POPULARITY
Hosted by richard stiennon
9 episodes with richard stiennon
7 episodes with richard stiennon
5 episodes with richard stiennon
8 episodes with richard stiennon
11 episodes with richard stiennon
6 episodes with richard stiennon
2 episodes with richard stiennon
4 episodes with richard stiennon
AI is transforming every corner of technology—but it's also creating an entirely new frontier for cybersecurity.In just a few short years, AI security has exploded into one of the fastest-growing segments in the industry. New startups are emerging almost weekly, regulators are racing to keep up, and security leaders are grappling with a fundamental question: how do you secure systems that are learning, evolving, and increasingly making decisions on their own?Today's guest has been tracking the cybersecurity industry longer—and more closely—than almost anyone.Richard Stiennon is a renowned cybersecurity analyst, industry historian, and author of The Security Yearbook, widely regarded as the most comprehensive desk reference for the cybersecurity market. Now he's turning his attention to the next era of digital risk.His new book, Guardians of the Machine Age: Why AI Security Will Define the Future of Digital, is released this Wednesday, March 11—the same day this episode drops.In this conversation, we explore why AI security has exploded so quickly, the forces driving this new market—from regulation to real-world attacks—and why Richard believes the standalone category of “AI security” may disappear entirely within the next year as AI becomes embedded in every security product.We also dig into the rise of AI-driven SOC automation, what it means when machines begin triaging—and even responding to—threats autonomously, and the biggest misconceptions CISOs still have about securing AI systems.If you want to understand where cybersecurity is heading in the age of intelligent machines, this is a conversation you won't want to miss.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.
Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.
⬥EPISODE NOTES⬥ The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived. Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run. What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long. The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost. The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge. ⬥GUEST⬥ Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/ On LinkedIn: https://www.linkedin.com/in/stiennon/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ IT-Harvest | https://it-harvest.com/ Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/ Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Newsletter: https://itspm.ag/future-of-cybersecurity Contact Sean: https://www.seanmartin.com/ ⬥KEYWORDS⬥ richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
⬥EPISODE NOTES⬥ The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived. Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run. What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long. The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost. The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge. ⬥GUEST⬥ Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/ On LinkedIn: https://www.linkedin.com/in/stiennon/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ IT-Harvest | https://it-harvest.com/ Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/ Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Newsletter: https://itspm.ag/future-of-cybersecurity Contact Sean: https://www.seanmartin.com/ ⬥KEYWORDS⬥ richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode of Reimagining Cyber, host Rob Aragao talks with Richard Stiennon, author of the legendary 'Security Yearbook'. Stiennonn discusses his career as an industry analyst and his recent focus on mergers and acquisitions within cybersecurity. The conversation dives into the meticulous process behind the Security Yearbook, AI's growing role in cybersecurity, and the state of M&A activities in 2025. Stiennon also offers predictions for the cybersecurity landscape in 2026 and beyond, emphasizing the value of automation and the impact of AI on both cyber defense and attacks. Don't miss this insightful discussion on the future of cybersecurity.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.
In this episode, James chats with Richard Stiennon—cybersecurity analyst, author, and former aerospace engineer—whose 20+ year journey spans from designing car seats to hacking corporate systems for giants like Dell. Hear how a 1992 magazine article led him to launch his own ISP and rise to prominence at Gartner. Richard shares his personal stories from the frontlines of cybersecurity, his crusade against risk management jargon, and bold predictions on AI's impact on security. Plus, private jet mishaps and the unconventional wisdom behind IT Harvest.
IT-Harvest Founder and industry analyst Richard Stiennon makes his second 2024 appearance on The Key Point Podcast, this time to discuss the area he's well known for: Cybersecurity. In this conversation with Keypoint Intelligence's Carl Schell and Jamie Bsales, Richard details his latest creation—the Cyber 150, a list of the fastest-growing organizations in today—as well as challenges, trends, and otherwise in the rapidly evolving security space.
