Method of evaluating computer and network security by simulating a cyber attack
POPULARITY
Der Digital Operational Resilience Act (DORA) verpflichtet alle Unternehmen des Finanzsektors, ihre IKT-Systeme und -Prozesse regelmäßig zu überprüfen. Dazu soll ein risikobasiertes, proportionales Testprogramm etabliert werden. Worauf Sie dabei achten sollten, welche grundlegenden Tests dazugehören und wann sich die Unterstützung durch Externe anbietet, darüber sprechen wir mit Alexandros Manakos, Cyber Security-Experte und Geschäftsführer von Apollon Security. Wir unterhalten uns außerdem über die erweiterten „Thread-Led Penetration Tests“, mit denen reale Cyber-Angriffe simuliert werden.
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395
Mengapa saya katakan Pentest itu "tidak ilmiah"? Silahkan simak sampai akhir ya.
On this episode of Compliance Unfiltered, Todd and Adam take an in depth look at the interesting arena of Penetration Testing. Curious about the difference between vulnerability scans and penetration testing? Wondering about the differences in approach to penetration testing? Fretting about how long it actually takes? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered!
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Snehal Antani is an entrepreneur, technologist, and investor. He is the CEO and Co-founder of Horizon3, a cybersecurity company using AI to deliver Red Teaming and Penetration Testing as a Service. He also serves as a Highly Qualified Expert for the U.S. Department of Defense, supporting digital transformation and data initiatives for Special Operations. Previously, he was CTO and SVP at Splunk, held CIO roles at GE Capital, and began his career as a software engineer at IBM. Snehal holds a master's in computer science from Rensselaer Polytechnic Institute and a bachelor's from Purdue University, and he is the inventor on 16 patents.In this conversation, we discuss:Snehal Antani's path from software engineer to CEO, and how his father's quiet example of grit and passion continues to shape his leadership style.How a “LEGO blocks” approach to building skills prepared Snehal to lead, and why he believes leadership must be earned through experience.Why Horizon3 identifies as a data company, and how running more pen tests than the Big Four creates a powerful AI advantage.What “cyber-enabled economic warfare” looks like in practice, and how a small disruption in a supply chain can create massive global impact.How Horizon3 built an AI engine that hacked a bank in under 60 seconds, showing what's possible when algorithms replace manual testing.What the future of work looks like in the AI era, with a growing divide between those with specialized expertise and trade skills and those without.Resources:Subscribe to the AI & The Future of Work Newsletter: https://aiandwork.beehiiv.com/subscribe Connect with Snehal on LinkedIn: https://www.linkedin.com/in/snehalantani/ AI fun fact article: https://venturebeat.com/security/ai-vs-endpoint-attacks-what-security-leaders-must-know-to-stay-ahead/ On the New Definition of Work: https://podcasts.apple.com/us/podcast/dr-john-boudreau-future-of-work-pioneer-and/id1476885647?i=1000633854079
Dreaming of becoming a penetration tester? Here's how to turn that dream into a job!Want to become a Penetration Tester but not sure where to start? This Podcast is your complete guide to launching a career in ethical hacking and offensive cybersecurity. Get insider tips on the skills you need, certifications to pursue (like CEH, OSCP, and more), and what hiring managers look for in penetration testers.Our experts share their real-world experiences, challenges, and proven strategies to help you break into the field with confidence. Whether you're a beginner or switching from another IT role, this roadmap is tailored just for you!
SCAMS, HACKING AND CYBERSECURITY The internet is a powerful tool connecting us in ways unimaginable just a few decades ago. However, it also harbors risks—cyber scams, cyber crimes, and hidden dangers lurking on the dark web. Hackers and cybercriminals exploit vulnerabilities to steal data, commit identity theft, and manipulate systems using social engineering. But how safe are we online? Should we avoid the digital world entirely? Not at all. Just like real-world dangers, we can navigate online security risks with the right tools and knowledge. This cybersecurity bible is the ultimate guide to protecting yourself in the digital landscape. Whether you're looking for cybersecurity for beginners, insights into cyber hacking and the law, or best cybersecurity books to improve your internet safety, this book equips you with practical tools and strategies. ABOUT THE AUTHOR May Brooks-Kempler is a cybersecurity expert whose career began in the 1990s, exploring the realms of game “cheats” and “hacks” on IRC chats. This early fascination led her through a distinguished journey in cybersecurity, from Penetration Testing to Security Architect and eventually a Chief Information Security Officer (CISO). Today, she is a highly sought-after strategic consultant, speaker, and mentor, known for her dynamic involvement in developing and promoting innovative cybersecurity initiatives and guiding startups. May's expertise and engaging delivery have made her a favorite at numerous speaking engagements, including a TEDx talk, keynotes, and commentator on critical cybersecurity issues. Her role as a podcaster further amplifies her reach, where she shares vital security insights with a global audience. As a member of the ISC2 Board of Directors, an authorized CISSP and HCISPP instructor, and co-author, May's dedication to advancing the cybersecurity profession is unmistakable. Her book, “Scams, Hacking and Cybersecurity – The Ultimate Guide to Online Safety and Privacy”, and her online courses, reflect her commitment to making the digital world a safer place for all, especially families, as underscored by her personal mission as a mother of three. Through her extensive experience and influential voice in the field, May Brooks-Kempler continues to shape the future of online safety, making her a pivotal figure in the world of cybersecurity education and advocacy. TOPICS OF CONVERSATION Evolution of Threats: Online scams have evolved from obvious phishing emails to sophisticated ads, fake profiles, and AI-generated content. Emotional Manipulation: Scammers rely on fear, urgency, and curiosity to trick people through social engineering. Online Safety Habits: Good habits like thinking before sharing, using password managers wisely, and enabling two-factor authentication are essential. Protecting Kids Online: Parents should teach children to think critically before posting and clicking to protect their privacy and safety. Responding to Cyber Incidents: If you suspect a hack, stay calm, assess the damage, and act quickly based on the importance of the compromised asset. LEARN MORE AND CONNECT WITH MAY BROOKS-KEMPLER: https://maybrooks.net/ https://www.linkedin.com/in/may-brooks-kempler https://www.instagram.com/may.brooks.kempler https://www.youtube.com/@CyberMAYnia https://new-may.framepro.io/guidebooks-and-resources
We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
www.iotusecase.com#MASCHINENBAU #SECURITY #PENETRATIONTEST #IOT-PLATTFORMIn der 165. Episode des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Michael Buchenberg, Head of IT Security bei XITASO, über die Absicherung vernetzter Produkte im industriellen Umfeld. Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X zeigt die Folge, wie Penetration Tests in der Praxis ablaufen, welche Angriffsvektoren im IoT-Kontext eine Rolle spielen und wie Konzepte wie DevSecOps und der Cyber Resilience Act die Entwicklung sicherer Lösungen beeinflussen.Folge 165 auf einen Blick (und Klick):(10:55) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(16:08) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien (22:02) Übertragbarkeit, Skalierung und nächste Schritte – So könnt ihr diesen Use Case nutzen Podcast ZusammenfassungWie sicher sind eigentlich meine digitalen Produkte im Feld? Diese Frage stellen sich viele Hersteller – spätestens, wenn es um vernetzte Maschinen, IoT-Plattformen oder Kundenportale geht. Genau darum geht es in dieser Podcastfolge mit Michael Buchenberg, Head of IT Security bei XITASO.Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X wird praxisnah aufgezeigt, wie Penetration Tests helfen, reale Schwachstellen frühzeitig zu identifizieren – etwa in Maschinen, Cloud-Anbindungen oder Standard-Schnittstellen wie OPC UA oder MQTT. Getestet wird unter realistischen Bedingungen: direkt an der Maschine im Shopfloor.Zentrale Herausforderungen:Historisch gewachsener Code (z. B. alte SPS-Programme), der nicht für Vernetzung entwickelt wurdeMangelnde Transparenz über Risiken im Gesamtsystem – von der Maschine bis zur CloudFehlendes Schwachstellenmanagement in der ProduktentwicklungSorgen von Endkunden beim Umgang mit sensiblen ProduktionsdatenLösungsansatz: Neben klassischem Penetration Testing spricht Michael über den Ansatz DevSecOps – also das frühzeitige Mitdenken von Sicherheit in der Software- und Produktentwicklung. Entscheidend ist dabei: Wer potenzielle Schwachstellen schon in der Architektur erkennt, spart Aufwand und Kosten in späteren Phasen.Regulatorische Relevanz:Mit dem Cyber Resilience Act und der NIS-2-Richtlinie wird Sicherheit zur Pflicht. Hersteller müssen künftig aktiv nach Schwachstellen suchen, Updates bereitstellen und Sicherheit über den gesamten Produktlebenszyklus sicherstellen.Die Folge liefert klare Best Practices und einen Realitätscheck für alle, die IoT-Lösungen entwickeln oder betreiben – insbesondere im Maschinen- und Anlagenbau, aber auch darüber hinaus.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Michael (https://www.linkedin.com/in/michael-buchenberg/)CELOS X Plattform (https://de.dmgmori.com/produkte/digitalisierung/celos-x)Post-Quanten-Kryptographie (https://xitaso.com/projekte/amiquasy-migration-zu-post-quanten-kryptographie/)Penetration Tests von Fräsmaschinen (https://xitaso.com/projekte/dmg-mori-penetration-test/?utm_source=iot.website&utm_medium=podcast&utm_campaign=iot.use.case)Jetzt IoT Use Case auf LinkedIn folgen
BONUS: AI and Cybersecurity - An Introduction to The Hidden Threats in Our Connected World with Dr. Eric Cole In this BONUS episode, we explore the evolving landscape of cybersecurity in the age of artificial intelligence. Dr. Eric Cole, a renowned cybersecurity expert and author of Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World, shares critical insights about how AI is transforming security strategies. From the privacy concerns of our always-connected devices to practical tips for protecting your business and personal information, this conversation offers essential knowledge for navigating our increasingly digital world. The Double-Edged Sword of AI in Cybersecurity "We are giving away our IP, our data, and our privacy. The data set is what gives value to AI." The rise of artificial intelligence presents both opportunities and serious risks in the cybersecurity landscape. Dr. Cole emphasizes that while many focus solely on AI's benefits, we often overlook the fact that we're surrendering vast amounts of our sensitive information, intellectual property, and private data to AI providers. This data becomes the foundation of AI's value and capabilities, creating a significant privacy concern that many organizations fail to properly address. As we embrace these new technologies, we must carefully consider what information we're willing to share and what safeguards should be in place. Modern Attack Vectors: The Human Element "Attacks today are mostly social engineering. We end up having to retrain people to not trust their email." Today's cybersecurity threats have evolved beyond traditional technical exploits to focus primarily on social engineering—manipulating people into compromising their own security. Dr. Cole explains that modern attackers increasingly target the human element, requiring organizations to fundamentally retrain employees to approach communications with healthy skepticism. Particularly concerning are mobile threats, as our phones constantly record audio and other personal data. Dr. Cole warns that "free" apps often come with a hidden price: your privacy and security. Understanding these attack vectors is essential for developing effective defense strategies in both personal and professional contexts. Cybersecurity as a Business Enabler "Security is not a barrier, not an obstacle. Cybersecurity is a business enabler." Dr. Cole challenges the common perception that security measures primarily restrict functionality and impede business operations. Instead, he reframes cybersecurity as a critical business enabler that should be integrated into strategic decision-making. Organizations need to make deliberate decisions about the tradeoffs between security and functionality, understanding that proper security measures protect business continuity and reputation. Dr. Cole particularly warns about supply chain attacks, which have become increasingly prevalent, and emphasizes that awareness is the foundation of any effective protection strategy. He recommends centralizing data for easier security management and advises that client devices should minimize storing sensitive data. Mobile Phones: The Ultimate Tracking Device "You don't go anywhere without your cell phone. Your cell phone is never more than a foot from you it's with you wherever you go... which means if somebody wants to track and monitor you they can." We often worry about theoretical tracking technologies while overlooking the sophisticated tracking device we voluntarily carry everywhere—our mobile phones. Dr. Cole points out the irony that people who would never accept being "chipped" for tracking purposes willingly keep their phones within arm's reach at all times. These devices record our locations, conversations, messages, and activities, creating a comprehensive digital trail of our lives. With access to someone's phone, anyone can trace their movements for months and access an alarming amount of personal information. This risk is compounded when we back up this data to cloud services, effectively giving third parties access to our most sensitive information. Understanding these vulnerabilities is the first step toward more mindful mobile security practices. Business Opportunities in the Security Space "We have too much information, too much data. How can we use that data effectively?" The cybersecurity landscape presents significant business opportunities, particularly in making sense of the overwhelming amount of security data organizations collect. Dr. Cole identifies data correlation and effective data utilization as key investment areas. Modern security systems generate vast quantities of logs and alerts, but transforming this raw information into actionable intelligence remains a challenge. Companies that can develop solutions to effectively analyze, correlate, and extract meaningful insights from security data will find substantial opportunities in the market, helping organizations strengthen their security posture while managing the complexity of modern threats. Essential Training for Security-Conscious Developers "Go for secure coding courses. This helps us understand how software can be exploited." For software developers looking to build more secure applications, Dr. Cole recommends focusing on penetration testing skills and secure coding practices. Understanding how software can be exploited from an attacker's perspective provides invaluable insights for designing more robust systems. By learning the methodologies and techniques used by malicious actors, developers can anticipate potential vulnerabilities and incorporate appropriate safeguards from the beginning of the development process. This proactive approach to security helps create applications that are inherently more resistant to attacks rather than requiring extensive security patches and updates after deployment. About Dr. Eric Cole Dr. Eric Cole is the author of "Cyber Crisis, Protecting Your Business from Real Threats in the Virtual World." He is a renowned cybersecurity expert with over 20 years of experience helping organizations identify vulnerabilities and build robust defense solutions against advanced threats. He has trained over 65,000 professionals worldwide through his best-selling cybersecurity courses and is dedicated to making cyberspace a safe place for all. You can link with Dr. Eric Cole on LinkedIn, or visit his company's website Secure-Anchor.com.
Are you passionate about ethical hacking and cybersecurity? Want to break into the exciting world of Red Teaming and Penetration Testing? In this episode of the InfosecTrain podcast, our experts guide you through everything you need to know to start and grow a career in these advanced cybersecurity domains.
Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Cybersecurity Response Plan w/ Frank Grimmelmann of ACTRA - AZ TRT S06 EP03 (264) 2-9-2025 What We Learned This Week ACTRA Arizona Cyber Threat Response Alliance Cyber threats affect everyone from Gov't to business to private and growing Companies need to be responsive with speed to be effective + share information of attacks ACTRA has members from both government and private sector ACTRA helped create a state cybersecurity response model that other states can use Guest: Frank Grimmelmann https://www.actraaz.org/actra/leadership President & CEO/Intelligence Liaison Officer Mr. Grimmelmann also serves as Co-Chair (together with Arizona's Chief Information Security Officer) for the Arizona Cybersecurity Team (‘ACT'), created through the Governor's Executive Order signed in March 2018. He also serves as a Founding Member of the National Leadership Group for the Information Sharing & Analysis Organization Standards Organization (‘ISAO SO') at the University of Texas San Antonio (UTSA), created under the President's Executive Order 13691 in February 2015. As ACTRA's leader, Mr. Grimmelmann was invited as the first private sector representative in the Arizona Counter Terrorism Information Center (ACTIC) and served as its first private sector Executive Board representative from 2014-2019. He presently acts as ACTRA's designated private sector liaison to ACTRA's Key Agency and other non-Member Stakeholders. Mr. Grimmelmann served four terms as AZ InfraGard's President from 2009-2012, serves today on numerous academic advisory boards, co-Chairs the Greater Phoenix Chamber's Cybersecurity Workforce Collaborative initiative, and is an engaged Member of the Arizona Technology Council's Cybersecurity Advisory Board. In 2019, Mr. Grimmelmann was honored by the FBI, and the Board of Directors of both ACTRA and Arizona InfraGard as the first recipient of Arizona InfraGard's ‘Visionary Award' for creating the ACTRA framework over his last 2 terms as Arizona InfraGard's President, and ACTRA's resulting collaboration between law enforcement/ intelligence agencies/USCYBERCOM, and its public, private and academic organizations over the past 7 years. He was simultaneously recognized by the FBI's then Deputy Director for his contribution over the years. He remains an active Member of InfraGard since 2003 and an active Lifetime Member of the FBI Citizens Academy since 2006. Since 2002 he has devoted his full-time attention to protecting our nation's critical infrastructure and national security interests, through eliminating unnecessary silos that hinder communication, allowing us to respond to today's increasing threat from our cyber adversaries, and in turn permitting ACTRA's Member Organizations to protect their critical infrastructure and our national security interests, while protecting their organization's assets . Educationally, he holds a dual MBA in International Business and Finance from the University of California at Berkeley and brings decades of experience as a senior executive in finance, healthcare and government, prior to focusing on Cybersecurity in response to 9/11. Notes: Seg 2 Cyber threats affect everybody, business, personal, and government. Cyber crime is a fact of life that we need to live with it, but stay ahead. Criminals are on the offense and only have to be correct 1% of the time. Everybody else is playing defense and has to be right 100% of the time. AI is an advanced tool that is turned out to be a two edge sword, can help and hurt. AI can only catch so much but can give a few of what is going on. This is a matter of national security, dealing with homeland security and many other departments of the government. You have threat intelligence to determine roles on how you're going to handle hackers and ransom ware. Hackers can be local or foreign. All companies need a cyber policy and some sort of rapid tactical response. Cyber attacks are an ever growing threat to people and businesses, and continue to surge in 2024. There was 107% surge in malware attacks. These are on corporate computers, computers at work or home computers or even Home devices like Ring. You get a text through devices, phishing attacks. Company business email can be compromised in an attack, people's passwords come out and it leads to millions of dollars in losses. Elderly people are very vulnerable, 353,000 attacks. You have supply chain threats by terrorist and nation state actors. There was a recent attack on United Healthcare for 100 million. People‘s information was exposed. This led to a $22 million ransom payment. Cyber attacks cause $2.9 billion in damages. Companies are paying ransom to faceless criminals. Very tough for the FBI to be tracking down on these criminals and try to fend off the extortion of stolen data. Payments for ransom could be made through Bitcoin, which is difficult to trace, though it leaves somewhat of a forensic trail. Constant need for regulation and oversight from the government. Famous incident last year was not even an attack, but the Crowdstrike software update. ACTRA had a quick response that day. One that helps clients and partners recover fast. In a similar instant, Delta was down for weeks with computer problems. When you think about what goes on with banks back to 2008 - what loans they have on balance sheet and then off balance sheet securitized - not regulated like normal loans. Issues with underwriting standards on loans. Not even sure what can be affected in a Cyber attack. Off balance sheet loans and debt is similar to crypto or Bitcoin where it is not being regulated. PPD-41 was a directive to show responsibilities of government agencies and dealing in cyber. You had homeland security as a defensive arm to protect the nation's assets. Enforcement is done in the US by the FBI. Overseas it's done by US Cyber Command. Seg 3 Frank background in the 1990s in private business, worked in healthcare. Then was the chief info officer and the only 2000s at clinical in Stanford. Healthcare is very vulnerable. Post 9/11 he worked with FBI outreach program called InfraGuard on how to share intelligence with cyber threats. Needs to be treated like terrorism or criminal acts, though they're taking stolen IP. Need to move to a more stable world. 2011 study was done by government organizations to review the process and make recommendations on how to deal with counterterrorism and cyber. 90% of the critical infrastructure in the US is in the private sector. They do need Fed level help, but have also have a local response. Cyber threat actors move quickly and act like a terrorist organization. General Stanley McChrystal had a great quote, ‘It takes a network to defeat a network.' Cybersecurity is everyone's problem. You need education and organization. This is a 5th generation problem and you have to be adaptive. ACTRA is a nonprofit dealing with cyber security. They've got pillars of empowerment, trust technology and intelligence. Need for the private companies to develop to train and recruit to handle this threat. They created a model which allows to bring the fight on offense - and all work together sharing information. Virtual response team, small and big with the private sector as a partner. ACTRA is a hub for info, and keeps its member information private. Some members are public like Arizona State. Actual model can be used for the rest of the nation. Government and private cannot do it alone. Not all states have this type of organization, but probably need it. Seg 4 ACTRA started in January 2013. Give U.S. states a model for cyber security. Collective defense and share information with public and private organizations. The goal is to breakdown silos between government and the corporate world. Not just a thing tank, has an active model. Review of ACTRA model is best in the country and a good hub for response and info. In 2015, they helped Wisconsin create their own state organization for cyber threats. Soon after, Maryland created one using ACTRA as a model. Needs to be an effort of collaboration, merge the construct of entrepreneur spirit to take action. So the government cyber threats are handled nationally at a Fort Meade, where the NSA is. Frank's background in business in finance and healthcare fields. Info is useless if not used for action. You need actionable intelligence that is current to take down a threat. You need more than continuing education and certificates for people, must go beyond this. Virtual response team like a local militia who can help protect assets. Going after cyber criminals can be a little bit like a whack a mole. Overtime, hopefully there will be a national strategy for info sharing. A type of decentralized and local organization that work with government. The private sector owns the vast amount of data so they have to determine who they're going to share it with and how. Defend vs Cyber fast while still working within the spirit of the law. Seg. 1 Clips from Related Shows: Cybersecurity, Disruption, Blockchain & Terrorism w Ari Redbord of TRM Labs - BRT S02 EP31 (78) 8-1-2021 What We Learned This Week Cybersecurity is extremely important industry for national security TRM Labs startup in cyber-security, monitors blockchain OFAC - Gov't administers economic and trade sanctions Ransomeware – specific breach, takeover of a computer system, holds data hostage Programatic Money Laundering – bad guys create new addresses, create ‘shell' companies Guest: Ari Redbord, Head of Legal and Government Affairs w/ TRM Labs https://www.linkedin.com/in/ari-redbord-4054381b4/ https://www.trmlabs.com/post/trm-labs-appoints-ari-redbord-as-head-of-legal-government-affairs Ari is formerly a US Attorney, and worked in the Treasury Department, now advises the Government on cybersecurity, and Blockchain. Cybersecurity is a fast growing and extremely important industry for national security, and corporate interests. There are Nation States acting as bad players in the cyber realm and targeting the US Government and US business. We discuss the advancements in technology on cyber crime, blockchain, crypto, and online fraud. How is the FBI dealing with Ransomware, and other cyber attacks on prime targets like the Colonial Pipeline, or other big corps. What Regulations are coming in banking, and Fintech, with KYC (Know Your Customer), plus the big banks like JP Morgan Chase and Goldman are on board. What the blockchain ledger can help solve in security, to monitor criminal activity in real time with the help of crypto exchanges like Coinbase. Lastly, what TRM Labs does for clients, how they advise, operate, and who they work with. Full Show: HERE Phishing, Malware & Cybersecurity - Try Not to Get Pwned - BRT S02 EP47 (94) 11-21-2021 What We Learned This Week: Have I been Pwned? Means have I been breached / hacked – did someone hack my email or website Phishing – most common type of email threat, like when you receive a strange email with a link – Do Not Open – DELETE (and alert other office staff of the email) Ramsonware – hack your website, or data – hold it hostage for an extortion ‘ransom' payment Dark Web – where stolen data, & info is being bought & sold VPN Connections – direct and secure Guests: Vince Matteo, Seven Layer Networks, Inc. https://sevenlayers.com/ Vince Matteo is a certified penetration tester, a security researcher, and a senior consultant at Seven Layers (.com) where he focuses on securing small businesses. Vince is the author of "Hacking 101 – A Beginner's Guide to Penetration Testing", he's a bug bounty hunter with 17 published critical vulnerabilities, and he's presented talks on offensive hacking at security conferences -- most recently GrrCON in Grand Rapids, MI and BSides in College Station, TX. Outside of work, Vince is an accomplished endurance athlete, an Ironman age group champion, and in his spare time, you can find him in the desert -- training for the next hundred-mile ultramarathon. Full Show: HERE Biotech Shows: https://brt-show.libsyn.com/category/Biotech-Life+Sciences-Science AZ Tech Council Shows: https://brt-show.libsyn.com/size/5/?search=az+tech+council *Includes Best of AZ Tech Council show from 2/12/2023 Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT Thanks for Listening. Please Subscribe to the AZ TRT Podcast. AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business. AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving. Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more… AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/ Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.
(00:00) - Introduction to Automotive Cybersecurity(06:18) - Tom Zaubermann's Journey in Cybersecurity(12:22) - The Intersection of Cybersecurity and Automotive(16:06) - Challenges in Automotive Cybersecurity Development(21:23) - The Role of Over-the-Air Updates(25:20) - Consumer Awareness and Best Practices in Cybersecurity(29:54) - Navigating Cybersecurity Vulnerabilities in Automotive(32:35) - The Role of Regulations in Automotive Cybersecurity(34:22) - Understanding Automotive Vulnerabilities(36:34) - Complexities of Car Hacking(40:07) - Consumer Awareness of Cybersecurity Risks(42:51) - Choosing Safe Vehicles in a Digital Age(48:56) - Engaging with SAE International for Cybersecurity EducationThis episode is part of a series brought to you by SAE International to explore the leading edge of mobility with the support of experts from industry & academia. Other episodes in this series include Episode 202, where we talked about the cyber threats to vehicles.You can learn more about the automotive cybersecurity courses Tom will be teaching in May HERE. Enjoyed listening to Tom? Want to hear more from him? Check out his links below:Tom's LinkedIn Become a founding reader of our newsletter: http://read.thenextbyte.com/ As always, you can find these and other interesting & impactful engineering articles on Wevolver.com.
In Episode S7E3, the discussion features Marko Simenov, CEO of Plainsea, who talks about the company's innovative augmented penetration testing platform. Marko explains the origins of Plainsea, its unique features, and its benefits to both pen-testing companies and their clients, including time and cost savings, continuous testing capabilities, and improved efficiency. The conversation also covers Plainsea's integration with various industries, compliance requirements, and other cybersecurity software, as well as its potential for future development based on user feedback and market demands.
Digital Trust in the Age of AIHear from Aaron Shilts, CEO of NetSPI, as he sits down with Nabil Hannan, NetSPI Field CISO and host of Agent of Influence, to explore NetSPI's evolution and cyber predictions for 2025. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Cybersecurity Year in Review: Future Challenges and Industry Insights Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the past year. Topics discussed include the increasing cyber threats to universities, healthcare systems, and critical infrastructure; the importance of proper cybersecurity measures and employee training; the complexities of adopting quantum-safe encryption protocols; and the impact of AI and shadow IT on cybersecurity. The panel concludes with actionable advice for improving organizational cybersecurity posture in the coming year. 00:00
summaryIn this episode, the conversation begins with a significant data breach at Star Health Insurance, affecting over 31 million individuals. The discussion delves into the complexities of insider threats, particularly focusing on the alleged involvement of the company's CISO. The episode transitions to an introduction of Dr. Sunny Ware, a web application penetration tester, who shares her journey from software development to cybersecurity. Dr. Sunny discusses her role in penetration testing, the importance of understanding application logic, and the use of AI in her work. The episode concludes with a lifestyle polygraph segment, where Dr. Sunny shares personal insights and experiences, emphasizing the importance of mentorship in cybersecurity. takeawaysStar Health Insurance experienced a major data breach affecting millions.Insider threats are predicted to be a significant risk in 2025.Dr. Sunny Ware transitioned from software development to cybersecurity.Understanding application logic is crucial in penetration testing.AI can be a valuable tool in penetration testing.Bug bounty programs offer focused opportunities for security testing.Mentorship is important for the next generation of cybersecurity professionals.Dr. Sunny emphasizes the creativity involved in coding and security.Vulnerability disclosure programs differ from bug bounty programs.Dr. Sunny's passion for teaching and sharing knowledge is evident.titlesThe Star Health Insurance Data Breach: A Deep DiveInsider Threats: The New Face of Cybersecurity RisksMeet Dr. Sunny Ware: A Cybersecurity TrailblazerThe Art of Penetration Testing with Dr. SunnyExploring AI's Role in Cybersecuritysound bites"Star Health Insurance suffered a significant data security incident.""There's a hacker and then there's this kind of cool insider twist.""The alleged hackers claimed that Star Health's CISO facilitated the breach.""Insider threats are going to be the risk to prepare for in 2025.""I came from very humble beginnings.""I think coding is like making a painting on a blank canvas.""I want to capitalize on the experience I already have in web API.""I use AI almost every day on every pen test.""I actively do bug hunting.""I want to make sure that if there's anything I can share to help."chapters00:00 Data Breach at Star Health Insurance06:06 Insider Threats and Whistleblowers07:05 Introduction to Dr. Sunny Ware30:14 Dr. Sunny's Career Path and Penetration Testing37:00 Lifestyle Polygraph with Dr. Sunny48:55 Key Takeaways and Closing Thoughts
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastIn this episode of Cyber Work Hacks, guest James Stanger from CompTIA dives into the PenTest+ certification. He explains the critical distinctions between pentesting and hacking and outlines the essential career skills involved in pentesting, such as network discovery, social engineering and vulnerability analytics. Viewers will also learn about hands-on activities to enhance their resumes and hear valuable advice for entering cybersecurity roles. The episode touches on adjacent career paths like GRC, threat hunting and vulnerability management while providing practical tips for preparing for the PenTest+ exam.00:00 - Introduction to PenTest+ certification01:02 - Overview of cybersecurity job market01:56 - Guest introduction: James Stanger from CompTIA02:33 - Deep dive into PenTest+ certification04:42 - Career paths with PenTest+ certification07:27 - Getting started in pentesting09:12 - Hands-on experience and practical tips10:58 - Study tips for PenTest+ exam11:34 - Conclusion and final thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Guest: Daisy Wong, Head of Security Awareness, MedibankOn LinkedIn | https://www.linkedin.com/in/daisywong127/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesKicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.Daisy's career journey, from earning a marketing degree to becoming Medibank's Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.The Power of Communication and Culture in CybersecurityDaisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today's cyber challenges.Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.Breaking Barriers and Building BridgesOne of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.Staying Ahead in an Evolving Threat LandscapeDaisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.Cybersecurity isn't just about systems and software—it's about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Guest: Daisy Wong, Head of Security Awareness, MedibankOn LinkedIn | https://www.linkedin.com/in/daisywong127/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesKicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.Daisy's career journey, from earning a marketing degree to becoming Medibank's Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.The Power of Communication and Culture in CybersecurityDaisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today's cyber challenges.Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.Breaking Barriers and Building BridgesOne of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.Staying Ahead in an Evolving Threat LandscapeDaisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.Cybersecurity isn't just about systems and software—it's about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.In this episode our special guest is Mark Spears.Mark is currently a Principal Security Consultant at Solis Security. Having fulfilled significant time as a network defender and vCISO dealing with writing and testing InfoSec Programs and dealing with auditors and endless reporting, he has now re-focused his time on Penetration Testing to get his fill of offensive security operations. So Red Pill or Blue Pill?A lot of his most recent education and skill focus has been on helping companies with their Web Application security through Secure-SDLC practices including configuration of Web Application Firewalls and Zero Trust solutions. When not enjoying his work at Solis Security, he can be found practicing physical security, lock picking, social engineering, or hardware hacking. Or, out on a Harley Davidson!
In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Seth (@sethlaw) and Ken (@cktricky) return for an in-depth discussion on penetration testing expectations, driven by recent posts and slack activity from Andrew Wilson. Essentially, certain clients expect that a single penetration test finds everything possible, whether or not those expectations are appropriate. The duo expounds on their experience with similar expectations and how its affected their respective careers and organizations. A followup on threat modeling and a new approach being coined as Attack Modeling.
In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.Learn more about IS Partners: https://itspm.ag/isparto2jkNote: This story contains promotional content. Learn more.Guests: Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/ian-terry/Robert Godard, Partner, IS Partners [@ISPartnersLLC]On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/ResourcesLearn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partnersLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Craig Petronella, the Founder of Petronella Cybersecurity and Digital Forensics. The conversation touched on ways to tackle the cybersecurity talent gap and how to carve out a niche in IT/cybersecurity. Craig shared insights into the rise of international cybercrime, its impact on small businesses, and affordable steps small business owners can take to reduce cyber risks. With over two decades of experience, Craig discussed his approach at his company, where he helps companies meet compliance standards and protect their data. Craig's expertise in security operations, managed services, and cloud security provides practical tips to strengthen defenses and keep businesses safe.Support the show
A big part of cybersecurity planning involves penetration testing. That in turn requires management of the thousands, sometimes hundreds of thousands, of end-point devices on your network. Each one can be a source of unwanted network penetration. I discussed this in detail with the lead penetration tester for the department of computing security at the Rochester Institute of Technology, Rob Olson. Learn more about your ad choices. Visit podcastchoices.com/adchoices
A big part of cybersecurity planning involves penetration testing. That in turn requires management of the thousands, sometimes hundreds of thousands, of end-point devices on your network. Each one can be a source of unwanted network penetration. I discussed this in detail with the lead penetration tester for the department of computing security at the Rochester Institute of Technology, Rob Olson. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
BreachLock is Recognized as a Prominent Vendor in both PTaaS and EASM Categories in the 2024 Gartner® Hype Cycle™ for Security Operations. Learn more about our sponsor BreachLock at https://www.breachlock.com. For more on cybersecurity, visit us at https://cybersecurityventures.com
Can you pen test yourself? Paula Januszkiewicz says yes! Richard talks to Paula about taking an active role in understanding your organization's security vulnerabilities. Paula talks about the low-hanging fruit she often finds as a professional penetration tester - typically on poorly maintained infrastructure like PKI servers. The conversation digs into tooling you can use to find vulnerabilities - just make sure you trust the source of those tools. Not everyone is a good guy in open source! And, of course, there's always a time to bring in professionals to do a deeper level of testing. Don't wait until the breach happens to take some action!LinksCqurePenetration TestingGitHub Secrets ScanningHaveIBeenPwnedRecorded August 22, 2024
This week, Joe welcomes Glenn Howard, a seasoned cyber operations professional and XP League franchisee. Glenn served in the Air Force for 21 years and continues to support the military as a DevSecOps Engineer contractor. In this episode, Glenn shares the story of his transition from military service to civilian life. He reveals how his pre-retirement planning and strategic use of military education benefits paved the way for a successful career change. Glenn's passion for entrepreneurship led him to explore business opportunities centered around education. He explains his decision to choose a franchise model, specifically the XP League, which provides a positive and social gaming environment for children. With 68 locations across the USA and Canada, XP League connects young people to the exciting world of esports. Discover Glenn's investment in his XP League franchise, his ambitious goals, and his insights on business growth. Don't miss this inspiring episode of Veteran On the Move! About Our Guest Glenn Howard is a DevSecOps Engineer & Technical Program Leader with Omni Federal. As a DevSecOps Engineer, he builds and deploys cloud infrastructure and services. He also designs and builds features for implementation in production systems that directly support the warfighter in cyberspace. He is a retired Air Force veteran who served in various leadership roles at the squadron, detachment, brigade, joint special operations and numbered Air Force levels. Glenn was elected President of the San Antonio Chapter of ISC(2) which supports thousands of cybersecurity and IT practitioners in one of the largest cyber-hubs 2nd only to Washington DC. He holds a Masters of Science in Cybersecurity & Penetration Testing and range of professional certifications: He has an extensive background in cybersecurity, national-level intelligence & cyber operations and has conducted offensive and defensive cyber operations worldwide. Glenn also teaches as a professor of cybersecurity at multiple universities online and in-residence and owns and operates his own youth esports business, where he promotes positive gaming and STEM learning in a safe and supportive space for kids. About Our Sponsors Navy Federal Credit Union Buying a home can be overwhelming these days , but from start to finish, Navy Federal Credit Union's new Home Buying Center has everything you need to get to closing with confidence, like: -Verified Preapproval—A preapproval shows sellers you're a serious buyer, potentially giving you a competitive advantage when making an offer. -RealtyPlus—Connects you with an agent for continued support every step of the way. -Lock and Shop—Lets you lock in your interest rate for up to 60 days while you shop. -No-Refi Rate Drop—Gives you peace of mind to buy now, knowing that if interest rates fall, you could decrease your rate without having to refinance for a small $250 fee. If you're overwhelmed by shopping for a new home, Navy Federal's new Home Buying Center has solutions for every step of the process. Learn more here. At Navy Federal, our members are the mission. Join the conversation on Facebook! Check out Veteran on the Move on Facebook to connect with our guests and other listeners. A place where you can network with other like-minded veterans who are transitioning to entrepreneurship and get updates on people, programs and resources to help you in YOUR transition to entrepreneurship. Want to be our next guest? Send us an email at interview@veteranonthemove.com. Did you love this episode? Leave us a 5-star rating and review! Download Joe Crane's Top 7 Paths to Freedom or get it on your mobile device. Text VETERAN to 38470. Veteran On the Move podcast has published 500 episodes. Our listeners have the opportunity to hear in-depth interviews conducted by host Joe Crane. The podcast features people, programs, and resources to assist veterans in their transition to en...
In this episode we revisiting last week's topic of cybersecurity and mental health – this time, looking at how our mental health state affects our ability to be able to make good cybersecurity decisions. To break down this important topic, we're joined once again by Catherine Knibbs, a Psychotherapist and specialist in online harms.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guest: https://www.childrenandtech.co.uk/ Sources and statistics cited in this episode: 90% of employees could make data errors that open up cyber risk: https://www.tessian.com/research/the-psychology-of-human-error/ Cost of organizational cyberattacks: https://www.statista.com/statistics/1324063/cost-of-data-breaches-in-financial-industry-worldwide/New test of AI's ability to think like a human: https://www.safe.ai/blog/humanitys-last-examCatherine has a new book out in October 2024 – ‘Managing your social media and gaming habits'. Find out more: https://www.childrenandtech.co.uk/
Tech behind the Trends on The Element Podcast | Hewlett Packard Enterprise
In this episode we revisiting last week's topic of cybersecurity and mental health – this time, looking at how our mental health state affects our ability to be able to make good cybersecurity decisions. To break down this important topic, we're joined once again by Catherine Knibbs, a Psychotherapist and specialist in online harms.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guest: https://www.childrenandtech.co.uk/ Sources and statistics cited in this episode: 90% of employees could make data errors that open up cyber risk: https://www.tessian.com/research/the-psychology-of-human-error/ Cost of organizational cyberattacks: https://www.statista.com/statistics/1324063/cost-of-data-breaches-in-financial-industry-worldwide/New test of AI's ability to think like a human: https://www.safe.ai/blog/humanitys-last-examCatherine has a new book out in October 2024 – ‘Managing your social media and gaming habits'. Find out more: https://www.childrenandtech.co.uk/
In this episode we are looking at a topic which we could spend a whole lot longer than one episode on, so we're going to make it a two-parter - cybersecurity and mental health. We'll be looking at two aspects in particular - why our health data is particularly vulnerable and of interest to criminals, and how our mental health state affects our ability to be able to make good cybersecurity decisions. In this episode, we'll be discussing the first part of the equation with Catherine Knibbs, a Psychotherapist and specialist in online harms.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guest, Catherine Knibbs: https://www.childrenandtech.co.uk/ Sources and statistics cited in this episode: Mental health data more valuable than credit card data on the dark web: https://kevincurran.org/security/patient-data-10-15-times-more-valuable-than-credit-card-data/Statistics on compromised health records: https://pubmed.ncbi.nlm.nih.gov/36580326/Cybersecurity: a critical priority for digital mental health, published in the journal Frontiers in Digital Health: https://www.frontiersin.org/journals/digital-health/articles/10.3389/fdgth.2023.1242264/full#B3 Neanderthal and human social mixing: https://www.nature.com/articles/s41598-024-70206-y
Tech behind the Trends on The Element Podcast | Hewlett Packard Enterprise
In this episode we are looking at a topic which we could spend a whole lot longer than one episode on, so we're going to make it a two-parter - cybersecurity and mental health. We'll be looking at two aspects in particular - why our health data is particularly vulnerable and of interest to criminals, and how our mental health state affects our ability to be able to make good cybersecurity decisions. In this episode, we'll be discussing the first part of the equation with Catherine Knibbs, a Psychotherapist and specialist in online harms.This is Technology Now, a weekly show from Hewlett Packard Enterprise. Every week we look at a story that's been making headlines, take a look at the technology behind it, and explain why it matters to organizations and what we can learn from it. Do you have a question for the expert? Ask it here using this Google form: https://forms.gle/8vzFNnPa94awARHMA About this week's guest, Catherine Knibbs: https://www.childrenandtech.co.uk/ Sources and statistics cited in this episode: Mental health data more valuable than credit card data on the dark web: https://kevincurran.org/security/patient-data-10-15-times-more-valuable-than-credit-card-data/Statistics on compromised health records: https://pubmed.ncbi.nlm.nih.gov/36580326/Cybersecurity: a critical priority for digital mental health, published in the journal Frontiers in Digital Health: https://www.frontiersin.org/journals/digital-health/articles/10.3389/fdgth.2023.1242264/full#B3 Neanderthal and human social mixing: https://www.nature.com/articles/s41598-024-70206-y
Seemant Seghal is founder & CEO of BreachLock, a global leader in Penetration Testing as a Service (PTaaS) that serves over 900 clients in more than 20 countries, has been working with chief information security officers (CISOs) for 20 years. Learn more about BreachLock at https://breachlock.com. For more on cybersecurity, visit us at https://cybersecurityventures.com/
A Hacker's Perspective on Vulnerable Civic Infrastructure In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments. 00:00 Introduction and Context 00:18 Meet the Expert: Nick Aleks 00:51 A Hacker's Perspective on City Infrastructure 03:20 Penetration Testing and Vulnerabilities 04:26 Targeting Civic Infrastructure 20:30 Smart Buildings and IoT Security 25:12 Defensive Strategies and Collaboration 32:29 The Role of AI in Security 35:06 Conclusion and Final Thoughts
In today's episode, we'll hear from Craig Jeffery on pentests. What are they, who performs them, and why are they vital for cyber security? Listen in to learn more.
Join us in this powerful episode of the Legacy Leaders Show as we welcome Frank Victory, a seasoned IT and cybersecurity expert with over two decades of experience. Frank's career spans hands-on technical roles to strategic leadership, with expertise in Blue Teams, Red Teams, Penetration Testing, and Incident Response.Frank will share his unique insights into how vulnerability in leadership can lead to transformative opportunities for companies, particularly in the fast-evolving field of cybersecurity.In this episode, we discussed:How vulnerability, both personal and organizational, can be leveraged as a strengthHow could CroudStrike avoid the problem that paralyzed half of the world and what is the aftermath of the 2024 incidentThe transformation that leaders must embrace to navigate cybersecurity threats and evolving technology landscapesHow transformation is affecting talent and teams, reshaping how leaders recruit, develop, and retain skilled professionals in a highly competitive environmentThe opportunities presented by cybersecurity challenges and how leaders can make more effective decisions in an increasingly digital worldFrank's dedication to giving back through education and his work with OWASP Denver shows his commitment to building more robust, secure communities. Tune in for a deep dive into leadership, cybersecurity and the path to more impactful leadership.
The party has successfully entered a series of tunnels beneath Cursed Cove. Although they survived a..."meeting" with Veritas, they also discovered the tunnels connect to the House of Violets
In this episode, Ron sits down at Black Hat with guest Seemant Sehgal, Founder & CEO of BreachLock, to learn more about how offensive security, such as red teaming and pen testing, fits into the cyber ecosystem. Seemant highlights how his background as a practitioner has helped him better understand the pain points that customers feel and assist them in making the most of their budget. Impactful Moments: 00:00 - Welcome 00:50 - Introducing Guest, Seemant Sehgal 02:47 - Penetration Testing vs Red Teaming 05:22 - What A Hacker Wants 06:17 - From our Sponsor, BreachLock 07:35 - There's Always A ‘Low Hanging Fruit' 08:49 - Trusted Partners 10:49 - Closing Doors On Hackers 13:08 - Advice to Entrepreneurs: Knowing Your ‘Why' Links: Connect with our guest, Seemant Sehgal: https://www.linkedin.com/in/s-sehgal/ Check out BreachLock: https://www.breachlock.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Esben Friis-Jensen is the Co-Founder and Chief Growth Officer at Userflow, the fastest way for user onboarding for modern SaaS businesses. He is also the Co-Founder and Adviser at Cobalt, a modern application security platform enabling businesses to run on-demand Penetration Testing and vulnerability assessments - Pentest as a Service. The goal of this episode is to accelerate learning while transitioning from sales-led to product-led. Esben will talk about the whole transition: What other leaders are doing in this transition and what mistakes they make to avoid doing it again. Show Notes [01:09] A brief background about Esben [03:38] His thoughts when they started the product-led movement [07:11] Reasons why they started out as more sales-led [11:15] The challenges they experienced along the way [15:40] How they fostered organizational change [18:55] The process they went through to get the rest of the team onboard [23:32] How they got buy-in from the teams in the process of transitioning [28:49] First quick wins they had in testing the unknowns [34:50] More advice on iteration from Esben [37:42] The next thing for him at Userflow [39:47] Where to find Esben About Esben Friis-Jensen Esben Friis-Jensen is originally from Denmark but has lived in the United States for the last eight years. Aside from Userflow and Cobalt, he has also worked as a consultant in the SAP division of Accenture, responsible for managing the test and deployment of global large-scale SAP implementations. Link Product-Led Slack Profiles Userflow Cobalt LinkedIn
In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization's security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture's evolution.A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai's rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai's tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23Note: This story contains promotional content. Learn more.Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3aiView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In today's episode of Tech Talks Daily, I sit down with Nick Walker and Giles Inkson from NetSPI to explore how proactive approaches are reshaping cybersecurity. NetSPI recently rebranded and launched a unified security platform designed to help organizations take a more proactive stance against cyber threats. This platform combines Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS) to provide a comprehensive view of assets, risks, and security improvements. We discuss the latest trends in cybersecurity, including the rapid adoption of generative AI and the complex risks it introduces. As cyber attacks grow more sophisticated, there's a significant shift towards holistic risk management beyond just vulnerability patching. This involves understanding critical assets and the pathways that could be exploited. The role of the Chief Information Security Officer (CISO) is evolving too, with an increasing focus on board-level communication and strategic risk management. CISOs are now essential in translating cyber risks to leadership and ensuring cost-effective security programs. We also discuss the EU's Digital Operational Resilience Act (DORA), set to take effect in January 2024. This regulation mandates practices like threat-led testing and intelligence sharing for financial institutions, aiming to enhance resilience through rigorous scenario-based tests and improved information sharing. How do you see the role of proactive measures in cybersecurity evolving? We'd love to hear your thoughts. Connect with us online to continue the conversation and learn more about the topics we covered today.
Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-833
What's the date of Feb. 29? He Kinda Neville Longbottomed. Dino's n Monkeys n Doughnuts OH MY. Bob's burger meets Beetlejuice. Please Expose Your Sack. Crunch the Crown Numbers. Itâs an erection year. 27 totally different and legally distinct dresses. Penetration Testing. Double fisting the coffee. look at the fingers on her. Give Me The Goat. Molarcast. Not A Heigl To Be Seen. OCD, OCD, OCD with Wendi and more on this episode of The Morning Stream. Hosted on Acast. See acast.com/privacy for more information.