/ Find these stories and more at wv.gov/daily304. The daily304 curated news and information is brought to you by the West Virginia Department of Commerce: Sharing the wealth, beauty, and opportunity in West Virginia with the world. Follow the daily304 on Facebook, Twitter, and Instagram @daily304. Or find us online at wv.gov and just click the daily304 logo. That's all for now. Take care. Be safe. Get outside and enjoy all the opportunity West Virginia has to offer.
What if the world's most trusted cryptographic systems could be broken in just minutes instead of centuries? In this thought-provoking episode of the Brilliance Security Magazine Podcast, David Close, Chief Solutions Architect at Futurex, joins host Steven Bowcut to discuss the very real—and rapidly accelerating—threat that quantum computing poses to modern encryption. With quantum advancements progressing faster than many expected, Close explains why organizations need to act now to safeguard long-term data, and how hybrid and agile cryptographic systems are the key to staying ahead.SummaryDavid Close opens the conversation by tracing his own journey from embedded firmware engineering to his current role leading cryptographic innovation at Futurex. He shares how his work with Hardware Security Modules (HSMs)—specialized devices that securely manage encryption keys—laid the groundwork for Futurex's leadership in enterprise-grade encryption.The core of the episode centers on the quantum computing threat to current encryption standards like RSA and elliptic curve cryptography. David breaks down the technical implications in accessible terms: quantum computers can solve problems exponentially faster than classical computers, meaning encryption methods that would take millennia to break with today's machines might be cracked in minutes by quantum processors.A key highlight is the concept of “Harvest Now, Decrypt Later”—a tactic where attackers steal encrypted data today, intending to decrypt it once quantum technology matures. David emphasizes that this threat is not futuristic; it's already underway, with critical long-life data like medical records, financial information, and government secrets at risk.David outlines how Futurex and other leading organizations are proactively adapting. For example, Google and Cloudflare have already implemented hybrid cryptography using both classical and quantum-safe algorithms. Futurex is doing the same across its suite of HSMs and key management solutions, supporting new standards ratified by NIST (including Kyber and Dilithium) and enabling “crypto agility”—the ability to quickly adopt new encryption standards without overhauling infrastructure.He also shares how Futurex is helping clients through cryptographic discovery, which allows organizations to identify where and how cryptography is being used across their environments. This step is essential for prioritizing risk areas and laying a foundation for a secure, phased migration to post-quantum cryptography.Finally, David stresses that while the quantum threat is real and imminent, organizations shouldn't panic—but they must act now. The transition to post-quantum cryptography is already underway, and those who prepare today will be far more secure and resilient tomorrow.
Guiding Question:How might we empower students to organize an event to share, celebrate, and inspire younger students in our school community through service learning.Key Takeaways:Peer to peer learning in the context of service learningAuthentic engagement with service learning in elementary education co-facilitated by high school student leaders Planting the seeds with our youngest learners to develop the service learning mindsetSustainability of service learning initiatives through whole school events like Community Partners WeekIf you have enjoyed the podcast please take a moment to subscribe, and also please leave a review on your favorite podcast platform. The way the algorithm works, this helps our podcast reach more listeners. Thanks from IC for your support. Learn more about how Inspire Citizens co-designs customized student leadership and changemakers programsConnect with more stories from the Inspire Citizens network in our vignettesMeasuring the IMPACT of Service Learning projects and initiatives Access free resources for global citizenship educationYou can book a discovery call with Inspire Citizens at this linkShare on social media using #EmpathytoImpactEpisode Summary On this episode, I meet Omaira and Tul, members of ServiceCo and service learning leaders at NIST. Following up on our previous episode with Y6 students, in Part 2 Tul and Omaira share a behind-the-scenes look at Community Partners Week, the organization of this impactful event, and their role as service learning leaders designing and leading learning experiences with Y6 students. This was the 3rd annual Community Partners Week at NIST, and by all accounts, the best one yet. During Community Partners Week, students in the primary years program had opportunities to connect with community partners like Helping Heart (EY-Y1), a local nursery (EY-Y1), Student-led service groups Eco and Plastic-free NIST (Y2), Operation Smile (Y3), Student-led service group FemiNIST (Y4), and Student-led service group FashioNIST (Y5). Join me for a great conversation with these student leaders to get a deeper insight on the impact of CPW at their school and how peer to peer learning leads to a service mindset, the ongoing sustainability of service learning initiatives, and a culture of service across the whole school community.Discover a transformative podcast on education and learning from a student perspective and student voice, exploring media, media literacy, and media production to inspire citizens in schools through a media lab focused on 21st-century learning, empathy to impact, Global citizenship, collaboration, systems thinking, service learning, PBL, CAS, MYP, PYP, DP, Service as Action, futures thinking, project-based learning, sustainability, well-being, harmony with nature, community engagement, experiential learning, and the role of teachers and teaching in fostering well-being and a better future.