Keypoint Intelligence's Peter Mayhew and Carl Schell sit down with Richard Stiennon, Founder of IT-Harvest and author of Curmudgeon, to discuss being an analyst in the print and smart technology industry. Using many ideas from the book to frame the conversation, they speak at length about analysts vs. journalists vs. influencers as well as what ingredients are needed to be successful in the space in the future.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories? Do your eyes roll when you hear "zero trust solution"? What do most people think it is, and what's the reality? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
Amid the ever-evolving landscape of cyber threats, organisations are constantly challenged to ensure security. Conventional security methods are failing to keep up with the escalating volume and sophistication of attacks. By implementing Managed Detection and Response (MDR) with automation, Security Operations Centers (SOCs) can optimise workflows, augment analyst capabilities, and significantly enhance the organisation's overall cybersecurity defences. Palo Alto Networks offers comprehensive MDR services, leveraging its threat intelligence and cutting-edge technology expertise. Unit 42, its esteemed threat intelligence team, is crucial in providing valuable insights into emerging threats and trends, empowering organisations to stay ahead of malicious actors. In this episode of the EM360 Podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Ophir Karako, Software Engineer (Unit 42) at Palo Alto Networks, to discuss: Palo Alto's MDR Services Operational Automation Data EnrichmentThreat Response Job security for SOC Analysts Interested in learning more about XSOAR and Palo Alto Networks? You can find some additional resources below:Enloe Medical Center Strengthens Its Security Posture and Improves Efficiency With Unit 42 MDRUnit 42 Managed Detection and Response Service DatasheetA Practical Guide to Deploying SecOps AutomationChapters00:00 - Introduction and Background00:57 - MDR Services at Palo Alto Networks03:20 - Automation in Operations04:16 - Automating Data Enrichment05:13 - Intellectual Property Playbooks and Scripts05:41 - Customized Reports for Customers06:10 - Automated Threat Response07:08 - Insights and Lessons Learned from Automation07:37 - Benefits of Automation for SOC Analysts08:06 - Collaboration with Product Experts09:04 - Treating Automation as a CI/CD Process10:01 - The Future of Automation in Cybersecurity12:51 - Automation and Job Security for SOC Analysts14:20 - Cortex XSOAR: Security Orchestration, Automation, and Response Platform15:46 - Unit 42 MDR Service16:16 - Conclusion
The SolarWinds breach exposed vulnerabilities within DevSecOps practices, sending shockwaves through the tech world. The U.S. Securities and Exchange Commission (SEC) indictment against SolarWinds further emphasised the gravity of the situation, alleging the company misled investors by failing to disclose these vulnerabilities and the subsequent breach adequately. This lack of transparency raises crucial questions about accountability and risk management in the mobile app development landscape, pushing organisations to re-evaluate their DevSecOps practices and prioritise robust security measures throughout the entire development lifecycle.In this episode of the EM360 Podcast, Head of Podcast Production Paulina Rios Maya speaks to Richard Stiennon, Chief Research Analyst at IT-Harvest, and Tom Tovar, CEO and Co-Creator of Appdome, to discuss: The SolarWinds indictment The U.S. SEC 4-day ruleThe impact on DevSecOps practicesBYOD and VPN security The evolving role of cybersecurityBuilding cyber resilience
Guests:Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizoRichard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.Top questions addressed:What is the current status of cybersecurity platforms in the market and how accepted are they by the enterprise?How is data management influencing the security landscape and what role does AI play in its evolution?How successful and realistic are the efforts towards consolidating security capabilities within organizations?What is the current trajectory of mergers, acquisitions, and consolidation in the market?Companies referenced in this conversation:Palo Alto, Cisco, Fortinet, Azure, Symantec, Google, Chrome, Norton LifeLock, AVG, Amazon, Elastic, Splunk, Snowflake, AWS, Cribl___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guests:Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizoRichard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.Top questions addressed:What is the current status of cybersecurity platforms in the market and how accepted are they by the enterprise?How is data management influencing the security landscape and what role does AI play in its evolution?How successful and realistic are the efforts towards consolidating security capabilities within organizations?What is the current trajectory of mergers, acquisitions, and consolidation in the market?Companies referenced in this conversation:Palo Alto, Cisco, Fortinet, Azure, Symantec, Google, Chrome, Norton LifeLock, AVG, Amazon, Elastic, Splunk, Snowflake, AWS, Cribl___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
How will AI impact the next generation of people working with computer science?This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos. Athena was recently visiting colleges, together with her father Brian Contos, a long-time veteran of the mnemonic security podcast. They both noticed a lot of excitement and concern regarding AI amongst those about to embark on their higher education, and questions about how AI will impact their choices of schools, majors, careers, and ultimately their future.In this episode, Athena and Richard share their perspectives on AI's potential in education, the ethics of using AI in this context, and how we can go from combating the use of AI in the classroom to making it a useful tool for learning.
