POPULARITY
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405
In this episode of Automate IT, Jeremy Maldonado dives into the world of data-driven endpoint management—breaking down what it means to go “beyond the spreadsheets.” He explores how visibility, intelligent reporting, asset intelligence, and risk scoring can transform how IT teams manage and secure their environments. Drawing from his own journey into the IT space, Jeremy unpacks practical strategies for improving compliance, prioritizing threats, and empowering IT teams to play offense — not just defense. Whether you're an IT pro or just endpoint-curious, this episode will give you fresh perspective on managing smarter, not harder.
Spring is in the air, and it's time to give your IT environment the deep clean it deserves! In this episode of Hands-On IT, host Landon Miles shares nine essential spring cleaning tips to help IT pros declutter, optimize, and future-proof their systems. From cleaning workspaces and dusting off hardware to reviewing patch policies, auditing backups, and addressing tech debt, Landon walks you through practical steps that will boost efficiency, enhance security, and set you up for a smoother year ahead. Tune in and learn how a little proactive maintenance today can save you countless hours of reactive troubleshooting tomorrow!Clean Your Desk and WorkspaceDust Off Your Hardware and Check for WearUntangle and Manage CablesReview Patch PoliciesPurge Old Accounts and Review Software ContractsDeclutter Local Systems and StorageAudit and Test Your BackupsReview Digital and Hardware Tech DebtUpdate Your Documentation and Refresh Policies
In this episode of Automox Insiders, host Maddie Regis chats with Adam Whitman, Manager of Solutions Engineering at Automox, about all things IT spring cleaning. From patch management and software audits to business continuity planning and endpoint hygiene, Adam shares practical, real-world tips for tidying up your tech stack and staying ahead of IT clutter. Along the way, he reflects on his career journey from marketing to IT leadership and reveals some personal spring cleaning confessions. Tune in for expert advice and a fresh perspective to help you refresh your IT environment this season.
In this episode, Ashley chats with Casey Merritt from Right Systems about how he manages patching and automation across both internal systems and MSP clients using Automox. Casey shares how he transitioned into IT, took ownership of Automox at his company, and now uses Worklets to streamline software removal, automate reporting, and reduce onboarding bottlenecks.Ashley also explores Casey's go-to strategies for spring cleaning in IT, his preference for Automox over traditional tools like Intune for app deployment, and how he balances standardization with flexibility in complex environments.
In this Brand Story episode, Sean Martin and Marco Ciappelli sit down with Rob Allen, Chief Product Officer at ThreatLocker, to unpack how the company is reshaping endpoint security through a unique, control-first approach. Rob shares how ThreatLocker is challenging long-held assumptions about trust, visibility, and control in enterprise environments—and why the traditional “trust but verify” model is no longer good enough.From Default Permit to Default DenyThreatLocker's philosophy centers on a fundamental shift: moving from a default permit posture to a default deny stance. This approach, according to Rob, doesn't hinder operations—it creates boundaries that allow organizations to function safely and efficiently. It's not about locking systems down; it's about granting permissions with precision, so users can operate without even noticing security is present.Product Innovation Driven by Real FeedbackThe conversation highlights how customer input—and CEO Danny Jenkins' relentless presence at industry events—drives product development. New solutions like Web Control and Patch Management are designed as logical extensions of existing tools, allowing security teams to reduce risk without creating friction for end users. The addition of a software store, suggested by enterprise customers, gives users clarity on what's approved while reducing IT support tickets.Insights and the Detect DashboardRob also explains how ThreatLocker is unlocking the value of big data. With billions of data points collected every hour, their new Insights platform aggregates and analyzes cross-customer trends to better inform security decisions. Combined with the Detect Dashboard, teams now gain not only visibility but actionable intelligence—supported by polished visuals and streamlined workflows.More Than Just Tech—It's Peace of MindWhile the technology is impressive, Rob says the most rewarding feedback is simple: “ThreatLocker helps me sleep at night.” For many customers, that level of confidence is priceless. And in unexpected situations—like a blue-screen incident caused by third-party software—ThreatLocker has even been used to mitigate impacts in creative ways.Whether you're leading a global IT team or managing a growing MSP, this episode will make you think differently about how security fits into your operational strategy. Tune in to hear how ThreatLocker is turning bold ideas into real-world control.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer at ThreatLockerOn LinkedIn | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of CISO IT, host Jason Kikta explores the strategic value of digital spring cleaning—beyond just deleting old files. From uncovering forgotten network segments to tightening data retention policies, Jason walks through practical steps for reviewing your infrastructure, patching overlooked vulnerabilities, and hardening your environment against emerging risks. Learn how to align cleanup efforts with compliance timelines, optimize your asset inventory, and reduce digital sprawl across cloud and legacy systems. Whether you're prepping for an audit or just regaining control, this episode delivers a roadmap to a cleaner, more resilient IT environment.
