Podcasts about nist

Measurement standards laboratory in the United States

  • 1,172PODCASTS
  • 3,058EPISODES
  • 38mAVG DURATION
  • 1DAILY NEW EPISODE
  • Jun 26, 2026LATEST
nist

POPULARITY

20192020202120222023202420252026

Categories



Best podcasts about nist

Show all podcasts related to nist

Latest podcast episodes about nist

IP Fridays - your intellectual property podcast about trademarks, patents, designs and much more
Creator Economy Law: What Every Creator Needs to Know About AI, Platforms, and Their Rights – Interview with Franklin Graves of Linkedin – IP Fridays Podcast – Episode 176

IP Fridays - your intellectual property podcast about trademarks, patents, designs and much more

Play Episode Listen Later Jun 26, 2026 36:31


My co-host Ken Suzan and I are welcoming you the episode 176 of the IP Fridays Podcast. Today's interview guest is returning guest Franklin Graves, who is a senior counsel at Linkedin and teaching IP law at Emerson College. With my co-host Ken Suzan he is discussing how the law for creators has dramatically changed in the past years. Franklin Graves is expressing his personal views and not the views of Linkedin or Microsoft. He is talking about the paper “Upload Complete” before he joined Linkedin. Bio: https://www.linkedin.com/in/franklingraves/ Paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5271442 Website: https://creatoreconomylaw.com/ But before we jump into this interview, I have news for you! Richard Meade, a judge on the UK High Court and one of the most prominent figures in European patent law, was appointed Lord Justice of Appeal at the British Court of Appeal on June 12, 2026. Meade played a key role in numerous landmark British patent decisions, particularly in the area of standard-essential patents (SEPs) and FRAND licenses. In Insulet Corp. v. EOFlow Co., No. 2025-1807, the U.S. Court of Appeals for the Federal Circuit completely overturned the original $452 million judgment (which had already been reduced by the District Court to $59.4 million) in favor of Insulet. In its decision of June 2, 2026, in the case of Fujifilm v. Kodak, the UPC Board of Appeal provided comprehensive clarifications regarding so-called “long-arm jurisdiction”—that is, the question of whether the UPC can also rule on national patent claims outside the UPC territory (such as in the United Kingdom). In 14 guiding principles, the judges established specific procedural rules for various categories of cases. There is no automatic UPC jurisdiction over national patent claims outside the UPC territory. The Munich Regional Court has issued an arrest warrant against the managing director of Polytech Health & Aesthetics GmbH because he is alleged to have continued to exploit the Brazilian company Silimed's patent for breast implants despite a preliminary injunction. A number of IT and automotive industry associations—which are among the most frequent users of Inter Partes Reviews (IPR) at the U.S. Patent and Trademark Office—have filed an amicus brief with the Supreme Court, urging the Court to grant Google's certiorari petition. An attorney for a Las Vegas performer has asked a California federal judge to temporarily prohibit Taylor Swift from using “The Life of a Showgirl” as a trademark while the trademark lawsuit is pending. Swift's attorney called the lawsuit baseless. And now let's hear Ken discuss creator law with Franklin! AI, Platform Law, and the Creator Economy: What Businesses Need to Know Now Franklin Graves has spent his entire career watching digital content move through systems that most people never see. He started in marketing at a major music label right out of law school, then represented individual creators on YouTube in a pro bono capacity, then moved to the platform side at Eventbrite, and today works as Senior Product Counsel at LinkedIn, where he focuses on AI, data, and the regulatory questions that come with both. His recently published law review article, Upload Complete: An Introduction to Creator Economy Law, is the first academic paper to address the creator economy as a distinct legal field. In a recent episode of the IP Fridays podcast, he spoke with host Kenneth Suzan about responsible AI development, platform regulation, and what it actually means to own your audience in a world where the rules keep changing overnight. From Content Creator to Platform Lawyer The through-line in Graves’ career is a genuine understanding of how content moves from an idea in someone’s head to an audience on a screen. That experience, he argues, is precisely what in-house counsel needs right now. Lawyers working on AI and product development cannot afford to sit at a distance from the technology they are advising on. They need to use the tools, experience them as a creator or end user would, and understand the nuances of how a product actually operates before it reaches the public. Understanding the product first is the precondition for everything else. That philosophy translates directly into how he approaches responsible AI implementation. The landscape of AI standards is crowded: NIST frameworks, the EU AI Act, sector-specific guidance, and a growing body of industry-adopted best practices. The challenge for in-house counsel is not knowing that these standards exist. It is making them actionable for the engineering and product teams they support. Abstract principles need to become concrete controls and workflows. Graves offers one practical shortcut: most companies already have open source software review processes that involve the right stakeholders, the right sign-off levels, and the right security checks. Layering the specifics of generative AI or large language models onto those existing processes is far more efficient than building something new from scratch. A Fragmented Regulatory World The geopolitical dimension of AI regulation is something Graves thinks about constantly in his role at LinkedIn. The EU AI Act, shifting US executive orders, and country-specific approaches to data privacy have created a regulatory environment that can change the rules of the game without warning. His analogy is instructive: creators have long understood what it means to build a community on a platform they do not own. An algorithm change, a policy update, or a government ban can wipe out years of audience-building overnight. Businesses deploying AI tools globally now face a structurally similar problem. The response, for creators and for platforms alike, is to build resilience rather than rely on stability that may not last. TikTok is the clearest recent example. When the platform faced the prospect of being shut down in the United States on national security grounds, it triggered a broader conversation about platform dependence that had been building for years. Creators who had invested their entire business in one platform suddenly confronted the possibility that their audience could simply disappear. The lesson is not that platforms are bad. It is that concentration of any kind, whether it is your audience, your data pipeline, or your regulatory compliance strategy, creates fragility. What Is a Creator, Legally Speaking? One of the central contributions of Graves’ law review article is definitional. The terminology matters more than it might seem. When courts and regulators talk about creators without a shared understanding of what that word means, the resulting legal analysis tends to miss the mark. Graves draws a distinction between users who post content, creators who post with the intent to build an audience and eventually monetize it, and influencers, a subset of creators who are actively running a small business through their content. The difference is intent. A parent posting family photos on Facebook is a user. Someone building a subscription community around their professional expertise is running a business, and the legal framework that applies to them should reflect that. That distinction matters practically when it comes to liability. As more creators build their own platforms, whether through custom membership sites, open source tools like Ghost, or federated social networks, they take on obligations that previously fell to large platforms: content moderation policies, privacy notices, terms of service, and compliance with data regulations across multiple jurisdictions. A creator in Tennessee running a membership platform with subscribers in Germany is operating a global business, whether they think of themselves that way or not. Protecting Children Online: A Question Without a Clean Answer The tension between age verification and privacy is one of the more difficult problems in platform law right now. Australia, several European countries, and a growing number of US states have introduced or passed minimum age requirements for social media accounts. The technical challenge is real: verifying age online requires collecting identifying information, and collecting identifying information creates privacy risk, particularly for the young people the laws are designed to protect. Who should bear the responsibility for that verification is also unresolved. Is it the platform? The app store? The mobile operating system? Graves does not pretend there is a clean answer, but he points to the mobile layer as an underexplored option. The Apple App Store and Google Play Store already have significant leverage over which apps reach users on their devices. Whether that leverage should extend to age verification is a question that deserves more attention than it currently receives. The Right of Publicity in the Age of AI Voice cloning, digital replicas, and AI-generated synthetic media have pushed the right of publicity into territory that traditional IP law was not designed to cover. Trademark law, copyright law, and existing publicity rights each capture part of the problem but none of them covers it completely. The result, as Graves describes it, is a period of experimentation: lawyers filing trademarks on vocal sounds and phrases, states updating their publicity statutes to explicitly mention artificial intelligence, and entertainment unions negotiating over who controls a performance and any AI-generated iterations of it. Tennessee’s Elvis Act is a concrete example of the legislative response: the state updated its right of publicity law to include voice and to reference AI directly. Similar efforts are underway elsewhere. The underlying challenge is calibrating protection so that it gives creators and performers meaningful control over their likeness and voice without foreclosing the development of generative AI systems that depend on broad rights to process and learn from content. Somewhere between those two interests, a workable legal framework needs to emerge. The brand deal context may be where the issue becomes most immediately practical. When a brand partners with an influencer and the campaign involves generative AI in any form, the contract needs to address control explicitly. Who has final approval over how the influencer’s likeness or voice is used in AI-generated deliverables? What happens to those assets after the campaign ends? These are not hypothetical questions. They are contract drafting problems that any brand counsel or creator attorney should be addressing today. What Comes Next Graves is cautious about predictions, but his sense of direction is clear. The regulatory environment will continue to fragment before it converges. The right of publicity will be updated, imperfectly, in more jurisdictions. Creators will continue to move toward owning more of their infrastructure. And the lawyers who do this work best will be the ones who understand the technology well enough to translate it into practical, defensible decisions for the people they advise. Full Transcript: Ken Suzan: Thank you, Rolf. Our returning guest today is Franklin Graves. Franklin is the founder and editor of Creator Economy Law, a website and newsletter that educates creator economy professionals on the intersection of law and policy with the world of creators, brands, and platforms. Franklin also published the first law review article focused on the creator economy, Upload Complete, an introduction to creator economy law. He regularly appears across news and media outlets as a commentator and contributor with a focus on educating creators and raising awareness of all legal aspects of the creator economy. Franklin is based in Nashville, Tennessee. Ken Suzan: Franklin was invited to participate as one of the creators and creator economy professionals in the first ever White House creator economy conference. Franklin works full time as a product counsel at LinkedIn Corporation. As a member of the product and data team, he focuses on emerging issues in AI and data. Franklin previously held roles on the technology law group at HCA Healthcare, the commercial legal team at Eventbrite, and the business and legal affairs team at Naxos Music Group. Welcome back Franklin to the IP Fridays podcast. Franklin Graves: Thank you so much for having me. It is exciting to be back and reflecting over the last decade since I last joined and also the paper that I wrote that dives into this in more detail. So I really appreciate it. And yes, full disclosure, I currently work for LinkedIn, which is a subsidiary of Microsoft. I’m here in my personal capacity to talk about this, the paper I wrote before joining LinkedIn and all of that. So thank you so much for having me back. Ken Suzan: Excellent. So Franklin, since your last appearance on IP Fridays in 2017, your career has evolved significantly. You are now senior product counsel at LinkedIn focusing on AI and data. How has working inside a major tech platform changed your perspective on the legal frameworks governing digital content compared to when you were viewing it purely from the creator side? Franklin Graves: I appreciate that question because when I wrote the article, I did not work for LinkedIn. And I had been coming from a history in my career where I, right out of law school, worked for a record label like we talked about almost 10 years ago. And I was on the content creation side. I’ve represented a major distributor of classical music digitally at the time. And that was my first exposure to understanding how content was taken from the initial inception stage from creators and routed through all the various digital platforms that were at the time still evolving and even arguably still today continue to evolve. The early days of YouTube Music launching and then Apple Music launching, and then going through all the phases of high-res audio and everything that came after that. So that was an interesting perspective to start my career with. And then I went to Eventbrite, which is a ticketing platform, but was also focused on elevating event creators. They kind of took on that moniker of “Hey, we are event creators that we support.” And that was arguably my first exposure to the platform side, the tech platform side of it, because Eventbrite is a platform. And so then I evolved from there in my personal capacity, in a pro bono capacity representing individual creators across the YouTube space. And that’s what we talked about a little bit back when I first came on the podcast. Franklin Graves: Over the last decade, it’s been a chance to grow my own understanding of the creator economy. The terminology “creator economy” came around. And then now on the other side of it, having written the article and all that, and now being fully in-house at LinkedIn, I truly am experiencing a social media platform. LinkedIn is of course arguably way more than just the platform itself. There are so many different avenues to it, but it is a chance for me to understand what it is like working for a company that is operating the platform that people are distributing content on. There’s a user journey to content and all of that. So it’s definitely enhanced and given me a different perspective from a major tech platform side. And part of my role at LinkedIn is really heavily focused on understanding regulation and how that from an AI and data perspective impacts the company. And so I’ve been really leveling up my game over the last year and a half that I’ve been here, understanding mostly EU regulations, but also US regulations that are still in their infancy when it comes to AI. But really when it comes to privacy and data, those are pretty well established across the board. It’s been kind of a combination of what I learned at Eventbrite, because I went to Eventbrite when GDPR was going into effect. And so that was an eyes-wide-open moment of getting in the weeds with negotiating data processing agreements, understanding data transfers and cross-border data transfers and the like. So it’s been kind of an evolution as the laws and regulations have evolved. So has my career, so has my own understanding, so have the platforms’ responses to those laws and regulations. And I’m sure that probably resonates with a lot of your listeners who have also been growing their practice and their understanding as the laws and regulations in this realm have been evolving too. Ken Suzan: Yes, indeed. Now let’s switch gears and talk about AI. You advise on AI and data daily. As platforms integrate generative AI tools into their tech stacks, what are the most critical best practices in-house counsel should be adopting right now to embed responsible AI principles into product development? Franklin Graves: So as an attorney, one of my key roles is to understand the technology. Even representing creators and working for creator platforms, that’s something I’m constantly trying to do: put myself in the shoes of being a creator. And I think I talked about this last time I was on, but I come from a background where I was working for a major label doing marketing, video editing, social media work. And I was creating content. I understood the whole life cycle from the inception point of an idea to execution and then to the final delivery and distribution of that content to an audience within a major music label. And so part of that is the same thing that I think attorneys, especially in-house, should be doing: using the tools that the product and engineering teams are either developing in-house or partnering with third parties to develop, or a combination of the two. Using them, understanding them, using them as a creator would, using them as an end user or a client or customer would. And making sure that if you understand the product and understand the nuances of how it operates, and being a part of the iterations of that internally before it fully ramps, that really gives you a chance to understand: okay, we have a lot of responsible AI principles and standards and protocols that are in existence right now, whether it’s NIST, whether it’s based on the EU AI Act or anything and everything in between. It’s understanding how to apply those and bring those into a product and an engineering environment in a way that is practical and actionable for the people that you’re supporting, the stakeholders you’re supporting. So I think one of the critical best practices is, number one, understand the product or features that you’re supporting. Franklin Graves: And then understand how you as an attorney can use your expertise and understanding of responsible AI practices, whether it’s a regulatory standard or an industry-adopted standard or a hybrid of the two, to leverage those and implement those, break those down and make them into actionable controls and processes and flows that work within your existing infrastructure. That’s a lot of high-level talk, but that’s the general idea. One concrete example we talk about frequently is with open source AI. If you’re working with a product team or an engineering team that is taking an off-the-shelf open source model and bringing that in-house, a lot of times companies have pre-existing open source processes that cover the use of open source software or code. Piggyback on that. That’s the easiest quick win for attorneys: leveraging your existing open source processes to just build on top of that the AI flavor and layering. It’s not very much that you have to do, but the underlying process of the key stakeholders that need to be involved in the review, whether it’s security, whether it’s executive sign-off if it gets to that point, even export control considerations should already be part of your existing open source software process. So layering in on those existing processes the specifics of generative AI or large language models that you’re trying to bring in is a great way to put this into practice. Ken Suzan: Now looking at the geopolitical landscape that we currently have, we have the EU AI Act setting strict standards and shifting US executive orders. How should platforms and brands prepare for this fragmented regulatory environment when deploying AI tools to a global user base? Franklin Graves: It’s a great question. It’s something that is still evolving, I think is fair to say. I would equate it, as I do in the paper that I wrote, to how creators and arguably brands don’t own the platforms that they’re building their communities on. That spawned this concept of de-platforming or going into building your own platform, a decentralized platform of sorts, and owning your community. That gives you that control and takes away the level of instability that can come for creators trying to build a business on a platform they don’t own, they don’t control when certain updates happen, when algorithms change, when tools and functionalities either become available or go away completely. So it’s very similar to what we’ve been experiencing in a regulatory environment where we have geopolitical complexities, for lack of a better term, that can overnight seemingly disrupt the way in which a platform or even a multinational brand is able to connect and reach an audience or continue to leverage the user base that they’ve built. I think TikTok is a great example of that, where it became a national security concern and suddenly it was facing an executive order that required it to be effectively disabled in the US or completely owned and operated by a US entity. All the mechanics and technicalities of whether it’s actually possible and still have a global platform with a global user base is a whole different discussion. But that’s an example of very similar considerations that are now not just a discussion point at the creator level or the individual brand level, but also in a much broader context at a platform level as well. Ken Suzan: Franklin, let’s now shift gears and talk about your article. In your recently published journal article, Upload Complete, which we will have linked in our show notes, you advocate for a shift in terminology from internet creator law, a term used during our first podcast almost a decade ago, to creator economy law. Why is this distinction important and how does it change the way legal practitioners should view the ecosystem of creators, brands, and platforms? Franklin Graves: Oh yes, this is part of the reason why I wanted to write the article: to lay this foundation of understanding. Because at the time I’d written the article, the term creator economy and creator had really not appeared but for maybe once in an actual court decision. And it was kind of focused on influencers and this concept, and it was just not getting it right. And so it was also, as you mentioned, when we first spoke I was even using the term internet creators. And I think that was something that was common at the time. The “internet” portion as a qualifier has since dropped off. And now for purposes of the creator economy, the term creators refers to individuals, it can be small businesses, which is what we’ve seen from a regulatory standpoint, how these small businesses are being impacted by regulations. But essentially creators in the article I pin in the context of intent. What is the intent behind the person or the small business that is posting content, trying to build a community and form a community in a virtual environment? And then that can even spill over into real physical world environments. And so the intent is kind of what I look at. Franklin Graves: And I have a chart in the article that has a diagram showcasing the overlap of what I refer to as “users generating content.” It’s a play on the concept of user-generated content, UGC. Users generating content is that large bucket of anyone posting on a platform of some kind. And within that large bucket, that large circle, are smaller subsets. You have creators, you have brands. Those are really the two buckets you can put people into. Otherwise it’s like your grandmother or your parents posting content on Facebook or Instagram, and those are everyday users of a platform. The distinction to get into that subcategory of being a creator more so has been analyzing the intent behind the posting. Are you posting content to build an audience, to build a community, to eventually have a chance to monetize the following that you’re bringing in or sell services or something like that? Brands are posting for that reason. Creators are maybe posting for that same reason. But even within the creator category, there’s a subcategory of influencers that are trying to sell something, that are trying to build more than just an awareness of who they are, their influence. They are trying to do brand deals, partnership deals, upsells and all that, and start an actual small business aside from just the content itself that they’re creating. So that’s kind of the distinctions that I make in the paper. And that’s why it’s important to understand and lay that foundation, that anyone can post content online, but the intent, the why behind their posting that content, really does ultimately matter, especially when you’re looking at it from a court case or from a regulatory standpoint. Ken Suzan: Now, Franklin, we’re seeing unprecedented geopolitical activity around platform ownership. For example, the US legislation targeting TikTok and Brazil’s recent temporary ban of X. How do these macro-level battles impact the day-to-day livelihood of creators? And how can they legally and operationally protect themselves? Franklin Graves: So the shift that we’re seeing, and I alluded to this earlier in our conversation, is this concept of Web 3. And that term may or may not be really popular anymore, but that’s essentially what we’re looking at: a shift into a federated, decentralized operation of a platform. So instead of one owner, one company, one entity owning and operating the platform, it’s decentralized. Anyone can start up a server, and it’s interoperable, meaning anyone can plug and play and connect to that larger network. And it creates this unified social network experience. Within each operating node of that network, there can be your own decisions around content moderation, your own decisions around the hosting providers you use, where you’re operating out of, the terms and conditions that apply to that. But the flip side is that instead of creators posting and sharing in a closed environment run and controlled by a singular entity, you’re now experiencing a peer-to-peer type operation where your experience can change based on which server, which node, which user you’re engaging with. You might have content that’s acceptable in one area but not acceptable in another, and maybe it just doesn’t even show up in that other area. Franklin Graves: But from a liability standpoint, as creators start to build their own networks and communities, even outside of a concept like the fediverse, it’s even down to creators building their own communities through online courses, subscription membership-based platforms that they run on their own website. There’s open source software out there, even something called Ghost, where you have memberships. And that is a creator or a small business in the creator economy that is now taking on the obligations that would typically fall upon a platform. They need to take into consideration terms and conditions, privacy policies, legal aspects, and regulatory considerations for running a platform, especially in a global world. So it’s a lot of liability that then shifts over to those small businesses and even brands sometimes that are doing the same thing. Whether it is something as simple or complex as content moderation or all the way up to monetizing an audience, this new world where creators can spin up and run a platform all dovetails back to the concept of creators not feeling like they have control in reaching the audience and the community that they’re building on an individual platform. And so this really became more mainstream conversation with TikTok and the issues around it potentially being shut down in the US. That was kind of the mindset shift and eyes opening for many creators, especially within the influencer subset, of realizing: we need to make sure that we have a way to reach the audience we’ve built if the individual platform that we’ve committed to over the last year or three years or so is no longer available. We need a way to continue that relationship outside of that one platform controlling it. Ken Suzan: Franklin, we have a few minutes left and a number of topics. So I’m going to switch gears and talk about a few issues. First, a major emerging topic in your paper is the evolution of protecting kids online. With state-level age-gating laws like the CAADCA and the recent FTC updates to COPPA, how should platforms navigate the significant tension between strict age verification mandates and the privacy and First Amendment rights of their users? Franklin Graves: Man, that is a whole discussion to unravel. It is a consideration that we’re seeing happen again, going back to the geopolitical nature of everything. Countries like Australia and certain countries in Europe and now even individual states in the US are trying to look at ways, and some of them have already put into place minimum age requirements before you can even sign up for an account with a social media platform. One of the things I’d just highlight quickly here is that one of the tensions is around how you verify someone’s age online and still maintain the ability to be at least pseudonymous. How do you still have a level of privacy, autonomy, and protection when it comes to having to provide something like a driver’s license or have parental consent tied and connected to an account managed by a parent in a situation where maybe it’s not appropriate or not beneficial to the child in that manner? But then maybe there are counterbalancing factors that outweigh that. All of that comes down to the technicalities of how it’s actually implemented and maintaining the sense of openness and freedom that we’ve had on the internet to date. And then the other element there is, since a lot of the internet that we think of today is more so through mobile applications, is it something that the mobile operating system providers and app store providers should be thinking about? So whether that’s the Google Play Store or the Apple App Store, where does that initial age verification need to fall? Is it at the platform level? Is it the app store or mobile device management level or something else? Yeah, there’s a lot to discuss there. And a lot of the issues we’re seeing with how the internet is changing in terms of being able to browse a website without disclosing personal information that might not have been required before is largely stemming from a focus on protecting children online. Ken Suzan: It sounds like, Franklin, we could have another episode covering lots of issues connected with that one topic alone. Franklin Graves: I would absolutely agree with that. There’s a lot going on there. And again, it’s different across the world. And so I know you all have a global listener base. And so there’s a lot of nuances to that whole discussion too, that are worth exploring. Ken Suzan: Last question for today’s episode is regarding the right of publicity. With the explosion of AI-generated synthetic media, digital replicas, and voice cloning, the right of publicity is taking center stage. What are the biggest legal risks for brands partnering with influencers right now? And how can creators protect their most valuable asset, their likeness? Franklin Graves: That’s a great question. I think we’re seeing kind of a throwing-spaghetti-against-the-wall-to-see-what-sticks approach right now by a lot of different parties, whether it’s trademark attorneys, whether it’s general entertainment attorneys or whoever. For example, we’ve seen Taylor Swift filing trademarks to protect certain sounds of her voice and phrasing that she uses. It’s a difficult area because in the realm of generative AI with deep fakes and virtual avatars, that is where it gets tricky, because traditional IP laws are just not able to fully cover that spectrum. It’s a piecemeal approach, but even then it doesn’t fully cover it. So for example, I’m based in Tennessee and a couple of years ago we had the Elvis Act that updated our right of publicity law to add voice and to explicitly reference artificial intelligence. And so that’s the kind of effort we’re probably going to continue to see: efforts to develop some framework around protecting what is essentially a privacy right, in a manner that doesn’t restrict generative AI systems from continuing to develop and operate the way they’re operating now, while layering in those protections so that in the US at least a First Amendment right doesn’t necessarily get squashed, and those traditional well-recognized efforts to not overregulate a technology in its early stages are respected. Franklin Graves: And so I think a lot of what we’re seeing is just a need to update laws. The SAG-AFTRA debate and the strikes that happened around maintaining control of your performance and any iterations of that, or building upon that by a media company that might come later, it’s all on the table right now and still being discussed, still being worked out. I think in the short run, a lot of times if it’s in a brand deal, the key question is: if you are using generative AI to enhance in some way the final deliverable for the campaign, who has control over that? Who has final say and sign-off on how that likeness or that digital replica or that person’s voice is represented? And even outside of the brand space, we’ve seen actors like James Earl Jones signing over certain aspects like their voice and allowing it to continue to be used in these manners powered by generative AI as Darth Vader. And I think I saw something that Boy George was even starting up an AI company that allows musicians, the original recording artist, to rerecord new versions of their masters so that they don’t miss out on that revenue. It’s powered by generative AI, by taking their voice now, which is significantly different than it was back in the 80s, and using generative AI to make it sound closer to the original, but all based on their current performance. So I think it’s still an evolving area. And what’s interesting too is on the platform side, we’re seeing the early stages of platforms like Google starting to acknowledge and rely on the license grant contained in their terms of service for YouTube, which grants them broad rights to use the content to run their platform. So all that to be said, it’s still early stages. I’m very interested to see where we go from here in the future, especially from a global perspective as well. Ken Suzan: Franklin, I could spend hours talking to you about this. You’re such a knowledgeable person on these topics. Maybe in a few years, will we connect again and talk further on AI and all the things that are yet to be developed? Franklin Graves: Thank you. Yeah, it doesn’t have to be another decade. Maybe we can cut it to half a decade, given the pace at which technology is going now. Ken Suzan: Sounds good, Franklin. Thanks again for being on the IP Fridays podcast.