It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here. While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems. For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily. The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking. Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform. Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93 Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here. While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems. For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily. The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking. Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform. Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93 Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Guest: Richard Stiennon, Research Analyst, Author of Security Yearbook 2023On LinkedIn | https://www.linkedin.com/in/stiennon/Host: Matthew RosenquistOn ITSPmagazine
Guest: Richard Stiennon, Research Analyst, Author of Security Yearbook 2023On LinkedIn | https://www.linkedin.com/in/stiennon/Host: Matthew RosenquistOn ITSPmagazine
In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders' trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU's struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don't want to be called regulatory neocolonialists, maybe you shouldn't go around telling former European colonies to change their laws to match Europe's. Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer's (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors' claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site's copyright. We also cover the industry's unfortunately well-founded fear of enabling face recognition and Meta's unusual open-source AI strategy. Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy's more ambitious goals. Gus gives us a regulatory lawyer's take on the FCC's new cybersecurity label for IoT devices and the EPA's beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction. Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it's an overreach that will tarnish the prestige and persuasiveness of the guidelines. In quick hits: Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign. Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S. Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers. Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database Download 469th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders' trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU's struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don't want to be called regulatory neocolonialists, maybe you shouldn't go around telling former European colonies to change their laws to match Europe's. Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer's (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors' claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site's copyright. We also cover the industry's unfortunately well-founded fear of enabling face recognition and Meta's unusual open-source AI strategy. Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy's more ambitious goals. Gus gives us a regulatory lawyer's take on the FCC's new cybersecurity label for IoT devices and the EPA's beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction. Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it's an overreach that will tarnish the prestige and persuasiveness of the guidelines. In quick hits: Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign. Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S. Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers. Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database Download 469th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
This episode of the Cyberlaw Podcast features the second half of my interview with Paul Stephan, author of The World Crisis and International Law. But it begins the way many recent episodes have begun, with the latest AI news. And, since it's so squarely in scope for a cyberlaw podcast, we devote some time to the so-appalling- you-have-to-laugh-to keep-from-crying story of the lawyer who relied on ChatGPT to write his brief. As Eugene Volokh noted in his post, the model returned exactly the case law the lawyer wanted—because it made up the cases, the citations, and even the quotes. The lawyer said he had no idea that AI would do such a thing. I cast a skeptical eye on that excuse, since when challenged by the court to produce the cases he relied on, the lawyer turned not to Lexis-Nexis or Westlaw but to ChatGPT, which this time made up eight cases on point. And when the lawyer asked, “Are the other cases you provided fake,” the model denied it. Well, all right then. Who among us has not asked Westlaw, “Are the cases you provided fake?” Somehow, I can't help suspecting that the lawyer's claim to be an innocent victim of ChatGPT is going to get a closer look before this story ends. So if you're wondering whether AI poses existential risk, the answer for at least one lawyer's license is almost certainly “yes.” But the bigger story of the week was the cries from Google and Microsoft leadership for government regulation. Jeffery Atik and Richard Stiennon weigh in. Microsoft's President Brad Smith has, as usual, written a thoughtful policy paper on what AI regulation might look like. And they point out that, as usual, Smith is advocating for a process that Microsoft could master pretty easily. Google's Sundar Pichai also joins the “regulate me” party, but a bit half-heartedly. I argue that the best way to judge Silicon Valley's confidence in the accuracy of AI is by asking when Google and Apple will be willing to use AI to identify photos of gorillas as gorillas. Because if there's anything close to an extinction event for those companies it would be rolling out an AI that once again fails to differentiate between people and apes. Moving from policy to tech, Richard and I talk about Google's integration of AI into search; I see some glimmer of explainability and accuracy in Google's willingness to provide citations (real ones, I presume) for its answers. And on the same topic, the National Academy of Sciences has posted research suggesting that explainability might not be quite as impossible as researchers once thought. Jeffery takes us through the latest chapters in the U.S.—China decoupling story. China has retaliated, surprisingly weakly, for U.S. moves to cut off high-end chip sales to China. It has banned sales of U.S. - based Micron memory chips to critical infrastructure companies. In the long run, the chip wars may be the disaster that Invidia's CEO foresees. Jeffery and I agree that Invidia has much to fear from a Chinese effort to build a national champion to compete in AI chipmaking. Meanwhile, the Biden administration is building a new model for international agreements in an age of decoupling and industrial policy. Whether its effort to build a China-free IT supply chain will succeed is an open question, but we agree that it marks an end to the old free-trade agreements rejected by both former President Trump and President Biden. China, meanwhile, is overplaying its hand in Africa. Richard notes reports that Chinese hackers attacked the Kenyan government when Kenya looked like it wouldn't be able to repay China's infrastructure loans. As Richard points out, lending money to a friend rarely works out. You are likely to lose both the friend and the money. Finally, Richard and Jeffery both opine on Irelands imposing—under protest—of a $1.3 billion fine on Facebook for sending data to the United States despite the Court of Justice of the European Union's (CJEU) two Schrems decisions. We agree that the order simply sets a deadline for the U.S. and the EU to close their deal on a third effort to satisfy the CJEU that U.S. law is “adequate” to protect the rights of Europeans. Speaking of which, anyone who's enjoyed my rants about the EU will want to tune in for a June 15 Teleforum in which Max Schrems and I will debate the latest privacy framework. If we can, we'll release it as a bonus episode of this podcast, but listening live should be even more fun! Download 459th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