In this episode of Product Talk, Peter and Steph are joined by special guest Josh Kriese, Senior UX Developer at Automox, to dive into the latest product updates and design innovations. They cover the release of Automox Analytics, a powerful new reporting engine that introduces MTTR benchmarking and visibility into known exploited vulnerabilities (KEVs). The team also unveils the new end user notification system, built to improve reboot compliance and user trust. Plus, Josh gives a behind-the-scenes look at the evolving Automox design system—what it means for usability, accessibility, and why consistent UI matters more than you may think.
In this episode of the Automate IT podcast, Jeremy Maldonado discusses the importance of cleaning and organizing your Automox environment. He emphasizes the need to optimize device management, remove disconnected devices, and improve policy performance. Jeremy provides practical tips on using Worklets, analyzing activity logs, and understanding policy results to enhance overall IT efficiency.
➡ Allow what you need, block everything else with ThreatLocker: threatlocker.com In this episode, I speak with Slava Konstantinov, ThreatLocker's MacOS Lead Architect, about their zero-trust approach to endpoint security and their latest cybersecurity innovations. We talk about: • ThreatLocker’s Zero Trust Approach to Cybersecurity:How ThreatLocker enforces a default deny security model, ensuring only explicitly allowed applications and actions can run, reducing attack surfaces and unauthorized access. • Key ThreatLocker Products and Features:How ThreatLocker’s solutions—Application Control, Storage Control, Ring Fencing, Network Control, and ThreatLocker Detect—help organizations enhance security through granular policy enforcement. • New & Upcoming ThreatLocker Features:How new solutions like Patch Management, Web Control, Insights, and Cloud Detect will provide even greater security, automation, and compliance for businesses managing complex IT environments. Chapters:00:00 - Intro to ThreatLocker and Zero Trust Security01:24 - How ThreatLocker’s Application Control Blocks Unauthorized Software06:52 - Storage Control: Preventing Unauthorized Data Access and USB Threats08:19 - Ring Fencing: Controlling App Permissions and Network Access12:37 - Elevation Control: Granting Admin Privileges Without Risk16:23 - Network Control: Restricting Internet and Internal Network Access19:26 - AI-Driven Security Policies: The Future of ThreatLocker Management24:07 - Mac vs. Windows Security: Key Differences and Challenges29:49 - ThreatLocker’s Expansion: New Products and Future Plans32:32 - Where to Learn More About ThreatLocker’s Security SolutionsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Tune in as Automox's cybersecurity experts break down the latest vulnerabilities from Microsoft's March Patch Tuesday release. This explores recent Chromium-based vulnerabilities, a significant Microsoft Management Console flaw, and file system vulnerabilities impacting VHD files. Beyond the technical analysis, the discussion highlights essential practices, including security training, robust password management, and recognizing the dangers posed by untrusted sources. Whether you're an IT professional or a cybersecurity enthusiast, this podcast provides actionable insights to help safeguard your organization.
On this episode of Compliance Unfiltered, Adam and Todd put on their sleuth hats to help the listeners uncover the vulnerabilities hiding in their patch management process. Would you consider yourself someone who thinks turning on automatic patching solves everything? Are you the type that's pretty sure your IT department, "has this covered?" Does your organization, "not really have anything worth protecting? " Then this is the episode for you. Listen as Todd and Adam highlight the perils of dodgy patch management, and how you can best protect your organization. All on this week's Compliance Unfiltered.
Ever wonder why those software updates keep popping up? In this episode, we uncover how updates boost your security, introduce exciting new features, and keep your devices running at their best. Share it with friends, family, or coworkers who might feel overwhelmed by all things tech—help them stay safe and informed, too!Hosted by IT expert Landon Miles, the Teach IT podcast delivers bite-sized, actionable IT tips in three minutes or less. Perfect for both tech pros and beginners, each minisode simplifies complex concepts into clear, practical advice. Tune in to sharpen your IT skills and discover smarter solutions, one quick episode at a time.
Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Peter Pflaster and Ben Glass team up in this episode of Product Talk to tackle the ins and outs of third-party application patching with Automox. They break down what third-party software means, where IT teams often struggle with patching, and why a centralized approach can make all the difference. With a relaxed yet informative style, the two cover everything from cross-platform patching for Windows, Mac, and Linux to the process behind counting supported titles and taking customer requests. They also touch on unique solutions like Automox Worklets™ for managing custom software and share how Automox simplifies patching for IT teams of all sizes.
In this episode of Automox Insiders, Maddie Regis speaks with Ryan Jeziorski, a Solutions Engineer at Automox, about the importance of IT adaptability and resilience. Ryan shares his diverse career background, his current role at Automox, and insights on how organizations can maintain uninterrupted services while adapting to changes in technology. He emphasizes the significance of continuous learning and patch management as key strategies for IT professionals. The conversation concludes with a fun game about companies that have successfully adapted their business models over time.
Join us for a special bonus episode of Patch [FIX] Tuesday, an hour-long compilation of the vulnerabilities that help shaped the cybersecurity landscape in 2024. This episode recaps some the most critical and interesting exploits, from supply chain compromises to elevation of privilege threats targeting widely used platforms. Whether you're an IT administrator, security professional, or tech enthusiast, this episode provides valuable insights to stay ahead of evolving threats.Here's a list of vulnerabilities discussed in this episode, and be sure to tune into the Patch [FIX] Tuesday podcast on the second Tuesday of every month. Operation Triangulation (00:13)CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (5:00)CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (11:00)CVE-2024-3094: XZ/Liblzma Supply Chain Backdoor (17:08)CVE-2024-4671: Google Chrome Use-After-Free Vulnerability (30:00)CVE-2024-30078: Windows WiFi Driver Remote Code Execution Vulnerability(35:03)CVE-2024-38053: Windows Layer Two Bridge Network RCE (47:14)CVE-2024-38180: SmartScreen Prompt Remote Code Execution Vulnerability (53:12)CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (1:00:00)CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability (1:04:24)CVE-2024-5535: Microsoft Defender for Endpoint Remote Code Execution Vulnerability (1:07:35)CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (1:09:36)
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a special episode for Cybersecurity Awareness Month, sourcing five tips from a range of Ivanti employees on how your organization and its users can stay secure. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Steph Rizzuto and guest Jason Kikta discuss the critical relationship between IT and security. They explore the evolution of these roles, the challenges faced by IT departments in contributing to security, and how Automox's innovative approach helps bridge the gap between IT and security functions. The conversation emphasizes the importance of collaboration, the need for a cohesive tech stack, and the shift from deferral-based to deadline-based security practices.
In this episode, Jason Kikta discusses the critical relationship between IT and security, emphasizing that great security begins with a solid IT foundation. He explores the importance of establishing a baseline for normalcy, the role of user safety in preventing security breaches, and the need to understand insider threats. Jason concludes with discussing the 'big three' of cybersecurity, which are: Network Inventory: Knowing what's on your network is crucial. This involves having a comprehensive inventory of all devices and systems connected to the network.Configuration and Patching: Keeping systems configured correctly and up-to-date with patches is essential to prevent vulnerabilities that could be exploited by malicious actors.Identity and Authentication Protection: Ensuring robust identity and authentication measures are in place to protect against unauthorized access and maintain the integrity of user accounts.
In this episode of Automox's Autonomous IT podcast, Ashley Smith speaks with Catie Adams from New Pig, who shares her journey in IT, her experience with Automox for patch management, and insights on the creating synergy between IT and security operations teams. Catie emphasizes the importance of collaboration in IT, offers advice for professionals looking to enhance their security contributions, and highlights the supportive nature of the IT community.
In this episode, Ashley interviews Bob Antos from Trine University. They discuss his extensive experience in IT, particularly within the education sector. Bob shares insights on the challenges and opportunities in endpoint management, the importance of security, and the role of automation in maturing IT environments. The conversation highlights the need for agility in IT operations and the balance between automation and human oversight.