"Compliance is the security referee - frameworks are the playbooks."In this episode, I'm joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.Tim shares what he's learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.Here are some highlights from the episode:What GRC actually means - and why governance is the most misunderstood partWhy people who say "compliance isn't security" are missing the pointHow explaining the "why" of cybersecurity controls aids in acceptanceWhy data retention policies can protect you from major legal headachesAnd yes… a story about how Tim accidentally ransomwared himself
Welcome back to the Evolved Radio Podcast! In today's episode, I'm joined by Anup Ghosh with Threatmate. Anup and I deep dive into one of the MSP industry's hottest—and sometimes most confusing—topics: cybersecurity. But instead of focusing on the aftermath of a security incident (what they call “right of the boom”), we shift the conversation to proactive measures—what it really means to operate “left of the boom.” We unpack the concept of security as a utility, discuss how to utilize NIST and CIS frameworks, and explore fear-based selling. This episode is packed with insights that will help you strengthen your security posture before disaster strikes. So listen in to stay ahead of the next big threat. This episode is brought to you by Opsleader Pro. A place for MSP owners and managers to get the systems and tools they need to build a stable and growing MSP. Part group coaching, part peer group, everything you need to run a successful MSP.
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333
In this episode of Breaking Math, hosts Autumn and Gabriel explore the innovative intersections of fire science and technology with experts Amy Mensch and Ryan Falkenstein-Smith who work at NIST. They discuss the groundbreaking photoacoustic technique for measuring soot deposition, its applications in fire safety and forensic investigations, and the broader implications for fire research. The conversation highlights the importance of integrating advanced technologies into firefighting and the potential for future developments in the field.You can learn more about Time at time.gov and NIST at nist.gov.All opinions are of the individual scientist and do not reflect the opinions of NIST or the federal Government.Subscribe to Breaking Math wherever you get your podcasts.Become a patron of Breaking Math for as little as a buck a monthFollow Breaking Math on Twitter, Instagram, LinkedIn, Website, YouTube, TikTokFollow Autumn on Twitter and InstagramBecome a guest hereemail: breakingmathpodcast@gmail.com
Dive deep into the world of cloud security with Rocky Giglio and special guest Sean Atkinson, CISO at the Center for Internet Security (CIS), on this episode of Cloud and Clear! We examine the crucial role of CIS benchmarks and hardened images in establishing a robust and secure cloud infrastructure. In this insightful discussion, Sean breaks down: ✅ What CIS is and its mission to create a safer connected world. ✅ The evolution of CIS Controls from 20 to 18 for greater efficiency. ✅ Understanding CIS Benchmarks and how they standardize security configurations. ✅ The power of Hardened Images: Start secure from day zero in your cloud environment. ✅ Shifting security left and proactively integrating security into design. ✅ How CIS simplifies compliance with NIST, PCI, HIPAA, and other frameworks. ✅ The importance of community and partnership in cybersecurity. Whether you're a security professional, cloud engineer, or anyone concerned about keeping data safe in the cloud, this episode is packed with valuable knowledge. Learn how to leverage CIS resources to strengthen your security posture and simplify compliance. Tune in to discover how CIS is making cloud security more accessible and effective! Don't forget to subscribe to Cloud and Clear for more expert insights on cloud transformation. #CloudSecurity #CIS #Cybersecurity #CloudComputing #HardenedImages #SecurityBenchmarks #CloudAndClear #GoogleCloud #Compliance #NIST #PCI #HIPAA #CISO #TechPodcast Join us for more content by liking, sharing, and subscribing!
The theme of the current administration is to do more with less. Today, we hear from experts on how they have assisted in implementing Zero Trust by leveraging all resources possible. We know implementing Zero Trust is a continuous process; David Bottom from the SEC provides guidelines on what to review constantly. He suggests focusing on decreasing privileges, patching systems, and learning how to extract meaningful signals from the flood of data entering the federal government. None of this can be done without cooperation across the agency. As an example of working with others, David Bottom references the SEC's EDGAR (Electronic Data Gathering, Analysis, and Retrieval). Jennifer Franks, GAO, recommends that listeners take advantage of federal guidelines to spend as little as possible while meeting compliance goals. For example, CISA, OMB, and NIST all offer guidance in implementation. She has an excellent eight-word summary of Zero Trust: right users, proper access, at the right time. Many agencies are understaffed. As a result, one way to meet goals is to leverage the right tools. Brian "Stretch" Meyers believes the most "bang for the buck" will be achieved by using tools to establish visibility. From there, one can identify key items to reach compliance. Zero Trust is an initiative that is here to stay. Listen to the podcast to get ideas on how to optimize the staff and resources at hand.
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333
Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Show Notes: https://securityweekly.com/asw-333
Mutant super-powers give Korean sea women diving abilitiesThe Haenyeo, or sea women, of the Korean island of Jeju have been celebrated historically for their remarkable diving abilities. For hour after hour they dive in frigid waters harvesting sea-life, through pregnancy and into old age. A new study has shown they are able to do this because of specific genetic adaptations that appeared in their ancestors more than a thousand years ago. These genes make them more tolerant to the cold, and decrease diastolic blood pressure. The women also spend a lifetime training, beginning to dive at age 15 and continuing on until their 80s or even 90s. Melissa Ilardo of Utah University and her team published their findings in the journal Cell Reports.This dessert is automatic and autonomous Care for a slice of robo-cake? Scientists in Europe have baked up a cake with pneumatically powered animated gummy bears, and candles lit by chocolate batteries. They think their edible robotics could develop in the future to food that could bring itself to the hungry and medicine could deliver itself to the sick. Mario Caironi of the Italian Institute of Technology and his colleagues presented their creation at Expo 2025 Osaka.Shrinking Nemo — heat is causing clownfish to downsizeScientists have found that clownfish, made famous by the Disney movie Finding Nemo, have an ability never seen before in fish in the coral reefs. When the water they live in gets warmer, they are able to shrink their bodies — becoming a few per cent of their body length shorter — to cope with the stress of the heat. Melissa Versteeg of Newcastle University says the size of the clown anemonefish is important for their survival and their ranking within their hierarchical society. The research was published in the journal Science Advances.When the music moves you — the brain science of grooveYou know that groove feeling you get when you listen to certain music that compels you to shake your bootie? Scientists in France investigated how our brains experience groovy music to better understand how we anticipate rhythms in time. They discovered that we perceive time in the motor region that controls movement. Benjamin Morillion from Aix Marseille Université said they also found a specific rhythm in the brain that helps us process information in time, that could predict if a person thought the music was groovy. The study was published in the journal Science Advances.Scientists hope a new storm lab will help us understand destructive weatherExtreme weather is far less predictable than it used to be, and now a new research centre at Western University wants to transform our understanding of Canada's unique weather systems. The Canadian Severe Storms Laboratory will collect nation-wide data on extreme weather, including hailstorms, tornadoes, and flash flooding, and look for patterns to help predict where they'll be hitting and how to prevent the most damage. Producer Amanda Buckiewicz spoke with:Greg Kopp, ImpactWX Chair in Severe Storms Engineering and CSSL founding director at Western UniversityHarold Brooks, senior research scientist at NOAA's National Severe Storms LaboratoryJohn Allen, associate professor of meteorology at Central Michigan UniversityPaul Kovacs, executive director of the Institute for Catastrophic Loss Reduction at Western University.Tanya Brown-Giammanco, director of Disaster and Failure Studies at NIST
In this unfiltered episode of Unspoken Security, host A. J. Nash explores the looming threat quantum computing poses to our digital infrastructure with experts Robert Clyde, Managing Director of Clyde Consulting and Chair of crypto-security firm CryptoQuanti, and Jamie Norton, a Board Director at ISACA with extensive cybersecurity credentials. They cut through the technical jargon to explain how quantum computing fundamentally differs from classical computing and why its exponential processing power threatens to break current encryption standards."While current quantum computers operate at around 150 qubits, once they reach sufficient power, everything from banking transactions to secure communications could be compromised instantly," warns Robert during the discussion of "Q Day" — the moment when quantum computers become powerful enough to defeat public-key cryptography underpinning internet security.Despite the alarming scenario, the experts offer practical guidance on preparing for this threat. They outline how organizations should begin implementing post-quantum cryptography solutions developed by NIST, emphasizing that proactive preparation, not panic, is the critical response security professionals should adopt today. Listen to the full episode to understand the quantum threat and learn the concrete steps your organization should take now before Q Day arrives.Send us a textSupport the show
This week on "Playing the Field" Ryan Field and Gina Sirico spoke to "The Golden Bachelor's" Theresa Nist. Nist famously won over Gerry Turner's heart on the show's first season. Unfortunately, they divorced three months after their lavish TV wedding. Despite that, the former pair remain friends and she said that being on the show was "one of the greatest, most interesting experiences of my life." These days, you'll find the grandmother of seven delighting in her new baby grandson, Augie, in New Jersey. She's also taken up golf and pickleball. In fact, one of the dates on "The Golden Bachelor" was playing pickleball! Gerry recently called her before going public with the news that he had a new girlfriend in his life. Nist said that she "wishes them the best." One of the lasting relationships she made on the show was a wonderful friendship with runner-up Leslie. While Theresa decided that appearing on "Bachelor in Paradise" wasn't for her, she's ready to cheer her friend on as she goes to the beach. She says she has a bit of FOMO, but is excited to go to a watch party at Leslie's house and plans to watch every episode. As for Nist, she said that when it comes to her own love life, she doesn't plan to talk about it in public. That's something she now wants to keep private. Learn more about your ad choices. Visit podcastchoices.com/adchoices
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397
“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware. On today's Threat Vector, David Moulton speaks with his Palo Alto Networks colleagues Tanya Shastri and Navneet Singh about a strategy for secure AI by design. CIA's secret spy site was… a Star Wars fan page? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host David Moulton speaks with Tanya Shastri, SVP of Product Management, and Navneet Singh, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record) GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News) Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News) Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register) US Government Launches Audit of NIST's National Vulnerability Database (Infosecurity Magazine) Law Firms Warned of Silent Ransom Group Attacks (SecurityWeek) Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine) Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread) Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers) The CIA Secretly Ran a Star Wars Fan Site (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
¿Qué es un ataque de reconstrucción? ¿Aumentan sus riesgos por el uso de datos personales en el entrenamiento de modelos de IA? ¿Qué marco de gestión de riesgos resulta más apropiado para su gestión? Ángela Manceñido tiene diez años de experiencia en la prestación de servicios de consultoría orientados a la privacidad y protección de datos. Durante este tiempo, ha ayudado, trabajando para KPMG, a numerosas compañías de distintos sectores adaptándose y ofreciendo soluciones efectivas y óptimas en un entorno en constante evolución. En el presente, Ángela también se ha especializado en el impacto de la IA desde una perspectiva regulatoria y de riesgo tecnológico. Actualmente guía a varios clientes en este campo, permitiendo a estos afrontar los desafíos y oportunidades que presentan las nuevas tecnologías garantizando el cumplimiento normativo y la mitigación de riesgos. Nuestra invitada participa además en varias asociaciones y grupos de referencia. Referencias: Ángela Manceñido en LinkedIn Marco de gestión de riesgos de NIST (inglés) Caso Holmen: un ciudadano noruego es acusado falsamente por ChatGPT de matar a sus dos hijos (BBC, inglés) NIST: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations (2024) Matriz RACI de roles y responsabilidades (Monday)
If you like what you hear, please subscribe, leave us a review and tell a friend!
A major exodus of leadership is underway at CISA, the US government will audit NIST over its vulnerability backlog; an ancient and mysterious APT has been linked to Spain's government, and the SVG image format is great for phishing. Show notes
If you like what you hear, please subscribe, leave us a review and tell a friend!
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Michael Hill is Program Manager of College Workforce Programs at the Unmanned Safety Institute. The Unmanned Safety Institute or USI is an approved training partner of ASTM International and the International Business Aviation Council. The Institute is dedicated to improving safety in unmanned aviation by applying time-honored aviation safety practices to unmanned aircraft systems. USI accomplishes this mission by developing workforce readiness programs, providing training to UAS crews, and helping flight service providers meet their safety goals. Michael is a certified UAV pilot in three countries with over 6,000 flight hours and more than 7,800 successful, incident-free missions as a Remote Pilot-in-Command. He holds industry and safety certifications from FEMA, OSHA, NIST, and USI. He is a highly sought-after public speaker and industry influencer, passionate about sharing his expertise on UAV technology applications for land, air, and sea operations. He brings a wealth of experience to USI, including aerial mapping, telecom and wind turbine inspections, oil and gas and critical infrastructure assessments, search and rescue operations, as well as involvement with state and federal regulations. An active advocate for the drone industry, he has served as the Policy and Legislative Chairman for the North Central Texas Council of Governments UAS Taskforce and as the Training Officer for the North Texas Public Safety Unmanned Response Team. Additionally, he holds the role of 2nd Lieutenant and the former Director of Unmanned Operations for the Texas Wing of the Civil Air Patrol. In this addition of the Drone Radio Show, Michael talks about the Unmanned Safety Institute and how it helps prepare students for viable careers in the drone industry.
Guiding Question:How might we take creative action towards a reimagined future?Key TakeawaysDifferent types of service and ways we can take actionPYP Exhibition and how we might empower students to take age-appropriate, creative, sustainable actionsHow meaningful actions can start a “chain reaction” in our school communities as we work to develop as global citizens If you have enjoyed the podcast please take a moment to subscribe, and also please leave a review on your favorite podcast platform. The way the algorithm works, this helps our podcast reach more listeners. Thanks from IC for your support. Learn more about how Inspire Citizens co-designs customized student leadership and changemakers programsConnect with more stories from the Inspire Citizens network in our vignettesCheck out other PYPx stories from ARIS, CIS Beijing, and WABMeasuring the IMPACT of Service Learning projects and initiatives Access free resources for global citizenship educationYou can book a discovery call with Inspire Citizens at this linkShare on social media using #EmpathytoImpactEpisode Summary On this episode, I meet Charlotte, Saar, Stella, and Viviana (Vivi) to talk about Community Partners Week and their work leading up to the PYP exhibition at NIST. This was the 3rd annual Community Partners Week, and by all accounts, the best one yet. During Community Partners Week, students in the primary years program had opportunities to connect with community partners like Helping Heart (EY-Y1), a local nursery (EY-Y1), Student-led service groups Eco and Plastic-free NIST (Y2), Operation Smile (Y3), Student-led service group FemiNIST (Y4), and Student-led service group FashioNIST (Y5). Join me for a great conversation with these students from Y6 to learn what they were up to for CPW working with community partners and high school students from ServiceCo and don't miss our next episode that will feature Omaira and Tul from ServiceCo sharing some behind the scenes information on this amazing peer-to-peer learning experience. A big sh opportunitiesout out to Magic Mind for sponsoring this episode. Take advantage of our limited offer to get up to 48% offyour first subscription or 20% off one time purchases with code ETI20 at checkout.Claim your discount at: https://www.magicmind.com/ETI20Discover a transformative podcast on education and learning from a student perspective and student voice, exploring media, media literacy, and media production to inspire citizens in schools through a media lab focused on 21st-century learning, empathy to impact, Global citizenship, collaboration, systems thinking, service learning, PBL, CAS, MYP, PYP, DP, Service as Action, futures thinking, project-based learning, sustainability, well-being, harmony with nature, community engagement, experiential learning, and the role of teachers and teaching in fostering well-being and a better future.
The National Security Hour with Blanquita Cullum – Architects and engineers question how the Twin Towers collapsed in ‘essential free fall' despite Newton's Third Law. 18 years ago, a petition challenged NIST's report under the Information Quality Act, demanding explanations for total collapse. Join Blanquita Cullum with Richard Gage and Kamal Obeid as they probe hidden data and rare research into this mystery.
Post-quantum cryptography is rapidly moving from the realm of NIST standards to running in production. The threat of quantum computing advances and coming regulations are driving this acceleration. One major component on the PQC migration plan for companies is VPN. In this episode we look at the Ambit corporate VPN client, which uses a standardized NIST PQC cipher: ML-KEM. Did you know there are potential gotchas with trying hybrids of classical and PQC instead? Find out the technical and philosophical reasons why the developers chose to skip offering a hybrid option. Join host Konstantinos Karagiannis for a wide-ranging chat with Kevin Kane and Andrew McElroy from American Binary. For more information on American Binary, visit https://www.ambit.inc/. Visit Protiviti at https://www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready. Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech. Questions and comments are welcome! Theme song by David Schwartz, copyright 2021. The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries. None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.
The National Security Hour with Blanquita Cullum – Architects and engineers question how the Twin Towers collapsed in ‘essential free fall' despite Newton's Third Law. 18 years ago, a petition challenged NIST's report under the Information Quality Act, demanding explanations for total collapse. Join Blanquita Cullum with Richard Gage and Kamal Obeid as they probe hidden data and rare research into this mystery.
In this episode, podcast co-hosts Dr. Dwight Stoll and Dr. James Grinias talk with Dr. Alix Rodowa, Research Chemist within the Organic Chemical Metrology Group at the National Institute of Standards & Technology (NIST) in Gaithersburg, Maryland. At NIST, she is the Environmental Sector Task Lead for the Organic Analysis Working Group for the Consultative Committee for Amount of Substance: Metrology in Chemistry and Biology (or CCQM). After discussing some of the events that sparked Dr. Rodowa's interest in science, and analytical chemistry in particular, we discuss her path to a career as a NIST scientist, including cold-emailing potential research advisors, and an experience as a National Research Council (NRC) postdoctoral fellow. We then discuss her work on polyfluoroalkyl substances (PFAS), including the development of the PFAS Interference List - affectionately known as the “PIL” - and the development of a Standard Reference Material (SRM) for that research area. We also touch on emerging uses of machine learning in workflows for analytical target and suspect screening. Finally, Alix provides some insight into a day in the life of a NIST scientist, why she enjoys working in a government laboratory, and how aspiring scientists can explore this environment as a potential career option.
Bringing Tens of Thousands of Newcomers to the 9/11 Truth | Watch Along with Them! — 45 Minutes Jimmy Dore posted today our LIVE interview with him from the other day! He encouraged us to share all the evidence we could in our limited time with him, and we did! I was joined by structural engineer Kamal Obeid from Architects & Engineers for 9/11 Truth who addressed key issues including the impossibility of the free-fall collapse of World Trade Center Building 7. We addressed as many key points as we possibly could in the 45 minutes that we had:The importance of the truth-telling that WI Senator Ron Johnson and former Congressman Curt Weldon are all about right now. Jimmy played excerpts of the Senator's WTC comments on The Benny Show including “molten metal…controlled demolition…Calling Out Bravo 7 documentary.” We are making sure that the Senator has the solid body of evidence that will back up his historic efforts to get a real 9/11 investigation. The more you help us, the more we can help the VIP's who have the courage to speak out!We addressed these questions among many others on Jimmy Dore:Why didn't the American Institute of Architects issue even one bulletin on the catastrophic unprecedented destruction of 47-story World Trade Center Building 7 — the third worst structural failure in history?Why didn't NIST (National Institute of Standards & Technology) include in their 2004 report on the Twin Towers the 156 first responders who saw, heard, and experienced explosions? And, many of them before the collapse of the towers?Why did NIST persist with their theory that the top section crushed the building section below while maintaining a near free-fall acceleration (when the top section was in fact destroyed in the first 3 seconds) — as if 90% of the steel gave no resistance whatsoever?What caused the hundreds of laterally-ejected freely-flying 4-ton structural steel sections, at 80mph, landing 600 feet in every direction impaling themselves in skyscrapers all around them?What cause the complete pulverization of 110 acre-sized concrete floors — 90,000 tons of concrete in each tower, and dispersed it from river to river across Lower Manhattan?What was crushing the lower section of each tower, if the above steel and concrete, which was 2/3 of their weight, was NOT even available to crush it?!The above questions were just the beginning of the 7-dozen key points of forensic, video, and eyewitness testimony we laid on Jimmy. Please let us know how you think we did. There's always room for improvement. Visit us at RichardGage911.orgSupport the show
In this conversation, Richard Gage, a renowned architect, discusses the events of 9/11, focusing particularly on the collapse of Building 7. He challenges the official narrative provided by NIST, presenting evidence that suggests controlled demolition rather than fire caused the building's collapse. Gage highlights eyewitness accounts of explosions, the role of thermite, and the destruction of evidence in the aftermath. He also explores the broader implications of 9/11, including motivations behind the attacks and their impact on global politics.takeaways9/11 was a pivotal event that shaped global politics.Building 7's collapse is often overlooked but crucial to understanding 9/11.The official narrative of the collapse is challenged by evidence of controlled demolition.Eyewitness accounts report explosions prior to the collapse of the buildings.Thermite may have been used in the demolition of the buildings.The destruction of evidence post-9/11 raises serious concerns about the investigation.Many architects and engineers demand a new investigation into 9/11.The motivations behind 9/11 include geopolitical and economic factors.The narrative of 9/11 has parallels with other global events, including COVID-19.Public awareness and critical thinking are essential in understanding historical events.titlesUnraveling 9/11: The Truth Behind Building 7The Collapse of Building 7: A Controlled Demolition?Sound Bites"The building came down at freefall.""Molten iron was found in the debris.""There was no plane that hit Building 7."Chapters00:00Introduction to 9/11 and Its Implications02:56The Collapse of Building 7: An Overview10:38Investigating the Official Narrative18:16Witness Accounts and Explosions30:40Thermite and the Evidence43:27Conclusion: Call for a New Investigation45:06Introduction to the Film Series on 9/1146:45Exploring the Mechanics of Building Collapse48:22Theories of Collapse: NIST vs. Controlled Demolition52:26Eyewitness Accounts of Explosions55:32Symmetry and Asymmetry in the Collapse01:01:28The Role of Concrete in the Collapse01:04:33Access and Preparation for Demolition01:10:47Destruction of Evidence and Its Implications01:14:32Motivations Behind 9/11: A Broader Perspective01:17:14Parallels Between 9/11 and COVID-1901:20:23YOUTUBE - OUTRO (NEW).mp4 Visit us at RichardGage911.orgSupport the show
On this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• ICYMI: REGISTER NOW! WaterISAC's 2025 H2OSecCon! (20 May) From cybersecurity to climate resilience, operational continuity to public trust, we must collaborate across sectors to build smarter, stronger, and more adaptive systems. That's why we're inviting leaders like you to join the WaterISAC's 2025 H2OSecCon. Connect with peers and leaders committed to enhancing the resilience of our nation's critical systems.Main Topics:Ransomware & Data Breaches: • Monday was Anti-Ransomware Day 2025! What a great time to invest in ransomware resilience! Contact Gate 15 today to get to work building your Cyber Incident Response Plan and ransomware procedures, to start planning your next ransomware workshop or tabletop exercise, to plan for post-incident analysis or to take advantage of our new very price-friendly ransomware exercise for executives – designed especially for small and medium businesses! • Explore the latest cyber risks and claims trends from Coalition. LockBit ransomware gang hacked, victim negotiations exposed• Reminder! Criminals lie and NEVER DELETE YOUR DATA! School boards hit with ransom demands linked to PowerSchool cyberattack• M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' • The Very Real Costs of Ransomware: IT warning after hackers close 160-year-old firm. Extremism:• Ohio Man Charged with Threatening State Public Officials • Texas Man Convicted of Making Threats to Kill Nashville District Attorney Glenn Funk • FBI has opened 250 investigations tied to violent online network '764' that preys on teens, top official says• Teenage Terrorists Are a Growing Threat to Europe's SecurityUSG Transitions• Trump's 2026 budget proposes $163 billion cut to non-defense spending, slashes CISA and FEMA funding• White House Proposes $500 Million Cut to CISA• Hegseth orders Pentagon to cut number of senior generals by 20%• Lawmakers question Noem over cuts to CISA, FEMA, TSA• Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan• NSA to cut up to 2,000 civilian roles as part of intel community downsizing• NIST loses key cyber experts in standards and researchIndia strikes Pakistan over tourist killings, Pakistan says it will retaliate• Kashmir crisis live: Pakistan PM authorises armed forces to undertake ‘corresponding action' after India strikes kill 26• Pakistan vows to respond after India launches strikes in wake of Kashmir massacre• Pakistan claims to have downed Indian warplanes, vows response to strikes• China urges restraint as India-Pakistan tensions escalate with military strikes• A Timeline of Tensions Between India and Pakistan Over Kashmir• India, Pakistan accuse each other of attacks as hostilities rise• AlQaeda Statement On Indian Strikes In PakistanQuick Hits:• Crypto millionaires targeted in brutal kidnappings across France and Europe; Attackers' modus operandi: cutting off victims' fingers to pressure payments. • The father of a cryptocurrency entrepreneur was kidnapped in Paris and found held captive with his finger severed. (article in French)• Assessing the U.S. Climate in April 2025Assessing the U.S. Climate in April 2025• FBI PSA - Cyber Criminal Proxy Services Exploiting End of Life Routers• FBI FLASH: Cyber Criminal Services Target End-of-Life Routers to Launch Attacks and Hide Their Activities (PDF)• Risky Bulletin: France says Russian influence operations are getting better, achieving results• Unsophisticated Cyber Actor(s) Targeting Operational Technology • Primary Mitigations to Reduce Cyber Threats to Operational Technology• US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations• Primary Mitigations to Reduce Cyber Threats to Operational Technology• UK NCSC: UK pioneering global move away from passwords• Classic Rock - Hunting A Botnet That Preys On The Old
What has happened in the past 100 days to America's science and technology ecosystem? What are China's ambitions and how is the government trying to take advantage of American uncertainty? And what can we learn from China's war mobilization exercises? To explore these questions, we're joined by Divyansh Kaushik and Alex Rubin, who both work at Beacon Global Strategies. Divyansh holds an AI PhD from Carnegie Mellon, and Alex spent the past decade at the CIA focusing on China and emerging technologies. We discuss… The Historical origins of the US R&D model, and the division of labor between universities, government, and industry, How budget cuts will impact the NSF, NIH, NIST, and DoD basic research, Why and how China attempts to emulate US research institutions, What a leaked wargame exercise from Guangdong province can tell us about China's grand strategy, How institutions like ChinaTalk can complement the IC with fresh, independent research. Outro music: The Elements - Tom Lehrer (YouTube Link) Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us a text⚾ In this engaging episode of Joey Pinz Conversations, we dive deep into the timeless debates of baseball and business with guest Josh Hoffman. From the designated hitter controversy to modern rule changes, Joey and Josh reminisce about iconic players like Yaz, Otani, and Thurman Munson while exploring how baseball's evolution mirrors today's shifting business landscape.But the conversation doesn't stop at the ballpark!