This episode of the Cyberlaw Podcast features the second half of my interview with Paul Stephan, author of The World Crisis and International Law. But it begins the way many recent episodes have begun, with the latest AI news. And, since it's so squarely in scope for a cyberlaw podcast, we devote some time to the so-appalling- you-have-to-laugh-to keep-from-crying story of the lawyer who relied on ChatGPT to write his brief. As Eugene Volokh noted in his post, the model returned exactly the case law the lawyer wanted—because it made up the cases, the citations, and even the quotes. The lawyer said he had no idea that AI would do such a thing. I cast a skeptical eye on that excuse, since when challenged by the court to produce the cases he relied on, the lawyer turned not to Lexis-Nexis or Westlaw but to ChatGPT, which this time made up eight cases on point. And when the lawyer asked, “Are the other cases you provided fake,” the model denied it. Well, all right then. Who among us has not asked Westlaw, “Are the cases you provided fake?” Somehow, I can't help suspecting that the lawyer's claim to be an innocent victim of ChatGPT is going to get a closer look before this story ends. So if you're wondering whether AI poses existential risk, the answer for at least one lawyer's license is almost certainly “yes.” But the bigger story of the week was the cries from Google and Microsoft leadership for government regulation. Jeffery Atik and Richard Stiennon weigh in. Microsoft's President Brad Smith has, as usual, written a thoughtful policy paper on what AI regulation might look like. And they point out that, as usual, Smith is advocating for a process that Microsoft could master pretty easily. Google's Sundar Pichai also joins the “regulate me” party, but a bit half-heartedly. I argue that the best way to judge Silicon Valley's confidence in the accuracy of AI is by asking when Google and Apple will be willing to use AI to identify photos of gorillas as gorillas. Because if there's anything close to an extinction event for those companies it would be rolling out an AI that once again fails to differentiate between people and apes. Moving from policy to tech, Richard and I talk about Google's integration of AI into search; I see some glimmer of explainability and accuracy in Google's willingness to provide citations (real ones, I presume) for its answers. And on the same topic, the National Academy of Sciences has posted research suggesting that explainability might not be quite as impossible as researchers once thought. Jeffery takes us through the latest chapters in the U.S.—China decoupling story. China has retaliated, surprisingly weakly, for U.S. moves to cut off high-end chip sales to China. It has banned sales of U.S. - based Micron memory chips to critical infrastructure companies. In the long run, the chip wars may be the disaster that Invidia's CEO foresees. Jeffery and I agree that Invidia has much to fear from a Chinese effort to build a national champion to compete in AI chipmaking. Meanwhile, the Biden administration is building a new model for international agreements in an age of decoupling and industrial policy. Whether its effort to build a China-free IT supply chain will succeed is an open question, but we agree that it marks an end to the old free-trade agreements rejected by both former President Trump and President Biden. China, meanwhile, is overplaying its hand in Africa. Richard notes reports that Chinese hackers attacked the Kenyan government when Kenya looked like it wouldn't be able to repay China's infrastructure loans. As Richard points out, lending money to a friend rarely works out. You are likely to lose both the friend and the money. Finally, Richard and Jeffery both opine on Irelands imposing—under protest—of a $1.3 billion fine on Facebook for sending data to the United States despite the Court of Justice of the European Union's (CJEU) two Schrems decisions. We agree that the order simply sets a deadline for the U.S. and the EU to close their deal on a third effort to satisfy the CJEU that U.S. law is “adequate” to protect the rights of Europeans. Speaking of which, anyone who's enjoyed my rants about the EU will want to tune in for a June 15 Teleforum in which Max Schrems and I will debate the latest privacy framework. If we can, we'll release it as a bonus episode of this podcast, but listening live should be even more fun! Download 459th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Varun Badhwar is the CEO of Endor Labs, his third startup. He previously founded CipherCloud and RedLock, which were acquired by Lookout and Palo Alto Networks respectively.After the SolarWinds attack, Varun recognized the vulnerability of open-source software and set out to find a solution. He founded Endor Labs to help developers understand the risks of using open-source software, enabling them to make informed decisions. In this episode, you will learn the following:1. Why Varun sets expectations of his new hire sales team to become certified on both the demo and also the pitch within 2 weeks 2. Varun's brilliant reframing of the SBOM (software bill of materials) concept3. The importance of building a brand and creating content to engage audiencesResources:Varun BadhwarEndor Labs Sponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/research.Other episodes you'll enjoy:Top 8 reasons why great sales people leave5 steps to ramp new sellers when you have no enablement and no timeUnlocking Data Protection with Paul Lewis, CEO of CalamuAction:If you enjoyed this episode, please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally, and it would help grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
In this episode, Maxime Lamothe-Brassard, Co-founder and CEO of LimaCharlie, embarks on a bold mission to revolutionize the cybersecurity industry by creating an "AWS-like" model for cybersecurity tools and infrastructure, juxtaposing the old-school approach that has dominated the industry.In this episode, you will learn the following:1. LimaCharlie's unique approach and who it is for2. How a business model of using what you need now pays off3. Maxime's driver for hiring a CROResources:Maxime Lamothe-BrassardLimaCharlieSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:How to help your prospect understand that you have the solution to their problemWhat I would do differently at the beginning of my sales careerHow to use strategic narrative to engage with prospects with Andy RaskinAction:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Moving from being an employee to founding your first company is a big step for anyone to take. In this episode, Jori VanAntwerp, CEO & Co-Founder at SynSaber, talks about how he did that and more.In this episode, you will learn the following:1. The big impact SynSaber is making in the operations technology space2. The people who guided Jori along the way3. Why his first sales hire was a VPResources:Jori VanAntwerpSynsaberSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:Bob Kruse, CEO and co-founder of Revelstoke Security, on how a sales leader becomes CEO of a cybersecurity companyDan Parelskin, VP WW Sales @ Axis Security on getting the first customers and intentionally creating a sales cultureMike Baker, CRO at Noname, talks about leading a sales team through hyper-growthAction:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Michael Gwynn's career took him from the army, to Johnson and Johnson, to working in cybersecurity. After years of working in cybersecurity, Michael was introduced to the world of startups and IDmelon.After seeing the potential in the company and the product, Michael took a leap of faith and joined the team as their VP of Sales. With their cutting-edge technology and Michael's industry experience, IDmelon is now leading the industry in passwordless authentication and overnight deployment. In this episode, you will learn the following:1. An approach to right-sizing a sales team2. IDmelon's potential and their partner lift from Microsoft3. Why you give prospects dessert first (or do the magic trick before explaining how you did it. Resources:Michael Gwynn LinkedInMichael@idmelon.comIDMelonSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/research.Other episodes you'll enjoy:How to get first meetings using VC programs, CISO networks, resellers & sales networksServe dessert first ... it will make you more successful in B2B salesShould you add more sellers to your sales team?Action:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Starting a cybersecurity startup may seem daunting and complex, but with the right team and resources, it can be done. In this episode of the Sales Bluebird podcast, I chat with Liat Hayun, the co-founder and CEO of Eureka Security, about her journey of leaving a secure corporate job to create a successful cloud security startup. In this episode, you will learn the following:The decision to come out of stealth and hire their marketing leader first. Differentiation by protecting data itself as opposed to all the things around it.The learning culture at Eureka. For them, it's all about trying things, experimenting, and thinking about different ways to approach people.Resources:Eureka SecurityLiat HayunAsaf WeissSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:How to use your sales deck effectivelyBrian Gumbel, CRO At Armis Shares His Tips on Scaling Cyber Security Sales Teams3 tips to help your team build 1st meeting connectionsAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you! If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Eric Olden, CEO and co-founder of Strata Identity, joined us to share his journey from building a security software company in a garage, to taking a leap of faith to join Oracle, and then finally founding Strata Identity. Tune in to hear his story and the tips, tricks, and experiences he has learned along the way.In this episode, you will learn the following:1. Why Strata didn't do any outbound in early days; instead honed in on a long-term, thoughtful content strategy approach2. Why you need to hire people willing to do the work3. Why grit is important for founders & early employeesSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchResources:Strata IdentityEric OldenOther episodes you'll enjoy:Why your team may be "losing" prospects and ONE drastic way to stop itOne tip to avoid sounding stupid in conversations with your prospectsOutbound is brokenAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you! If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Cybersecurity startups do best when their prospects are innovators. People and companies who are able to buy from and work with startups and less mature technology. But how do you know if your prospects are innovators? This episode covers one way to qualify prospects by just asking a few simple questions. Here's what I cover:1. Example questions to ask your prospect to determine if they are innovators and able to work with you without wasting time and effort2. Tips on when and how to ask those questions3. Strategies for being upfront with buyers to show you are someone they can trustSponsorThis episode was brought to you by IT-Harvest.With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:6 reasons security leaders buy from startupsDenise Hayman, CRO at Sonrai Security talks journey in cyber security and her biggest learnings Jay Wallace, VP of Worldwide Sales at Rumble, on building a sales teamAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you! If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
This week on Sales Bluebird, we sat down with Ted Miracco, CEO of Approov Mobile Security. Hear what he has to say about the future of mobile security and why his company is so well-positioned to make an impact.In this episode, you will learn the following:1. Why Approov is so well positioned2. Ted's main focus as the new CEO for the next few quarters3. The challenge Approov faces with reaching application developers and getting noticed in a very noisy marketResources:https://approov.io/https://www.linkedin.com/in/tedmiracco/SponsorThis episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:72: Top 8 reasons why great sales people leave71: Why you should hire lines not dots (and what the heck that means!)192: How to transform a boring case study into a compelling storyAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you! If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Telling great stories is a powerful tool to convert more first meetings into second meetings, and more second meetings into demos, and demos into POCs. We are often given case studies and told to “use them with customers”. But how do you do that? How do you turn a case study into a great story?In this episode, I'll walk you through an example of how to take a 4-page case study and turn it into a powerful story you can tell live to a prospect.In this episode, you will learn the following:1. How to tell a compelling customer story in 90 seconds or less2. How to use the hero's journey story structure to create a powerful narrative3. How to transform a case study into a compelling storySponsorThis episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in. IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:Chris Beall, CEO at ConnectAndSell, on how to make a great cold call (and he improves mine!)Mike Rogers, CRO at Noetic Cyber, breaks down why Ionic Security was not a financial successSimple framework for value-oriented discoveryAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you! If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show
Today's guest is Richard Stiennon, Chief Research Analyst at IT-Harvest. In a nod to Clausewitz and Gaddis, this episode is called On Cyber Warfare. In this episode, Richard discusses founding IT-Harvest and his current role there, the transition to data-driven research, the biggest industry shifts and trends, the threat and the current state of cyber warfare, his feelings towards cyber defense, and as always, his toughest lesson learned.
It's been a news-heavy week, but we have the most fun in this episode with ChatGPT. Jane Bambauer, Richard Stiennon, and I pick over the astonishing number of use cases and misuse cases disclosed by the release of ChatGPT for public access. It is talented—writing dozens of term papers in seconds. It is sociopathic—the term papers are full of falsehoods, down to the made-up citations to plausible but nonexistent New York Times stories. And it has too many lawyers—Richard's request that it provide his bio (or even Einstein's) was refused on what are almost certainly data protection grounds. Luckily, either ChatGPT or its lawyers are also bone stupid, since reframing the question fools the machine into subverting the legal and PC limits it labors under. I speculate that it beat Google to a public relations triumph precisely because Google had even more lawyers telling their artificial intelligence what not to say. In a surprisingly under covered story, Apple has gone all in on child pornography. Its phone encryption already makes the iPhone a safe place to record child sexual abuse material (CSAM); now Apple will encrypt users' cloud storage with keys it cannot access, allowing customers to upload CSAM without fear of law enforcement. And it has abandoned its effort to identify such material by doing phone-based screening. All that's left of its effort is a weak option that allows parents to force their kids to activate an option that prevents them from sending or receiving nude photos. Jane and I dig into the story, as well as Apple's questionable claim to be offering the same encryption to its Chinese customers. Nate Jones brings us up to date on the National Defense Authorization Act, or NDAA. Lots of second-tier cyber provisions made it into the bill, but not the provision requiring that critical infrastructure companies report security breaches. A contested provision on spyware purchases by the U.S. government was compromised into a useful requirement that the intelligence community identify spyware that poses risks to the government. Jane updates us on what European data protectionists have in store for Meta, and it's not pretty. The EU data protection supervisory board intends to tell the Meta companies that they cannot give people a free social media network in exchange for watching what they do on the network and serving ads based on their behavior. If so, it's a one-two punch. Apple delivered the first blow by curtailing Meta's access to third-party behavioral data. Now even first-party data could be off limits in Europe. That's a big revenue hit, and it raises questions whether Facebook will want to keep giving away its services in Europe. Mike Masnick is Glenn Greenwald with a tech bent—often wrong but never in doubt, and contemptuous of anyone who disagrees. But when he is right, he is right. Jane and I discuss his article recognizing that data protection is becoming a tool that the rich and powerful can use to squash annoying journalist-investigators. I have been saying this for decades. But still, welcome to the party, Mike! Nate points to a plea for more controls on the export of personal data from the U.S. It comes not from the usual privacy enthusiasts but from the U.S. Naval Institute, and it makes sense. It was a bad week for Europe on the Cyberlaw Podcast. Jane and I take time to marvel at the story of France's Mr. Privacy and the endless appetite of Europe's bureaucrats for his serial grifting. Nate and I cover what could be a good resolution to the snake-bitten cloud contract process at the Department of Defense. The Pentagon is going to let four cloud companies—Google, Amazon, Oracle And Microsoft—share the prize. You did not think we would forget Twitter, did you? Jane, Richard, and I all comment on the Twitter Files. Consensus: the journalists claiming these stories are nothingburgers are more driven by ideology than news. Especially newsworthy are the remarkable proliferation of shadowbanning tools Twitter developed for suppressing speech it didn't like, and some considerable though anecdotal evidence that the many speech rules at the company were twisted to suppress speech from the right, even when the rules did not quite fit, as with LibsofTikTok, while similar behavior on the left went unpunished. Richard tells us what it feels like to be on the receiving end of a Twitter shadowban. The podcast introduces a new feature: “We Read It So You Don't Have To,” and Nate provides the tl;dr on an New York Times story: How the Global Spyware Industry Spiraled Out of Control. And in quick hits and updates: Jane covers the San Francisco city council's reversion to the mean. On second thought, it will not be letting killer police robots out on San Francisco's streets. Nate tells us that the Netherlands (and Japan, I might add) is likely to align with the U.S. and impose new curbs on chip-making equipment sales to China.
It's been a news-heavy week, but we have the most fun in this episode with ChatGPT. Jane Bambauer, Richard Stiennon, and I pick over the astonishing number of use cases and misuse cases disclosed by the release of ChatGPT for public access. It is talented—writing dozens of term papers in seconds. It is sociopathic—the term papers are full of falsehoods, down to the made-up citations to plausible but nonexistent New York Times stories. And it has too many lawyers—Richard's request that it provide his bio (or even Einstein's) was refused on what are almost certainly data protection grounds. Luckily, either ChatGPT or its lawyers are also bone stupid, since reframing the question fools the machine into subverting the legal and PC limits it labors under. I speculate that it beat Google to a public relations triumph precisely because Google had even more lawyers telling their artificial intelligence what not to say. In a surprisingly under covered story, Apple has gone all in on child pornography. Its phone encryption already makes the iPhone a safe place to record child sexual abuse material (CSAM); now Apple will encrypt users' cloud storage with keys it cannot access, allowing customers to upload CSAM without fear of law enforcement. And it has abandoned its effort to identify such material by doing phone-based screening. All that's left of its effort is a weak option that allows parents to force their kids to activate an option that prevents them from sending or receiving nude photos. Jane and I dig into the story, as well as Apple's questionable claim to be offering the same encryption to its Chinese customers. Nate Jones brings us up to date on the National Defense Authorization Act, or NDAA. Lots of second-tier cyber provisions made it into the bill, but not the provision requiring that critical infrastructure companies report security breaches. A contested provision on spyware purchases by the U.S. government was compromised into a useful requirement that the intelligence community identify spyware that poses risks to the government. Jane updates us on what European data protectionists have in store for Meta, and it's not pretty. The EU data protection supervisory board intends to tell the Meta companies that they cannot give people a free social media network in exchange for watching what they do on the network and serving ads based on their behavior. If so, it's a one-two punch. Apple delivered the first blow by curtailing Meta's access to third-party behavioral data. Now even first-party data could be off limits in Europe. That's a big revenue hit, and it raises questions whether Facebook will want to keep giving away its services in Europe. Mike Masnick is Glenn Greenwald with a tech bent—often wrong but never in doubt, and contemptuous of anyone who disagrees. But when he is right, he is right. Jane and I discuss his article recognizing that data protection is becoming a tool that the rich and powerful can use to squash annoying journalist-investigators. I have been saying this for decades. But still, welcome to the party, Mike! Nate points to a plea for more controls on the export of personal data from the U.S. It comes not from the usual privacy enthusiasts but from the U.S. Naval Institute, and it makes sense. It was a bad week for Europe on the Cyberlaw Podcast. Jane and I take time to marvel at the story of France's Mr. Privacy and the endless appetite of Europe's bureaucrats for his serial grifting. Nate and I cover what could be a good resolution to the snake-bitten cloud contract process at the Department of Defense. The Pentagon is going to let four cloud companies—Google, Amazon, Oracle And Microsoft—share the prize. You did not think we would forget Twitter, did you? Jane, Richard, and I all comment on the Twitter Files. Consensus: the journalists claiming these stories are nothingburgers are more driven by ideology than news. Especially newsworthy are the remarkable proliferation of shadowbanning tools Twitter developed for suppressing speech it didn't like, and some considerable though anecdotal evidence that the many speech rules at the company were twisted to suppress speech from the right, even when the rules did not quite fit, as with LibsofTikTok, while similar behavior on the left went unpunished. Richard tells us what it feels like to be on the receiving end of a Twitter shadowban. The podcast introduces a new feature: “We Read It So You Don't Have To,” and Nate provides the tl;dr on an New York Times story: How the Global Spyware Industry Spiraled Out of Control. And in quick hits and updates: Jane covers the San Francisco city council's reversion to the mean. On second thought, it will not be letting killer police robots out on San Francisco's streets. Nate tells us that the Netherlands (and Japan, I might add) is likely to align with the U.S. and impose new curbs on chip-making equipment sales to China.
Richard Stiennon, Chief Research Analyst for IT-Harvest, joins us for The Return: Episode 2. Author of the recent Security Yearbook 2022, Richard started his career before cyber was cyber, a story he originally shared with Brian on a walk along some train tracks. How does a guy go from an ISP start-up to Gartner to IT-Harvest and being a bestselling author?Richard started IT-Harvest to literally harvest data, and that's resulted in his latest project, an app for data obsessives called the Analyst Dashboard. He talks about what it took to get there and some surprising results he's discovered from the tool.The cybersecurity space, he's found, has focused and refocused and reframed and refocused again. Now, it's apparent globally that cybercriminals and nation-states are looking at IoT as the new frontline. When new technologies come up, they're developed with no thought to security, says Richard. Now we're reaping what was sown. Let's get into Things on the IoT Security Podcast!Follow Richard Stiennon on all his platforms: https://www.linkedin.com/in/stiennonhttps://stiennon.substack.comhttps://twitter.com/stiennonhttps://www.it-harvest.comFollow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
Nikki: With your latest book, the Security Yearbook for 2022 ,this is the third iteration of the series right? It started in 2020 and has only grown since then. Can you talk a little bit about why you started this annual compilation of research? Nikki: For any other security practitioners or anyone in the field who's interested in writing a book or putting together a comprehensive manuscript or research, do you have any tips or advice for them to get started?Chris: Can you tell us about your endeavors with IT-Harvest and your IT industry research, what is it and how did you get started?Chris: I know you serve in various advisory roles. How does your industry research help inform your advisory perspective?Chris: Based on your current IT industry research what are some of the most alarming or interesting trends around vendors, investors and M&A you see currently? Nikki: What is one of the most surprising statistics that you've uncovered year after year? I know one that continues to surprise me is just how prevalent and SUCCESSFUL phishing attacks are. What about you? Nikki: What are your top recommendations, based on your research, for security practitioners and business owners to be aware of and focus on when it comes to risk mitigation?Chris: Looking at the current IT industry and trends, what is one prediction you have for some of the most significant changes we can expect in say 3-5 years?
David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China's semiconductor industry—and its Western suppliers. The reverberations of the administration's new measures will be felt for years, and the Chinese government's response, not to mention the ultimate consequences, remains uncertain. Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding. Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google's acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company. David walks us through the new White House national security strategy—and puts it in historical context. Mark and I cross swords over PayPal's determination to take my money for saying things Paypal doesn't like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they're already subject to extensive government regulation. Richard and I dive into the market for identity security. It's hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio. In updates and quick hits: The Texas social media law is on hold again, but do not get excited. It is a voluntary deal designed to speed Supreme Court consideration of a review petition. Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia. After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand. And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.
David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China's semiconductor industry—and its Western suppliers. The reverberations of the administration's new measures will be felt for years, and the Chinese government's response, not to mention the ultimate consequences, remains uncertain. Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding. Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google's acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company. David walks us through the new White House national security strategy—and puts it in historical context. Mark and I cross swords over PayPal's determination to take my money for saying things Paypal doesn't like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they're already subject to extensive government regulation. Richard and I dive into the market for identity security. It's hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio. In updates and quick hits: The Texas social media law is on hold again, but do not get excited. It is a voluntary deal designed to speed Supreme Court consideration of a review petition. Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia. After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand. And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.
A software supply chain attack is when someone infiltrates your system by attacking a third-party provider or partner with access to your data. Recent high-profile supply chain attacks, most notably SolarWinds, has this type of attack into the public eye, and it's clear that with more suppliers handling sensitive data than ever before, the attack surface of a typical enterprise has been changed dramatically. In this episode of the EM360 Podcast, Analyst https://em360tech.com/user/3627 (Richard Stiennon) speaks to https://www.linkedin.com/in/suresh-bhandarkar-36277895/ (Suresh Bhandarkar), Director of Product Solution Architecture at https://em360tech.com/solution-providers/beyond-identity (Beyond Identity), to discuss: Software supply chain attacks Weaknesses in the CI/CD pipeline The issue of software code provenance Beyond Identity cuts through the anonymity of to provide a secure, scalable way for development and GitOps teams to immutably sign and verify the author of every commit. Their author verification API in proves that what you've shipped is what your developers actually built—and that nothing else got added.
Identity Governance and Administration (IGA) systems are a fundamental part of an enterprises identity and access management strategy. For companies that need functionalities like role-based access and automated approval, IGA systems can be essential in ensuring that the right people are getting access to the right things. Sounds easy enough, but issues with adoption, sponsorship and employee access speak to the fact that plenty of things can derail a deployment. In this episode of the EM360 Podcast, Analyst https://em360tech.com/user/3627 (Richard Stiennon) speaks to https://www.linkedin.com/in/rodlsimmons/ (Rod Simmons), VP of Product Strategy at https://em360tech.com/tech-index/omada (Omada), about: Automating already broken processes Disconnect between IGA goals and business goals Testing, testing, testing
Richard shares the knowledge he has amassed over his long career on how to research the entire cybersecurity industry. He tells us about his journey from a pentester to an industry analyst. He has started over 24 companies over that time. Richard talks about the process he has developed over 17 years to sort through all the data. Most people struggle sorting through the incoming flood of data. He starts by finding and classifying all the vendors. He goes into major categories like zero trust and machine learning, but have to dig deeper to see what the vendors actually do. He breaks them down into 17 major buckets. Clarifying the vendors through the cycle is the challenge. He has over 9k he has researched. It is a continuous process since some just disappear. If there are 3,000 out there, he has easily looked at 8,000 possible vendors. It takes 5 minutes or more to vet a vendor. You can do the math and see how that adds up. It gives you dynamic data to make decisions and act off of. The fastest growing in API security over the last 18 months. Fraud prevention is the slowest, actually shrinking over the last year. Connect with Richard: https://www.linkedin.com/in/stiennon/ Visit IT-Harvest: https://it-harvest.com/shop/ Visit Short Arms website: https://www.shortarmsolutions.com/ You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured Twitter: https://twitter.com/ShortArmSAS
It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Richard Stiennon!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS
It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Tracy Z. Maleeff!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS
Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor's health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?
Special guest Richard Stiennon, research analyst and author of Security Yearbook 2021, joins Shahin and Doug to discuss the state of advanced cyberwarfare involving AI and supercomputing, and its potential role in the war in Ukraine. [audio mp3="http://orionx.net/wp-content/uploads/2022/02/014@HPCpodcast_CyberWarfare-HPC-AI_20220227.mp3"][/audio] The post @HPCpodcast-14: Cyberwarfare in the Age of AI and HPC appeared first on OrionX.net.
Richard Stiennon (the OG Curmudgeon) and I discuss investments and market dynamics in cybersecurity. He provides his views on a variety of topics and breaks down how he sees the market through his lens and vast experience. Check out his books and his insights on this space every chance you get!
Security Yearbook creator Richard Stiennon joins today's podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It's not necessarily with the big firms! – Save 50% on your copy of the Security Yearbook with code "infoseclive": https://it-harvest.com/shop– Join the monthly challenge: https://www.infosecinstitute.com/challenge – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Infosec Skills Monthly Challenge0:50 - Intro 2:50 - How Richard got started in cybersecurity7:22 - Penetration testing in the ‘90s10:17 - Working as a research analyst14:39 - How the cyberwar landscape is changing19:33 - Skills needed as a cybersecurity researcher20:30 - Launching the Security Yearbook27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history30:48 - How do cybersecurity investors see the industry34:08 - Impact of COVID-19 and work from home35:50 - Using the Security Yearbook to guide your career40:38 - How cybersecurity careers are changing43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst48:20 - Plans for Security Yearbook 202250:20 - Learn more about Richard Stiennon51:09 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
© 2020-2026 Ivy Podcast Discovery LLC