Welcome to the Boomer Briefing Podcast, where we help you solve a critical business issue in 20 minutes or less. On this special release of the podcast, host L. Gary Boomer, Founder, Visionary, and Strategist of Boomer Consulting, and Eric McMillen, CEO, Chief Security Architect, and Founder of The McMillen Group, discuss the critical role of patch management in the accounting profession. They cover the history and growing necessity of security patches, the challenges of managing vulnerability windows, and the rise of zero-day exploits. The conversation also addresses the difficulties firms face during busy seasons and the risks of neglecting patching. Stay tuned as they emphasize the importance of layered security, strong leadership, and the benefits of automating patch management to enhance security and efficiency. Takeaways Patch management is crucial for maintaining the security and stability of computer systems. Shortening vulnerability windows and the rise of zero-day exploits have increased the urgency of patching. Firms face challenges in patching during busy seasons, but the consequences of neglecting patching can be severe. Layered security, including patch management, is essential for protecting against malware and other threats. Gary on Social Media: X: @lgboomer LinkedIn: lgboomer Eric McMillen on Social Media: X: @ericmcmillen LinkedIn: ericmcmillen Look out for new episodes every Tuesday, involving The Boomer Advantage 5 Pillars of a Successful Firm: leadership, process, technology, talent, and growth. For more information about Boomer Consulting, visit boomer.com
Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats. The panel also dives into the complexities surrounding recent breaches like the one at Avis and the broader implications of data vulnerabilities. Stay tuned for the latest insights and expert opinions on what's happening in the cybersecurity world. 00:00 Introduction and Panelist Introductions 01:31 Format Overview and First Cybersecurity Story 01:47 Discussion on CISA's Vulnerability Catalog 02:51 Challenges in Patch Management 06:45 Microsoft's Patch Tuesday Controversy 10:49 The $20 Domain Vulnerability 15:42 Insider Threats and Real-World Incidents 18:11 Handling Disgruntled Employees 18:51 Insider Threats: Real-Life Examples 19:41 Preventing Insider Threats 21:30 Password Management and Security 22:53 Case Study: Sales Employee Walks Out with Client List 23:42 Jurassic Park and Risk Management 24:32 Avis Data Breach: What Happened? 25:51 The Importance of Identity Theft Protection 29:44 Challenges in Cybersecurity Awareness 34:27 Microsoft's New Security Measures 35:07 Conclusion and Farewell
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) to cover the dreaded costs of a cyberattack, and how organizations can work to proactively avoid them by addressing three strategic imperatives: attack surface, vulnerability prioritization, and data silos.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
The episode begins with a focus on AI-based patch management solutions, highlighting leading vendors like Automox, Flexera, and Kaseya. The discussion delves into how AI and ML-driven patch management can provide real-time risk assessments, helping prioritize critical patches and enhance cybersecurity measures.The episode then shifts to the evolving landscape of cloud infrastructure driven by generative AI advancements. The transcript reveals insights from an IBM study, indicating concerns among tech executives about infrastructure readiness for AI demands. Additionally, the discussion touches on the challenges faced by businesses in adopting AI quickly and effectively, with a prediction that 13% of businesses will adopt AI in the next three to four years.A significant development highlighted in the episode is the introduction of ChatIT by Commonwealth Bank, an AI-powered IT support chatbot built on Azure services. The chatbot, accessible via Microsoft Teams, boasts an impressive average response time of 14 seconds and over 13,000 employee interactions. This innovation streamlines IT troubleshooting, integrates with the bank's knowledge base, and hints at future enhancements to improve user experience and efficiency.The episode concludes with updates on technology advancements, including Broadcom's launch of VMware Cloud Foundation 9 and Microsoft's decision to phase out the Windows Control Panel in favor of the Settings app. The discussion emphasizes the importance of understanding Azure's true cloud consumption revenue and the implications of AI tools like Amazon Q on software development tasks. Overall, the episode provides valuable insights into the intersection of AI, cloud computing, and IT service delivery in the evolving tech landscape. Four things to know today 00:00 GigaOm Report Highlights Top AI-Based Patch Management Solutions, Featuring Automox, Flexera, and Kaseya04:49 Commonwealth Bank Launches ChatIT, AI-Powered IT Support Bot on Azure, Achieves 14-Second Response Times07:11 Windows Control Panel to Be Phased Out in Favor of Modern Settings App, Microsoft Confirms08:25 Microsoft's New Reporting Strategy Aims to Clarify Azure's True Cloud Consumption Revenue Supported by: https://getthread.com/mspradio/https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social
In this episode of the Heroes of IT podcast, Ashley interviews Jack Milburn, a senior IT engineer with a focus on cloud security. They discuss Jack's experience with Automox and how he uses it for patching and vulnerability scanning. They also talk about Automox University (AXU) and the value of online learning in bridging the skills gap in IT. Jack shares his journey of earning certificates and the different levels of complexity in AXU courses. They also touch on the importance of company culture in promoting continuous learning.
Podcast: Industrial Cybersecurity InsiderEpisode: Patch Management and Software Updates: IT versus OTPub date: 2024-07-23Craig and Dino dig into the differences and nuances of patch management and software updates comparing IT versus Operational Technology (OT) environments. They explore the distinct challenges that OT systems face with software updates, and risks associated with patch management, including potential operational disruptions and risks of downtime. They discuss the importance of IT understanding the OT risks and challenges of updating software and implementing patches to ICS and OT equipment. The conversation highlights innovative solutions like virtual patching, the role of OEMs, and the critical need for a strategic, collaborative approach to cybersecurity in industrial settings.Chapters:00:00:00 - Introduction to Patching Challenges00:01:08 - IT vs OT Patching: Key Differences00:02:55 - Understanding the Cost of Downtime in OT00:03:32 - Overcoming Challenges with Legacy Systems00:05:21 - Navigating OEMs and Safety Concerns00:06:45 - The Role of Safety in OT Patching00:08:52 - Exploring Virtual Patching Solutions00:13:11 - Enhancing Vendor Collaboration and Risk Management00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity00:18:33 - Addressing Insurance and Compliance Issues00:20:12 - Significant Consequences of Not Patching00:23:14 - Building an Effective Collaborative Cybersecurity Strategy00:24:03 - Conclusion and Actionable InsightsLinks And Resources:Velta TechnologyDino Busalachi on LinkedInJim Cook on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!The podcast and artwork embedded on this page are from Velta Technology, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Google's Password Bug Hits Millions & French Police Battle Malware - Cybersecurity Today In this episode of Cybersecurity Today, Jim Love covers Google's recent apology after a bug caused the passwords of 15 million Chrome users to vanish. The episode also dives into the French authorities' unique approach to combating the PlugX malware by deploying a disinfection solution. Lastly, it sheds light on the ongoing struggles with patch management in many organizations, particularly following the CrowdStrike disruption. Tune in for these stories and more, along with the challenges and solutions in today's cybersecurity landscape. 00:00 Google Apologizes for Password Vanishing Bug 01:55 French Authorities Combat PlugX Malware 03:44 The Unsexy Challenge of Patch Management 05:41 Conclusion and Show Notes
Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
The CISO IT Podcast, hosted by Automox CISO Jason Kikta, is your one-stop shop for all things IT and cybersecurity. Jason knows good security comes from good IT. Step into a CISO's shoes and trek through the world of technology and cyber defense to stay ahead of potential threats. Each episode is packed with the latest trends, tips, and expert advice.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself. To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Join me as I talk with the National Director of Business Continuity for Southern Glazer's Wine and Spirits, John Luizzi. We talk about crisis leadership during a ransomware event. During our chat John talks about: 1. Defining Ransomware, 2. How Ransomware is different from other cyber events, 3. Detecting and event, 4. Patch Management, 5. Manual processes 6. Employee education 7. How to escalating the ransomware issue when discovered, 8. The crisis management team and activating appropriate internal/external response teams, 9. Recreating data, 10. Who's in Charge? 11. Legal team involvement, 12. Bringing in the BCM and DR team (and others), 13. Communications, 14. The FBI and other law enforcement, 15. Don't underestimate the risk, impact, and threat...and more! A ransomware event provides organizations allot of challenges and John share some great insights on how to manage a ransomware event should your organization be unlucky enough to experience one. Enjoy!
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In Office Hours Episode 6, SmartLogic Developers Anna Dorigo and Bilal Hankins join Elixir Wizards Sundi and Dan to discuss their experiences maintaining a decade-old Ruby on Rails codebase. They delve into the critical importance of deeply understanding the codebase, keeping dependencies current, and adapting to the original application's evolving priorities and design choices. The conversation spans a range of topics, including accessibility, testing, monitoring, and the challenges of deploying database migrations in production environments. The guests share effective strategies for sustaining and enhancing older codebases, such as employing automated tools, performing code audits, and adhering to clean coding principles. Key topics discussed in this episode: Grasping the legacy codebase and its historical context Overcoming accessibility issues in older applications Safe dependency management and upgrades The effects of application scaling on database performance The critical role of comprehensive test suites in legacy systems Using tools like Sentry for error tracking and performance monitoring The benefits of automated security and dependency scans Juggling client needs with budget constraints Local simulation techniques for large datasets The value of iterative code reviews and maintaining clean code Utilizing git history for contextual understanding Onboarding strategies for legacy projects Removing obsolete code and avoiding "magic numbers" Importance of descriptive naming for better code clarity Leveraging a rich repository of example code for learning and reference Proactive code audits to anticipate issues Managing pull request sizes for smoother reviews Communicating effectively about upgrades and potential impacts Strategies for handling large databases efficiently Ensuring thorough test coverage Keeping open lines of communication with clients regarding ongoing maintenance Links mentioned: COBOL programming language https://developer.ibm.com/languages/cobol/ Ruby on Rails https://rubyonrails.org/ ARIA Rules (Accessible Rich Internet Applications) https://www.w3.org/TR/using-aria/ Shawn Vo on Elixir as a Competitive Advantage https://smartlogic.io/podcast/elixir-wizards/s5e5-vo/ Bundler Audit Ruby Gem https://rubygems.org/gems/bundler-audit/ Sentry application monitoring and error tracking software https://sentry.io/ Dependabot Github automated dependency updates Mix hex.audit https://hexdocs.pm/hex/Mx.Tasks.Hex.Audit.html Git Blame https://git-scm.com/docs/git-blame Cow hoof trimming videos - The Hoof GP on YouTube (TW graphic imagery) Special Guests: Anna Dorigo and Bilal Hankins.
Join us over the next ten weeks as we discuss the top ten cybersecurity misconfigurations and review ways you can keep your organization safe from cyberattacks! In this episode we'll discuss one of the ten ways: Poor Patch Management. Implementing proper patch management is an important step to keeping your information safe from bad actors Connect with us: https://www.linkedin.com/company/envisionitllc marketing@envisionitllc.com
In our latest episode of Web3 Unpacked, Rich Pasqua of @mvmtmedia / Arc, speaks with Ido Ben-Natan and Raz Niv, Co-founders of Blockaid, a Tel Aviv-based cybersecurity startup that wants to raise the bar for security in crypto markets with its proactive scanning technology. Ido and Raz share the anatomy of common and not so common Web3 cyber attacks, and how to protect your company and your assets.ABOUT BlockaidBlockaid is a leader in web3 security. Founded in 2022 by alumni of Israel's elite Unit 8200 cyber intelligence unit, Blockaid has quickly become the standard in blockchain protection. Its innovative suite of tools simulates transactions before execution, safeguarding integrated wallets and dApps like MetaMask, OpenSea, Zerion and Rainbow from fraud, phishing, and hacks.By preemptively validating all transactions, Blockaid provides the security needed to help users trust using Wallets, dApps, and smart contracts. Operating out of offices in New York and Tel Aviv, the company has raised $33 million from top venture capital firms in cybersecurity, fintech, and web3 — Ribbit, Variant, Cyberstarts, Sequoia, and Greylock. Blockaid continues growing its network of partners as the most trusted name in web3 security.LEARN MORE ABOUT Arc/MVMThttps://linktr.ee/mvmt.mediahttps://arctai.com#crypto #web3unpacked #cybersecurity #blockchain #startup #blockaid #ecryption #firewall #maleware #phishing #Patchmanagement #Cyberhygiene #networksecurity
I'm joined by Risk and security expert, Denny Wan, as we talk about a challenge so many organizations experience: Patch Management and how it actually helps corporations of all sizes in such areas as Business Continuity, Information Security, and Cyber. During our chat we talk about: 1. Defining patch management, 2. What is a 'patch' and why is it important? 3. Interdependencies and testing, 4. Challenges and thresholds, 5. IT centric vs organizational culture, 6. Automation to reduce the burden (but using it properly), 7. Fast cars and a slow moving trainwreck, 8. Security, 9. Artificial Intelligence (AI), 10. Tips to get started...and more. Denny gives some great insight on how to deal with the internal burned of Patch Management and how it actually benefits an organization. Enjoy!
I'm joined by Risk and security expert, Denny Wan, as we talk about a challenge so many organizations experience: Patch Management and how it actually helps corporations of all sizes in such areas as Business Continuity, Information Security, and Cyber. During our chat we talk about: 1. Defining patch management, 2. What is a 'patch' and why is it important? 3. Interdependencies and testing, 4. Challenges and thresholds, 5. IT centric vs organizational culture, 6. Automation to reduce the burden (but using it properly), 7. Fast cars and a slow moving trainwreck, 8. Security, 9. Artificial Intelligence (AI), 10. Tips to get started...and more. Denny gives some great insight on how to deal with the internal burned of Patch Management and how it actually benefits an organization. Enjoy!
Thank you to our VIP sponsors! Topics: -We are pleased to welcome back Chad Swarthout, founder & CEO of Alectrona. We also have the pleasure of welcoming Ryan Ball, Director of Engineering at Alectrona. -Chad was on the show back in 2019 -We discuss the road Alectrona has taken since back in 2019. -Chad had the insight to go fully remote and close his office prior to the pandemic of 2020. -A majority of their clients have offsite employees as well. -All of the clients Alectrona has taken on since the pandemic have been all over the country. -Jerry wants to know more about how they acquire clients outside of their local area. -They tend to try and meet with customers on a regular basis to keep in contact and be aware of what needs changes. -Chad talks about how they found a need for patch management in many of their Jamf engagements. -From there, Alectrona Patch was born -Ryan gets into the details of how Alectrona Patch works, mainly by the use of a configuration profile. -Multiple times a day, they system polls for product updates to have them ready for update deployment. -They account for a variety of installer formats like DMGs, PKGs, and zip files. -Alectrona Patch is meant to by deployed via MDM. -Learn more at https://www.alectrona.com/patch -Alectrona Patch is on a monthly consumption model. $2.50/Mac per month up to 199 Mac computers. For larger needs, reach out to their team for pricing. -Monthly pricing is based on how many unique devices are reaching out to their content server. -Ryan & Chad talks about the back end details of how the tool works. -Joe wants to know if Dolly Drive is supported. -Another tool that Alectrona offers is called Migrator -Migration Assistant has caused issues in business environments so the Alectrona team wanted to create a replacement for offsite users to seamlessly migrate to a new computer. -This also sped up the return rate for previous computers. -Jerry wants to know about white labeling, which the Alectrona products can support. -You can reach out to the team about Alectrona Patch by visiting their MacAdmins Slack channel. THANK YOU TO OUR PATRON SPONSORS!
MSPs already know everything about Patch Management, according to Michelle Fiegehen of 24x7 Advantage. “It's a critical security function designed to keep our fleets safe. Patches are released regularly for software and operating systems to fix security flaws that might get exploited by cyber criminals, or to fix bugs that are continually being uncovered in new releases. Even companies that operate 100% in the cloud that have no servers need to have a robust Patch Management process to protect their fleet of workstations and laptops.” In this podcast, we learn why patch management is a challenge for companies and for the MSP community. Part of the challenge is time: how do you staff to cover a need that runs 24/7, and never takes time off for a holiday. Michelle, explains, “Patch management is one of the core offerings of 24x7 Advantage, and we've been providing this successfully for years – initially to end clients, and now to MSPs as a white label service that they can offer to their clients.” Michelle points out that not only is this a great reseller opportunity, it's a solution that fills the gap. “While your client is sleeping, while the MSP is sleeping, our team is working day shift hours to solve any problems to keep the hit rate high.” Visit www.24x7advantage.com, or email sales@24x7advantage.com US on 646-766-1949
24x7 Advantage Technical Service Desk delivers world class service, world class MSP opportunity, Special Holiday Podcast: How can you be on-game, when much of your U.S. based staff might otherwise want to watch The Game? It's the busiest travel day of the year, in the US. Family. Holiday… Football. And several well-known and well learned experiences says that these are the days when an MSP's customer might just happen to need technical support. And that need just happens to coincide when staffing to meet that need can be challenging. How can you be on-game, when much of your U.S. based staff might otherwise want to watch The Game? 24x7 Advantage Technical Service Desk 24x7 Advantage offers U.S. and Canada based MSPs an ability to offer the support their customers need, all the time, detaching place, season, and calendar staffing and service demand issues with an always ready posture. “Our clients are keen to be competitive - outsourcing in one form or another is a common model. But they also require service excellence. They don't necessarily want their own customers to know they are outsourcing, so the integration of our white label services into their own needs to be seamless, and our services flawless. We've been successful in delivering this to our clients,” says Michelle Fiegehen of 24x7 Advantage. In this timely podcast, Fiegehen tells us about 24x7 Advantage and how it adds a market advantage to any MSP looking to stand out in a crowded market and become that on-going go-to resource that creates on-going opportunities and growth. The company utilizes minimum level 2 support engineers who have a proven track record of technical expertise and high-resolution rate. To make sure her team reflects a deep bench of experience, Fiegehen has pushed turnover rate almost to zero, by offering premium benefits. She also leverages time differences to her team's advantage, utilizing a global workforce who are working during a regular workday while it's nighttime in America. “Most clients start small to try us out, then gradually expand their usage once they see the benefits and realize the risk is low.” As good experiences aggregate, the relationship typically grows. “After 3 months, we have enough data to propose a range of pricing models with varying degrees of flexibility. For example, some clients remain on a draw down model, others prefer to switch to a per device model.” In addition to the Global Service Desk, 24x7 Advantage offers NOC, SOC, Patch Management, remote support, email management, backup and storage management, policy enforcement and performance reporting. Visit www.24x7advantage.com email sales@24x7advantage.com or US 646 7661949 24x7 Advantage Technical Service Desk
CISA Alerts: High-Severity SLP Vulnerability currently being exploited. ChatGPT outages attributed to DDoS activity. Gen Z and Millennial employees are a bigger cybersecurity risk than older employees. Security firm finds highly invasive malware hidden in software developer tools. Strategies for bridging the cybersecurity skills gap. Mike Star, CEO and founder of trackd talks about managing patches and how the community can help preventing disruption from bad updates. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Mike Star Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT paloaltonetworks.com/ot-security-tco canary.tools/twit - use code: TWIT
CISA Alerts: High-Severity SLP Vulnerability currently being exploited. ChatGPT outages attributed to DDoS activity. Gen Z and Millennial employees are a bigger cybersecurity risk than older employees. Security firm finds highly invasive malware hidden in software developer tools. Strategies for bridging the cybersecurity skills gap. Mike Star, CEO and founder of trackd talks about managing patches and how the community can help preventing disruption from bad updates. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Mike Star Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: GO.ACILEARNING.COM/TWIT paloaltonetworks.com/ot-security-tco canary.tools/twit - use code: TWIT
Dr. Lorne Levine, The Digital Dentist, on Patch Management - Cybersecurity, data safety, and HIPAA compliance in dentistry.Resources:Request a Security AuditSecurity Predictor ChecklistDental Practice Growth Webinar Learn more about All-Star Dental Academy Subscribe to Dental All-Stars Podcast Write a Review on iTunes Visit Dental-All-Stars Podcast Website
Guest: Ryan Leirvik, CEO of Neuvik [@Neuvik]On LinkedIn | https://www.linkedin.com/in/leirvik/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of Redefining Cybersecurity podcast, host Sean Martin discusses the fundamentals of risk management in cybersecurity with Ryan Leirvik, author of "Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program." The conversation centers around the importance of understanding risk management in cybersecurity, categorizing assets, and identifying what's important to the business versus what's important to the individual. They also discuss the need to use frameworks like NIST-CSF to define and categorize risks and the importance of responding quickly to active threats and having a plan in place for recovery. Sean and Ryan provide practical advice for creating a sustainable cyber program that prioritizes risk management and explain how to set the stage for conversations about cybersecurity with stakeholders. Overall, the episode provides valuable insights into risk management in cybersecurity and how to prioritize and protect critical assets.ABOUT THE BOOKWhen it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner's guide lays down those foundational components, with real client examples and pitfalls to avoid.A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.Who This Book Is ForCISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this Their Story podcast episode, Michael Parisi and Sean Martin dig into the challenges and implications of compliance, cybersecurity, and the risk of commoditization in the industry. The conversation focuses on the importance of maintaining a strong security posture, the role of stakeholders, and the need for education among non-technical individuals, such as CFOs and board members, to prevent a race to the bottom in cybersecurity.Parisi's main concern is that compliance has become an outcome rather than a mission, and that cybersecurity could follow a similar path if we're not careful. With an increasing number of organizations turning to managed security service providers (MSSPs), the risk of commoditization looms large. Parisi and Martin also discuss the challenges posed by the "fog of more" in the cybersecurity landscape, with an overwhelming number of security solutions available and a potential race to the bottom in pricing.The conversation shifts to the role of stakeholders in preventing this downward spiral. Parisi argues that stakeholders have the power to save the industry, but only if they care enough and are adequately educated about the importance of cybersecurity. He believes that educating boards and business owners is crucial to creating more stakeholders with a genuine stake in the game.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest:Michael Parisi, Head of Client Acquisition at Schellman [@Schellman]On Linkedin | https://www.linkedin.com/in/michael-parisi-4009b2261/ResourcesLearn more about Schellman and their offering: https://itspm.ag/schellman9a6vFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: 1. Asset Management 2. Patch Management 3. IAM/MFA/PIM/PAM 4. EDR/MDR/XDR 5. Backup/Recovery 6. Risk Management Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw289