Podcasts about penetration testing

Fagan Afandiyev — Elite Cybersecurity Competitor and Legendary Whitehatter No Password Required: Breakout Room: Episode 1 — Fagan Afandiyev Fagan Afandiyev is a cybersecurity student at the University of South Florida and a member of the CyberHerd competition team, known for his strategic mindset and passion for solving complex challenges. From competing in international robotics competitions to discovering cybersecurity through hands-on platforms, Fagan has built his skills through curiosity, persistence, and a love for problem solving. Fagan shares how competitions, community, and continuous learning shaped his journey into cybersecurity. He walks through his growth within USF's cyber community, and how that led to a penetration testing internship at Microsoft. He also offers insight into the mindset needed to succeed in cybersecurity, encouraging others to embrace challenges, learn through failure, and find enjoyment in the process. Follow Fagan on Linked in here: https://www.linkedin.com/in/fagan-afandi/ Presented by ThreatLocker Chapters:  00:00 Introduction to Cybersecurity Passion 3:02   Journey to Cyber Herd and University Life 06:12 Internship at Microsoft and Career Aspirations 08:59 Hackathon Experience and Community Engagement 12:39 Behind the Scenes of Cyber Competitions 14:30  Overcoming Challenges in Cyber Competitions 18:00 Gratitude and Mentorship in Cybersecurity  

The security industry has spent years debating which tools to buy. Impetum is asking a different question: are the tools you already have actually working? Founded by incident responders who saw the same failures across hundreds of breaches, Impetum built the Persistent Purple Team platform to simulate advanced threat actors inside customer environments on a continuous monthly basis -- not as a one-time engagement, but as an ongoing relationship built around real data, custom TTPs, and a measurable Threat Resilience Score. Matt Stewart and Alex Grohmann spoke with Sean Martin and Marco Ciappelli at RSAC Conference 2026 about what they are hearing on the show floor: agentic AI is accelerating the speed of compromise and exposing vulnerabilities in legacy systems that have been dormant for decades. Against that backdrop, the value of knowing -- not assuming -- that your detection and response capabilities hold up becomes critical. The platform builds that knowledge through live-fire exercises using an organization's own data, validating patch management, XDR, SIEM tuning, and post-compromise detection in a way no annual pen test can. The conversation also touched on the structural talent problem agentic AI is creating inside SOCs. As AI fills the level one analyst role, the pipeline for developing level two analysts and incident responders is narrowing. Impetum sees persistent purple teaming as the training ground that closes that gap -- giving existing teams the repeated, realistic practice they need to respond with confidence when an actual breach begins. Impetum targets mid-size organizations that have the right security tools but lack the budget, bandwidth, and access to industry events to keep those tools continuously validated against evolving attack paths. For those teams, the platform delivers something an annual report cannot: a documented, ongoing record of what works, what does not, and where the program is heading. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Matt Stewart, Co-Founder, Impetum Alex Grohmann, Co-Founder, Impetum LinkedIn: https://www.linkedin.com/in/alexandergrohmann/ RESOURCES Impetum / Persistent Purple Team: https://www.persistentpurpleteam.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Matt Stewart, Alex Grohmann, Impetum, Persistent Purple Team, Remedium Security, Sean Martin, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast, purple teaming, continuous security validation, threat resilience, CISO, security operations, SOC, red team, blue team, incident response, agentic AI, MITRE ATT&CK, penetration testing, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security teams have always struggled with the gap between finding vulnerabilities and fixing the right ones. DeCloss built PlexTrac after seeing that gap firsthand as a penetration tester -- watching critical findings disappear into static PDFs and manual spreadsheets with no real tracking, no accountability, and no way to demonstrate improvement. The platform was designed from the ground up to close that loop. The conversation gets specific about what contextual risk scoring actually means. A CVE rated 10.0 in the National Vulnerability Database may be irrelevant to a given organization; a lower-severity finding may be critical given the systems that organization actually runs. PlexTrac's newly launched MCP server correlates vulnerability data against real-world environmental context, making that distinction automated and actionable -- not something an analyst has to puzzle out manually every time. DeCloss walks through what the before state looks like for most teams: an annual pentest PDF, weekly scanner output, no unified view, and spreadsheet-based assignment that makes it nearly impossible to track who is working on what or whether anything is actually getting resolved. PlexTrac replaces that with a normalized, integrated platform that connects to Jira, ServiceNow, and Azure DevOps -- keeping workflows intact while adding the visibility that was always missing. On AI's role in the industry, DeCloss is measured but direct. AI is a force multiplier, not a job eliminator. Security has always operated with a talent shortage, and automation fills that gap. But AI also expands the attack surface -- and organizations that adopt it without a security framework create new exposure. The human in the loop, with real subject matter expertise, remains essential. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Daniel DeCloss, Founder & CTO, PlexTrachttps://www.linkedin.com/in/ddecloss/ RESOURCES PlexTrac: https://plextrac.com KEYWORDS Daniel DeCloss, PlexTrac, Sean Martin, vulnerability management, penetration testing, pentest reporting, risk prioritization, CVE scoring, MCP server, AI in cybersecurity, blue team, remediation tracking, CTEM, continuous threat exposure management, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast, brand story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Supply chains, server crashes, and building break-ins. Our latest episode is a reminder that cybersecurity doesn't stop at the screen.

In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a modern web app pen testing toolkit.Topics covered include:Burp Suite Pro vs. OWASP ZAP — comparing capabilities, extensions, and use casesCSP Auditor — identifying unsafe Content Security Policy directivesJSON Web Token (JWT) extension — surfacing and tampering with JWTs in HTTP historyRetire.js — flagging outdated JavaScript libraries with known vulnerabilitiesCyberChef & JWT.io — encoding, decoding, and debugging tokensPostman & Swagger — API testing and documentation workflowsSQLMap — powerful SQL injection discovery (and why you should never run it in production)Proxy Forge — evading cloud-based WAFs and testing geo-blockingGraphQL Hunter — enumerating and testing GraphQL instancesHave a tool or extension you swear by? Drop it in the comments — Brad and Jordan want to hear from you!---Burp Suite is an integrated platform for attacking web applications. http://portswigger.net/burp/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we break down the sophisticated world of Red Teaming. Moving past simple vulnerability scans, we explore the mindset of a determined adversary. We cover the entire attack chain from initial access via LLMNR poisoning to lateral movement using BloodHound and explain how these simulations help Blue Teams sharpen their detection and response capabilities.Key Topics Covered in This Episode:Defining Red Teaming: Why Red Teaming is "threat-oriented" rather than "vulnerability-centric," focusing on organizational resilience.Understanding APTs: The characteristics of Advanced Persistent Threats—sophisticated, long-term, and stealthy.The MITRE ATT&CK Framework: A breakdown of the 14 tactics used to map adversarial behavior from reconnaissance to impact.Red Team vs. Pentesting: A detailed comparison of scope, duration, and goals (Narrow vs. Broad, Goal-oriented vs. Threat-oriented).The Attack Life Cycle: Stepping through Reconnaissance, Initial Compromise, Persistence, Privilege Escalation, and Exfiltration.Live Demo: LLMNR Poisoning: How attackers exploit "link-local" protocols to capture password hashes using tools like Responder.Cracking Hashes: Using Hashcat to resolve captured NTLMv2 hashes into plain-text passwords.Visualizing the Path: Using BloodHound and Neo4j to map hidden relationships and attack paths within Active Directory.The Blue Team Perspective: How the Security Operations Center (SOC) uses Red Team findings to close detection gaps.

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico's growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from “one-person army” generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers' cognitive approaches to shape AI agents, argues AI lowers barriers but requires validation due to hallucinations, and predicts routine, methodology-driven testing will be automated while expert human work persists. He forecasts compliance and audit frameworks will eventually accept more objective, scalable AI-based control validation, reshaping the pen testing market. If you work in cybersecurity, involved in penetration testing and offensive security, or are just trying to figure out what the AI hype actually means for attackers and defenders, this episode is for you! ** Links mentioned on the show ** Follow and connect with Andrew Wilson https://www.linkedin.com/in/awilsonaz/ https://x.com/kuzushi/ Find out more about CactusCon! https://www.cactuscon.com/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast.

Show Notes For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSAC Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five. Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security. The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending. The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined. All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it. Guest Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis Host Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ Resources SANS Institute | https://www.sans.org RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Keywords ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Show Notes For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSA Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five. Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security. The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending. The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined. All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it. Guest Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis Host Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ Resources SANS Institute | https://www.sans.org RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Keywords ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

⬥EPISODE NOTES⬥ What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands. Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization. A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere. The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization. For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear. ⬥GUEST⬥ Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast:

⬥EPISODE NOTES⬥ What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands. Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization. A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere. The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization. For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear. ⬥GUEST⬥ Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ ✨ More Redefining CyberSecurity Podcast:

In a podcast recorded at ITEXPO / MSP EXPO, Doug Green, Publisher of Technology Reseller News, spoke with Pierre Donyegro, CEO of CyberFortPro, about why penetration testing is becoming a necessary—and often overlooked—part of cybersecurity for small businesses. Donyegro explained that CyberFortPro focuses on delivering penetration testing services to smaller organizations such as law firms, medical offices, and restaurants. Penetration testing, he noted, is a short but intensive process that analyzes a customer's network traffic and configurations to uncover vulnerabilities before they are exploited. “Even when you feel healthy, a doctor runs tests—this is the same idea, but for cyber health,” Donyegro said, framing penetration testing as preventative cybersecurity rather than a reaction to a breach. While certain industries face higher risk due to sensitive data, Donyegro emphasized that cybersecurity is not limited to regulated verticals. Any business with a network, outdated firmware, or misconfigured equipment can be exposed. The value of penetration testing, he said, lies not only in identifying weaknesses but in clearly explaining them to business owners and outlining remediation steps—from firmware updates to infrastructure changes—so risks can be addressed proactively. For MSPs, Donyegro positioned CyberFortPro as a natural partner rather than a competitor. “For every technology, you need experts to explain to the customer what their exposure really is,” he said. MSPs can bring CyberFortPro into customer engagements to provide specialized penetration testing, creating additional value, strengthening client trust, and opening new revenue opportunities tied to security assessments and remediation. Visit https://www.hellophello.com/hi/pierredonyegro

Most organizations rely on outdated penetration tests that check boxes, but miss real threats already inside their networks. Host Ivo Wiens, Field CTO for Cybersecurity, sits down with Mikhail Falkovich, former CISO turned security leader at Microsoft, to unpack why perimeter defenses fail and why zero trust is a mindset, not a buzzword. They explore insider threats, the limits of traditional pen testing and why continuous red and purple teaming — and AI-aware defences — are essential for real cyber resilience. To learn more, visit cdw.ca Hosted by Simplecast, an AdsWizz company. See https://pcm.adswizz.com for information about our collection and use of personal data for advertising.

One famous cartoon featured two vultures sitting on a fence; one turned to the other and said, "I am sick of waiting, let's kill something." When it comes to preventing cyberattacks, the federal government is well known for a defensive approach. They have security systems, air gap systems, and even a zero-trust approach. This defensive approach is essential but may not give the federal government a complete view of how to protect data. Today, we sat down with Chris Jones, Nightwing's Chief Technical Officer. He outlines some of the characteristics of a concept called "offense informs defense."  This is a method that Nightwing has developed through over 40 years of working with federal technology leaders. For example, they developed their Counter Trace service, which uses offensive cyber strategies to defend critical infrastructure. The service involves proactively hunting for vulnerabilities, identifying access points, and analyzing digital evidence to expose cyberattacks. During the interview, Jones mentions that the GSA has received this approach well. In fact, Nightwing recently won all six GSA Highly Adaptive Security Services categories. These handle security aspects like Penetration Testing, Incident Response, Risk Assessments, Cyber Hunt, and High Value Asses Assessments.  Jones emphasizes the importance of initiative-taking, cybersecurity, AI integration, and collaboration across agencies to adapt to protect federal data.  

Send us a textEver wonder why some shows last for years while others fade before episode seven? We sit down with Jack from Darknet Diaries to unpack the systems, mindset, and storytelling choices that keep a podcast resilient without burning out the host. Instead of chasing viral spikes, Jack lays out a playbook for steady growth: batch recording, rest cycles, and that deceptively powerful one percent month-over-month target. It's practical, humane, and it works.We dig into his editorial compass with three distinct tracks: personal obsessions, proven crowd favorites, and bold forays into new communities like crypto and gaming. Jack explains why listeners often prefer penetration test stories over higher-stakes CIA operations, and what it takes to earn trust from niche audiences by learning their culture first. The curtain pulls back on hard-to-book guests, silent PR walls, and the rare times a source vanishes after recording—plus the elusive thrill of chasing “ghost” hackers who should never speak on record.From there, the conversation turns to craft. Jack's background as a network security engineer sharpened his ability to explain complex topics simply. He shares how layered explanations let beginners and veterans both feel seen, why command line beats screenshot soup, and how relentless revision turns knowledge into clarity. We also tackle AI and cybersecurity with nuance: not as job eraser, but capability amplifier. Think better triage, secure-by-default coding, and an arms race where defenders and attackers wield similar tools—and the edge comes from better questions and stronger priorities.Beyond the studio, Jack talks health, music, language learning, and swing dance, and how a wetware mindset—designing stories to trigger empathy and memory—guides every episode. If you care about making work that lasts, telling stories that land, and adopting AI without losing the plot, this conversation is a masterclass in sustainable creativity and modern security. Subscribe, share with a friend who needs a morale boost, and leave a review with the one tactic you'll try next.Darknet Diaries: https://www.youtube.com/jackrhysiderSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

For SMEs and startups, things are always changing—new projects, growing teams, and evolving products. Amidst this growth, cybersecurity often takes a backseat. However, protecting your business from cyber threats is more important than ever.In this episode, Anh Pham, Director of Penetration Testing and Security at Trava, explains how a robust Continuous Threat Exposure Management (CTEM) framework can help businesses stay secure. He also discusses how Penetration Testing as a Service (PTaaS) and Vulnerability Management as a Service (VMaaS) offer ongoing protection and risk management without the need for a full-time security team.Anh shares how partnering with cybersecurity experts can give you peace of mind, letting you focus on your business while staying ahead of potential threats. Tune in for practical advice on implementing CTEM, PTaaS, and VMaaS to ensure your business is safe and secure.Key takeaways:The role of PTaaS and VMaaS in continuous protectionThe benefits of partnering with cybersecurity expertsPractical steps to implement CTEM, PTaaS, and VMaaSWant to know exactly what to look for in a PTaaS provider? We've outlined everything you need to know in this guide: https://travasecurity.com/understanding-ptaasEpisode highlights:(00:00) The aspects of a robust CTEM strategy(01:15) Penetration Testing as a Service (PTaaS)(02:29) Vulnerability Management as a Service (VMaaS)(03:42) Why you need PTaaS and VMaaS in your CTEM framework(06:32) How to start small with CTEM(07:48) Making continuous cybersecurity affordable for SMEs and startupsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - https://www.linkedin.com/in/anhpham11/Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Your business is constantly evolving. But how do you know where the weak spots are or which ones actually matter? In a fast-moving environment, understanding your vulnerabilities before attackers do is critical.In this episode, Anh Pham, Director of Penetration Testing and Security at Trava, breaks down why more businesses are moving toward Continuous Threat Exposure Management (CTEM). Anh explains the five key components of CTEM, how to tell if your business is ready to implement it, and what's pushing organizations to take a more active, ongoing approach to cybersecurity.Key takeaways:Why CTEM outperforms traditional point-in-time testingThe five components of CTEM and how they work togetherHow evolving threats and expanding attack surfaces demand continuous validationReady to dive deeper into the continuous process? Get more info on CTEM and why it's important here: https://travasecurity.com/ctem-explainedEpisode highlights:(00:00) CTEM explained simply(02:38) How CTEM differs from point-in-time testing(04:29) The five components of a CTEM approach(09:25) When to adopt CTEMConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - https://www.linkedin.com/in/anhpham11/Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

In this episode of "The Free Lawyer" podcast, host Gary interviews Valentina Flores, CEO of Red Sentry. Valentina shares her journey from law enforcement to leading a proactive cybersecurity company, emphasizing the importance of ethical hacking and prevention for law firms. She offers practical tips—like enabling multi-factor authentication, limiting data access, and preparing response plans—to help lawyers protect sensitive information. Valentina also discusses the collaborative nature of cybersecurity, the human element in defense, and aligning security practices with core values, making cybersecurity accessible and actionable for legal professionals.Valentina Flores is the CEO and Co-Founder of Red Sentry, a proactive cybersecurity company that breaks into your network, so hackers never get the chance. Before protecting companies, she served as a detective on joint federal task forces, tracking cybercriminals through digital back-alleys. Now a public speaker on hacker psychology, a two-time award-winning cybersecurity leader, and a fierce advocate for women in tech, Valentina is redefining what leadership looks like in the industry, championing smarter and more accessible security for all.Transition from Detective to Cybersecurity (00:01:33) What is Penetration Testing? (00:02:56) Success Rate and Client Vulnerabilities (00:03:35)Understanding Hacker Psychology (00:05:30) Why Law Firms Are Targets (00:06:38) Triggers for Law Firms to Seek Help (00:07:46) Compliance vs. Proactive Security (00:09:09) Human Element in Cybersecurity (00:10:16) Making Clients Comfortable with Ethical Hacking (00:11:55) Emerging Threats and the Future of Cybersecurity (00:13:25) Cybersecurity for Small and Medium Businesses (00:14:43) Diversity in Tech and Cognitive Diversity (00:16:37) Awards and People-First Leadership (00:17:27) Leadership in Cybersecurity vs. Traditional Business (00:18:20) Role of Coaching and Mentorship (00:19:28) Annual Testing and Follow-Up (00:20:21) Prioritizing Cybersecurity in Law Firms (00:21:13) Collaboration vs. Competition in Cybersecurity (00:22:17) Top Three Cybersecurity Actions for Lawyers (00:23:29) First Steps for the Unprepared (00:25:39) What is Penetration Testing? (Clarification) (00:26:39) Freedom and Work-Life Balance (00:27:06) Aligning Practice with Values (00:27:51) You can find The Free Lawyer Assessment here- https://www.garymiles.net/the-free-lawyer-assessmentWould you like to learn what it looks like to become a truly Free Lawyer? You can schedule a complimentary call here: https://calendly.com/garymiles-successcoach/one-one-discovery-callWould you like to learn more about Breaking Free or order your copy? https://www.garymiles.net/break-free

In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:52 Apple's Urgent Security Updates 03:24 AI-Powered Scams: A Growing Threat 06:59 Malware Hidden in Torrents 10:03 AI Outperforms Human Pen Testers 13:25 Conclusion and Contact Information

Meter: Visit https://meter.com/itcareer to book a demoEveryone wants to be a pen tester until they find out what the job actually looks like. This video offers a reality check on the daily grind of a professional pentester, emphasizing that the job differs significantly from Hollywood portrayals and standard certification courses.Tyler, a professional pentester, shares insights into ethical hacking and the challenges of the field, including his journey of launching an offensive cybersecurity company. This content provides essential information for those interested in information security and penetration testing.Tyler Ramsbey:LinkedIn: https://www.linkedin.com/in/tyler-ramsbey-86221643/Youtube: https://www.youtube.com/@UC_82czjFMgsYMjodhG_4mIw

Send us a textMeet Rapid7's Deral Heiland—a self-described “visual historian” who balances high-tech research with hands-on artifacts from Roman coins to Civil War relics

Deepfakes used to be a niche curiosity. Today they have become a sophisticated tool for manipulation, persuasion, and exploitation. In this episode of Tech Talks Daily, I sit down with Aleksander Gorkowienko, Head of Penetration Testing at Risk Crew, to examine how artificial intelligence has transformed deepfakes from playful face swaps into full-scale multimedia attacks designed to deceive even the most vigilant among us. Aleksander explains how we have entered the age of Deepfakes 2.0, where fake video, audio, images, and text merge to create hyper realistic digital experiences. These aren't the crude social media edits of a few years ago. They are now weaponized as tools for emotional manipulation, exploiting fear, urgency, and trust to trick victims into transferring money, sharing data, or compromising systems. Aleksander walks through real world examples of how criminals build these illusions, using stolen digital footprints to impersonate executives, family members, and trusted colleagues in live video calls. We discuss how AI's accessibility has accelerated this problem. With free tools and moderate computing power, almost anyone can now create a convincing fake offline. Aleksander shares how this ease of creation erodes trust online, making it harder to distinguish truth from fabrication. He also reveals how attackers rely less on technology itself and more on psychology, engineering scenarios that push people into acting before thinking. From a defense standpoint, Aleksander offers clear, actionable insights. He talks about the importance of multi factor verification, context based awareness, and fostering what he calls “streetwise vigilance” in the digital world. He compares it to walking through a city at night; you wouldn't flaunt your valuables, so why overshare online? We explore how organizations can conduct training and simulations to teach employees to pause, question, and verify before reacting. This episode is a timely warning for every business and individual operating in a world where reality can be faked in seconds. Aleksander's rule of thumb is simple but powerful: never trust a single source of information. Cross check, slow down, and think before you act. Because in the age of AI deception, trust must be earned every time. Listen now to hear Aleksander's firsthand perspective on how deepfakes are changing cybersecurity and what we can all do to stay one step ahead.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025]   00:00 - Intro 00:31 - Carter Zupancich Intro -          Website: https://carterzupancich.com/ 01:30 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:35 - Tools, Tactics and Procedures 05:19 - Tech Advances 08:16 - The Classics 10:01 - The Need for Testing 12:16 - Callback Phishing 17:26 - Setting Expectations 21:56 - Approved Language 23:56 - Verify! 25:16 - Empowerment 26:17 - And Now a Horrible Story 28:47 - Investing In Employees 31:19 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

In this episode of Reboot IT, host Dave Coriale sits down with Ben Muscolino, CEO of Breezio, Data Sangria, and co-founder at Vortacity, and Ryan O'Donnell, CTO at Vortacity, to demystify cybersecurity for associations and nonprofits. They explore the evolving threat landscape, the importance of proactive security measures, and how organizations can build a culture of cybersecurity without fear or shame. From phishing-resistant MFA to red team engagements, this conversation is packed with practical advice for leaders and IT professionals alike. Themes and Topics: Cybersecurity Culture and Leadership Cybersecurity must be embraced across the organization, not just by IT. Leaders should foster a “shameless and blameless” environment for open dialogue. Culture impacts how teams respond to threats and education efforts. Phishing and Account Takeover Risks Phishing remains the most common entry point for breaches. Attackers often dwell silently before exploiting access. Social engineering tactics are becoming more sophisticated. Cybersecurity Maturity  Organizations should progress from asset inventory to vulnerability scans, pen tests, and red team engagements. Skipping foundational steps can lead to ineffective or costly security efforts. Tailoring assessments to organizational needs is key. Penetration Testing and Red Teaming Pen tests simulate real-world attacks to expose vulnerabilities. Red team engagements test people, processes, and systems under stealth conditions. Trusted agents within the organization coordinate red team efforts discreetly. Deception Technology and Canary Tokens Canary tokens act as tripwires to detect post-compromise behavior. These tools are low-cost and high-impact for early breach detection. Ideal for organizations with limited cybersecurity resources. Budgeting and Advocacy for Cybersecurity Cybersecurity is often the first to be cut during budget reviews. IT leaders must communicate risk in terms of cost and organizational responsibility. Starting small is better than doing nothing—get from zero to one.

In this episode of No Password Required, host Jack Clabby and guest host Sarina Gandy discuss the insights gained from their conversation with Demarcus Williams, a senior security engineer at Starbucks. They explore Demarcus's journey into cybersecurity, the importance of competitions like CCDC in career development, and the role of gut instinct in cybersecurity. The discussion also touches on the differences between corporate cultures, the significance of mentorship, and the fun aspects of the cybersecurity community, including a light-hearted lifestyle polygraph segment. TakeawaysDemarcus' curiosity about video games sparked his interest in cybersecurity.The transition from defense contracting to corporate roles offers broader access to tools.Gut feelings play a significant role in cybersecurity decision-making.Competitions like CCDC are crucial for career development in cybersecurity.Networking at competitions can lead to job opportunities.Corporate culture varies significantly between government contracting and tech companies.A people-first approach is essential in mentorship and cybersecurity.The red team experience enhances skills applicable to day-to-day work.Work-life balance is crucial in maintaining a sustainable career in cybersecurity.Engaging with the community is vital for personal and professional growth. Chapters00:00 Introduction to Cybersecurity and Curiosity02:47 Day-to-Day Life of a Senior Security Engineer05:30 The Role of Gut Instinct in Cybersecurity08:31 Early Inspirations and the Journey into Cybersecurity11:35 The Importance of Competitions in Career Development14:33 Transitioning from Student to Professional17:34 The Red Team Experience and Its Impact20:25 Recruitment Opportunities in Cybersecurity Competitions23:33 Navigating Corporate Culture in Cybersecurity26:31 Mentorship and People-First Approach29:11 Lifestyle Polygraph and Fun Insights

Host Paul Spain is joined by Igor Portugal (Tech Entrepreneur), as they explore the latest tech news in New Zealand and beyond. They discuss the Electric Avenue ticketing debacle, Starboard Maritime's expansion plans, NZ's Realtime phone outage service, China's surveillance network, the future of Starlink, and Apple's latest product revelations, including the progressive phasing out of SIM cards. Plus, get insights into BlackLock Security's innovative use of AI for threat detection and their Penetration Testing as a Service (PTaaS).A big thank you to our show partners One NZ, Spark, HP, 2degrees and Gorilla Technology.

Penetration Testing and Vulnerability Assessment Available → https://escapethetechnocracy.com/product/penetration-testing/    Music by Karl Casey @ White Bat Audio

Keywordscybersecurity, product management, career development, market strategy, customer insights, hacking, music, team building, startup life, risk management  SummaryIn this episode of No Password Required, host Jack Clabby and co-host Kayleigh Melton engage in a lively conversation with John Shipp, a product strategist at Rapid7. They explore John's unique journey from a metalhead to a cybersecurity expert, discussing the importance of passion in career development, the intricacies of product management, and the significance of customer insights in shaping cybersecurity solutions. John shares his early experiences in hacking, the influence of music on his life, and the value of building strong teams and company culture. The episode concludes with a fun segment called the Lifestyle Polygraph, where John answers quirky questions about his ideal cyber team and his dream day with Ric Flair.  TakeawaysBeing a metalhead prepares you for the boardroom.You can follow your passion and thrive in your career.Product management involves understanding customer needs and market dynamics.Curiosity is a key driver in the tech field.Great teams are built on strong leadership and culture.Startup life requires a willingness to take risks.Networking and building relationships are crucial in cybersecurity.Understanding your risk appetite is important when considering career moves.Music can be a significant influence on personal and professional life.Mentorship and sharing knowledge are vital for growth in the industry. TitlesFrom Metal to Management: A Cybersecurity JourneyPassion and Profession: Finding Your Path in Cybersecurity Sound bites"You can follow your passion and thrive.""I learned security at scale.""Curiosity drives my passion for tech." Chapters00:00 Introduction to Cybersecurity and Personal Journeys02:49 The Role of Passion in Career Development05:21 Navigating Product Management and Market Strategy08:23 The Evolution of Cybersecurity Skills11:37 The Importance of Customer Insights in Product Development14:35 Early Experiences in Hacking and Cybersecurity17:24 The Influence of Music on Personal and Professional Life20:19 Building Teams and Company Culture23:10 Startup Life and Risk Management26:08 Lifestyle Polygraph: Fun Questions and Insights29:13 Final Thoughts and Connections 

Has your nonprofit ever had a simulated break-in to test your digital defenses? If not, you may already have an intruder inside!Cyberattacks aren't just happening to big corporations—they're happening to nonprofits every day. And far too many organizations have no idea they've been breached until months later. Cybersecurity expert Michael Nouguier, Partner of Cybersecurity Services at Richey May, pulls back the curtain on the urgent, often-overlooked practice of penetration testing—known as “pen testing.” His message is blunt: if your nonprofit hasn't done one, you may already be compromised.Michael explains that a pen test is essentially a real-world simulation of a cyberattack, conducted by ethical hackers to expose weaknesses before malicious actors exploit them. “It's like hiring a home inspector before you buy a house,” he says, “but instead of finding leaky pipes, we're finding the digital doors and windows you've accidentally left wide open.” These gaps can exist in email, donor databases, websites, payment systems—anywhere sensitive information lives.The process starts with scoping—identifying your organization's tech environment, third-party tools, and data flows. From there, ethical hackers gather open-source intelligence (OSINT) to see what information about your nonprofit is publicly available, then attempt to exploit any vulnerabilities found. This may involve phishing attempts, network access attempts, or probing for weaknesses in online applications. Post-exploitation, the team determines how far they can move within your systems—accessing donor records, financial data, or confidential client files.The findings are compiled into a detailed report, along with a letter of assessment that can be shared with insurers or contractual partners. In many industries, including healthcare, justice, and education, annual pen testing isn't optional—it's required by regulation or by contract. Yet, as Michael warns in this episode, many nonprofits sign agreements without realizing they're agreeing to perform such tests.Waiting too long is costly. IBM research shows that proactive security measures can save organizations over $200,000 per breach. On the flip side, skipping pen testing can raise your cyber insurance premiums—or get your coverage denied entirely. And because updates, new software, and staffing changes continually introduce new risks, pen testing isn't a one-and-done task—it's an annual checkup for your organization's digital health.Michael also touches on the human factor. When testing social engineering risks, you often don't alert staff in advance—because real attackers certainly won't. The goal is to create realistic conditions, not staged ones.This conversation should serve as a wake-up call: penetration testing is not an optional luxury—it's a frontline defense. Whether you hold donor payment information, confidential case files, or sensitive program data, you can't afford to leave your cybersecurity to chance.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

In this episode of Grow a Small Business, host Troy Trewin interviews Nick Ellsmore, ex-founder of Hivint, a cybersecurity consulting firm he co-founded in 2015 and sold in just three years for $23M. Nick shares how he went from starting his first business during university to exiting two companies for a combined $47M. He talks about building Security Colony to give small businesses access to enterprise-grade tools, the importance of storytelling in marketing, and creating a strong, values-driven culture. A few years on from leaving the business, Nick reflects on his journey, the mindset shifts that helped him grow, and the lessons learned from scaling fast in a demanding industry. Why would you wait any longer to start living the lifestyle you signed up for? Balance your health, wealth, relationships and business growth. And focus your time and energy and make the most of this year. Let's get into it by clicking here. Troy delves into our guest's startup journey, their perception of success, industry reconsideration, and the pivotal stress points during business expansion. They discuss the joys of small business growth, vital entrepreneurial habits, and strategies for team building, encompassing wins, blunders, and invaluable advice. And a snapshot of the final five Grow A Small Business Questions: What do you think is the hardest thing in growing a small business? According to Nick Ellsmore, the hardest thing is maintaining focus, momentum, and the “will to keep your business alive” through the rollercoaster of small business growth. Staying consistent when things get tough is often what defines long-term success. What's your favorite business book that has helped you the most? Nick Ellsmore has shared that his favorite business book is Early Exits by Basil Peters. It helped him understand how to structure businesses for strategic acquisition, especially when building with an exit in mind. Are there any great podcasts or online learning resources you'd recommend to help grow a small business? Nick Ellsmore recommends the 90 Day Year by Todd Herman, a goal-setting and execution system that breaks the year into manageable 90-day sprints. It helped him stay focused on what truly moves the needle in business. What tool or resource would you recommend to grow a small business? According to Nick Ellsmore, the One Page Strategic Plan from Verne Harnish's Scaling Up is a game-changing tool. It helps align teams, clarify strategy, and focus everyone on priorities—all in one concise page. What advice would you give yourself on day one of starting out in business? Nick Ellsmore has shared that if he could go back, he'd simply tell himself, “It's going to be okay.” Despite the challenges and stress, everything will work out. Trust the process, keep pushing, and don't forget to breathe. Book a 20-minute Growth Chat with Troy Trewin to see if you qualify for our upcoming course. Don't miss out on this opportunity to take your small business to new heights! Enjoyed the podcast? Please leave a review on iTunes or your preferred platform. Your feedback helps more small business owners discover our podcast and embark on their business growth journey.     Quotable quotes from our special Grow A Small Business podcast guest: Success in business isn't about brilliance, it's about consistency and the will to keep going – Nick Ellsmore For your team, for your clients, for potential acquirers, story-telling is key: Why you? Why now?  – Nick Ellsmore If you want to sell your business one day, start building it that way from day one – Nick Ellsmore  

Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed.In this episode, Anh Pham, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You'll also learn how AI fits into the picture and what to consider when choosing a provider.Key takeaways:The difference between PTaaS and traditional pentestingHow PTaaS supports fast-changing environmentsThe qualities of a trustworthy PTaaS provider Episode highlights:(00:00) Today's topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting startedConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/Proving Compliance and Security Effectiveness Through Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW's recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for […] The post Autonomous Hacking? This Startup May Have Just Changed Penetration Testing Forever appeared first on Shared Security Podcast.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin SearlePub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you're a C-suite executive, a seasoned cyber pro, or brand new to OT security, you'll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io https://www.linkedin.com/in/meeas/ Email: justin@controlthings.io Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards.In this episode, host Jara Rowe sits down with Anh Pham and Christina Annechino from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid.Key takeaways:Compliance frameworks and their pen test requirementsThe different types of penetration testingHow to prepare your environment for a successful pen testEpisode highlights:(00:00) Today's topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor (14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurityConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Christina Annechino's LinkedIn - @christinaannechinoConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395

Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Snehal Antani is an entrepreneur, technologist, and investor. He is the CEO and Co-founder of Horizon3, a cybersecurity company using AI to deliver Red Teaming and Penetration Testing as a Service. He also serves as a Highly Qualified Expert for the U.S. Department of Defense, supporting digital transformation and data initiatives for Special Operations. Previously, he was CTO and SVP at Splunk, held CIO roles at GE Capital, and began his career as a software engineer at IBM. Snehal holds a master's in computer science from Rensselaer Polytechnic Institute and a bachelor's from Purdue University, and he is the inventor on 16 patents.In this conversation, we discuss:Snehal Antani's path from software engineer to CEO, and how his father's quiet example of grit and passion continues to shape his leadership style.How a “LEGO blocks” approach to building skills prepared Snehal to lead, and why he believes leadership must be earned through experience.Why Horizon3 identifies as a data company, and how running more pen tests than the Big Four creates a powerful AI advantage.What “cyber-enabled economic warfare” looks like in practice, and how a small disruption in a supply chain can create massive global impact.How Horizon3 built an AI engine that hacked a bank in under 60 seconds, showing what's possible when algorithms replace manual testing.What the future of work looks like in the AI era, with a growing divide between those with specialized expertise and trade skills and those without.Resources:Subscribe to the AI & The Future of Work Newsletter: https://aiandwork.beehiiv.com/subscribe Connect with Snehal on LinkedIn: https://www.linkedin.com/in/snehalantani/ AI fun fact article: https://venturebeat.com/security/ai-vs-endpoint-attacks-what-security-leaders-must-know-to-stay-ahead/ On the New Definition of Work: https://podcasts.apple.com/us/podcast/dr-john-boudreau-future-of-work-pioneer-and/id1476885647?i=1000633854079 

We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

BONUS: AI and Cybersecurity - An Introduction to The Hidden Threats in Our Connected World with Dr. Eric Cole In this BONUS episode, we explore the evolving landscape of cybersecurity in the age of artificial intelligence. Dr. Eric Cole, a renowned cybersecurity expert and author of Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World, shares critical insights about how AI is transforming security strategies. From the privacy concerns of our always-connected devices to practical tips for protecting your business and personal information, this conversation offers essential knowledge for navigating our increasingly digital world. The Double-Edged Sword of AI in Cybersecurity "We are giving away our IP, our data, and our privacy. The data set is what gives value to AI." The rise of artificial intelligence presents both opportunities and serious risks in the cybersecurity landscape. Dr. Cole emphasizes that while many focus solely on AI's benefits, we often overlook the fact that we're surrendering vast amounts of our sensitive information, intellectual property, and private data to AI providers. This data becomes the foundation of AI's value and capabilities, creating a significant privacy concern that many organizations fail to properly address. As we embrace these new technologies, we must carefully consider what information we're willing to share and what safeguards should be in place. Modern Attack Vectors: The Human Element "Attacks today are mostly social engineering. We end up having to retrain people to not trust their email." Today's cybersecurity threats have evolved beyond traditional technical exploits to focus primarily on social engineering—manipulating people into compromising their own security. Dr. Cole explains that modern attackers increasingly target the human element, requiring organizations to fundamentally retrain employees to approach communications with healthy skepticism. Particularly concerning are mobile threats, as our phones constantly record audio and other personal data. Dr. Cole warns that "free" apps often come with a hidden price: your privacy and security. Understanding these attack vectors is essential for developing effective defense strategies in both personal and professional contexts. Cybersecurity as a Business Enabler "Security is not a barrier, not an obstacle. Cybersecurity is a business enabler." Dr. Cole challenges the common perception that security measures primarily restrict functionality and impede business operations. Instead, he reframes cybersecurity as a critical business enabler that should be integrated into strategic decision-making. Organizations need to make deliberate decisions about the tradeoffs between security and functionality, understanding that proper security measures protect business continuity and reputation. Dr. Cole particularly warns about supply chain attacks, which have become increasingly prevalent, and emphasizes that awareness is the foundation of any effective protection strategy. He recommends centralizing data for easier security management and advises that client devices should minimize storing sensitive data. Mobile Phones: The Ultimate Tracking Device "You don't go anywhere without your cell phone. Your cell phone is never more than a foot from you it's with you wherever you go... which means if somebody wants to track and monitor you they can." We often worry about theoretical tracking technologies while overlooking the sophisticated tracking device we voluntarily carry everywhere—our mobile phones. Dr. Cole points out the irony that people who would never accept being "chipped" for tracking purposes willingly keep their phones within arm's reach at all times. These devices record our locations, conversations, messages, and activities, creating a comprehensive digital trail of our lives. With access to someone's phone, anyone can trace their movements for months and access an alarming amount of personal information. This risk is compounded when we back up this data to cloud services, effectively giving third parties access to our most sensitive information. Understanding these vulnerabilities is the first step toward more mindful mobile security practices. Business Opportunities in the Security Space "We have too much information, too much data. How can we use that data effectively?" The cybersecurity landscape presents significant business opportunities, particularly in making sense of the overwhelming amount of security data organizations collect. Dr. Cole identifies data correlation and effective data utilization as key investment areas. Modern security systems generate vast quantities of logs and alerts, but transforming this raw information into actionable intelligence remains a challenge. Companies that can develop solutions to effectively analyze, correlate, and extract meaningful insights from security data will find substantial opportunities in the market, helping organizations strengthen their security posture while managing the complexity of modern threats. Essential Training for Security-Conscious Developers "Go for secure coding courses. This helps us understand how software can be exploited." For software developers looking to build more secure applications, Dr. Cole recommends focusing on penetration testing skills and secure coding practices. Understanding how software can be exploited from an attacker's perspective provides invaluable insights for designing more robust systems. By learning the methodologies and techniques used by malicious actors, developers can anticipate potential vulnerabilities and incorporate appropriate safeguards from the beginning of the development process. This proactive approach to security helps create applications that are inherently more resistant to attacks rather than requiring extensive security patches and updates after deployment. About Dr. Eric Cole Dr. Eric Cole is the author of "Cyber Crisis, Protecting Your Business from Real Threats in the Virtual World." He is a renowned cybersecurity expert with over 20 years of experience helping organizations identify vulnerabilities and build robust defense solutions against advanced threats. He has trained over 65,000 professionals worldwide through his best-selling cybersecurity courses and is dedicated to making cyberspace a safe place for all. You can link with Dr. Eric Cole on LinkedIn, or visit his company's website Secure-Anchor.com. 

Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

(00:00) - Introduction to Automotive Cybersecurity(06:18) - Tom Zaubermann's Journey in Cybersecurity(12:22) - The Intersection of Cybersecurity and Automotive(16:06) - Challenges in Automotive Cybersecurity Development(21:23) - The Role of Over-the-Air Updates(25:20) - Consumer Awareness and Best Practices in Cybersecurity(29:54) - Navigating Cybersecurity Vulnerabilities in Automotive(32:35) - The Role of Regulations in Automotive Cybersecurity(34:22) - Understanding Automotive Vulnerabilities(36:34) - Complexities of Car Hacking(40:07) - Consumer Awareness of Cybersecurity Risks(42:51) - Choosing Safe Vehicles in a Digital Age(48:56) - Engaging with SAE International for Cybersecurity EducationThis episode is part of a series brought to you by SAE International to explore the leading edge of mobility with the support of experts from industry & academia. Other episodes in this series include Episode 202, where we talked about the cyber threats to vehicles.You can learn more about the automotive cybersecurity courses Tom will be teaching in May HERE. Enjoyed listening to Tom? Want to hear more from him? Check out his links below:Tom's LinkedIn Become a founding reader of our newsletter: http://read.thenextbyte.com/ As always, you can find these and other interesting & impactful engineering articles on Wevolver.com.

Cybersecurity Year in Review: Future Challenges and Industry Insights Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the past year. Topics discussed include the increasing cyber threats to universities, healthcare systems, and critical infrastructure; the importance of proper cybersecurity measures and employee training; the complexities of adopting quantum-safe encryption protocols; and the impact of AI and shadow IT on cybersecurity. The panel concludes with actionable advice for improving organizational cybersecurity posture in the coming year. 00:00

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastIn this episode of Cyber Work Hacks, guest James Stanger from CompTIA dives into the PenTest+ certification. He explains the critical distinctions between pentesting and hacking and outlines the essential career skills involved in pentesting, such as network discovery, social engineering and vulnerability analytics. Viewers will also learn about hands-on activities to enhance their resumes and hear valuable advice for entering cybersecurity roles. The episode touches on adjacent career paths like GRC, threat hunting and vulnerability management while providing practical tips for preparing for the PenTest+ exam.00:00 - Introduction to PenTest+ certification01:02 - Overview of cybersecurity job market01:56 - Guest introduction: James Stanger from CompTIA02:33 - Deep dive into PenTest+ certification04:42 - Career paths with PenTest+ certification07:27 - Getting started in pentesting09:12 - Hands-on experience and practical tips10:58 - Study tips for PenTest+ exam11:34 - Conclusion and final thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Guest: Daisy Wong, Head of Security Awareness, MedibankOn LinkedIn | https://www.linkedin.com/in/daisywong127/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesKicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.Daisy's career journey, from earning a marketing degree to becoming Medibank's Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.The Power of Communication and Culture in CybersecurityDaisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today's cyber challenges.Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.Breaking Barriers and Building BridgesOne of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.Staying Ahead in an Evolving Threat LandscapeDaisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.Cybersecurity isn't just about systems and software—it's about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Craig Petronella, the Founder of Petronella Cybersecurity and Digital Forensics. The conversation touched on ways to tackle the cybersecurity talent gap and how to carve out a niche in IT/cybersecurity. Craig shared insights into the rise of international cybercrime, its impact on small businesses, and affordable steps small business owners can take to reduce cyber risks. With over two decades of experience, Craig discussed his approach at  his company, where he helps companies meet compliance standards and protect their data. Craig's expertise in security operations, managed services, and cloud security provides practical tips to strengthen defenses and keep businesses safe.Support the show