The CyberWire
All eyes on AI.

The CyberWire

Play Episode Listen Later Jun 23, 2026 24:47


Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK. Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites. Executive Order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts. Keeping tabs on the tab-keepers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts and where more effort needs to be made to get the U.S. and its critical infrastructure quantum-ready. Selected Reading 'Five Eyes' intelligence alliance warns that new AI models pose urgent cyber risk (Reuters) Intel agencies: Frontier AI models will reshape cybersecurity faster than expected (CyberScoop) Anthropic's Mythos AI broke into almost all NSA classified systems in hours (SecurityAffairs)  Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach (TechCrunch) FortiBleed campaign used custom FortiGate sniffer to steal credentials (BleepingComputer) Gizmodo readers hit with ClickFix malware prompts after account compromise (The Register) New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones (SecurityWeek) TFL Hackers Admit Carrying Out Cyberattack That Cost £39M (Law360) Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin (Wordfence)  Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration (Security Week) Madison Square Garden Made Dossier on Activists Who Opposed Facial Recognition (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This Week in XR Podcast
Special From CES 2026: AI Strategy, Tariffs, and the Future of Consumer Tech ft. Gary Shapiro, CEO

This Week in XR Podcast

Play Episode Listen Later Jun 19, 2026 58:57


Gary Shapiro has spent decades at the center of the global consumer technology industry, leading the Consumer Technology Association (CTA) and building CES into one of the most important stages for innovation, policy, and deal-making on the planet.In this first episode of 2026, Gary joins Charlie, Rony, and Ted to preview CES, unpack the explosion of AI across every category, and deliver unusually blunt takes on tariffs, China, manufacturing, and U.S. innovation policy. He explains how CES has evolved from a TV-and-gadgets show into a global platform where boards meet, standards are set, and policymakers, chip designers, robotics firms, and health-tech startups all collide.In the News: Before Gary joins, the hosts break down Nvidia's $20 billion “not-a-deal” with Singapore's Groq, the stake in Intel, and what that combo might signal about the edge of the GPU bubble and the shift toward inference compute, x86, and U.S. industrial policy. They also dig into Netflix's acquisition of Ready Player Me and what it suggests about a Netflix metaverse and location-based entertainment strategy, plus Starlink's rapid growth and an onslaught of “AI everything” products ahead of CES.Gary walks through new features at this year's show: CES Foundry at the Fontainebleau for AI and quantum, expanded tracks on manufacturing, wearables, women's health, and accessibility, plus an AI-powered show app already fielding thousands of questions (top query: where to pick up badges).He also talks candidly about his biggest concern—that fragmented state-level AI regulation (1,200+ state bills in 2025) will crush startups while big players shrug—and why he believes federal standards via NIST are the only realistic path. The discussion ranges from AI-driven healthcare and precision agriculture to robotics, demographics, labor culture, global supply chains, and what CES might look like in 2056.5 Key Takeaways from Gary:AI is now the spine of CES. CES 2026 centers on AI as infrastructure: CES Foundry at the Fontainebleau for AI + quantum, AI training tracks for strategy, implementation, agentic AI, and AI-driven marketing, and an AI-powered app helping attendees navigate the show.Fragmented state AI laws are an existential risk for startups. Over 1,200 state AI bills in 2025—including proposals to criminalize agentic AI counseling—could create a compliance maze only large incumbents can survive, which is why Gary argues for federal standards via NIST.Wearables are becoming systems, not gadgets. Oura rings, wrist devices, body sensors, and subdermal glucose monitors are starting to be designed as interoperable families of devices, with partnerships emerging to combine data into unified health services.Robotics is breaking out of the industrial niche. CES will showcase the largest robotics presence yet, moving beyond factory arms and drones to humanoids, logistics, social companions, and applied AI systems across sectors.Tariffs, alliances, and AI will reshape manufacturing. Gary is skeptical of “Fortress USA” strategies that try to onshore everything, pointing instead to allied reshoring (Latin America, Europe, Japan, South Korea) and the long-term role of AI-powered robotics in changing labor economics and global supply chains.This episode is brought to you by Zappar, creators of Mattercraft—the leading visual development environment for building immersive 3D web experiences for mobile headsets and desktop. Mattercraft combines the power of a game engine with the flexibility of the web, and now features an AI assistant that helps you design, code, and debug in real time, right in your browser. Whether you're a developer, designer, or just getting started, start building smarter at mattercraft.io. Hosted on Acast. See acast.com/privacy for more information.

EBRC In Translation
36. RNA-Powered Cellular Computing w/ Sam Schaffter

EBRC In Translation

Play Episode Listen Later Jun 19, 2026 51:21


In this episode of EBRC In Translation, hosts Heidi Klumpe and Talia Jacobson interview Sam Schaffter, lead scientist for RNA synthetic biology at the National Institute of Standards and Technology (NIST), about genetically encoded RNA circuits for real-time sensing of gene expression and their potential in diagnostics, therapeutics, and biotechnology. Sam describes his path from bioengineering and biochemistry at Purdue through DNA computing and molecular programming, to shifting toward cell-based synthetic biology after the 2019 SEED conference. He later joined NIST via an NRC postdoctoral fellowship. He compares national-lab and academic research environments, highlighting differences in equipment access and funding structures. Sam explains why RNA circuits enable programmable, portable molecular computation in dividing cells, outlines a long-term vision for pattern-recognition classifiers in living systems, and discusses limitations of current AI for RNA and protein function. He also emphasizes NIST's role in standards, reference materials, and improved RNA-level measurements such as nanopore sequencing. Sam will be at the Cold Spring Harbor Laboratory Synthetic Biology Summer Course this year instructing modules on RNA Circuits, DNA nanostructures, and synthetic cells with Leo Green.For graduate students interested in exploring government postdocs, check out the National Research Council Research Associateship Program. Feel free to reach out to Sam with any questions.For more information about EBRC:Visit our website at ebrc.org. If you are interested in getting involved with the EBRC Student and Postdoc Association, fill out a membership application for graduate students and postdocs or for undergraduates and join today!Transcription:Episode transcripts are the unedited output from Whisper and likely contain errors.

@BEERISAC: CPS/ICS Security Podcast Playlist
THE FISH FLUENCER: James Sibley on How Tech Is Changing the Way We Farm the Sea

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 18, 2026 57:21


Podcast: Bites and Bytes Podcast (LS 27 · TOP 10% what is this?)Episode: THE FISH FLUENCER: James Sibley on How Tech Is Changing the Way We Farm the SeaPub date: 2026-06-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the Seafood Summer Series 2026 on the Bitesand Bytes Podcast, and we are kicking it off with a great one!Over 120 million tons of seafood are farmed every year. Mostpeople have no idea. And the technology making it happen: AI-powered feeding systems, underwater robots, satellite-connected ocean farms, is advancing faster than the policy and security frameworks trying to keep up with it.  That disconnect is exactly why this conversation matters.James Sibley, known in the aquaculture world as the Fish Fluencer, is an aquaculture educator and content creator who has spent five years visiting fish farms across four continents to explain one of the most consequential and overlooked food systems on the planet. From salmon farms in Scotland and New Zealand to shellfish operations in Southeast Asia, James has seen firsthand how technology is transforming the way we farm the sea, and what happens when that technology outpaces the people managing it.This episode covers aquaculture technology, smart fishfarming, ocean farming innovation, seafood supply chain transparency, and food security. If you eat seafood, work in food and agriculture, or care about where your food comes from, this one is for you.---------------Guest: James Sibley"Fish Fluencer" | Aquaculture Creator & Founder

The Thoughtful Entrepreneur
2443 - What Every Accountant Needs to Know About Cybersecurity Compliance in the Age of AI with CardinalsByte's Michele Novack

The Thoughtful Entrepreneur

Play Episode Listen Later Jun 17, 2026 19:16


The AI-Driven Threat Matrix: Architectural Cybersecurity and Compliance for Small Firms with Michele NovackIn a recent episode of The Thoughtful Entrepreneur Podcast, host Josh Elledge sat down with Michele Novack, the host and founder of Cardinalsbyte, to break down the rapidly evolving cyber vulnerabilities that threaten the financial solvency of small businesses. As a veteran risk strategist specializing in the financial services sector, Michele highlights how CPAs, accountants, and tax professionals have become prime targets for sophisticated, automated digital attacks. This conversation delivers an intentional operational roadmap for mid-market founders and executive teams looking to navigate tightening federal mandates, identify hidden security gaps within their existing infrastructure, and defend their enterprise value against highly advanced, AI-powered corporate fraud.The Anatomy of Digital Defense: Mitigating Algorithmic Vulnerabilities through Zero-Trust ProtocolsThe rapid proliferation of consumer-facing artificial intelligence has weaponized the digital threat landscape, enabling bad actors to execute automated, hyper-personalized social engineering campaigns at an unprecedented scale. Michele Novack cautions that small businesses can no longer rely on traditional, passive firewall defenses as cybercriminals increasingly deploy sophisticated voice cloning, automated phishing sequences, and deepfake video streams to bypass conventional security guardrails. A single compromised corporate email account can result in catastrophic financial loss, as demonstrated by emerging corporate wire fraud schemes where payroll managers are manipulated by synthetic, AI-generated replicas of their CEO during live video conferences. To counter this automated disruption, executive leadership must enforce rigid, non-negotiable zero-trust verification protocols—requiring multi-channel, manual confirmation for all financial movements and high-stakes data extractions completely independent of digital messaging networks.Insulating a firm against regulatory penalties and liability requires a disciplined commitment to formalizing internal data compliance programs rather than treating security as an ad-hoc IT checklist. Tightening federal mandates, such as the revised FTC Safeguards Rule and IRS security guidelines, now legally obligate financial services providers to maintain comprehensive, written documentation detailing their operational defenses. Many business owners operate under the dangerous assumption that their external Managed Service Provider (MSP) inherently handles regulatory compliance, leaving the enterprise exposed to massive liability gaps due to a complete lack of formal Written Information Security Programs (WISPs) and documented Incident Response Plans (IRPs). True enterprise resilience is achieved when leadership takes proactive ownership of corporate compliance, closing security gaps by performing routine endpoint audits, implementing geographical IP blocking, and maximizing the advanced, built-in security features native to enterprise cloud suites like Microsoft 365 or Google Workspace.Transforming an organization's digital posture ultimately relies on establishing a transparent, security-first corporate culture that bridges the gap between complex technical tools and human operational habits. Because human manipulation remains the primary vector for enterprise data breaches, continuous, jargon-free employee training is a vital piece of operational infrastructure. Rather than deploying clinical, one-and-done IT lectures that fail to change day-to-day employee behavior, founders must implement continuous, interactive education loops and safe phishing simulations that sharpen frontline skepticism. When clear behavioral habits, automated endpoint monitoring, and verified compliance documentation are synthesized under a unified governance architecture, a business successfully limits its operational risk. This proactive stance converts cybersecurity from a costly technical burden into a powerful, high-valuation corporate asset that fiercely protects the organization's market authority.About Michele NovackMichele Novack is the host, founder, and chief risk strategist of Cardinalsbyte, and a premier authority on small business data security and financial compliance management. Drawing from decades of specialized experience within the financial services and accounting sectors, Michele focuses on demystifying complex technical architecture to make regulatory frameworks accessible for corporate executives. She is a dedicated educator and advisor who specializes in constructing high-accountability cyber defense models designed to protect small-to-mid-sized enterprises from advanced electronic corporate theft.About CardinalsbyteCardinalsbyte is an elite risk management and cybersecurity compliance consultancy that provides custom data-protection solutions, vulnerability assessments, and regulatory mapping for professional services firms. The company specializes in translating complex federal guidelines, such as NIST frameworks and IRS mandates, into actionable corporate playbooks including Written Information Security Programs (WISPs). Through proactive technical testing, executive risk summaries, and white-glove incident response coordination, Cardinalsbyte enables mid-market organizations to eliminate administrative security debt and shield their bottom lines from systemic digital threats.Links Mentioned in This EpisodeCardinalsbyte Compliance Partner Page: cardinalsbytes.com/compliance-partnerMichele Novack on LinkedIn: linkedin.com/in/cardinalsbyte-mnovackKey Episode HighlightsThe AI Weaponization Trap: Analyzing how deepfakes, automated voice cloning, and synthetic media bypass traditional corporate communication filters to enable catastrophic wire fraud.The MSP Compliance Gap: Understanding why standard IT vendors fail to provide mandatory regulatory documentation, and how to self-correct using structured WISPs.Maximizing Built-In Cloud Security: Leveraging and configuring the advanced, pre-existing anti-phishing dashboards embedded within Microsoft 365 and Google Workspace.The Multi-Channel Verification Mandate: Implementing mandatory human-in-the-loop protocols that require dual physical authorization for high-volume financial movements.Building a Skeptical Corporate Culture: Shifting internal security training from a static annual checklist into continuous, interactive education that reduces human error on the frontline.ConclusionThe conversation with Michele Novack underscores that true cybersecurity resilience is an ongoing exercise in structural governance and human vigilance rather than an expensive software purchase. By standardizing internal corporate compliance, executing rigorous endpoint audits, and building an inclusive culture of behavioral accountability, business leaders can transform a vulnerable digital setup into a highly secure, enterprise-grade corporate asset.More from The Thoughtful Entrepreneur

@BEERISAC: CPS/ICS Security Podcast Playlist
Is AI Becoming Your Plant Floor's Biggest Vulnerability?

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 17, 2026 27:14


Podcast: Industrial Cybersecurity InsiderEpisode: Is AI Becoming Your Plant Floor's Biggest Vulnerability?Pub date: 2026-06-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino dig into the widening gap between IT and OT and why the plant floor keeps getting left behind. They break down what Dragos ' acquisition of Phosphorus signals for the future of IoT security in manufacturing, from cameras and label printers to X-ray inspection systems that ship with default passwords and almost never get patched. The conversation gets sharp on artificial intelligence: the same models helping plants work smarter are now lowering the barrier for attackers, putting Stuxnet-style capabilities into the hands of people who lack the resources and sophistication that nation states once needed. Craig and Dino expose the everyday habits that leave operations vulnerable, including system integrators plugging personal laptops straight into production networks, locked USB ports that solve only half the problem, and remote access so wide open that a single entry point can expose an entire plant. They argue that nobody truly owns OT cyber hygiene, that frameworks like IEC 62443 and the NIST 800 82 series get named in RFPs but rarely enforced, and that leaders keep tripping over dollars to pick up nickels by choosing the cheapest bid over real protection. It's a candid, experience-driven look at why industrial security moves so slowly and what plant leaders, engineers, and security teams can actually do about it.Chapters:(00:00:00) - AI Enters the OT Battlefield(00:01:30) - Why IoT Is Creeping Onto the Plant Floor(00:03:30) - Printers, Cameras, and the Default Passwords Nobody Owns(00:06:00) - Dragos, Phosphorus, and the Managed Services Question(00:08:00) - How AI Lowers the Bar for Attacking Control Systems(00:09:40) - Stuxnet Then vs. AI-Powered Attacks Now(00:12:00) - The Laptop in the Plant: Contractors, USBs, and Open Networks(00:16:00) - Frameworks on Paper vs. Reality (IEC 62443 & NIST 800-82)(00:19:00) - Tripping Over Dollars to Pick Up Nickels(00:24:00) - Short-Tenure CISOs and Why You Shouldn't Go It AloneLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

TRM Talks
EP. 113 | Quantum, Hacks, and Privacy: Inside Blockchain Security with Penn's Brett Falk

TRM Talks

Play Episode Listen Later Jun 17, 2026 41:42


If a sufficiently powerful quantum computer came online tomorrow, every token on every blockchain would be a target — Bitcoin, Ethereum, Solana all share signature schemes that pre-date the post-quantum era. The math has been clear since the 1990s. What's been missing is the machine. That uncomfortable truth anchors this week's TRM Talks.Brett Falk, research faculty at the University of Pennsylvania and director of the Crypto and Society Lab, joins Ari to work through what that actually means — why Shor's algorithm threatens every chain, what NIST's 2024 post-quantum standards mean in practice, and why Ethereum is better positioned than Bitcoin to respond. They also dig into the back-to-back Drift and Kelp DAO exploits and what made the DPRK playbook behind them unlike anything we've seen before, and into the cryptographic tools — zero-knowledge proofs, secure multi-party computation, credential-based KYC — that let users prove compliance without turning every business into a ransomware target. The math to thread that needle already exists.

KMJ's Afternoon Drive
America's Time Capsule Contents Revealed Ahead of July 4 Burial

KMJ's Afternoon Drive

Play Episode Listen Later Jun 16, 2026 26:54


America’s Time Capsule was developed in collaboration with scientists at NIST, preservation experts at the Library of Congress, and in coordination with the National Park Service. It was built at NIST’s technology fabrication shop in Gaithersburg, Md. Please Like, Comment and Follow 'Philip Teresi on KMJ' on all platforms: --- Philip Teresi on KMJ is available on the KMJNOW app, Apple Podcasts, Spotify, YouTube or wherever else you listen to podcasts. -- Philip Teresi on KMJ Weekdays 2-6 PM Pacific on News/Talk 580 AM & 105.9 FM KMJ | Website | Facebook | Instagram | X | Podcast | Amazon | - Everything KMJ KMJNOW App | Podcasts | Facebook | X | Instagram See omnystudio.com/listener for privacy information.

Philip Teresi Podcasts
America's Time Capsule Contents Revealed Ahead of July 4 Burial

Philip Teresi Podcasts

Play Episode Listen Later Jun 16, 2026 26:54


America’s Time Capsule was developed in collaboration with scientists at NIST, preservation experts at the Library of Congress, and in coordination with the National Park Service. It was built at NIST’s technology fabrication shop in Gaithersburg, Md. Please Like, Comment and Follow 'Philip Teresi on KMJ' on all platforms: --- Philip Teresi on KMJ is available on the KMJNOW app, Apple Podcasts, Spotify, YouTube or wherever else you listen to podcasts. -- Philip Teresi on KMJ Weekdays 2-6 PM Pacific on News/Talk 580 AM & 105.9 FM KMJ | Website | Facebook | Instagram | X | Podcast | Amazon | - Everything KMJ KMJNOW App | Podcasts | Facebook | X | Instagram See omnystudio.com/listener for privacy information.

ITSPmagazine | Technology. Cybersecurity. Society
A Crime Against Time | An Interview with Rik Ferguson | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 15, 2026 14:54


PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli Adversaries are stealing encrypted data today that they cannot read yet, and storing it until a quantum computer can. Sean Martin sat down with Forescout's Rik Ferguson to talk about “harvest now, decrypt later,” why Q-Day is closer than the comfortable timelines suggest, and what the decisions you make this year have to do with secrets you thought were safe forever.

Resilient Cyber
AI Industrialized the Vuln Lifecycle and Broke the System of Record

Resilient Cyber

Play Episode Listen Later Jun 15, 2026 40:43


VulnCheck's Patrick Garrity on the NVD collapse, the first real AI disclosure wave, and why remediation, not finding bugs, is the bottleneck.DescriptionVulnerability management spent years as the chore everyone dreaded, and now it is one of the hottest topics in security because attackers made exploitation the number one way in. Patrick Garrity of VulnCheck rejoins the show to separate what is real from what is marketing. We get into the honest state of the NIST National Vulnerability Database after CISA pulled its funding, the new AI executive order that wants a clearinghouse for AI-discovered vulnerabilities, the first measurable wave of AI-assisted disclosures, and Patrick's audit of Anthropic's Glasswing ledger. We also dig into why cheap AI discovery makes the remediation bottleneck worse, how AI is raising the security poverty line, and whether the 90-day disclosure model still holds.Key takeawaysVulnerability management is hot again because attackers made it the top way in. As Patrick puts it, attention flows to wherever the attacker goes, and right now that is exploitation.The NIST NVD breakdown was worse than a backlog. A recent report confirmed CISA had stopped funding the NVD and NIST lost about half its funding, with no real plan to clear the backlog, which quietly hurts every defender who relies on enriched CVE data.A new AI executive order wants a clearinghouse for AI-discovered vulnerabilities, reportedly under Treasury. Patrick's reaction is that we already have a vulnerability database, the program is optional, and it may turn into a marketing race more than a coordination win.The first measurable AI disclosure wave is real. CVE volumes are up 563 percent for Chrome and GitHub advisories up 470 percent year to date, and Patrick separated genuine AI-assisted discovery from AI slop and from bugs that merely live in AI software by correlating researchers, domains, and email addresses across multiple advisory sources.Patrick audited Anthropic's Glasswing ledger and found the transparency lacking. He had around 80 vulnerabilities in his own database while the public ledger listed 27, several items had blown past their own 90-day disclosure window, and the ledger had not been updated in two weeks.Finding vulnerabilities is not the bottleneck, remediation is. AI makes discovery cheap, but the coordinated disclosure and fix process takes enormous human effort, and the median time to remediate even known exploited bugs is still measured in weeks.Exploitation looks like it is sustaining rather than surging. CISA KEV and VulnCheck KEV are tracking similar year-over-year volumes, partly because attackers already have more than enough to target and partly because you can only count the exploitation you can actually detect.AI is raising the security poverty line, at least for now. Token costs and access-restricted tools concentrate the most powerful discovery capabilities among well-funded teams, while smaller organizations lack the expertise to turn open-weight models into working vulnerability harnesses.The economics are circular. AI drives the surge in findings and attacker velocity, and AI is then sold as the fix, so teams pay to surface the problem and pay again to remediate it, all on consumption-based pricing against finite budgets.The 90-day disclosure norm mostly holds, though it may tighten. VulnCheck runs a strict 120-day policy with no exceptions and averages 45 to 48 days to fix and disclose, and for open source the fixing commit often makes the flaw public anyway.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 357: Is Your Encrypted Data Already Stolen? Quantum Risk & Supply Chain Attacks for CISSP

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 15, 2026 32:09 Transcription Available


Send us Fan MailSomeone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Later” strategy, why it matters most for long-term confidentiality, and how security leaders can talk about it as a present-day risk instead of science fiction.From there, I get practical with post-quantum planning: what the NIST post-quantum cryptography standards signal, why quantum key distribution is still niche for most organisations, and the big architectural idea to remember for the CISSP and for real enterprise security programs: crypto agility. We walk through concrete steps like building a cryptographic inventory, mapping where RSA and elliptic curve crypto live, identifying data with 10 to 20 year secrecy needs, and pushing vendors for a clear PQC roadmap.Then we pivot into CISSP Domain 1 supply chain risk management (SCRM and CSCRM). I explain why supply chains are a prime target, how modern supply chain attacks can ride in through poisoned open source packages, and what SolarWinds showed the world about scale and impact. We close with the nuts and bolts that actually reduce third-party risk: lifecycle supplier management, meaningful assessments (on-site when it matters), document and policy review, audits, and minimum security requirements baked into contracts and SLAs.If you want more training, check out CISSP Cyber Training, subscribe for weekly updates, share this with a friend who owns risk, and leave a quick review so more CISSP candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

GREY Journal Daily News Podcast
How Is DHS Cyber Modernization Changing Federal Procurement?

GREY Journal Daily News Podcast

Play Episode Listen Later Jun 12, 2026 1:44


The Department of Homeland Security is pushing cyber modernization across civilian agencies through CISA programs such as zero trust implementation, Continuous Diagnostics and Mitigation, and Trusted Internet Connections 3.0. Budget requests have kept CISA funding near $3 billion, supporting multi-year investments in detection, response, and workforce. Leadership from Secretary Alejandro Mayorkas, CISA Director Jen Easterly, and DHS CIO Eric Hysen emphasizes joint defense, binding directives, and cross-component coordination. Workforce constraints persist despite the Cyber Talent Management System, prompting greater use of training and managed services. Acquisition relies on vehicles like FirstSource III, PACTS III, GSA MAS, NASA SEWP, and CDM DEFEND task orders. Compliance requirements now center on OMB secure software guidance, NIST control baselines, FIPS 140-3, and FedRAMP. Vendors that map capabilities to CISA's Zero Trust Maturity Model and prepare attestations and authorizations can better align to agency buying priorities.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

HPE Tech Talk
Are we ready for the quantum age of computing?

HPE Tech Talk

Play Episode Listen Later Jun 11, 2026 19:17


Are we prepared for the deployment of a functional quantum computer? This week, Technology Now is returning to the topic of post quantum cryptography. We ask why the deadline for migrating to PQC enabled systems has been moved up, we discover what a quantum computer actually needs to be cryptographically relevant, and we pose the question: when it comes to migrating your systems to quantum resistant forms of encryption, could it already be too late for some people to start?This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week, hosts Michael Bird and Sam Jarrell look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations.

La Martingale
#321 - IA et quantique : la nouvelle menace sur votre argent - Charles Guillemet

La Martingale

Play Episode Listen Later Jun 11, 2026 58:08


Le sujet :À l'ère de l'IA, la sécurité n'est plus une option. Les coûts et les délais pour exploiter les failles d'un système sont en train de disparaître. Mais le pire pourrait être à venir. La cryptographie actuelle est menacée par l'informatique quantique, remettant en question de nombreux protocoles. Cette nouvelle donne force une migration de tous les systèmes critiques vers le post-quantique d'ici 2030, une échéance fixée par le NIST. Dans ce contexte, la sécurité de nos actifs numériques, de nos cryptos à nos mots de passe, n'a jamais été aussi précaire.L'invité du jour :Charles Guillemet est le CTO de Ledger. Au micro de Matthieu Stefani, il alerte sur la catastrophe de sécurité imminente due à l'IA et au quantique, et détaille les stratégies de défense, du wallet physique au "25e mot".Au programme :00:00:00 : La mission de Ledger : sécuriser les systèmes00:01:54 : Où sont vraiment "stockés" vos Bitcoins00:04:49 : Comment sécuriser ses cryptos (sans risquer de tout perdre)00:08:30 : Pourquoi l'IA menace la sécurité de vos portefeuilles : l'asymétrie défense/attaque00:17:47 : Les banques tradi sont-elles à l'abri ?00:20:30 : Le quantique : quels sont les vrais cas d'usage00:24:49 : Le QDay : le monde devra changer00:30:51 : Ton téléphone est ta pire vulnérabilité00:36:27 : Les pires mots de passe à utiliser00:38:07 : La preuve d'identité : l'IA et les deep fake00:41:39 : La France et le manque de sécurité : comment se protégerAvantages :Bonne nouvelle ! Nous avons négocié pour vous un avantage exclusif : obtenez 10$ en Bitcoin pour l'achat d'un Ledger, pour en profiter, rendez-vous sur : https://www.ledger.com/lamartingale Merci à notre partenaire eToro de soutenir la Martingale.Allez sur etoro.com et prenez le contrôle de vos investissements. E-T-O-R-O point com.eToro est une plateforme d'investissement multi-actifs. La valeur de vos placements peut augmenter ou diminuer. Votre capital est assujetti à un risque.La libre antenne de votre podcast préféré, Allo La Martingale, a désormais son propre flux ! Abonnez-vous sur Spotify, Apple Podcasts ou votre plafeforme audio favorite pour ne manquer aucun nouvel épisode. Pour s'abonner à la newsletter, c'est ici : https://lamartingale.io/ La Martingale, c'est aussi un assistant IA qui vous apporte des réponses éclairées issues des interventions des experts passés au micro du podcast. Pour tester, direction https://beta.lamartingale.ioLa Martingale est un média d'Orso Media. Vous souhaitez entrer en contact avec a rédaction ? Ou nous soumettre une collaboration ? Ecrivez-nous ici : https://orsomedia.io/contactHébergé par Audiomeans. Visitez audiomeans.fr/politique-de-confidentialite pour plus d'informations.

The Post-Quantum World
The Race to Save Bitcoin – with Chris Tam of BTQ

The Post-Quantum World

Play Episode Listen Later Jun 10, 2026 36:54


Is the ultimate cryptocurrency ticking toward a sudden, quantum-powered collapse? In this episode, Chris Tam, President and Head of Innovation at BTQ, joins host Konstantinos Karagiannis to shatter the comforting illusions many Bitcoiners still hold about the quantum computing threat. While many assume that a Q-Day attack would only disrupt future mining, Tam exposes the true, terrifying reality: Quantum computers utilizing Shor's algorithm are on an exponential trajectory to cracking the elliptic curve cryptography that safeguards individual wallets. Even worse, recent upgrades like Taproot have inadvertently introduced more vulnerable public keys into the ecosystem, making a network upgrade more complex than ever.The real crisis isn't just finding a cryptographic fix: it's time. Experts warn that migrating the entire decentralized Bitcoin network to a post-quantum standard could take upwards of seven years, but the network simply lacks the block space to move everyone before quantum adversaries are predicted to break the encryption. To bypass the political gridlock of Bitcoin core development, Tam details how BTQ surgically built a working, post-quantum Bitcoin Quantum testnet to experiment with solutions like BIP 360 in the real world. From the catastrophic ripple effects a Bitcoin hack would have on traditional financial markets to BTQ's pioneering work on day-one quantum-resistant stablecoins in South Korea, this episode is an urgent, eye-opening wake-up call for anyone holding digital assets.For more information on BTQ, visit www.btq.com/. Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker             Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.  

Business of Tech
Consumption-Based AI Billing Increases Financial Risk for Unprepared MSPs

Business of Tech

Play Episode Listen Later Jun 5, 2026 13:46


The current structural shift centers on the transfer of accountability for AI risk from vendors and regulators to managed service providers (MSPs). Vendors such as Anthropic and Microsoft are expanding their enterprise-focused AI channel programs and services tracks, while regulators pull back from enforcement, leaving MSPs as the de facto accountable parties for AI deployments. Reports and data indicate that vendor-driven channel expansion and regulatory laxity are converging to make service providers the liable layer in AI delivery. Anthropic is broadening its CLAUDE partner network from around 100 to several thousand partners, organized in tiers with outcome-based incentives and a dedicated services track targeting MSPs and system integrators. Microsoft, responding to low Copilot adoption rates (reported at 3.3% of eligible users), is allowing full removal of Copilot from systems. An IDC/Expereo survey of 800 companies found 70% are budgeting for AI, but investment is driven more by competitive anxiety than proven results. Additionally, a concentrated group—top 5% of users—accounts for the bulk of enterprise AI-related risk, according to a separate analysis. Supporting developments include the emergence of Lemhi, an early-stage platform aimed at enabling MSPs to package and sell AI transformation as a recurring service, and warnings from lawmakers about cuts to CISA that undermine federal cyber defense capacity. The episode also highlights a consistent theme: government agencies such as the White House and NIST are shifting toward voluntary measures and measurement frameworks, declining to create enforceable accountability standards for AI in production environments. For MSPs and IT leaders, these developments translate to increased contract and operational risk. Without renegotiated agreements specifying usage ceilings, approval workflows, and liability terms, providers may inherit unpredictable financial exposure and compliance gaps. The absence of effective governance requirements from both vendors and authorities places the operational burden on MSPs to define, monitor, and enforce safe use of AI, including recurring governance services such as data boundary enforcement and audit evidence. Failure to address these issues may result in MSPs acting as uninsured support for unmanaged AI deployments they cannot fully control or price. 00:00 MSP AI Play  04:24 AI's Accountability Gap 06:50 MSP Risk Transfer 09:49 Why Do We Care?  Supported by:  ScalePad Moovila 

Ratgeber
Pflanzenschutz – Nützlinge beherbergen

Ratgeber

Play Episode Listen Later Jun 5, 2026 6:43


In einem vielfältigen Garten mit verschiedenen Nist- und Überwinterungsmöglichkeiten können sich Nützlinge niederlassen und alljährlich «Schädlinge» in Schach halten. Jetzt aktuell: Nistglocken für Ohrwürmer aufhängen, Holunder setzen, Holzbeige aufstellen, Gräser setzen. Ohrwurmglocken in Beerensträucher und Obstbäume aufhängen Ganze Ohrwurmfamilien verstecken sich tagsüber in den Ohrwurmglocken (kleine Tontöpfe, gefüllt mit Holzwolle). Nachts gehen sie auf die Jagd nach Blattläusen, Apfelwickler- und Pfirsichwicklerlarven. Holunder an Kompostplatz oder Hausecke setzen Holunder (Sambucus nigra) hat Nektarien an Stängeln und Blattstielen. Sie produzieren zucker- und aminosäurereichen Saft, der Blattläuse anzieht. Im Frühling ist dies eine wichtige Nahrungsgrundlage für Marienkäfer und die Larven der Schweb- und Florfliegen. An feuchten Stellen kleinere Holzbeigen aufschichten Das Holz zersetzt sich langsam und im entstehenden Mulm finden verschiedene Laufkäfer Unterschlupf und Überwinterungsmöglichkeiten. Sie fressen Schnecken, Schneckeneier, Kartoffelkäfer, Raupen des Frostspanners etc. Heimische Gräser setzen, die nicht zurückgeschnitten werden An halbschattigen Standorten Waldschmiele (Deschampsia caespitosa), Wald-Segge (Carex sylvatica) und im Topf Schneeweisse Hainsimse (Luzula nivea) setzen. Die Graspolster sind Überwinterungsorte für Schlupfwespenweibchen. Im Frühling legen sie ihre Eier auf und in die Raupen des Pfirsichwicklers, Apfelwicklers und anderer Schadschmetterlinge sowie in Rapsglanzkäfer, Blattläuse, Schildläuse und viele mehr.

Unchained
The Chopping Block: Ethereum's Inflection Point w/ Joe Lubin on DATs, CROPS, AI-Driven Exploits, Quantum Threats, and CFTC's Perps

Unchained

Play Episode Listen Later Jun 4, 2026 62:24


Joe Lubin makes the bull case for Ethereum amid a sea of bearishness. The panel dissects Saylor selling Bitcoin for the first time in four years, the meaning behind 9 senior EF departures, Justin Drake's Q-Day call (50% by 2032), Manuel Araoz declaring all of DeFi unsafe, the ThorChain hack fallout, the Zama/Overnight Finance USDC freeze saga, and the CFTC greenlighting the first US perpetual futures product. Welcome to The Chopping Block — where crypto insiders Haseeb Qureshi, Tom Schmidt, Tarun Chitra, and Robert Leshner chop it up about the latest in crypto. This week Joe Lubin is stepping in to make the bull case for ETH on what he admits is a tough day to be bullish. We open on Strategy's first Bitcoin sale in four years and whether the STRC preferred stock structure is "an algorithmic stablecoin with too many steps," as Tarun puts it. Joe pivots to pitching Ether DATs, then we get into the Ethereum Foundation's brain drain -- nine researchers gone, CROPS as the new mandate, and a mysterious new developer organization taking shape behind the scenes. The episode's meatiest block covers DeFi security: Justin Drake warns Q-Day is 50% likely by 2032, Manuel Araoz says all of DeFi is unsafe, ThorChain's been offline for two weeks post-hack, and the panel debates whether we're entering a rough 12-24 months where attackers outrun defenders. We close on Hyperliquid's all-time highs and the CFTC opening the door to US perps.  Listen to the episode on Apple Podcasts, Spotify, Pods, Fountain, Podcast Addict, Pocket Casts, Amazon Music, or on your favorite podcast platform. Show highlights

Defense in Depth
Has Cybersecurity Become a Cult?

Defense in Depth

Play Episode Listen Later Jun 4, 2026 33:57


All links and images can be found on CISO Series We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo. In this episode: Tools, not religion The case for structured discipline The management problem underneath Fix the damn holes A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

tools cult cybersecurity fix ciso crescendo nist threatlocker david spark zero trust network access davi ottenheimer ciso series
GREY Journal Daily News Podcast
What Does Quantinuum's IPO Signal For Startup Funding?

GREY Journal Daily News Podcast

Play Episode Listen Later Jun 4, 2026 1:29


Honeywell-backed Quantinuum priced its U.S. IPO at $60 a share and raised roughly $1.68 billion, according to Reuters reporting carried by CNBC. The listing signals growing investor appetite for commercial quantum computing and sets a new public valuation reference point. IonQ, Rigetti, and D-Wave remained the limited set of public comparisons after going public via SPACs, with volatile trading. Enterprise pilots continue across finance, pharma, automotive, and energy, often accessed through cloud platforms from Amazon, Microsoft, and Google. U.S. policy, including the National Quantum Initiative and NIST's post-quantum cryptography work, is shaping adoption signals. Founders should track buyer metrics, structure pilots around measurable outcomes, and plan funding around verifiable progress and partnerships. Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

Risky Business
Risky Business #840 -- Microsoft walks back researcher threats

Risky Business

Play Episode Listen Later Jun 3, 2026 66:03


On this week's show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week's cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US troop locations with commercially available location data A new Signal phishing campaign is going after message backups 404 Media is suing ICE to get its spyware contract with REDLattice (lol) Microsoft's tone-deaf response to ‘never justifiable' zero-day disclosures Mini Shai-Hulud pops up again just as Glassworm gets shattered Much, much more This week's episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week's sponsor interview Authentik's CEO Fletcher Heisler joins Patrick Gray to talk about how they're keeping up with the bugpocalypse, and also the work they're doing to support identities for AI agents. This episode is also available on YouTube. Show notes The Pentagon Knew Enemies Could Track Troops' Phones for Years. Now They Are | wired.com U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat' | TechCrunch Security DOD location data attachment (Wyden) | Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media US has seized nearly $1 billion in crypto from Iran, Bessent says | Russia claims foreign spy agencies hacked officials' phones | therecord.media Hackers are trying to steal Signal users' backups in new wave of phishing attacks | TechCrunch Security We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals Microsoft calls zero-day releases ‘never justifiable' as researcher threatens to drop more | therecord.media A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media IBM's new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals Federal audit reveals NIST's NVD is plagued by poor planning and duplication | cyberscoop.com Hackers Used Meta's AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive Password manager Dashlane says hackers stole some customers' password vaults | TechCrunch Security CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com Botnet of more than 17 million devices dismantled | arstechnica.com Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media ACCC investigating Olympics ticket scam | ABC Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com Solo podcast: A deep dive on TeamPCP - Risky Business Media | Trump administration releases scaled-back AI executive order | cyberscoop.com Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com

The CyberWire
The bugs are piling up faster than the fixes.

The CyberWire

Play Episode Listen Later Jun 2, 2026 30:23


A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat's npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta's AI support bot proves a bit too eager to help. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on privacy, security, and trust in digital health platforms, especially in sensitive areas like women's health. This interview is part of our partnership with Infosecurity Europe. Selected Reading Inspector general finds NIST mistakes have made vulnerability database ineffective (The Record) Google fixes one actively exploited Android zero-day, 124 flaws (Bleeping Computer) Uncovering Webloc: An Analysis of Penlink's Ad-based Geolocation Surveillance Tech (The Citizen Lab) GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure (Security Affairs) Threat Actor Uses AI to Build EDR Evasion Tools (Infosecurity Magazine) Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Infosecurity Magazine) Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks (Bleeping Computer) Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (Beyond Machines) Dashlane password manager users locked out by brute force attacks (Bleeping Computer) Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Daily Scoop Podcast
A federal AI consortium reemerges with a new name, scope and call for members

The Daily Scoop Podcast

Play Episode Listen Later Jun 1, 2026 6:29


The National Institute of Standards and Technology's AI Safety Consortium will now be called the NIST Artificial Intelligence Consortium, the agency said Friday, continuing a shift in approach to the technology under President Donald Trump. According to NIST's announcement, the renamed group will retain some of its previous work but will change its scope. The group is also seeking new member organizations to carry out its aims. Craig Burkhardt, deputy NIST director, said in a statement included in the release. “To encourage more extraordinary AI technological innovations, NIST is seeking to expand its AI measurement efforts by harnessing the broader community's interests and capabilities.” The decision comes about a year after the Trump administration changed the name of NIST's AI Safety Institute, pivoting away from “safety.” That organization, which was originally established under the Biden administration, is now called the Center for AI Standards and Innovation. It's also the first news about the consortium in some time. The consortium was established in 2024 alongside the AI Safety Institute as a venue for input from companies, universities, and other organizations on measurement standards for AI safety. NIST is in the headlines once more this week, but not for reasons it's going to be excited about. Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users. The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and adds details like severity ratings and affected products. This information helps cybersecurity professionals across government and the private sector decide which security problems to fix first. In February 2024, the database's enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse. The report identified the lack of strategic planning as a core problem. NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025. NIST publicly promised in May 2024 that it would clear the backlog by September 2024, setting a goal of processing 6,200 security flaws per month, but the agency had never processed more than 5,000 per month in the past. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Cyber Security Headlines
GlobalProtect VPN exploited, ChatGPT share links exploits, Feds criticize NIST

Cyber Security Headlines

Play Episode Listen Later Jun 1, 2026 8:31


Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks ChatGPT share links used to host fake outage pages to deliver malware Federal audit reveals NIST's NVD problems Get the show notes here: https://cisoseries.com/cybersecurity-news-globalprotect-vpn-exploited-chatgpt-share-links-exploits-feds-criticize-nist/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.   The good news: The Vanta  [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.   Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.   Get started at vanta.com/headlines. 

Risky Business News
Risky Bulletin: Recently patched PAN 0day exploited in the wild

Risky Business News

Play Episode Listen Later Jun 1, 2026 7:05


A new Palo Alto Networks firewall bug is being exploited in the wild, Russia expands SORM surveillance, NIST is looking for new post quantum algorithms, and ENSOC launches in Europe. Show notes Risky Bulletin: Russia greatly expands SORM surveillance requirements

The Post-Quantum World
NVIDIA Architect Warns We Might Need to Rip and Replace Hardware for PQC – with TCG

The Post-Quantum World

Play Episode Listen Later May 27, 2026 41:04


Quantum technical debt is the idea that some devices cannot be upgraded to PQC. In this episode, Thorsten Stremlau, a Systems Principal Architect at NVIDIA and Co-Chair of the Trusted Computing Group (TCG) Marketing Work Group, joins host Konstantinos Karagiannis to discuss the critical role of hardware roots of trust in protecting against the quantum computing threat. Stremlau outlines the challenges of integrating heavier PQC algorithms into resource-constrained chips like the Trusted Platform Module (TPM), highlighting technical hurdles such as increased computational intensity, memory bloat, and heightened vulnerability to side-channel and denial-of-service attacks. To counter these quantum threats while maintaining historical stability, the TCG has released the TPM 2.0 library version 1.85 paired with the platform specification 107. This combination leverages built-in crypto-agility to implement mature algorithms like ML-KEM and ML-DSA, while still supporting hybrid classical-quantum models to ensure a smoother migration path for enterprises. However, Stremlau issues a stark warning regarding the industry's timeline and the reality of quantum technical debt, revealing that achieving full PQC readiness will require a complete hardware replacement rather than simple in-field firmware updates. Government entities are aggressively mandating PQC compliance for procurement by 2027. But the enterprise sector, particularly critical infrastructure and server environments, faces an incredibly long transition cycle due to a traditional preference for operational stability over rapid upgrades. While a PQC-ready TPM is a foundational piece of the puzzle that secures firmware signing, boot processes and platform attestation, it is not a silver bullet. True quantum resilience requires a defense-in-depth strategy where the entire software and data ecosystem, including AI workloads, edge networks and data pipelines, is systematically upgraded alongside the hardware foundation.  For more information on Trusted Computing Group, visit https://trustedcomputinggroup.org/. Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker             Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.  

Management Blueprint
333: Turn Your IT into Your Growth Engine with Tom Kirkham

Management Blueprint

Play Episode Listen Later May 26, 2026 20:47


https://youtu.be/sUyjA0muVgM Tom Kirkham, Founder and CEO of Kirkham IronTech, believes business should create value for everyone involved — employees, clients, vendors, and the broader community. After overcoming major personal challenges and rebuilding his perspective on leadership, Tom embraced stakeholder capitalism and built a company culture focused on long-term partnerships, trust, and continuous learning. In this conversation, Tom shares the IronTech Framework — a practical approach to modern IT management built around three core pillars: Generate ROI and Productivity, Make Cybersecurity Core, and Surround it with a Governance Layer. He explains why businesses should stop treating IT as an expense and instead view it as a strategic investment that improves productivity, protects the company from cyber threats, and aligns technology with leadership goals. Tom also dives into the massive scale of the cybercrime industry, why governance is often the missing piece in cybersecurity, and how proactive IT strategy can dramatically improve business performance. — Turn Your IT into Your Growth Engine with Tom Kirkham Good day. Steve Preda here with the Management Blueprint Podcast, and today’s guest is Tom Kirkham, the Founder and CEO of Kirkham IronTech, where he helps businesses build strong, secure IT foundations, whether fully managed, co-managed, or cybersecurity only. Tom is a keynote speaker on cybersecurity, and he’s the author of two books, Hack the Rich and The Cyber Pandemic. Tom, welcome to the show.  Oh, it’s great to be here, Steve.  Well, great to have you here. And I am curious to dive in, and would like to ask you my favorite question. What is your personal ‘Why’, and how are you manifesting it in Kirkham IronTech?  That’s a great question. So the company’s about twenty-six years old. I went through a lot of personal health problems, and then my wife was real sick, and she ended up passing away—it's been about eleven years ago now. And I was fortunate enough to put a friend of mine in the company, and he was able to take over while I was dealing with this for a couple of years. And when most of it was done, I took some time off and did a lot of traveling and a lot of thinking and a lot of reading. And I’m a lifelong reader, a lifelong learner, and I went back through my history of investing techniques, understanding what makes a good company great. If you’ve read Jim Collins, you know what I’m talking about. And so during those times, I was reflecting, studying philosophy, studying biographies of other CEOs like Elon Musk, Steve Jobs, Andy Grove—gosh, the list goes on and on. Whether you like them or hate them, it doesn’t matter, right? There’s always something you can learn. And I came upon and read a lot about stakeholder capitalism. Like Peter Drucker says, “Culture eats strategy for breakfast.” And I understood what that meant, and it was kind of weird. So when I re-engaged with the company, I identified one of the weaknesses, and I said, “Well, if we need to do marketing in this business—which we have to do in any business—I really need to master marketing.” So I spent a lot of time with marketing gurus, most of them are what I would consider household names these days, and re-engaged with the company to do marketing to establish a great culture around stakeholder capitalism. In other words, we exist as a for-profit business not just for the shareholders but for everyone—the community, vendors, employees. And I really wanted to be around people I enjoyed being around. I wanted them to enjoy coming into work.Share on X And so we’ve been trying to perfect that system in the culture for the past ten years. Of course, no one's perfect, but if you pursue perfection, you can achieve excellence. And I think we've done a really good job. We have very low turnover. Everyone seems genuinely happy to be there, and it's really fulfilling. It's more of a personal feeling because I've been a successful investor practically my whole adult life. I started investing in stocks when I was nineteen, and I'm sixty-four now. So I didn't really need the company. I could have just closed it up or sold it or whatever. But I really wanted to have my own reasons. Those are the things that drive me, and I hope they drive everyone else too.  What resonated with you with this idea of stakeholder capitalism? It just made sense. The obvious part is with employees—all of that is true. That's obvious to any good leader or manager, right? As you well know, there's a difference between leadership and management, and understanding that distinction, and the difference between sales and marketing, and understanding those things. A good example is dealing with vendors. There are all sorts of vendors that supply products and services to us, so we carefully vet these tools and vendors to see if their values align with ours, just like we do with prospects. But especially with vendors, if it's something new—a new tool that we're going to invest a lot of time, money, and energy into to make their product or service successful for us and successful for them—we make a commitment to that vendor.  So it's not about the money or how cheap I can get it. What I want is a good partnership with every stakeholder. And I want to make sure that when I'm dealing with a vendor, if it fails for us, it's not our fault—it's their fault, right? Either they oversold the product or they didn't deliver on the service component. I didn't want it to be because we failed to do the right training, or didn't communicate properly, or missed all the other things that are just part of doing business the right way. And that applies to our employees, our local community, and every stakeholder in the company.  Yeah. I like it. So you're looking for partnership-based relationships where it's win-win. And yeah, if you want people to stick around, it has to make sense for them too. You can't exploit your partners forever without consequences. So that makes a lot of sense. So Tom, let me ask you this other question. This podcast is called The Management Blueprint because I'm always looking for frameworks—something practical that helps businesses achieve results. Usually it's some kind of three-to-five-step process that helps you grow the business, get customers, improve operations, or understand something at a deeper level. So when I ask about your favorite business framework, what comes to mind?  Well, we have a thing we call the IronTech Framework.  Okay.  And it was something that we came up with many years ago and started practicing seven or eight years ago, and it's a framework. It's like the NIST Cybersecurity Framework. I looked at NIST and there's five components to it, and it's about cybersecurity. And I looked at this and I go, “None of this works without the right policies and procedures in place.” The security training—it's not enough just to throw it out there and tell all your people to take it. You've got to follow up, you've got to manage, and coach, and everything like that. And so I started adding this governance component to the way we sold it, presented it, and practiced what we do for our clients day in and day out. Help them develop the policies and procedures for all of the different things, the protocols.  If somebody accidentally fires off a ransomware attack, they need to know they're not going to be penalized for it. We need to know as soon as possible to stop it. And just little things like that, there's a lot that really improve the effectiveness of all of these tools and services that we provide to their clients. And unbeknownst to me, NIST, who has the cybersecurity framework, they added governance about three years ago to the other five things. And so that was kind of nice to know that we were exhibiting some thought leadership. And so when we go in, it's all well and good if you want to put these protections in and these particular products, but we're a best-of-breed company. Like one of our critical tools that's required for our clients to put in place, to buy it and use it every single day on every single computer, is what's known as an EDR. And it's basically an AI-based super turbo antivirus.  To even call it an antivirus is not doing it justice. So there's three legs to the IronTech Framework. We want to make sure that you're getting a return on your investment in IT, because that's why you buy it. If you treat IT as an expense, you need to kind of change the way you're thinking. You want to improve productivity and efficiency.Share on X The second leg is cybersecurity, because a bad cyberattack can put you out of business. I think the last stats I saw were something like 40 to 60% of businesses go out of business within two years of a significant cyberattack. And then finally, the third is governance. That's the three legs of our IronTech Framework. So part of governance is engaging with our clients' management and leadership—the CEO, finance, of course the CIO, the CISO or security officer, and maybe even the board sometimes. Really getting to know: what are your objectives, and how can we utilize our services to best help your company realize those objectives? Because for most companies, there's no other vendor they engage with as much as us.  We're talking to Susie every day. We're talking to Bill every day. We know that Mary's out sick and Steve's on vacation. I mean, when you're running help desk, stopping attacks, providing training, and all the support we provide along those lines, we get to know their company better than practically any other vendor by far. So it really helps if our clients treat us as a partner to help them realize their goals and objectives. And when all of that clicks into place, then it makes recommending things easier.Share on X “Okay, you need to replace these 30 laptops that are four years old. You're not getting an ROI on them.” “This server's five years old. Let's start thinking about replacing it.” “We have this new tool that's really excellent. We're recommending everybody get it.” And because we've developed that trust, those conversations become pretty easy. For the most part, everybody just says yes. But of course, we don't sell just to sell, especially when it comes to things like hardware. That's not really what we're here for. We're here for the day-in, day-out work: keeping things running, stopping breaches, and putting the policies and procedures in place to run your company as smoothly as possible.  Yeah. I love that. So when I had an IT back in the 2000s, I had an IT person who was a contractor, but he was very active in my business, and I always wanted to talk to him and pick his brain. What are the new things out there? How can we make our business more efficient, more effective, more attractive to employees? Cooler. I wanted to be cool. So I wanted everyone to have a PDA in the early 2000s with email on it—a PalmPilot. And we had multiple screens, and I was looking at, okay, how can we manage data in the cloud and on our server so we don't have to deal with it in the office? That kind of stuff. And I really thought about it as a great investment because it was much cheaper than hiring people. And if you give people good tools, they're going to be more motivated and more effective. So I thought it was a no-brainer.  Yes, but there's still a subset of people that treat IT as an expense. Then there are some companies that tend to put IT under the finance guy because the finance guy usually has a lot of IT experience, but never actually did it as a career or a job, right? And those situations are hard because I need CEO-level or owner-level approval, and I need a direct route to that person.  Yeah, that makes sense. So Tom, tell me, what drives growth in your business?  Yeah. From a growth perspective, for us, number one is maintaining our clients and reducing churn. Number two is—I don't know if you're asking about tactics or strategy—but of course we want to get new clients for the right reasons. So we prefer inbound strategies. We don't cold call people unless we've already contacted them in another way, if that's what you're asking.  Yeah. I'm asking what the real driver of growth is. I understand that you do marketing and inbound marketing, but what makes people want to have an IT service partner like you? Well, they understand those three pillars of the IronTech Framework. They may not believe in stakeholder capitalism, but they don't treat IT as an expense. And they understand—especially after talking to me—the true risk of being hacked. A lot of people don't understand the size and scale of that industry. It's a $10 to $12 trillion industry now.  Wow.  If it were a country, it would have the third-largest GDP. The US would be first, China second, and then the hacking industry. It is an industry that hacks at scale. So when these companies—maybe a small 10-person accounting firm in North Dakota in the middle of nowhere—get these ransomware emails and someone tries to hack them, and we alert on it and trap it, and nothing goes wrong, everything's fine… If they don't already understand it, they go, “Well, why are they trying to hack me?” And I say, “You don't understand. That email was one of 100,000 emails that got blasted out. They don't know who you are, nor do they care who you are.” They're playing a numbers game. And it's kind of like marketing. They're looking at conversion numbers. Yeah.  Let's say it's 100,000 emails. They got a list of all the certified public accountants in 10 different states. They set up the email, they send it all out, and let's say 1% become victims. And let's say they collect an average of $10,000 per victim. Well, that's a multi-million dollar payday for about a week or two of work. And then they rinse and repeat. It's done at scale, and it's a much bigger industry than that. That's just a taste of it. Some of our clients are targeted. In other words, hackers are investing time, money, and energy specifically into that company. We're one of them. Any law firm that does intellectual property law—especially around patents, manufacturing, and things like that—you've got China and other nation states not only trying to get into your client, but you're also a threat vector. You're a way to get into that client's patents and secrets.  So we've got to treat that differently. It's not just about the money. There are different types of threat actors, and we have to educate clients, bring them up to speed, and say, “Well, because of this case, you need this other service and tool that we're offering to prevent China from breaking in.” Or, “You need to follow this practice.” Maybe you don't publicly talk about one of your clients being Ford Motor Company or NVIDIA. You just keep that quiet. You don’t want that to be public knowledge. That's one of the things we do. You spent time on our website, and you didn't see a single client name on there. And that's just one of the small things we do to protect our clients' security and privacy, because privacy and security go hand in hand. Yeah. That is fascinating. So what is it that you’re trying to figure out in your business right now? What’s the big thing for you?  I think because of all the chaos in the United States, making a decision to do anything—everybody's kind of frozen. There are a lot of hiring freezes. I know we've got a freeze on right now because we're looking to see, well, do we really need to add somebody, or can we do this with AI? The hackers do the same thing. That's one of the challenges, is getting people over the hump. No matter what you do, if you've got an IT company doing your stuff and you only call them when things are broken, there's a much more profitable way to do that. You're spending more money.  So there are benchmarks in industries, right? Basically, the research—and these aren't numbers we made up, this is legitimate research from many independent sources—says the average professional service provider, like law firms, accounting firms, healthcare providers, and on and on, should be spending 6 to 12% of their revenue on IT and cybersecurity. And that's everything. I'm talking servers, wiring, cloud, security, defense—all of those things should be 6 to 12%. We know that. That's the way it works. So when we engage with a prospect and find out they're only spending 3 or 4%, then I already know they have gaps. I don't even have to do an assessment to see what they're not doing.  They're either not getting a return on investment, or they're not secure. That's it. If all the accounting firms are spending 6%, and you're only spending 4%, don't just pat yourself on the back. That's one of those moments where you should ask, “What am I missing?” Because I do that often. Someone on the management team will come up with an idea, and we all agree. Well, that's a red flag for me. I want to know: what are we missing? If we all agree on this, is there some gotcha or something we haven't uncovered? And those are some of the things we try to educate our clients on. They don't have to tell us their revenue. I can give them the numbers. I can do the math. I can show them the numbers for something like laptop replacement. Maybe it's $1,000 to $3,000 depending on the industry. If the employee using that laptop is making $100,000 a year, why are you trying to squeeze another year out of a $2,000 investment when it's hurting productivity by 10% or more? Yeah. That’s a no-brainer.  Yeah. It should be.  Yeah. It's not just in IT. I had a client years ago in civil engineering, and they had a rule that they would never keep equipment longer than four years. And they were selling equipment that still looked brand new. And I asked them, “Why are you doing this? It seems like this equipment still has a lot of life left in it. Why are you selling it or giving it back to the lease company?” And he said, “We did the math, and we figured out that this is the optimal time to replace it.” If they got rid of the equipment at that point, they wouldn't have to deal with fixing it. There would be less disruption. They would stay state-of-the-art all the time. And their clients would be impressed. And it actually worked for them. It was a high-margin civil engineering firm.  Precisely. I mean, we're so tuned into that that we're a Mac house. We all use Macs. We all have laptops, and we all have setups with screens at home and in the office. We spare no expense on that. If somebody wants an extra screen for their house—alright, here it is. We'll order it and get it there for you. We're so tuned into that, that we went all Mac back when they were still Intel Macs. And I don't know how much you know about Macs, but they were…  I have a couple. Okay. Yeah, we're Mac people too. Yeah, so they were running Intel processors. Well, Apple decided to build their own processor and moved to the M-chip. And so I bought an M1, and it was like, holy cow, everybody in the company has got to have one of these. And I don't think there was a single one more than two years old at that time. So we replaced them all. Now, the M-series generations themselves—M1, M2, M3, and on—those changes aren't as dramatic as going from Intel to the first M-series chip. But it's still unusual. I said two years, but there are probably people right now with a three-year-old laptop. But we definitely trade them in. That's where the sweet spot is on trade-in value. We rotate them every two to three years and they're out. I think mine is maybe a year old, but I'll probably keep this one for a couple more years.  By the way, you're the first IT company and MSP I've met that doesn't use PCs—you use Macs. Yeah. And I long had this theory that all the IT companies I worked with were always anti-Mac, and I never understood why. And when I got my first Mac, I realized I actually didn't need them anymore since I had the Mac.  Yeah, that's kind of funny because it really started with me during Covid. It may not have been seven years now, but whatever it was, it kind of started with Covid. And for years I was a PC guy. I tried Macs briefly back in the old MacBook days—you know, the white plastic ones? Whatever that was, 15 or more years ago.  Yeah. Classic. Very classic.  Yeah. But what I kept trying to do with a Windows laptop—and I like Dell, I had Dell XPSs, good Dell computers, and we're a Dell partner— What I could never get a Windows computer to do was seamlessly come off a docking station and then plug into another monitor at my house. It would always blue screen or something. So when I went back to a Mac, I was like, “Holy cow, it doesn't break. It doesn't mind being unplugged from a docking station. It just works.” Yeah.  And then all the other things—that they're generally built better, they have a longer lifespan, and they hold their resale value longer, and all of that. Even as old as I was, I forced myself to really get proficient at using a Mac. And when we sent everybody home during Covid, I said, “Well, everybody's going Mac.” And, oh, there was a revolt. And I said, “Just give it a few months.”  Yeah.  About half the office resisted it. And I said, “You gotta try it because I think you'll like it, and if you don't, then we'll deal with it then.” We had Linux people, PC people. So then I said, “Well, maybe we should open it up and let people pick what they want.” Yeah, I love it. Yeah. So our time is coming to an end, but if someone is running on Mac and they're finally talking to an IT service company that's not anti-Mac, and they want to connect with you immediately, where should they go and where can they learn more about Kirkham IronTech and maybe connect with you personally? The website is the best place to go. It's www.kirkhamirontech.com. Just give us a call, fill out a form, let us know what you're thinking, because we want to know what you're thinking and see if there's a fit with the way we do things. Macs started becoming important with executives. That's where we first started seeing it. So even though they may still have to run Windows, the owners and executives wanted to carry Macs for the very reasons I mentioned. So we're perfectly happy with that.  Yeah. Okay. Very good. So if you're listening to this and you enjoyed hearing about how to make your IT work—how to increase ROI, make sure you're doing cybersecurity right, and implement governance so you can use IT as a strategic tool to run your business better—then definitely reach out to Tom Kirkham. Or stay tuned to this show, because you're going to hear from other entrepreneurs who are very smart about business. And preferably do both. Tom, thank you for coming and sharing your wisdom, and thank you for listening.  Oh, it’s been my pleasure, Steve. Important Links: Tom's LinkedIn Tom's website

Design Curious | Interior Design Podcast, Interior Design Career, Interior Design School, Coaching
192 | The Biggest Money Mistakes Interior Designers Make (And How to Fix Them) With Lauren Nist

Design Curious | Interior Design Podcast, Interior Design Career, Interior Design School, Coaching

Play Episode Listen Later May 25, 2026 40:52


Have you ever finished a project and thought… “Wait, where did all the money go?”One of the biggest mistakes creatives make is treating money as something that shows up at the end—rather than something that needs structure from the very beginning. And that mindset? It quietly drains your profit, your energy, and your confidence.In this episode, I sit down with Lauren Nist, a bookkeeping and advisory expert who works behind the scenes with creative businesses. Together, we unpack the most common money mistakes interior designers make—from underpricing and scope creep to poor billing systems—and how to fix them. If you want financial clarity, stronger boundaries, and a business that actually pays you back, this is your starting point.Featured GuestLauren Nist is a co-founder of Magnolia & Main, a virtual bookkeeping and advisory firm dedicated to helping small business owners gain financial clarity and confidence. With years of experience supporting creative and service-based businesses, Lauren specializes in simplifying the money side of business—from pricing and billing systems to job costing and cash flow management. Her approachable, judgment-free style helps entrepreneurs feel empowered, supported, and in control of their finances.What You'll Learn in This Episode✳️ Why creatives struggle with financial structure✳️ How to protect your cash flow early✳️ Billing ahead vs. acting like the bank✳️ Spotting red flags in client behavior✳️ Simple profit planning for interior designersRead the Blog >>> Interior Design Money Mistakes (And How to Fix Them)NEXT STEPS:

Business of Tech
Security Proof Becomes an MSP Service: Insurance, Trustmarks, and the Evidence Operating Model

Business of Tech

Play Episode Listen Later May 20, 2026 14:04


Security operations for MSPs are undergoing a structural shift from simply deploying additional tools to establishing a liability-focused accountability model, where the ability to provide operational evidence of controls is becoming as critical as the tools themselves. This shift is catalyzed by corporate insurance, procurement, and third-party verification structures—such as those cited by WatchGuard, Assurix, and the NIST AI cybersecurity overlays—demanding verifiable security outcomes and alignment with external standards, rather than relying on provider assertions alone. Survey data referenced from Cybersmart and Beta News reveals that 75% of MSPs experienced at least one breach in the past year, while 54% endured multiple incidents; concurrently, SMB buyers state security is a top priority, but only 13% of microbusinesses operate proactively. According to WatchGuard's global survey of 842 professionals, 94% of clients using dedicated MSPs feel adequately protected, yet 58% indicate intent to change providers within three years—highlighting a disconnect between perceived and delivered value. The emergence of Assurixs' live MSP Trustmark, based on 64 operational controls, further formalizes evidence requirements as market prerequisites. These dynamics are reinforced by shifts in insurer behavior and regulatory alignment. Huntress and Acrisure are collectively rolling out a cyber insurance package contingent on adoption of Huntress's managed detection and response, explicitly tying coverage eligibility to verifiable provider-side controls. The maturing of NIST's AI cybersecurity overlays introduces new standardized control checklists likely to become operational requirements. Additionally, reports from Omdia and MSP Channel Insights note that vendor ecosystems are now rewarded for integrating security as an outcome with automation and multi-tenant integration—reflecting market demand for reliable, defensible evidence of controls. For MSPs and IT leaders, these developments drive the need to restructure contracts to clearly delineate evidence obligations, manage liability exposure, and price evidence production as a formal deliverable rather than as unreimbursed support. Failing to do so risks absorbing unfunded post-incident evidence work, margin erosion, and loss of control over the security value conversation. Operationally, maintaining live accreditations, standing up a formal evidence management function, and explicitly excluding unmanaged SaaS, identity, and AI workflows from baseline service tiers are becoming necessary to maintain profitability and accountability. 00:00 Breach, Then Switch  04:52 SaaS Blind Spot 07:16 Prove or Pay 10:24 Why Do We Care?  Supported by:  Zero Networks HaloPSA   

@BEERISAC: CPS/ICS Security Podcast Playlist
AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 20, 2026 49:09


Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical InfrastructurePub date: 2026-05-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI is rapidly transforming cybersecurity but are critical infrastructure environments ready for what comes next? In this episode of Protect It All, host Aaron Crow sits down with longtime colleague and cybersecurity expert Clark Liu to explore how artificial intelligence is reshaping both IT and OT security operations. From incident response and compliance frameworks to workforce shifts and operational resilience, Aaron and Clark unpack the real-world opportunities and very real risks of integrating AI into industrial environments. Together, they tackle the evolving role of frameworks like NERC CIP and NIST, the challenges of balancing compliance with actual security outcomes, and how organizations can responsibly adopt AI without increasing exposure. You'll learn: How AI is changing OT and IT cybersecurity operations The role of AI in incident response, documentation, and monitoring Why compliance frameworks alone don't guarantee resilience The risks of adopting AI without strong operational foundations How organizations can prepare for AI-powered threats and workforce changes Practical insights for balancing innovation, budgets, and security priorities Whether you're leading OT security, managing critical infrastructure, or evaluating AI adoption in your organization, this episode delivers practical guidance for navigating cybersecurity's next major shift. Tune in to learn how AI is transforming cyber defense and what organizations must do to stay resilient only on Protect It All. Key Moments;  05:33 Understanding cybersecurity compliance frameworks 07:11 Overlooked vulnerabilities in systems 09:59 Balancing multiple firewall vendors 15:17 Delegating tasks to AI 19:11 Importance of documenting commits 21:51 Hospital system shutdown crisis 25:11 AI uncovering software vulnerabilities 26:37 Engineers implementing AI in automation 31:26 AI tools and personal security 32:55 Password security practices 36:46 Using AI for basic tasks 39:38 Transition to off-the-shelf software 42:29 Going back to basics with appliances 47:02 Excitement About Future AI Capabilities Guest Profile :  Clark Liu is a veteran OT cybersecurity expert and one of the original contributors to the NERC CIP standards. With nearly two decades in energy and critical infrastructure security - including leadership roles at EY and GALLO - Clark specializes in OT risk management, compliance strategy, and securing industrial operations from the plant floor to the cloud. How to connect Clark:  LinkedIn :  https://www.linkedin.com/in/clarkliu/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Astronomy Daily - The Podcast
Launch Eve: Starship V3 Ready for Liftoff | Lunar Laser Navigation Breakthrough | VAST Ventures into Satellites

Astronomy Daily - The Podcast

Play Episode Listen Later May 20, 2026 20:08 Transcription Available


Sponsor Link:To check out our great NordVPN money saving deal - Click HereAstronomy Daily • S05E107 • Wednesday 21 May 2026 Starship V3 is on the pad and counting down for Thursday's debut launch — we bring you the full update including technical objectives, the Artemis stakes, and a sober note about a worker fatality at Starbase. Plus: a NIST proposal to build GPS for the Moon using lasers inside permanently frozen polar craters; space station startup Vast enters the satellite market; JWST finally has an explanation for the universe's impossibly large early black holes; the Roman Space Telescope locks in a September 2026 launch; and interstellar comet 3I/ATLAS gives up two remarkable new secrets — alien water thirty times richer in heavy hydrogen than anything in our solar system, and pre-discovery images that show it was spotted before anyone knew it was there.   Stories This Episode •       STORY 1 — Starship V3 Flight 12: Launch window opens Thursday 21 May at 6:30 PM EDT (8:30 AM AEST Friday 22 May). Splashdown of upper stage in Indian Ocean off Western Australia ~65 min after liftoff. First flight of Starship V3, first use of Starbase Pad 2. Key objectives: Raptor 3 engines, heat shield imaging by modified Starlink sats, 22 dummy Starlink deployments, Raptor relight in space. Worker fatality at Starbase 15 May under OSHA investigation. •       STORY 2 — Lunar GPS via NIST: Proposal to place ultrastable silicon optical cavity lasers in permanently shadowed craters near lunar south pole (~16K, near-perfect vacuum). Could enable lunar GPS network, atomic timekeeping on Moon, precise satellite ranging, gravitational wave detection. •       STORY 3 — Vast Corporation: Space station builder announces new line of high-power satellites, expanding beyond Haven-1 into commercial satellite manufacturing. Announced 19 May 2026. •       STORY 4 — JWST Black Holes: New arXiv paper proposes 'episodic super-Eddington accretion' in gas-rich dark matter-dominated early galaxies explains overmassive black holes found by JWST. Identifies them as 'missing link' between heavy seeds and luminous quasars. •       STORY 5 — Roman Space Telescope: Launch now confirmed as early as September 2026 — 8 months ahead of schedule, under budget. 100x Hubble's field of view, 1,000x survey speed. Targets dark energy, dark matter, exoplanets. Coronagraph for direct exoplanet imaging. •       STORY 6 — 3I/ATLAS: Pre-discovery images found in Rubin Observatory data from 21 June–2 July 2025, over a week before official ATLAS discovery. Water deuterium ratio at least 30x higher than any solar system comet (ALMA/U of Michigan/Nature Astronomy). Comet estimated ~12 billion years old.   Key Links •       SpaceX Starship Flight 12 livestream: spacex.com •       Flight 12 timeline (Space.com): space.com/space-exploration/launches-spacecraft/what-time-is-spacex-starship-v3-launch-starship-flight-12-timeline •       Starbase worker death (Space.com): space.com/space-exploration/launches-spacecraft/worker-dies-at-spacexs-starbase-in-leadup-to-starship-v3-megarocket-launch •       Lunar laser GPS (NIST): nist.gov/news-events/news/2026/05/shooting-moon-ultrastable-lasers-dark-craters-could-enable-lunar-navigation •       Vast satellite announcement: space.com (19 May 2026) •       Roman Space Telescope launch update: nasa.gov •       3I/ATLAS pre-discovery images: space.com/astronomy/comets •       3I/ATLAS water chemistry (ALMA): almaobservatory.orgBecome a supporter of this podcast: https://www.spreaker.com/podcast/astronomy-daily-space-news-updates--5648921/support.Sponsor Details:Ensure your online privacy by using NordVPN. To get our special listener deal and save a lot of money, visit www.bitesz.com/nordvpn. You'll be glad you did!Become a supporter of Astronomy Daily by joining our Supporters Club. Commercial free episodes daily are only a click way... Click HereThis episode includes AI-generated content.

The Daily Scoop Podcast
Senators call for a GAO probe of IRS's Free File program

The Daily Scoop Podcast

Play Episode Listen Later May 19, 2026 6:22


After the White House's move last year to kill Direct File, three senators are asking the congressional watchdog to examine the alternative program the Trump administration is pushing: the IRS's beleaguered Free File system. In a letter sent Sunday to acting Comptroller General Orice Williams Brown, Sens. Elizabeth Warren, D-Mass., Angus King, I-Maine, and Ron Wyden, D-Ore., requested a Government Accountability Office investigation into Free File, an IRS partnership with private tax prep companies. The partnership has been heavily scrutinized over the course of Free File's 20-plus-year existence, with critics pointing to scant consumer use, hidden industry costs and data privacy issues. “Due to this history of misconduct, we have serious concerns that Free File cannot efficiently, effectively, and securely serve the taxpayers who are statutorily entitled to free tax filing services,” the lawmakers wrote. Direct File, the IRS's consumer-praised free electronic filing tool, was launched in the aftermath of an April 2022 GAO report that recommended the tax agency develop new no-cost filing options. Under the Biden administration, the IRS launched a pilot program of Direct File in a dozen states in 2023, and doubled the number of participants the following year. The Trump administration quickly terminated the program, however, pointing to high costs and low user uptake during the purposefully limited pilot seasons. Federal agencies would be required to develop artificial intelligence standards and use the National Institute of Standards and Technology's AI guidelines under a bipartisan bill introduced Thursday. Led by Rep. Ted Lieu, D-Calif., the bill would require agencies to use the Artificial Intelligence Risk Management Framework, developed by the NIST in 2023, and work with the agency in developing other consistent standards and guidelines. Reps. Zach Nunn, an Iowa Republican, and Don Beyer, a Virginia Democrat, co-sponsored the bill, with Beyer calling it “a natural starting point” to ensure agencies have the tools they need to navigate AI's complexities. “This bill lays the foundation for harnessing the power of AI for the benefit of the American people, while upholding the highest standards of accountability and transparency,” Beyer said in a statement. The bill would also direct NIST to recommend training and use the standards when acquiring any AI systems or services.

The Audit
Cyber News: Iranian Hacker, Quantum Ransomware and Rogue AI

The Audit

Play Episode Listen Later May 18, 2026 42:04 Transcription Available


What would you do if ransomware told you not only that your data was gone — but that it was encrypted with a quantum-safe algorithm and you have 72 hours to pay? That's not a hypothetical anymore. In this live news episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum are joined by IT Audit Labs member Bill Harris for a rapid-fire breakdown of the week's most important cybersecurity stories — and a few conversations that went places nobody expected. 

Hacking Humans
NIST (Noun)

Hacking Humans

Play Episode Listen Later May 12, 2026 6:06


Please enjoy this encore of Word Notes. A branch of the US Department of Commerce whose stated mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/national-institute-of-standards-and-technology⁠ Audio reference link: Center, M.I., 2022. 2022 Meridian Summit: Cultivating Trust in Technology with NIST Director Laurie Locascio [WWW Document]. YouTube. URL ⁠https://www.youtube.com/watch?v=o43Y9Tk8ZVA⁠ (accessed 1.26.23).

Word Notes
NIST (Noun)

Word Notes

Play Episode Listen Later May 12, 2026 6:06


Please enjoy this encore of Word Notes. A branch of the US Department of Commerce whose stated mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/national-institute-of-standards-and-technology⁠ Audio reference link: Center, M.I., 2022. 2022 Meridian Summit: Cultivating Trust in Technology with NIST Director Laurie Locascio [WWW Document]. YouTube. URL ⁠https://www.youtube.com/watch?v=o43Y9Tk8ZVA⁠ (accessed 1.26.23). Learn more about your ad choices. Visit megaphone.fm/adchoices

Autonomous IT
Patch [FIX] Tuesday – [AI Hits the Hat Trick], Ep. 32

Autonomous IT

Play Episode Listen Later May 12, 2026 34:17


The May 2026 Microsoft Patch Tuesday release looks quiet on the surface – no actively exploited zero-days, no public disclosures at release, and a CVE count below the four-month average. Don't let that fool you.In this episode, Jason Kikta and Landon Miles break down everything that happened between April and May patch cycles, including Apple's macOS Tahoe 26.5 release with 79 CVEs, the Dirty Frag Linux kernel privilege escalation chain, and two pre-authenticated network remote code execution vulnerabilities in Windows core services that belong at the top of your patch list.They also dig into one of the month's most significant trends: AI-assisted vulnerability research showing up by name in Microsoft, Apple, and Linux acknowledgments in the same patch cycle – including Anthropic researchers credited on a critical Windows graphics component RCE. Ten AI-attributed vulnerability discoveries shipped fixes across all three major operating systems this month.What's covered:CVE-2026-41089: Windows NetLogon RCE (CVSS 9.8) and CVE-2026-41096: Windows DNS Client RCE (CVSS 9.8)CVE-2026-40402: Hyper-V guest-to-host escalation (CVSS 9.3)macOS Tahoe 26.5: Wi-Fi kernel RCE, nine kernel CVEs, 20 WebKit vulnerabilitiesDirty Frag Linux privilege escalation chain and the Copy Fail connectionAI-credited discoveries from Anthropic, calif.io, Theori, and NIST's Center for AI Standards and Innovation- Patch Tuesday Blog- DirtyFrag Blog- What "Mythos Ready" Means

Paul's Security Weekly
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Chris Wallis, Deepen Desai, Erich Kron - ESW #458

Paul's Security Weekly

Play Episode Listen Later May 11, 2026 99:53


The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458

Enterprise Security Weekly (Audio)
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Chris Wallis, Deepen Desai, Erich Kron - ESW #458

Enterprise Security Weekly (Audio)

Play Episode Listen Later May 11, 2026 99:53


The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458

Paul's Security Weekly TV
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich Kron, Deepen Desai, Chris Wallis - ESW #458

Paul's Security Weekly TV

Play Episode Listen Later May 11, 2026 99:53


The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Show Notes: https://securityweekly.com/esw-458

@BEERISAC: CPS/ICS Security Podcast Playlist
Your Food Waste Has a Second Life. Meet Insect Agriculture with Dr. Heather Jordan & Cheryl Preyer

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 9, 2026 54:35


Podcast: Bites and Bytes Podcast (LS 26 · TOP 10% what is this?)Episode: Your Food Waste Has a Second Life. Meet Insect Agriculture with Dr. Heather Jordan & Cheryl PreyerPub date: 2026-05-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMost people have never heard of insect agriculture. By the end of this episode, you'll wonder how you missed it.Bites & Bytes Podcast host Kristin King sits down with Dr. Heather Jordan, microbiologist, professor at Mississippi State University, and site director for the NSF-funded Center for Insect Biomanufacturing and Innovation (CIBI), and Cheryl Preyer, the center's industry liaison and former fast food executive, to unpack one of the most quietly consequential shifts happening in the global food system right now.For consumers, this is where your food waste is going next and why that matters for everything from the fish on your plate to the cost of your groceries. Black soldier fly, cricket, and mealworm farming aren't science fiction. They're converting food waste into high-quality livestock feed, fertilizer, and protein at scale. Research is even showing promise in using these insects to remove plastics, antibiotics, and heavy metals from our environment.For professionals in cyber-physical risk, OT security, and food and agriculture cybersecurity, pay attention. Insect agriculture facilities are automated, sensor-dependent production environments with real operational technology vulnerabilities, and this industry is scaling fast with limited security frameworks in place (aka a factory) This is the circular bioeconomy in action. And it already exists.---------------Guest Contact Information:Dr. Heather JordanProfessor of Microbiology and Molecular Biology, Mississippi State University, and Site Director, Center for Insect Biomanufacturing and Innovation (CIBI)Cheryl PreyerIndustry Liaison Officer, Center for Insect Biomanufacturing and InnovationCenter for Insect Biomanufacturing and Innovation ---------------Episode Key Highlights‍ 00:08:01 — "I Traded Fries for Flies" — Cheryl's Origin Line00:11:49 — Insect Farming Is Livestock Farming00:12:37 — "Feed the Food That Feeds Us."00:16:02 — What a Black Soldier Fly Actually Does as an Adult00:23:19 — Why Organic Chickens Need Synthetic Methionine00:23:50 — The Lauric Acid and Coconut Connection00:28:34 — Using Everything But the Oink00:39:51 — The Cricket Densovirus Crisis That Wiped Out Facilities00:50:15 — Heather's West Africa Origin Story---------------

The Friday Reporter
She Built the CHIPS Program

The Friday Reporter

Play Episode Listen Later May 8, 2026 28:26


I've been wanting to have Kathryn Mitchell on The Friday Reporter for a while. She's one of those people in Washington who has earned the right to have a real opinion about one of the most consequential policy debates of our time — and she's generous enough to explain it in terms the rest of us can understand.Kathryn spent nearly a decade in government, moving from Capitol Hill to the Pentagon to the Department of Commerce, where she served as chief of staff for the CHIPS R&D office at NIST. She helped stand up the $50 billion CHIPS for America program — essentially from scratch. Earlier this year she moved to DLA Piper, where she now helps tech companies navigate the government landscape she used to sit inside.This conversation covers a lot of ground. We talked about the origin story of the Chips and Science Act — passed bipartisan under Biden, now being implemented differently under Trump — and what Kathryn is watching to gauge whether the U.S. is actually getting this right. (She says we won't know for a decade or two. But she knows exactly what signals to track right now.)We also got into something I find genuinely fascinating: the role of relationship-building in Washington. Before you can change a policy, before you can land a government contract, before your innovation can make it out of the garage and into a lab — you build the relationships. That's what Kathryn does every day for her clients, and she explains why it's the foundation of everything else.A few things I'm still thinking about from this conversation:Her point that AI and semiconductors are “inexplicably tied” — but that AI won't solve the physical-world challenges of building fabs, navigating permitting, or standing up domestic production. That nuance matters a lot right now.Her career advice: “Wear your honors lightly.” Don't aim to be the smartest person in the room. Aim to be the one who keeps learning. I'm going to borrow that one.And her lightning round answer on Washington: “It is both a marathon and a sprint every day.” That about sums it up.This episode drops today — wherever you listen to podcasts. I hope you enjoy it as much as I did recording it.— Lisa Get full access to Authentically Speaking at thefridayreporter.substack.com/subscribe

Command Control Power: Apple Tech Support & Business Talk
668: Michael Thomsen of Origin 84, Part Two - Reusable Compliance Policies, ISO 27001 Audits, and Building a Fractional GRC/Strategy Bench

Command Control Power: Apple Tech Support & Business Talk

Play Episode Listen Later May 5, 2026 48:34


In this Command Control Power episode, host Joe and guests discuss standards, policies, certification, and compliance with Michael Thomsen of Origin 84 in Sydney, continuing an ISO 27001 deep dive. Michael explains how policies are written to solve specific control problems (e.g., MFA) and can be reusable, while areas like data classification require tailoring based on a client's industry, legislation, contracts, and workflows; key discovery questions include where data is stored and shared, and what obligations contracts impose. The conversation contrasts frameworks (NIST, Essential Eight) and notes auditors verify that policies drive processes and are followed, emphasizing continual improvement through audits, risk/incident tracking, and iterative remediation. Jerry and Sam share healthcare/SOC 2 experiences and discuss shifting solo consultants from tactical support to higher-value strategic advisory/account management, using fractional roles and partners. Michael outlines Origin 84's fractional model (financial controller, HR, strategy officer, plus legal/CFO) and sourcing via professional networks, LinkedIn, and conferences like ACEs, where Michael will present on account management

Cloud Security Podcast by Google
EP274 AI, Zero Trust and Secure by Design Walk into a Bar...

Cloud Security Podcast by Google

Play Episode Listen Later Apr 27, 2026 29:37


Guest: Grant Dasher, ex-CISA, ex-Google, Distinguished Engineer, Google (again) Topics: Why is the  "Secure-by-Design" movement gaining so much momentum now, and is it a response to the failure of "bolted-on" security, or just a natural evolution of cloud maturity? In a future Secure-by-Design world, is identity the only perimeter that actually matters anymore? Or is this a cliche? As we move toward a world of autonomous agents, how does our approach to machine identity need to change? Are we just talking about more complex Service Accounts, or do we need a fundamental shift in how we authorize "intent" What is your  advice  to people who want to move fast and cannot wait for Secure by Design / Default  AI to be decided by consensus or IETF, NIST or OASIS committee? We love the argument that modern AI agents are effectively repeating the mistakes of 1960s payphones - mixing the data plane and the control plane. What is your rebuttal? How do we build "Agentic Security" that doesn't fall for 60-year-old traps? Customers are torn between their Zero Trust implementations and their AI adoption. Is Zero Trust now "legacy," or is it the prerequisite for everything we're trying to do with AI agents?   Is there Zero Trust for AI? Is this a fake buzzword or technical reality? Resources: Video version EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance EP133 The Shared Problem of Alerting: More SRE Lessons for Security EP85 Deploy Security Capabilities at Scale: SRE Explains How Google SRE books "Atomic Accidents" book (yes, really)

The CyberWire
A digital battlefield in practice.

The CyberWire

Play Episode Listen Later Apr 24, 2026 26:09


Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a patch. Researchers downplay OT malware hype, while NIST pushes for better OT visibility. Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated software. Con artists charge crypto for counterfeit clearance. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated or cracked software onto corporate devices. You can learn more here. Selected Reading Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World's Biggest Exercise (SecurityWeek) Open source models can find bugs as well as Mythos (The Register) CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March (The Record) Trump Administration Vows Crackdown on Chinese Companies 'Exploiting' AI Models Made in US (SecurityWeek) Microsoft now lets admins uninstall Copilot on enterprise devices (Bleeping Computer) US sanctions Cambodian senator for millions earned through scam compounds (The Record) Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin (Beyond Machines) Dragos: Despite AI use, new malware targeting water plants is ‘hype' (CyberScoop) NIST cyber center to launch OT ‘visibility' project (Federal News Network) Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage (Ars Technica) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Risky Business
Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

Risky Business

Play Episode Listen Later Apr 22, 2026 60:33


On this week's show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week's cybersecurity news, including: Vercel got owned, and there's a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs? The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing And DDos attacks hit a couple of smaller-player socials This week's episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments. This episode is also available on Youtube. Show notes Vercel April 2026 Security incident Vercel breach linked to infostealer infection at Context.ai Vercel confirms breach as hackers claim to be selling stolen data Matt Johansen: “This is not a good look” | X NIST limits vulnerability analysis as CVE backlog swells | Cybersecurity Dive CISA Cyber on X Ransomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future News Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoop In defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future News Crypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future News US-sanctioned currency exchange says $15 million heist done by "unfriendly states" - Ars Technica Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch Mozilla Used Anthropic's Mythos to Find and Fix 271 Bugs in Firefox | WIRED NSA using Anthropic's Mythos despite Defense Department blacklist Beyond the breach: inside a cargo theft actor's post-compromise playbook | Proofpoint US Beware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits Times New Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future News Turns Out We're Not Alone - Volodymyr Styran US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity Dive Bluesky blames app outage on ‘sophisticated' DDoS attack | The Record from Recorded Future News Mastodon says its flagship server was hit by a DDoS attack | TechCrunch An IT expert explained under what conditions using a VPN can cause a smartphone to explode

Tales from the Crypt
Ten31 Timestamp: The Empire Strikes Back

Tales from the Crypt

Play Episode Listen Later Apr 20, 2026 30:31


Term 2.0 is trending imperial as the US flexes financial and military muscle across the globe, from the Strait of Hormuz to the Panama Canal. While ceasefire headlines whipsaw market sentiment, Bitcoin is quietly decoupling from tech stocks and showing resilience against a backdrop of great power competition with China.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday, April 20th, 2026: Lumma Stealer and Sectop RAT; Windows 0-Day Exploited; NIST NVD Update; FortiSandbox PoC

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 20, 2026 6:30


Lumma Stealer infection with Sectop RAT (ArechClient2) https://isc.sans.edu/diary/Lumma%20Stealer%20infection%20with%20Sectop%20RAT%20%28ArechClient2%29/32904 Three Recent Windows Defender Vulnerabilities Exploited (one 0-day) https://x.com/HuntressLabs/status/2044882115574091960 FortiSandbox PoC Exploit CVE-2026-39808 https://github.com/samu-delucas/CVE-2026-39808?tab=readme-ov-file NIST Updates NVD Operations to Address Record CVE Growth https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth

The CyberWire
Too many flaws, not enough time.

The CyberWire

Play Episode Listen Later Apr 16, 2026 31:24


NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic's MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment we are joined by Rob Allen, Chief Product Officer at ThreatLocker, security gaps addressed by zero trust. If you enjoyed this conversation check out the full interview here. Selected Reading NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities (Infosecurity Magazine) Cisco says critical Webex Services flaw requires customer action (Bleeping Computer) Splunk Enterprise Update Patches Code Execution Vulnerability (SecurityWeek) Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads (Infosecurity Magazine) Data breach at edtech giant McGraw Hill affects 13.5 million accounts (Bleeping Computer) Freight Hacker Wields Code-Signing Service to Evade Defenses (GovInfo Security) Data Breach at Tennessee Hospital Affects 337,000 (SecurityWeek) US nationals behind DPRK IT worker 'laptop farm' sent to prison (Bleeping Computer) OpenAI Launches GPT-5.4 Cyber And It's Built Specifically for Defenders (TechGlow) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices