Podcasts about nist

日本電気株式会社（NEC）は2月20日、ゼロトラストアーキテクチャの実践的な構築方法について、同社セキュリティブログに解説記事を発表した。青木大智氏が執筆している。

Podcast: Exploited: The Cyber Truth Episode: From NIST to Nation-State: Securing Embedded Systems through Compliance and TrustPub date: 2026-02-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Cordell Robinson, CEO of Brownstone Consulting, to explore how security frameworks like NIST 800-53 are evolving from paperwork exercises into real drivers of security maturity. From continuous monitoring and secure-by-design development to Software Bills of Materials (SBOMs) and vulnerability transparency, the conversation examines what it takes to build trust in embedded and operational technology (OT) systems, especially as regulators sharpen their focus and nation-state threats grow more sophisticated. Together, they explore: Why compliance should cover people, processes, and technology—not just policiesHow NIST frameworks are shifting from checklists to operational rigorThe growing importance of SBOMs in supply chain transparencyHow AI is reshaping both cyber defense and attacker capabilityWhat new regulatory pressure (including the EU Cyber Resilience Act) means for manufacturers Whether you build embedded systems, ship software to government agencies, or manage critical infrastructure, this episode offers practical insight into building compliance programs that strengthen security and earn trust.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Our Deputy Head of Global Research Michael Zezas and Stephen Byrd, Global Head of Thematic and Sustainability Research, discuss how the U.S. is positioning AI as a pillar of geopolitical influence and what that means for nations and investors.Read more insights from Morgan Stanley.----- Transcript -----Michael Zezas: Welcome to Thoughts on the Market. I'm Michael Zezas, Morgan Stanley's Deputy Head of Global Research.Stephen Byrd: And I'm Stephen Byrd, Global Head of Thematic and Sustainability Research.Michael Zezas: Today – is AI becoming the new anchor of geopolitical power?It's Wednesday, February 27th at noon in New York.So, Stephen, at the recent India AI Impact Summit, the U.S. laid out a vision to promote global AI adoption built around what it calls “real AI sovereignty.” Or strategic autonomy through integration with the American AI stack. But several nations from the global south and possibly parts of Europe – they appear skeptical of dependence on proprietary systems, citing concerns about control, explainability, and data ownership. And it appears that stake isn't just technology policy. It's the future structure of global power, economic stratification, and whether sovereign nations can realistically build competitive alternatives outside the U.S. and China.So, Stephen, you were there and you've been describing a growing chasm in the AI world in terms of access to strategies between the U.S. and much of the global south, and possibly Europe. So, from what you heard at the summit, what are the core points of disagreement driving that divide?Stephen Byrd: There definitely are areas of agreement; and we've seen a couple of high-profile agreements reached between the U.S. government and the Indian government just in the last several days. So there certainly is a lot of overlap. I point to the Pax Silica agreement that's so important to secure supply chains, to secure access to AI technology. I think the focus, for example, for India is, as you said; it is, you know, explainability, open access. I was really struck by Prime Minister Modi's focus on ensuring that all Indians have access to AI tools that can help them in their everyday life.You know, a really tangible example that really stuck with me is – someone in a remote village in India who has a medical condition and there's no doctor or nurse nearby using AI to, you know, take a photo of the condition, receive diagnosis, receive support, figure out what the next steps should be. That's very powerful. So, I'd say, open access explainability is very important.Now, the American hyperscalers are very much trying to serve the Indian market and serve the objectives really of the Indian government. And so, there are versions of their models that are open weights, that are being made freely available for health agencies in India, as an example; to the Indian government, as an example.So, there is an attempt to really serve a number of objectives, but I think this key is around open access, explainability, that I do see that there's a tension.Michael Zezas: So, let's talk about that a little bit more. Because it seems one of the concerns raised is this idea of being captive within proprietary Large Language Models. And maybe that includes the risk of having to pay more over time or losing control of citizen data. But, at the same time, you've described that there are some real benefits to AI that these countries want to adopt.So, what is effectively the tension between being captive to a model or the trade off instead for pursuing open and free models? Is it that there's a major quality difference? And is that trade off acceptable?Stephen Byrd: See, that's what's so fascinating, Mike, is, you know, what we need to be thinking about is not just where the technology is today, but where is it in six months, 12 months, 24 months? And from my perspective, it's very clear. That the proprietary American models are going to be much, much more capable.So, let's put some numbers around that. The big five American firms have assembled about 10 times the compute to train their current LLMs compared to their prior LLMs, and that's a big deal. If the scaling laws hold, then a 10x increase in training compute to result in models are about twice as capable.Now just let that sink in for a minute, twice as capable from here. That's a big deal. And so, when we think about the benefit of deploying these models, whether it's in the life sciences or any number of other disciplines, those benefits could start to get very large. And the challenge for the open models will be – will they be able to keep up in terms of access to compute, to training, access to data to train those models? That's a big question.Now, again, there's room for both approaches and it's very possible for the Indian government to continue to experiment and really see which approach is going to serve their citizens the best. And I was really struck by just how focused the Indian government is on serving all of their citizens. Most notably, you know, the poorest of the poor in their nation. So, we'll just have to see.But the pure technologist would say that these proprietary models are going to be increasing capability much faster than the open-source models.So, Mike, let's pivot from the technology layer to the geopolitical layer because the U.S. strategy unveiled at the summit goes way beyond innovation.Michael Zezas: Yeah, it's a good point. And within this discussion of whether or not other countries will choose to pursue open models or more closely adhere to U.S. based models is really a question about how the United States exercises power globally and how it creates alliances going forward.Clearly some part of the strategy is that the U.S. assumes that if it has technology that's alluring to its partners, that they'll want to align with the U.S.' broad goals globally. And that they'll want to be partners in supporting those goals, which of course are tied to AI development.So, the Pax Silica [agreement], which you mentioned earlier, is an interesting point here because this is clearly part of the U.S. strategy to develop relationships with other countries – such that the other countries get access to U.S. models and access to U.S. AI in general. And what the U.S. gets in return is access to supply chain, critical resources, labor, all the things that you need to further the AI build out. Particularly as the U.S. is trying to disassociate more and more from China, and the resources that China might have been able to bring to bear in an AI build out.Stephen Byrd: So, Mike, the U.S. framed “real AI sovereignty” as strategic autonomy rather than full self-sufficiency. So, essentially the. U.S. is encouraging nations to integrate components of the American AI stack. Now, from your perspective, Mike, from a macro and policy standpoint, how significant is that distinction?Michael Zezas: Well, I think it's extremely important. And clearly the U.S. views its AI strategy as not just economic strategy, but national security strategy.There are maybe some analogs to how the U.S. has been able to, over the past 80 years or so, use its dominance in military and military equipment to create a security umbrella that other countries want to be under. And do something similar with AI, which is if there is dominant technology and others want access to it for the societal or economic benefits, then that is going to help when you're negotiating with those countries on other things that you value – whether it be trade policy, foreign policy, sanctions versus another country. That type of thing.So, in a lot of ways, it seems like the U.S. is talking about AI and developing AI as an anchor asset to its power, in a way that military power has been that anchor asset for much of the post World War II period.Stephen Byrd: See, that's what's so interesting, Mike, [be]cause you've highlighted before to me that you believe AI could replace weaponry as really the anchor asset for U.S. global power. Almost a tech equivalent of a defense umbrella.So how durable is that strategy, especially given that some countries are expressing unease about dependency?Michael Zezas: Yeah, it's really hard to know, and I think the tension you and I talked about earlier, Stephen, about whether countries will be willing to make the trade off for access to superior AI models versus open and free models that might be inferior, that'll tell us if this is a viable strategy or not. And it appears like this is still playing out because, correct me if I'm wrong, it's not like we've received some very clear signals from India or other countries about their willingness to make that trade off.Stephen Byrd: No, I think that's right. And just building on the concept of the trade-offs and, sort of, the standard for AI deployment, you know, the U.S. has explicitly rejected centralized global AI governance in favor of national control aligned with domestic values.So, what does that signal about how global technology standards may evolve, particularly as in the U.S., the National Institute of Standards and Technology, or NIST, works to develop interoperable standards for agentic AI systems.Michael Zezas: Yeah, Stephen, I think it's hard to know. It might be that the U.S. is okay with other countries having substantial degrees of freedom with how they use U.S.-based AI models because they could use U.S. law to, at a later date, change how those models are being used – if there's a use case that comes out of it that they find is against U.S. values. Similar in some way to how the U.S. dollar being the predominant currency and, therefore, being the predominant payment system globally, gives the U.S. degrees of freedom to impose sanctions and limit other types of economic transactions when it's in the U.S. interest.So, I don't know that to be specifically true, but it's an interesting question to consider and a potential motivation behind why a laissez-faire approach might be, ultimately, still aligned with U.S. interests.Stephen Byrd: So, Michael, it sounds like really AI is becoming the new strategic infrastructure globally.Michael Zezas: Yeah, I think that's actually a great way to think about it. And so, Stephen, if that were the case, and we're talking about the potential for this to shape geopolitical competition, potentially economic differentials across the globe. And if that is correlated, at least, to some degree with the further development and computing power of these models, what do you think investors should be looking at for signals from here?Stephen Byrd: Number one, by a mile for me, is really the pace of model progress. Not just American models, but Chinese models, open-source models. And there the big reveal for the United States should be somewhere between April and June – for the big five LLM players. That's a bit of speculation based on tracking their chip purchases, their power access, et cetera. But that appears to be the timeframe and a couple of execs have spoken to that approximate timeframe.I would caution investors that I think we're going to be surprised in terms of just how powerful those models are. And we're already seeing in early 2026, these models that were not trained on that kind of volume of compute have really exceeded expectations, you know, quite dramatically in some cases. And I'll give you one example.METR is a third-party that tracks the complexity, what these models can do. And METR has been highlining that every seven months, the complexity of what these models are able to do approximately doubles. It's very fast. But what really got my attention was about a week ago, one of the LLMs broke that trend in a big way to the upside.So, if the scaling laws would hold, based on what METR would've expected, they would expect a model to be able to act independently for about eight hours, a little over eight hours. And what we saw was, the best American model that was recently introduced was more like 15. That's a big deal. And so, I think we're seeing signs of non-linear improvement.We're also going to see additional statements from these AI execs around recursive self-improvement of the models. One ex-AI executive spoke to that. Another LLM exec spoke to that recently as well. So, we're starting to see an acceleration. That means we then need to really consider the trade-offs between the open models and the proprietary. That's going to become really critical and that should happen really through the spring and summer.Michael Zezas: Got it. Well, Stephen, thanks for taking the time to talk.Stephen Byrd: Great speaking with you, Mike.Michael Zezas: And thanks for listening. If you enjoy Thoughts on the Market, please leave us a review wherever you listen. And share the podcast with a friend or colleague today.

CISA's acting director exits. Trump's pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Meta's mischievous monocles meet their match.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, sharing how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. If you enjoyed this conversation, you can hear the full interview over on the Caveat podcast. Selected Reading Gottumukkala out, Andersen in as acting CISA director (CyberScoop) Senator seeks to block Trump's NSA pick, citing civil liberties concerns (The Washington Post) Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline (SecurityWeek) New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises (Ars Technica) Critical Vulnerabilities in SWITCH EV Charging Platform Allow Station Impersonation (Beyond Machines) Juniper Networks PTX Routers Affected by Critical Vulnerability (SecurityWeek) 38 Million Allegedly Impacted by ManoMano Data Breach (SecurityWeek) ‘Project Compass' Cracks Down on ‘The Com': 30 Members Arrested (Infosecurity Magazine) Greek court sentences Predator spyware gang (POLITICO) Chilean Carding Shop Operator Extradited to US (SecurityWeek) This App Warns You if Someone Is Wearing Smart Glasses Nearby  (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Pákistán v pátek ráno v odvetě na čtvrteční přeshraniční údery bombardoval pozice Tálibánu v afghánských městech včetně Kábulu a Kandaháru. Pákistánský ministr obrany Asif napsal na síti X, že jeho zemi došla trpělivost a nachází se v otevřené válce s afghánským Tálibánem. „Pákistán delší dobu nelibě nese, že poté, co spojenecká vojska v čele s USA v roce 2021 po 20 letech opustila Afghánistán, který zanechala v bezvládí, opět vznikla vláda Tálibánu,“ říká Vlastislav Bříza.

This week, Ben and Dave sit down with N2K's Lead Analyst, Ethan Cook, to discuss the Supreme Court's decision to overturn the Trump administration's tariffs, imposed under the International Emergency Economic Powers Act (IEEPA). Additionally, Dave sits down with Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, to discuss how NIST is rethinking its role in analyzing software vulnerabilities as the EU launches GCVE. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ⁠Supreme Court overturns Trump's tariffs. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the recent AI declaration signed at India's recent AI Impact Summit. Curious about the details? Head over to the ⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

What happens when a high-performance race shop decides to jump into aerospace and defense manufacturing — and goes all in? In this episode of Machine Shop Mastery, I sit down with Marty Moran of TKO Precision Machining and TKO Motorsports in Reno, Nevada. What started in 2008 as a motorsports-focused shop building custom race cars and high-end components evolved into a serious aerospace and defense manufacturing operation about eight years ago. Marty shares how the team leveraged deep motorsports and aerospace experience to enter defense manufacturing, earn AS9100 certification, and build a thriving 15-machine shop. But what stands out most isn't just their growth — it's their culture. Communication is constant. Training is intentional. Hiring is rigorous. And everyone is expected to succeed. We talk about workforce development, cross-training machinists into race crew roles, the realities of AS9100 compliance, building depth through mentorship, and the painful ERP lesson that ultimately led them to ProShop. Marty also shares why aerospace certification doesn't just open doors — it makes you a better shop. If you're trying to build a resilient, team-driven shop in today's manufacturing environment, this conversation is packed with insight. You will want to hear this episode if you are interested in... (0:00) Introducing Marty Moran and the origins of TKO Motorsports (2:18) How the business evolved from a race shop into contract machining (4:02) Launching TKO Precision Machining as a focused aerospace operation (6:05) Current shop size, equipment mix, and aerospace capabilities (9:40) How the motorsports division operates alongside contract machining (14:35) Integrating machinists into race team operations (19:10) Breaking into aerospace and defense manufacturing (22:40) Starting with prototype work to build long-term customers (25:05) Navigating ITAR and NIST 800-171 compliance (29:20) Revenue diversification between motorsports and defense work (32:05) Building culture through cross-training and accountability (36:10) Hiring philosophy and what TKO looks for in new employees (41:20) Peer-driven hiring process and extended evaluation periods (45:00) Developing operators into machinists through internal training (48:55) Measuring spindle utilization and operational efficiency (52:05) Communication rhythm and leadership accessibility (54:30) Lessons learned from ERP implementation and systems discipline (56:20) Advice for smaller shops on training, retention, and culture (58:00) Final reflections on teamwork and what's next for TKO Resources & People Mentioned Grow your top and bottom-line with CliftonLarsonAllen Why we love SMW Autoblok for workholding Mark your calendars and come see us at IMTS 2026 Connect with Marty Moran Connect on LinkedIn TKO Precision Machining Connect With Machine Shop Mastery The website LinkedIn YouTube Instagram Subscribe to Machine Shop Mastery on Apple, Spotify Audio Production and Show Notes by - PODCAST FAST TRACK

How real-time security transforms ERP systems in a cloud-driven world, spotting threats instantly, leveraging AI for proactive defense, and closing common blind spots before breaches escalate. Curious about staying ahead of cyber risks?=====Mohammed Moidheen, SAP security architect at Infosys, unpacks why real-time monitoring is vital amid 2,200 daily cyber attacks costing trillions annually. He highlights blind spots like unmonitored access vulnerabilities, ignored audit logs, unsecured APIs, privileged accounts, insider threats, and poor event correlation in S/4HANA Cloud setups. AI evolves detection with predictive intelligence, automated responses, natural language queries, and cross-system pattern spotting, shifting from reactive to proactive security. Real-world cases show systems halting unusual data downloads and insider data exfiltration in minutes. Advice includes aligning with governance, prioritizing crown jewels, setting baselines, training teams, and correlating data. Infosys aids via assessments and foundational builds.Listen now and rethink what ERP can do for your organization!⁠⁠⁠⁠Download Episode Transcript⁠⁠⁠⁠Useful Links: ⁠SAP Cloud ERP⁠Infosys.comFollow Us on Social Media!SAP S/4HANA Cloud ERP: LinkedIn=====Guest: Mohammed Khan Moidheen, SAP Security Architect at Infosys ConsultingMohammed Khan Moidheen is a Senior SAP Security architect with over 12 years of experience securing and operating large scale SAP landscapes across global enterprises. His expertise spans SAP S/4HANA security, ERP platform services, DevSecOps enablement, and designing audit ready security architectures aligned with frameworks such as ISO 27001, NIST, and GDPR.Mohammed is CISSP and CISA certified and I excel at translating complex security requirements into actionable strategies that are practical , strategically aligned and strengthen organisational resilience.Host 1: Richard Howells, SAPRichard Howells has been working in the Supply Chain Management and Manufacturing space for over 30 years. He is responsible for driving the thought leadership and awareness of SAP's ERP, Finance, and Supply Chain solutions and is an active writer, podcaster, and thought leader on the topics of supply chain, Industry 4.0, digitization, and sustainability.Follow Richard Howell on ⁠⁠⁠⁠LinkedIn⁠⁠⁠⁠ and ⁠⁠⁠⁠X⁠⁠⁠⁠Host 2: Oyku Ilgar, SAPOyku Ilgar is a marketer and thought leader specializing in SAP's digital supply chain and ERP solutions since 2017. As a marketer, blogger, and podcaster, she creates engaging content that highlights innovative SAP technologies and explores key topics including business trends, AI, Industry 4.0, and sustainability.She holds dual bachelor's degrees in Finance & Accounting and English Translation, along with a master's degree in Business Administration and Foreign Trade, specializing in marketing. With her background in digital transformation, Oyku communicates technology trends and industry insights to help professionals navigate the evolving business landscape.Oyku's ⁠LinkedIn⁠ and ⁠SAP Community⁠=====Key Topics: real-time security, ERP monitoring, cloud threats, SAP S/4HANA, access management, audit logs, AI threat detection, insider threats, privileged accounts, predictive intelligence

In this episode of Get Plugged In – AI Insights, Dale Hall (Managing Director, Society of Actuaries Research Institute) sits down with Ronald Poon Affat, Independent Board Director & Cross-Continental Actuary, joining live from São Paulo, Brazil, to explore how NIST is shaping the standards that will define trustworthy AI—and why that matters for actuaries. They discuss what the NIST AI Consortium is, why the SOA is actively contributing through its AI Safety Working Group, and what it's like collaborating with leading voices across technology, academia, and public policy. The conversation also dives into the next major focus area: TEVV (Testing, Evaluation, Verification, and Validation)—a practical "quality assurance" approach to ensure AI models are fair, explainable, reliable, and ready for regulatory scrutiny. Listen in for a clear, actuarial lens on where AI governance is headed in insurance—and how actuaries can lead by asking the right risk questions.

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-558

 Cyber threats don't just target large corporations, small and mid-sized businesses are often the most vulnerable. In this episode, Julina and cybersecurity expert Sam Disraelly, CEO of Your Tech Department, explore the financial, legal, and reputational risks business owners face and the proactive steps that can significantly reduce exposure. If you own a business, serve clients, or manage a team, this conversation is essential listening. Timestamps:04:00 – One click can cost hundreds of thousands08:30 – The “blast radius”: how one employee mistake spreads11:30 – Why small & mid-sized businesses are prime targets (10–100 employees)17:30 – What ransomware actually looks like in real life18:20 – The 170-day problem: hackers lurk before they strike21:00 – The true cost of a breach (downtime, legal, PR, reputation)24:00 – FTC reporting requirements & legal exposure31:00 – The NIST framework: Identify, Protect, Detect, Respond, Recover32:30 – The non-negotiables: your cybersecurity “stack”36:20 – The cloud myth: Microsoft's shared responsibility model37:45 – Cyber insurance: what most business owners misunderstand41:30 – How to vet your IT provider44:30 – Cybersecurity as fiduciary responsibility48:20 – What to do in the first 24 seconds of a breach53:20 – Emerging risks: AI, shadow IT & data ownershipThe information provided is for educational and informational purposes only and does not constitute investment advice and it should not be relied on as such. The statements and opinions expressed in this podcast are those of the author. PWP cannot guarantee the accuracy or completeness of any statements or data. For current PWP information, please visit the Investment Adviser Public Disclosure website at www.adviserinfo.sec.gov by searching with PWP's CRD #290180

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-558

NIST is falling behind on vulnerability scoring — and the gap is growing. In this episode, Peter and Steph break down what that means for IT and security teams relying on CVE data to prioritize patching, and how Automox is solving it.We cover:Why NIST's National Vulnerability Database has a growing backlog and what's causing itHow incomplete vulnerability data creates blind spots in your patch management programAutomox's new partnership with VulnCheck to deliver real-time vulnerability intelligenceWhat KEV (Known Exploitable Vulnerabilities) data is and why your leadership team cares about itExpanding from fewer than 10 third-party apps to 70% coverage across 500+ supported applicationsThe rollout plan from third-party apps to macOS, Windows, and LinuxWhether you're running a mature vulnerability management program or just getting started, this episode lays out how the vulnerability data landscape is shifting and what you can do to stay ahead of real-world threats.

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-558

Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-558

On this episode of Compliance Unfiltered, Todd Coshow and cybersecurity expert Adam Goslin delve into the hidden dangers of AI's rapid adoption. They uncover why organizations are neglecting essential safeguards, leaving sensitive data vulnerable, and how AI is being exploited as a malware command center. With insights into recent security failures and emerging standards from ISO, NIST, and IEEE, this episode is a must-listen for security professionals and business leaders. Learn how to implement responsible AI strategies and avoid becoming a cautionary tale. Hit play to understand what's truly at stake with AI.

Send a textSchedule an Rx AssessmentWith cybercriminal activity accelerating and AI making scams more sophisticated by the day, one of the greatest threats facing pharmacies is through social engineering. Not by hacking systems, but by manipulating people.In this episode, Austin Murray and Scotty Sykes are joined by Chris Sykes, IT Director at Sykes & Company, to break down what social engineering really is, why pharmacies are prime targets, and how these attacks are evolving through email, phone calls, text messages, and even deep-fake technology.We cover:What social engineering is and how pharmacies are being targeted todayCommon pharmacy-specific scams, including fake refill notices, insurance requests, and ACH change attemptsHow AI and deep-fake voices are raising the stakesPractical steps pharmacies can take to slow down, verify requests, and protect PHIAnd more!More About Our Guest:Chris Sykes is the Director of IT at Sykes & Company, P.A., where he has been a key part of the team since 2006. With nearly 25 years in the IT industry, Chris combines deep technical expertise with a passion for helping both the firm and its clients become more efficient, secure, and technology-driven. Chris holds a Bachelor of Science in Business Administration with a concentration in Management Information Systems and a Master of Science in Technology Systems, both from East Carolina University. Outside of work, Chris enjoys running marathons, fishing and hunting with his boys, and spending quality time with his family at the beach.Learn more about Chris Sykes:Chris Sykes LinkedInCheck out all our social media:FacebookTwitterLinkedInScotty Sykes – CPA, CFP LinkedInScotty Sykes – CPA, CFP TwitterMore resources on this topic:Podcast - AI, Audits, & Advocacy: The Pharmacy Survival Guide with Trenton TheidePodcast - Navigating Cybersecurity, NIST and HIPAABlog - Technology, Security and Your PharmacyBlog - Protect You and Your Pharmacy: The Growing Threat of RansomwareBlog - Backing Up Your Business DataBlog - Spot a Hacked Email or Bad WebsiteBlog - Protect Your Pharmacy Data from Hackers

Nach den ausschweifenden Jubiläumsfeiern finden Sylvester und Christopher zurück zum gewohnten Rhythmus. Zunächst schauen sie auf ein System zur Geräteverwaltung (MDM), das in den letzten Wochen bei verschiedenen europäischen Regierungen angegriffen wurde - der Hersteller war bereits mehrfach Thema im Podcast. Dann geht's allerdings weiter mit einem kurzen Abriß zu OpenClaw, dem gehypten KI-Assistenten, und seinen vielen Unsicherheiten. Sylvester kann dem Helferlein eine gewisse Faszination abgewinnen, warnt jedoch vor seinem unreflektierten Einsatz. Und Christopher erzählt, wie das Bundesamt für Sicherheit in der Informationstechnik die Verschlüsselung in Deutschland quantensicher machen will und dazu seine Richtlinien modernisiert. Betrachtungen zu unabsichtlichen Kommandos bei der Softwareentwicklung und zu Problemen verschiedener Texteditoren runden die Folge ab und entlassen Sylvester in den wohlverdienten Urlaub. Leider gibt es auf der Tonspur in dieser Folge einen leichten Hall von Christophers Stimme. Wir bitten das zu entschuldigen.

Transitioning from CISSP to the ISSAP concentration? The architecture of security isn't just about building walls; it's about the visibility of what's happening within them. In this deep-dive session, we break down the 2026 ISSAP syllabus changes moving from six domains to four and why the exam remains as rigorous as ever.We focus on the backbone of security architecture: Identity and Access Management (IAM) and Audit Strategy. From defining the roles of an AI-driven SOC to implementing "Just-in-Time" (JIT) access and advanced log management with SIM and SOAR, this episode provides the technical roadmap needed to master Domain 1 of the ISSAP.

Two years ago, quantum computing was a “someday problem.” Now NVIDIA is lobbying Congress. Ethereum is funding post-quantum research. Coinbase has launched a Quantum Advisory Board. So the question isn’t theoretical anymore. What happens to Bitcoin when quantum computers become powerful enough to crack today’s cryptography? In Episode 803, we sit down with Christopher Steven Smith, CEO and co-founder of Quantus, a quantum-secure Layer 1 blockchain built using NIST-backed post-quantum cryptography. We cover: • What quantum computing actually is (without melting your brain)• How qubits differ from classical bits• Why elliptic curve cryptography may be vulnerable• Whether Bitcoin can realistically fork to quantum resistance• The risk to old wallets (including Satoshi’s coins)• Post-quantum signatures like Dilithium• Reversible transactions and whether they break crypto ethos• Whether the “digital gold” narrative was a strategic mistake Is quantum an overhyped sci-fi scare tactic? Or is it the next existential threat nobody is pricing in? This is a sponsored episode. As always, we disclose that upfront. We took the interview because the topic is real, timely, and worth exploring. Welcome to the future of cryptography. Or the end of it.Support the show: https://badcryptopodcast.comSee omnystudio.com/listener for privacy information.

In this conversation, Stephan Livera and James O'Beirne discuss the implications of quantum computing on Bitcoin, exploring skepticism towards the perceived threats, the current state of quantum research, and the potential responses from Bitcoin developers. They delve into proposed solutions, the role of institutions like NIST, and the challenges of Bitcoin protocol development. The discussion also touches on user experience, self-custody, and the future of Bitcoin adoption amidst evolving technological landscapes.Takeaways:

Join us in this exciting episode of The Edge of Show, where we dive deep into the fascinating world of quantum computing, blockchain technology, and their implications for the future of our digital landscape.In this episode, our moderator Heather Flannery, CEO and co-founder of AI Mind Systems Foundation, leads a thought-provoking discussion with esteemed panelists David Beck, principal of Space Technologies Limited, and Temitope Adeniyi, a quantum and AI researcher pursuing her PhD at Cleveland State University. Together, they explore the intersection of quantum computing and blockchain, addressing common misconceptions and fears surrounding these technologies.Key topics include:The potential of quantum computers to revolutionize problem-solving and encryption.The importance of post-quantum cryptography and the recent advancements by NIST.Real-world applications of blockchain in space and the need for secure communication systems.The role of identity in future-proofing our digital trust systems.As we navigate the complexities of these emerging technologies, our panelists emphasize the importance of collaboration between academia, industry, and government to ensure a secure and innovative future.Don't miss this opportunity to gain insights from leading experts in the field and learn how we can prepare for the quantum revolution!Support us through our Sponsors! ☕ Want to make content like ours? Sign up with Castmagic to make your creative process easy: https://bit.ly/CastmagicReferral Work smarter, grow faster. Automate your SEO, get AI insights, and manage all your clients in one place with Helm. Start today at helmseo.comAre you a content creator, podcaster or interested in your business getting its voice out there? Then reserve a .podcast domain by paying just one-time as little as $10 for a lifetime of benefits! Check out the details and snag your .podcast domain today! https://get.unstoppabledomains.com/podcast/

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, “Are we quantum safe?” With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Show Notes: https://securityweekly.com/bsw-434

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-434

At the dawn of 2026, the post quantum (PQ) era has effectively arrived with “harvest now, decrypt later” style attacks and the availability of NIST post quantum cryptography (PQC) standards. So, how prepared are organizations really, and what does the future of encryption look like? In this episode, our Entrust PQ experts Michael Klieman and Samantha Mabey answer these questions and more by sharing key insights and trends from the Entrust 2026 Global State of Post-Quantum and Cryptographic Security Trends.

Quantum security has gone from being a theoretical idea filed away for some unknown future date to an urgent requirement driven by quantum computing advances and government and industry guidance. The thought of nation-state adversaries with a quantum computer that can conduct harvest-now-decrypt later attacks and forge digital signatures makes the threat more real than ever to executives, who have started to ask security leaders, "Are we quantum safe?" With Q-day estimates now within 10 years and moving ever closer — and with NIST deprecating existing asymmetric algorithm support in 2030 (and disallowing it entirely by 2035), as well as the increasing nation-state threat — what should security leaders be doing now? Sandy Carielli, VP, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss why technology leaders must work together to prepare for Q-Day. Addressing quantum security requirements is not just a job for the security team. Security, infrastructure, development, emerging tech, risk, and procurement have roles to play in executing a holistic quantum security strategy. Sandy will cover their report, which security leaders should use, to gain executive buy-in and build and execute a quantum security migration plan with stakeholders across the organization. Segment Resources: https://www.forrester.com/report/technology-leaders-must-work-together-to-prepare-for-q-day/RES191420 https://www.forrester.com/blogs/create-a-cross-functional-q-day-team-or-suffer-a-hard-days-night/ In the leadership and communications segment, The Cybersecurity Reckoning: How CISOs Are Preparing for an Era of AI-Driven Threats and Quantum Disruption, Should I stay or should I go?, Are Legacy Metrics Derailing Your Transformation?, and more! Show Notes: https://securityweekly.com/bsw-434

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Trump administration's July 2025 AI Action Plan calls on National Institute of Standards & Technology to revise its AI Risk Management Framework amid easing federal regulation of the tech. Martin Stanley, principal researcher for AI and cybersecurity at NIST, joined us at the AI Summit on Jan. 9 to discuss new AI control overlays for the Special Publication 800-53 series and the risks they are designed to address. Stanley explained how these overlays build on existing security controls to help agencies better manage AI-specific threats while aligning with broader federal priorities outlined in the AI Action Plan. Stanley also explored where agencies struggle to turn AI risk frameworks into operational reality, from governance structures to implementation at the system level. Looking ahead, he shared how NIST expects AI security guidance to evolve as agencies transition from pilot projects to enterprise deployments and what new or updated standards federal leaders should anticipate next.

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tyler Whittle, Head of Product at Project 11 , joins us to talk about the intersection of quantum hardware and cryptographic security. He explains why current encryption like RSA and ECC are vulnerable , the progress made by Google's Willow in noise reduction , and the specific NIST timelines for 2035. Tyler says the industry can prepare for Q-Day with new standards and why the transition is a race against time for global financial privacy and the Bitcoin network. Notes: * NIST says to deprecate classical crypto by 2035. * Google Willow reduces noise as qubits increase. * 35% of Cloudflare traffic is already PQC. * Quantum hardware could factor numbers in 18 mo. * Quantum signatures will increase Bitcoin fees. * Q-Day risk is mispriced in digital assets. Timeline: 00:02:05 Quantum Cats 00:04:57 Project Eleven 00:07:33 Project Eleven business case? 00:10:44 What's currently happening in Quantum? 00:18:10 Willow chip 00:25:33 Physical space vs digital space 00:29:10 Wen Quantum unlock? 00:29:56 Error correction 00:34:16 What is a red flag event? 00:38:00 Won't the NSA save us? 00:43:18 Costs of new signature schemes? 00:44:41 Proposals for BTC changes 00:46:31 Old coins, wat do? 00:51:49 Economic actors 00:53:14 Nuking price 00:59:13 Bitcoin vs other blockchains 01:00:46 Block size increase 01:05:56 Quantum money 01:11:04 Timelines The Gwart Show is sponsored by Ellipsis Labs. Ellipsis Labs builds the most efficient on-chain markets. Their orderbook and Prop AMM products have delivered price improvement to hundreds of billions of dollars in retail volume. Now, they are bringing their expertise to build Phoenix, the best on-chain perpetuals platform. Ellipsis Labs is hiring New York-based engineers. If you're an engineer looking to work with a proven team in making DeFi better, go to ellipsislabs dot xyz slash careers. Learn more about your ad choices. Visit megaphone.fm/adchoices

Doug Green, Publisher of Technology Reseller News, sat down with Samantha Mabey, Director of Digital Solutions Marketing at Entrust, to discuss new research revealing that most organizations remain unprepared for the coming post-quantum era—despite mounting evidence that the clock is ticking. The podcast, supported by slides, walks through findings from Entrust's latest global study, 2026 Global State of Post-Quantum and Cryptographic Security Trends, and unpacks what they mean for MSPs, telecom providers, and enterprise security leaders. Mabey explained that Entrust focuses on identity-centric security, with cryptographic technologies—such as PKI, hardware security modules (HSMs), certificate management, and key lifecycle management—forming the backbone of modern digital infrastructure. These technologies underpin everything from secure web traffic and APIs to device identity, software updates, and machine-to-machine authentication. The challenge, she noted, is that today's widely used public-key cryptography, including RSA and elliptic curve cryptography, will eventually be breakable by cryptographically relevant quantum computers. According to the research cited in the discussion, more than half of organizations believe quantum systems capable of breaking current encryption could arrive within five years, yet only 38 percent say they are actively transitioning toward post-quantum readiness. Mabey emphasized that the transition will be far more complex than previous cryptographic migrations, such as the long-running move from SHA-1 to SHA-2, because cryptography is embedded across nearly every system and workflow. The risks of inaction are significant. Mabey outlined three major areas of exposure: loss of data confidentiality as encrypted information becomes vulnerable in the future; erosion of trust and integrity if digital signatures can be forged; and operational disruption, since many organizations lack full visibility into where cryptography is deployed. The report found that fewer than half of organizations have complete visibility into their certificates and keys, even before factoring in post-quantum requirements. To become post-quantum ready, Mabey described a phased journey that begins with discovery and inventory—understanding where cryptography is used, who owns it, and how it is managed. From there, organizations must build crypto agility, enabling them to change algorithms without disrupting operations. This includes people, processes, centralized policy, and automation, not just technology. Only then can organizations safely introduce post-quantum cryptography, often through hybrid approaches that combine existing algorithms with quantum-safe methods. The conversation also highlighted the urgency created by emerging standards. Guidance from NIST indicates that traditional public-key cryptography is expected to be deprecated by 2030 and fully disallowed by 2035, timelines that are likely to be followed globally. For telecom providers in particular, Mabey noted that long-lived infrastructure, embedded systems, and constrained devices increase exposure to “harvest now, decrypt later” attacks, making phased migration and vendor alignment critical. As the discussion concluded, Mabey stressed that organizations making progress treat post-quantum readiness as a program, not a one-time project. Those moving forward are aligning teams, investing in visibility and automation, and working closely with vendors that have clear post-quantum roadmaps. Those falling behind, she warned, are underestimating the operational burden and waiting for a “perfect moment” that has already arrived. View the report at https://www.entrust.com/resources/reports/ponemon-post-quantum-report-2026 Visit https://www.entrust.com/

Summary In this episode of the AI for Sales podcast, host Chad Burmeister speaks with John Rood, founder of Proceptual, about the critical importance of AI governance in organizations. They discuss the challenges posed by shadow AI, the ethical considerations in AI governance, and share success stories of implementing governance frameworks. The conversation also touches on misconceptions about AI implementation, the balance between automation and human touch, and the skills needed for future AI governance professionals. Takeaways AI governance is essential for organizations to avoid significant risks. Shadow AI is a growing concern as employees use unregulated AI tools. Implementing governance frameworks can enhance customer trust and compliance. Ethics in AI includes bias prevention, transparency, and explainability. Many organizations struggle with AI implementation due to lack of strategy. Automation should complement human efforts, not replace them. Future AI governance will require professionals who understand workflows. Large organizations tend to have better governance practices than smaller ones. NIST and ISO frameworks provide valuable guidelines for AI governance. Continuous training and awareness are crucial for effective AI governance. Chapters 00:00 Introduction to AI Governance 02:16 The Importance of AI Governance in Customer Experience 05:34 Challenges of AI Governance in Organizations 07:47 Success Stories in AI Governance Implementation 09:55 Ethics in AI Governance 13:31 Misconceptions About AI Implementation 16:57 Balancing Automation with Human Touch 21:35 Future Skills for AI Governance Professionals 23:13 Ecosystem of AI Governance Technologies 25:21 Advice for Aspiring AI Governance Experts The AI for Sales Podcast is brought to you by BDR.ai, Nooks.ai, and ZoomInfo—the go-to-market intelligence platform that accelerates revenue growth. Skip the forms and website hunting—Chad will connect you directly with the right person at any of these companies.

Today, host Frank La Vigne and guest Candice Gillhoolley dive deep into IonQ's headline-making billion-dollar acquisitions that are reshaping the quantum landscape. From hardware with Skywater, to quantum networking through Skyloom Global, and even AI-driven software via Seed Innovations, IonQ is assembling a complete quantum ecosystem—building the supply chain of the future, right here and now.The conversation unpacks the big money flowing into quantum tech, why in-house chip fabrication matters in a world grappling with supply chain vulnerabilities, and what these moves mean for the industry's evolution. With insights on stock market reactions, defense tech hires, and the urgent quest for quantum-safe security, Frank La Vigne and Candice Gillhoolley explain why the next decade will be defined by quantum preparedness.Plus, they tease the launch of an inspiring new podcast, Women in Quantum, highlighting diverse journeys into the field and the culture-shaping opportunities ahead. Whether you're quantum curious or watching markets closely, this episode frames why the quantum age is truly dawning—and why it's time to start thinking quantum safe!LinksIonQ to buy SkyWater for $1.8 billion to expand hardware capabilities - https://www.reuters.com/technology/ionq-buy-skywater-18-billion-expand-hardware-capabilities-2026-01-26/?utm_source=chatgpt.com IonQ Finalizes Acquisition of Skyloom Global - https://thequantuminsider.com/2026/01/28/ionq-completes-skyloom-acquisition/ From Visibility to Advantage – Building a Quantum-Safe Intelligence Enterprise https://intelligencecommunitynews.com/ic-insiders-from-visibility-to-advantage-building-a-quantum-safe-intelligence-enterprise/ Time Stamps00:00 "Reflections on Tech Advancements"03:35 "Securing Semiconductor Supply Chains"07:49 "Quantum Industry Supply Chain Ambitions"11:34 Quantum Tech and Security Trends15:43 "Funny Daycare Story at NIST"16:55 "Data Protection & Future Predictions"22:16 "Winter Boots and School Sneakers"24:03 "Culture Shapes Opportunities"

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China's Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wiper was Russia's GRU Sandworm crew US cyber institutions CISA and NIST are struggling Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime's 2026 Email Threat Research report. He joins to talk through what they see of attackers' use of AI, as well as the other trends of the year. This episode is also available on Youtube. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform' amid security concerns | Euronews Suite Numérique plan - Google Search China hacked Downing Street phones for years Cyberattack Targeting Poland's Energy Grid Used a Wiper Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media Lawmakers probe CISA leader over staffing decisions | CyberScoop Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive Real-Time phishing kits target Okta, Microsoft, Google Phishing kits adapt to the script of callers On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica Bypassing Windows Administrator Protection - Project Zero Task Failed Successfully - Microsoft's “Immediate” Retirement of MDT - SpecterOps Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED Key findings from the 2026 Sublime Email Threat Research Report

Disease accelerates years in a month. Cancer cells reveal which patients might be most impacted by metastasis - a diagnosis invisible on Earth. Single crystals heal themselves through mechanisms we can't explain. These aren't projections. They're validated results from 2022-2025 that made 40-year NASA veterans say they'd never seen anything like it.The economics flipped. Merck flew Keytruda 30 days, discovered a crystal form missed in a decade of labs - $20B/year by 2030, exceeding SpaceX's entire revenue. The thesis: Two paths to space affordability: cut launch costs 10x AND multiply payload value 1,000x. Do what Earth cannot do at any price.Paradigm Shifts:

In this episode of the Other Side of the Firewall podcast, hosts Ryan Williams and Shannon Tynes discuss the latest cybersecurity news, including Ghana's crackdown on cybercrime, the cybersecurity challenges posed by the upcoming 2026 World Cup, and NIST's evolving role in analyzing software vulnerabilities. The conversation is enriched with personal anecdotes and reflections, making it relatable and engaging for listeners. The hosts emphasize the importance of collaboration in cybersecurity efforts and encourage audience engagement with the podcast. Articles: Ghana arrests Nigerians accused of running cyber-crime networks https://www.bbc.com/news/articles/cr4k35q6yr0o.amp?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExc2ZadnRKZVlEaXlTeTRlaHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7MVQYrOg2gWr49O9UvlvDZZe8VXut4EtyL-5WjyxERR3RlNhslh3nWd9KsSA_aem_aW6PFykQSmBzeCPWD3JroA 2026 World Cup to Stress-Test Cybersecurity, Business Continuity https://mexicobusiness.news/cybersecurity/news/2026-world-cup-stress-test-cybersecurity-business-continuity?tag=cybersecurity&fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExc2ZadnRKZVlEaXlTeTRlaHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR4zNG2sVnMXLWOxs8MM-RXg7vtMcBJaopYjgSbIsxWwVVR-BFQfGKuXQpQLBw_aem_UvzF7d12ATRcGJU2ANigbw NIST is rethinking its role in analyzing software vulnerabilities https://www.cybersecuritydive.com/news/nist-cve-vulnerability-analysis-nvd-review/810300/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExc2ZadnRKZVlEaXlTeTRlaHNydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7wjrhzyAjeLiPLM5_qQetFLvJqxmeDqcZITNgYVvnSL-DzHhuVASRfERf1jw_aem_EqgqYT3by4gcSFrxg_IzUg Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Recorded live at Cloud Connections, the Cloud Communications Alliance event in Delray Beach, Doug Green, Publisher of Technology Reseller News, spoke with Bill Placke, Co-Founder & President, Americas at SecurePII, about one of the most pressing challenges facing AI-driven communications today: how to scale AI while complying with global data privacy regulations—and how that challenge can become a competitive advantage. Placke explains that SecurePII was formed to address a growing structural problem in AI adoption. While organizations are eager to deploy AI and train large language models, regulatory uncertainty around personally identifiable information (PII) has stalled progress. Citing industry research showing that more than 60 percent of AI initiatives have been paused due to data privacy concerns, Placke argues that governance policies alone are not enough. Instead, SecurePII takes an architectural approach. At the core of SecurePII's solution is data minimization at the point of ingestion. The company's technology prevents sensitive information—such as credit card numbers, names, addresses, or social security numbers—from ever entering enterprise systems. SecurePII's existing PCI-focused offering already removes cardholder data from call flows, keeping organizations out of PCI scope entirely. The same approach is now being extended to broader categories of PII, enabling AI systems to operate and train on clean data streams that are free from regulated information. Placke emphasizes that this upstream architectural design fundamentally changes the compliance equation. Regulators and plaintiff attorneys, he notes, care about outcomes—not intent. If sensitive data never enters the system, compliance scope, audit costs, breach exposure, and regulatory risk are dramatically reduced. “Downstream controls don't scale with AI—architecture does,” Placke says, positioning data minimization as a foundation for both trust and growth. The discussion also highlights the role of consent and customer trust in an AI-enabled world. Rather than asking customers to consent to broad data use, SecurePII enables enterprises to clearly state that sensitive information is neither seen nor stored, while still allowing AI to learn from outcomes and sentiment. This approach removes what Placke calls the “creepy factor” associated with AI and personal data, while aligning with emerging frameworks such as the EU AI Act and long-standing NIST guidance. For MSPs, UCaaS providers, and channel partners, Placke frames compliance not as a cost center but as a revenue opportunity. By embedding privacy-preserving architectures into voice, AI, and communications solutions, service providers can differentiate themselves as trusted advisors—helping customers deploy AI safely, reduce regulatory exposure, and accelerate adoption. To learn more about SecurePII and its privacy-first AI architecture, visit https://www.securepii.cloud/.

Congress has cleared the FY 2026 Commerce, Justice, and Science appropriations bill, rejecting proposed cuts to major science and research agencies and adding new oversight requirements on how federal funds are spent. We'll talk about what that funding signals about congressional priorities, how it affects agencies like NASA, NOAA, and NIST, and why oversight has become a central focus as agencies move to execute their budgets. Joining us is Senator Chris Van Hollen of Maryland.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

One of the biggest trends in software development over the past 10 years is the shift from writing code to "assembling" code from off-the-shelf components. During today's interview with Javed Hasan from Lineaje, we learned that 70% of that pre-assembled code is open source. In other words, an anonymous person in some countries modified software instructions. This casual approach may be fine for small businesses, but an organization like the federal government must be highly cautious. Hasan describes how his company was one of the first to work with the federal government to set standards for this existing code. These initial efforts began ten years ago and resulted in Executive Order #14028, which requires a Software Bill of Materials for any organization selling to the federal government. This initiative expanded in 2021-2022 when NIST published related guidelines. These efforts are a good start. However, federal leaders must evaluate SBOM technology from many perspectives. For example, how to incorporate this mandate into air-gapped networks, legacy COTS, or even in a classified environment. System administrators also need to know if they are exposed. Further, every organization has a varying definition of what "deep software transparency" is. Hassan also discusses Lineage's innovative approach to creating "Gold open source" software, ensuring it is free of malware and vulnerabilities. If you are interested in seeing a demonstration of how Lineaje can help with software forensics, there is an event at the Carahsoft office in Reston, Virginia, on January 30 = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  

In this episode of the Federal Help Center Podcast, Randie Ward breaks down what contractors must understand about CMMC, NIST scores, and SPRS before pursuing Department of Defense contracts. She explains why every DOD contractor must complete a NIST self-assessment—regardless of score—and how contracting officers are now required to enforce these cybersecurity requirements in every DOD RFP. Randie also walks through where your NIST score is housed inside SPRS through PIE, why eligibility depends on it, and how monthly expert-led CMMC webinars can help contractors stay compliant and confident as requirements continue to evolve. Key Takeaways No NIST score means no award: Positive or negative, you must have a score to be eligible for DOD contracts. SPRS is mandatory for CMMC compliance: Your self-assessment lives inside SPRS, accessed through PIE. Start with self-assessment before anything else: It reveals what protections, processes, and controls your business needs to put in place. If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/  Website: https://govcongiants.org/  Connect with Encore Funding: http://govcongiants.org/funding 

In this episode of Absolute AppSec, Nathan Hunstad, Director of Security at Vanta, discusses the intersection of security policy, governance, and technical defense. Drawing on his unique background in political science and the Minnesota state legislature, Hunstad argues that policy acts as the essential "conductor" for an organization's security tools. A major theme of the conversation is the challenge of compliance for startups, with the group advising founders to prioritize business survival and basic security hygiene—like password managers and IAM—before pursuing intensive certifications like SOC 2. The discussion also explores how AI is accelerating both development velocity and the ability to automate tedious security questionnaires. Furthermore, Hunstad contrasts the security posture of modern, cloud-native startups against legacy enterprises, noting that older organizations often struggle with "dark corners" of un-inventoried, vulnerable legacy tech. The episode concludes with a critique of outdated authentication standards, specifically advocating for the removal of mandatory password rotation in favor of NIST-aligned, phishing-resistant MFA.

AI is revolutionizing healthcare, but it's also giving cybercriminals unprecedented speed, scale, and precision.In this episode of Straight Out of Health IT, Ali Pabrai, Chief Executive Officer at ecfirst, explores how artificial intelligence is revolutionizing cybersecurity risk management in healthcare. While AI is accelerating innovation in diagnostics, workflows, and operations, it is also expanding attack surfaces through new data flows, third-party tools, and global supply chains. Despite updated guidance from HHS, NIST, and HIPAA-aligned frameworks, the healthcare sector remains under intense pressure from threats. Ransomware attacks and large-scale breaches continue to disrupt clinical operations and expose patient data, underscoring the stakes for healthcare organizations.Ali stresses that cybersecurity can no longer be treated as a compliance checkbox but must be approached as an enterprise-wide resilience strategy. Attackers are using AI to launch faster, more personalized, and more targeted attacks, exploiting vulnerabilities in devices, cloud systems, and human behavior. At the same time, healthcare organizations face growing financial exposure through class-action lawsuits, regulatory settlements, and long-term corrective action plans. Persistent gaps in configuration management, patching, and workforce awareness leave many organizations vulnerable, despite lessons learned from prior breaches.The conversation underscores the importance of robust AI governance, grounded in HIPAA security programs, NIST's AI Risk Management Framework, state-level AI mandates, and integrated standards, such as HITRUST. Ali emphasizes the importance of conducting AI-focused risk assessments, improving ransomware readiness, and establishing clear AI risk management policies. He also underscores the importance of building AI literacy across the workforce to reduce social engineering and insider risk. Ultimately, the discussion frames AI as both a threat and an opportunity, with resilience depending on leadership, knowledge, and proactive governance.Tune in to hear how healthcare leaders can turn AI from a growing liability into a powerful tool for resilience and trust! ResourcesConnect with Ali Pabrai on LinkedIn here.Follow ecfirst on LinkedIn here and visit their website here.Check out the ecfirst AICRP program here!Read the NIST AI Risk Management Framework here!

In this episode of the Federal Help Center Podcast, Randie Ward breaks down the systems and documentation contractors must have in place before pursuing Department of Defense opportunities. She explains why PIE registration is mandatory for DOD work, how SPRS ties directly to your NIST self-assessment and CMMC requirements, and where contractors often get stuck trying to navigate these platforms. Randie also walks through what a strong capability statement should include—clear competencies, NAICS codes, differentiators, and past performance—so contracting officers can quickly understand who you are and why you belong on their short list. Key Takeaways PIE is non-negotiable for DOD work: You cannot submit proposals, invoice, or receive awards without being registered and set up properly. SPRS and NIST scores matter early: Your self-assessment score is required and directly impacts eligibility for DOD contracts. Your capability statement must do the work for you: Clear branding, competencies, NAICS codes, and past performance make it easy for agencies to find and trust you. If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/  Website: https://govcongiants.org/  Connect with Encore Funding: http://govcongiants.org/funding 

In this episode of the Federal Help Center Podcast, Randie Ward breaks down what real procurement readiness looks like beyond just registering in SAM. Using real client examples, Randie walks through professionally built project sheets and capability statements, explaining why clean branding, clear competencies, and visible past performance matter when agencies are evaluating vendors. She then dives into Department of Defense requirements—covering PIE registration, SPRS, and CMMC/NIST compliance—showing why contractors cannot submit proposals, receive awards, or get paid without these systems in place. The message is clear: preparation, compliance, and professionalism are no longer optional if you want to compete in GovCon. Key Takeaways Professional documentation matters: Project sheets and capability statements should be clean, branded, and easy for agencies to evaluate—no guesswork required. DOD contractors must be system-ready: PIE, SPRS, and related platforms are mandatory for submitting proposals, invoicing, and compliance. CMMC/NIST is non-negotiable: You cannot receive a DOD award without a NIST score—self-assessment or certification depending on the requirement. If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/  Website: https://govcongiants.org/  Connect with Encore Funding: http://govcongiants.org/funding 

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into the critical role of security governance in building secure organizations. Learn how governance frameworks—comprising policies, standards, procedures, and playbooks—transform strategic intent into consistent, auditable actions that both teams and auditors rely on. Whether you're preparing for your CompTIA exam or aiming to develop essential IT skills, understanding these governance principles is key to effective tech exam prep and technology education. Join us as we break down complex concepts in an easy-to-understand way, helping you succeed in your IT certification journey and beyond.We start with clear definitions that make exam questions and real-world decisions easier. Policies set high-level rules and expectations. Standards add measurable technical requirements like encryption strength and logging baselines. Procedures translate both into step-by-step action, and playbooks coordinate who does what, in what order, using which tools. Along the way, we compare external frameworks such as ISO 27001, NIST 800, PCI DSS, and FIPS with internal standards that tailor controls to your environment.Privacy law isn't a side quest; it shapes everything. We demystify GDPR, CCPA, FERPA, HIPAA, and COPPA, and clarify roles that exams love to test: the data owner who sets classification and usage, the data controller who defines purpose and lawful basis, the data processor who acts for the controller, and the data custodian who protects and maintains data without deciding how it's used. You'll learn practical cues to spot each role fast and avoid common pitfalls.Finally, we dig into change management as a risk control function. Its goal is to minimize risk while implementing changes, with impact analysis, approvals, testing, and rollback plans. Automation and orchestration can speed response and reduce error, but only when guided by policy and enforced by standards. Expect memorable exam tips, grounded examples, and a framework you can use right away on the job.If this helped sharpen your Security+ prep or your day-to-day practice, subscribe, share the show with a colleague, and leave a quick review. Your feedback helps more learners tap into technology with confidence.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Doug Green, Publisher of Technology Reseller News, spoke with Mark A. Daley, CEO of ROLM, and Cole McKinley, CTO of USX Cyber, about the Department of Defense's phased enforcement of Cybersecurity Maturity Model Certification (CMMC) requirements and what it means for small and mid-sized businesses (SMBs) in the Defense Industrial Base. With CMMC now actively enforced, hundreds of thousands of subcontractors—many without dedicated security teams—must demonstrate compliance to continue working with prime contractors. Daley stressed the urgency of the moment, noting that delays are over. “The government is no longer kicking the can down the road,” he said. “CMMC exists to protect the defense industrial base, and SMBs are now squarely in scope.” To address this challenge, ROLM and USX Cyber have partnered on an integrated, SMB-focused platform built around USX Cyber's Guardian solution. McKinley explained that Guardian was designed to make compliance achievable without stitching together multiple tools. “We built Guardian to be a one-stop platform that makes CMMC approachable, affordable, and audit-ready for SMBs,” he said, adding that the platform satisfies 83 of the 110 required NIST 800-171 controls while providing 24×7 monitoring, evidence management, and guided compliance workflows. Daley highlighted that the solution goes beyond certification prep, combining continuous security operations, governance, and AI-driven automation to reduce long-term cost and complexity. “This is not a one-and-done, check-the-box exercise,” he said. “You have to be ready not just for today's audit, but for the one coming three years from now.” The discussion underscored why CMMC represents both a major risk and a significant opportunity for MSPs and channel partners serving regulated industries. Learn more at https://rolm.ai/ and https://usxcyber.com/.

Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app. Selected Reading Target employees confirm leaked code after ‘accelerated' Git lockdown (Bleeping Computer) Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register) SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek) Sweden detains ex-military IT consultant suspected of spying for Russia (The Record) Cloudflare CEO threatens to pull out of Italy  (The Register) One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security) Google's Mandiant releases free Salesforce access control checker (iTnews) Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine) Facebook login thieves now using browser-in-browser trick (Bleeping Computer) NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security) Appeal fails for hacker who opened port to coke smugglers (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Charlie Spears explores the existential threat of quantum computing to Bitcoin. Shor's algorithm and the heated debate surrounding Satoshi's 1 million BTC stash. We break down the difference between bits and qubits, explain why Shor's algorithm threatens elliptic curve cryptography, and debate the fate of Satoshi's vulnerable coins. It's a deep dive into encryption, timeline predictions, and the massive coordination challenge facing the Bitcoin network to upgrade before it's too late. Subscribe to the newsletter: https://newsletter.blockspacemedia.com Notes: * Satoshi has ~1M quantum vulnerable BTC. * 2-4 million total BTC are currently exposed. * 10-20% of supply is vulnerable to Shor's algo. * Breaking BTC needs ~4,000 logical qubits. * Google's Willow chip has 105 physical qubits. * NIST finalized quantum standards in 2024. Timestamps: 00:00 Start 01:02 Overview 05:08 The Algorithm 10:59 Satoshi's Coins 13:09 How Long Do We Have? 15:18 Where Do We Stand? 17:22 Post Quantum Migration -

The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A University of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romania's national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense Authorization Bill and a look back at 2025. In high school, it's no child left unscanned. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing the passage of the Defense Authorization Bill and a look back at 2025. Selected Reading Trump Administration Declares Foreign-Made Drones a Security Threat (The New York Times) Hundreds of Arrests as Operation Sentinel Recovers $3m (Infosecurity Magazine) Cyber spies use fake New Year concert invites to target Russian military (The Record) University of Phoenix Data Breach - 3.5 Million+ Individuals Affected (CybersecurityNews) Malicious extensions in Chrome Web store steal user credentials (BleepingComputer) Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline (Hackread) Cyberattack knocks offline France's postal, banking services (BleepingComputer) NIST, MITRE announce $20 million research effort on AI cybersecurity (CyberScoop) US Must Go on Offense in Cyberspace, Report Warns (Govifosecurity) AI Bathroom Monitors? Welcome To America's New Surveillance High Schools (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices