Podcast appearances and mentions of richard stiennon

In this episode, James chats with Richard Stiennon—cybersecurity analyst, author, and former aerospace engineer—whose 20+ year journey spans from designing car seats to hacking corporate systems for giants like Dell. Hear how a 1992 magazine article led him to launch his own ISP and rise to prominence at Gartner. Richard shares his personal stories from the frontlines of cybersecurity, his crusade against risk management jargon, and bold predictions on AI's impact on security. Plus, private jet mishaps and the unconventional wisdom behind IT Harvest. 

IT-Harvest Founder and industry analyst Richard Stiennon makes his second 2024 appearance on The Key Point Podcast, this time to discuss the area he's well known for: Cybersecurity. In this conversation with Keypoint Intelligence's Carl Schell and Jamie Bsales, Richard details his latest creation—the Cyber 150, a list of the fastest-growing organizations in  today—as well as challenges, trends, and otherwise in the rapidly evolving security space.

Keypoint Intelligence's Peter Mayhew and Carl Schell sit down with Richard Stiennon, Founder of IT-Harvest and author of Curmudgeon, to discuss being an analyst in the print and smart technology industry. Using many ideas from the book to frame the conversation, they speak at length about analysts vs. journalists vs. influencers as well as what ingredients are needed to be successful in the space in the future.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories?  Do your eyes roll when you hear "zero trust solution"? What do most people think it is, and what's the reality? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

TechSpective Podcast Episode 129   You may not have noticed, but the tech and cybersecurity job market has sort of sucked the past few years. Maybe it’s just me. My friend Richard Stiennon, research analyst with IT-Harvest and author of Security […] The post Future of Tech and Cybersecurity Looks Bright Thanks to AI appeared first on TechSpective.

Amid the ever-evolving landscape of cyber threats, organisations are constantly challenged to ensure security. Conventional security methods are failing to keep up with the escalating volume and sophistication of attacks. By implementing Managed Detection and Response (MDR) with automation, Security Operations Centers (SOCs) can optimise workflows, augment analyst capabilities, and significantly enhance the organisation's overall cybersecurity defences. Palo Alto Networks offers comprehensive MDR services, leveraging its threat intelligence and cutting-edge technology expertise. Unit 42, its esteemed threat intelligence team, is crucial in providing valuable insights into emerging threats and trends, empowering organisations to stay ahead of malicious actors. In this episode of the EM360 Podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Ophir Karako, Software Engineer (Unit 42) at Palo Alto Networks, to discuss: Palo Alto's MDR Services Operational Automation Data EnrichmentThreat Response Job security for SOC Analysts Interested in learning more about XSOAR and Palo Alto Networks? You can find some additional resources below:Enloe Medical Center Strengthens Its Security Posture and Improves Efficiency With Unit 42 MDRUnit 42 Managed Detection and Response Service DatasheetA Practical Guide to Deploying SecOps AutomationChapters00:00 - Introduction and Background00:57 - MDR Services at Palo Alto Networks03:20 - Automation in Operations04:16 - Automating Data Enrichment05:13 - Intellectual Property Playbooks and Scripts05:41 - Customized Reports for Customers06:10 - Automated Threat Response07:08 - Insights and Lessons Learned from Automation07:37 - Benefits of Automation for SOC Analysts08:06 - Collaboration with Product Experts09:04 - Treating Automation as a CI/CD Process10:01 - The Future of Automation in Cybersecurity12:51 - Automation and Job Security for SOC Analysts14:20 - Cortex XSOAR: Security Orchestration, Automation, and Response Platform15:46 - Unit 42 MDR Service16:16 - Conclusion

The SolarWinds breach exposed vulnerabilities within DevSecOps practices, sending shockwaves through the tech world. The U.S. Securities and Exchange Commission (SEC) indictment against SolarWinds further emphasised the gravity of the situation, alleging the company misled investors by failing to disclose these vulnerabilities and the subsequent breach adequately. This lack of transparency raises crucial questions about accountability and risk management in the mobile app development landscape, pushing organisations to re-evaluate their DevSecOps practices and prioritise robust security measures throughout the entire development lifecycle.In this episode of the EM360 Podcast, Head of Podcast Production Paulina Rios Maya speaks to Richard Stiennon, Chief Research Analyst at IT-Harvest, and Tom Tovar, CEO and Co-Creator of Appdome, to discuss: The SolarWinds indictment The U.S. SEC 4-day ruleThe impact on DevSecOps practicesBYOD and VPN security The evolving role of cybersecurityBuilding cyber resilience

Guests:Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizoRichard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.Top questions addressed:What is the current status of cybersecurity platforms in the market and how accepted are they by the enterprise?How is data management influencing the security landscape and what role does AI play in its evolution?How successful and realistic are the efforts towards consolidating security capabilities within organizations?What is the current trajectory of mergers, acquisitions, and consolidation in the market?Companies referenced in this conversation:Palo Alto, Cisco, Fortinet, Azure, Symantec, Google, Chrome, Norton LifeLock, AVG, Amazon, Elastic, Splunk, Snowflake, AWS, Cribl___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guests:Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizoRichard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.Top questions addressed:What is the current status of cybersecurity platforms in the market and how accepted are they by the enterprise?How is data management influencing the security landscape and what role does AI play in its evolution?How successful and realistic are the efforts towards consolidating security capabilities within organizations?What is the current trajectory of mergers, acquisitions, and consolidation in the market?Companies referenced in this conversation:Palo Alto, Cisco, Fortinet, Azure, Symantec, Google, Chrome, Norton LifeLock, AVG, Amazon, Elastic, Splunk, Snowflake, AWS, Cribl___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

How will AI impact the next generation of people working with computer science?This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, author of Security Yearbook 2023 and Founder and Chief Research Analyst at IT-Harvest, and High School Junior, Athena Contos. Athena was recently visiting colleges, together with her father Brian Contos, a long-time veteran of the mnemonic security podcast. They both noticed a lot of excitement and concern regarding AI amongst those about to embark on their higher education, and questions about how AI will impact their choices of schools, majors, careers, and ultimately their future.In this episode, Athena and Richard share their perspectives on AI's potential in education, the ethics of using AI in this context, and how we can go from combating the use of AI in the classroom to making it a useful tool for learning.

It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here.   While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems.  For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily.  The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking.  Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform.  Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93  Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone  And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here.   While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems.  For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily.  The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking.  Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform.  Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93  Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone  And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Guest: Richard Stiennon, Research Analyst, Author of Security Yearbook 2023On LinkedIn | https://www.linkedin.com/in/stiennon/Host: Matthew RosenquistOn ITSPmagazine  

Guest: Richard Stiennon, Research Analyst, Author of Security Yearbook 2023On LinkedIn | https://www.linkedin.com/in/stiennon/Host: Matthew RosenquistOn ITSPmagazine  

There are several reports indicating that the gravy train is about to come to a screeching halt in the cybersecurity industry. Fortune 1000 companies are freezing or cutting back on purchasing budgets for tools and services, which will hit the majority of private and start-up companies that have focused on that segment for 10 years. It's not all bad news. 80 percent of the potential market is all blue water, but it comprises small to medium businesses (SMB) that are not cyber-savvy, and are ready to buy... as long as you can explain what you do in their terms, and demonstrate it works. We talked with Richard Stiennon, founder and chief analyst for IT-Harvest, and Grant Wernick, CEO of Fletch that is enjoying remarkable success and growth by serving the smaller customers. While you are listening, drop us a line and we will send you information about how you can sponsor our special edition to be distributed at it-sa365 in Germany this year. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders' trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU's struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don't want to be called regulatory neocolonialists, maybe you shouldn't go around telling former European colonies to change their laws to match Europe's. Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer's (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors' claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site's copyright. We also cover the industry's unfortunately well-founded fear of enabling face recognition and Meta's unusual open-source AI strategy. Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy's more ambitious goals.   Gus gives us a regulatory lawyer's take on the FCC's new cybersecurity label for IoT devices and the EPA's beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction.  Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it's an overreach that will tarnish the prestige and persuasiveness of the guidelines. In quick hits: Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign. Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S.  Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers. Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database Download 469th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders' trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU's struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don't want to be called regulatory neocolonialists, maybe you shouldn't go around telling former European colonies to change their laws to match Europe's. Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer's (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors' claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site's copyright. We also cover the industry's unfortunately well-founded fear of enabling face recognition and Meta's unusual open-source AI strategy. Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy's more ambitious goals.   Gus gives us a regulatory lawyer's take on the FCC's new cybersecurity label for IoT devices and the EPA's beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction.  Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it's an overreach that will tarnish the prestige and persuasiveness of the guidelines. In quick hits: Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign. Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S.  Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers. Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database Download 469th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast features the second half of my interview with Paul Stephan, author of The World Crisis and International Law. But it begins the way many recent episodes have begun, with the latest AI news. And, since it's so squarely in scope for a cyberlaw podcast, we devote some time to the so-appalling- you-have-to-laugh-to keep-from-crying story of the lawyer who relied on ChatGPT to write his brief. As Eugene Volokh noted in his post, the model returned exactly the case law the lawyer wanted—because it made up the cases, the citations, and even the quotes. The lawyer said he had no idea that AI would do such a thing. I cast a skeptical eye on that excuse, since when challenged by the court to produce the cases he relied on, the lawyer turned not to Lexis-Nexis or Westlaw but to ChatGPT, which this time made up eight cases on point. And when the lawyer asked, “Are the other cases you provided fake,” the model denied it. Well, all right then. Who among us has not asked Westlaw, “Are the cases you provided fake?” Somehow, I can't help suspecting that the lawyer's claim to be an innocent victim of ChatGPT is going to get a closer look before this story ends. So if you're wondering whether AI poses existential risk, the answer for at least one lawyer's license is almost certainly “yes.” But the bigger story of the week was the cries from Google and Microsoft leadership for government regulation. Jeffery Atik and Richard Stiennon weigh in. Microsoft's President Brad Smith has, as usual, written a thoughtful policy paper on what AI regulation might look like. And they point out that, as usual, Smith is advocating for a process that Microsoft could master pretty easily. Google's Sundar Pichai also joins the “regulate me” party, but a bit half-heartedly. I argue that the best way to judge Silicon Valley's confidence in the accuracy of AI is by asking when Google and Apple will be willing to use AI to identify photos of gorillas as gorillas. Because if there's anything close to an extinction event for those companies it would be rolling out an AI that once again fails to differentiate between people and apes.  Moving from policy to tech, Richard and I talk about Google's integration of AI into search; I see some glimmer of explainability and accuracy in Google's willingness to provide citations (real ones, I presume) for its answers. And on the same topic, the National Academy of Sciences has posted research suggesting that explainability might not be quite as impossible as researchers once thought. Jeffery takes us through the latest chapters in the U.S.—China decoupling story. China has retaliated, surprisingly weakly, for U.S. moves to cut off high-end chip sales to China. It has banned sales of U.S. - based Micron memory chips to critical infrastructure companies. In the long run, the chip wars may be the disaster that Invidia's CEO foresees. Jeffery and I agree that Invidia has much to fear from a Chinese effort to build a national champion to compete in AI chipmaking. Meanwhile, the Biden administration is building a new model for international agreements in an age of decoupling and industrial policy. Whether its effort to build a China-free IT supply chain will succeed is an open question, but we agree that it marks an end to the old free-trade agreements rejected by both former President Trump and President Biden. China, meanwhile, is overplaying its hand in Africa. Richard notes reports that Chinese hackers attacked the Kenyan government when Kenya looked like it wouldn't be able to repay China's infrastructure loans. As Richard points out, lending money to a friend rarely works out. You are likely to lose both the friend and the money.  Finally, Richard and Jeffery both opine on Irelands imposing—under protest—of a $1.3 billion fine on Facebook for sending data to the United States despite the Court of Justice of the European Union's (CJEU) two Schrems decisions. We agree that the order simply sets a deadline for the U.S. and the EU to close their deal on a third effort to satisfy the CJEU that U.S. law is “adequate” to protect the rights of Europeans. Speaking of which, anyone who's enjoyed my rants about the EU will want to tune in for a June 15 Teleforum in which Max Schrems and I will  debate the latest privacy framework. If we can, we'll release it as a bonus episode of this podcast, but listening live should be even more fun! Download 459th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast features the second half of my interview with Paul Stephan, author of The World Crisis and International Law. But it begins the way many recent episodes have begun, with the latest AI news. And, since it's so squarely in scope for a cyberlaw podcast, we devote some time to the so-appalling- you-have-to-laugh-to keep-from-crying story of the lawyer who relied on ChatGPT to write his brief. As Eugene Volokh noted in his post, the model returned exactly the case law the lawyer wanted—because it made up the cases, the citations, and even the quotes. The lawyer said he had no idea that AI would do such a thing. I cast a skeptical eye on that excuse, since when challenged by the court to produce the cases he relied on, the lawyer turned not to Lexis-Nexis or Westlaw but to ChatGPT, which this time made up eight cases on point. And when the lawyer asked, “Are the other cases you provided fake,” the model denied it. Well, all right then. Who among us has not asked Westlaw, “Are the cases you provided fake?” Somehow, I can't help suspecting that the lawyer's claim to be an innocent victim of ChatGPT is going to get a closer look before this story ends. So if you're wondering whether AI poses existential risk, the answer for at least one lawyer's license is almost certainly “yes.” But the bigger story of the week was the cries from Google and Microsoft leadership for government regulation. Jeffery Atik and Richard Stiennon weigh in. Microsoft's President Brad Smith has, as usual, written a thoughtful policy paper on what AI regulation might look like. And they point out that, as usual, Smith is advocating for a process that Microsoft could master pretty easily. Google's Sundar Pichai also joins the “regulate me” party, but a bit half-heartedly. I argue that the best way to judge Silicon Valley's confidence in the accuracy of AI is by asking when Google and Apple will be willing to use AI to identify photos of gorillas as gorillas. Because if there's anything close to an extinction event for those companies it would be rolling out an AI that once again fails to differentiate between people and apes.  Moving from policy to tech, Richard and I talk about Google's integration of AI into search; I see some glimmer of explainability and accuracy in Google's willingness to provide citations (real ones, I presume) for its answers. And on the same topic, the National Academy of Sciences has posted research suggesting that explainability might not be quite as impossible as researchers once thought. Jeffery takes us through the latest chapters in the U.S.—China decoupling story. China has retaliated, surprisingly weakly, for U.S. moves to cut off high-end chip sales to China. It has banned sales of U.S. - based Micron memory chips to critical infrastructure companies. In the long run, the chip wars may be the disaster that Invidia's CEO foresees. Jeffery and I agree that Invidia has much to fear from a Chinese effort to build a national champion to compete in AI chipmaking. Meanwhile, the Biden administration is building a new model for international agreements in an age of decoupling and industrial policy. Whether its effort to build a China-free IT supply chain will succeed is an open question, but we agree that it marks an end to the old free-trade agreements rejected by both former President Trump and President Biden. China, meanwhile, is overplaying its hand in Africa. Richard notes reports that Chinese hackers attacked the Kenyan government when Kenya looked like it wouldn't be able to repay China's infrastructure loans. As Richard points out, lending money to a friend rarely works out. You are likely to lose both the friend and the money.  Finally, Richard and Jeffery both opine on Irelands imposing—under protest—of a $1.3 billion fine on Facebook for sending data to the United States despite the Court of Justice of the European Union's (CJEU) two Schrems decisions. We agree that the order simply sets a deadline for the U.S. and the EU to close their deal on a third effort to satisfy the CJEU that U.S. law is “adequate” to protect the rights of Europeans. Speaking of which, anyone who's enjoyed my rants about the EU will want to tune in for a June 15 Teleforum in which Max Schrems and I will  debate the latest privacy framework. If we can, we'll release it as a bonus episode of this podcast, but listening live should be even more fun! Download 459th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Varun Badhwar is the CEO of Endor Labs, his third startup. He previously founded CipherCloud and RedLock, which were acquired by Lookout and Palo Alto Networks respectively.After the SolarWinds attack, Varun recognized the vulnerability of open-source software and set out to find a solution. He founded Endor Labs to help developers understand the risks of using open-source software, enabling them to make informed decisions. In this episode, you will learn the following:1. Why Varun sets expectations of his new hire sales team to become certified on both the demo and also the pitch within 2 weeks 2. Varun's brilliant reframing of the SBOM (software bill of materials) concept3. The importance of building a brand and creating content to engage audiencesResources:Varun BadhwarEndor Labs Sponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/research.Other episodes you'll enjoy:Top 8 reasons why great sales people leave5 steps to ramp new sellers when you have no enablement and no timeUnlocking Data Protection with Paul Lewis, CEO of CalamuAction:If you enjoyed this episode, please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally, and it would help grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

In this episode, Maxime Lamothe-Brassard, Co-founder and CEO of LimaCharlie, embarks on a bold mission to revolutionize the cybersecurity industry by creating an "AWS-like" model for cybersecurity tools and infrastructure, juxtaposing the old-school approach that has dominated the industry.In this episode, you will learn the following:1. LimaCharlie's unique approach and who it is for2. How a business model of using what you need now pays off3. Maxime's driver for hiring a CROResources:Maxime Lamothe-BrassardLimaCharlieSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:How to help your prospect understand that you have the solution to their problemWhat I would do differently at the beginning of my sales careerHow to use strategic narrative to engage with prospects with Andy RaskinAction:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Moving from being an employee to founding your first company is a big step for anyone to take. In this episode, Jori VanAntwerp, CEO & Co-Founder at SynSaber, talks about how he did that and more.In this episode, you will learn the following:1. The big impact SynSaber is making in the operations technology space2. The people who guided Jori along the way3. Why his first sales hire was a VPResources:Jori VanAntwerpSynsaberSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:Bob Kruse, CEO and co-founder of Revelstoke Security, on how a sales leader becomes CEO of a cybersecurity companyDan Parelskin, VP WW Sales @ Axis Security on getting the first customers and intentionally creating a sales cultureMike Baker, CRO at Noname, talks about leading a sales team through hyper-growthAction:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Michael Gwynn's career took him from the army, to Johnson and Johnson, to working in cybersecurity. After years of working in cybersecurity, Michael was introduced to the world of startups and IDmelon.After seeing the potential in the company and the product, Michael took a leap of faith and joined the team as their VP of Sales. With their cutting-edge technology and Michael's industry experience, IDmelon is now leading the industry in passwordless authentication and overnight deployment. In this episode, you will learn the following:1. An approach to right-sizing a sales team2. IDmelon's potential and their partner lift from Microsoft3. Why you give prospects dessert first (or do the magic trick before explaining how you did it. Resources:Michael Gwynn LinkedInMichael@idmelon.comIDMelonSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/research.Other episodes you'll enjoy:How to get first meetings using VC programs, CISO networks, resellers & sales networksServe dessert first ... it will make you more successful in B2B salesShould you add more sellers to your sales team?Action:If you enjoyed this episode please could you give a review by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Starting a cybersecurity startup may seem daunting and complex, but with the right team and resources, it can be done. In this episode of the Sales Bluebird podcast, I chat with Liat Hayun, the co-founder and CEO of Eureka Security, about her journey of leaving a secure corporate job to create a successful cloud security startup. In this episode, you will learn the following:The decision to come out of stealth and hire their marketing leader first. Differentiation by protecting data itself as opposed to all the things around it.The learning culture at Eureka. For them, it's all about trying things, experimenting, and thinking about different ways to approach people.Resources:Eureka SecurityLiat HayunAsaf WeissSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:How to use your sales deck effectivelyBrian Gumbel, CRO At Armis Shares His Tips on Scaling Cyber Security Sales Teams3 tips to help your team build 1st meeting connectionsAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you!  If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R.  It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Eric Olden, CEO and co-founder of Strata Identity, joined us to share his journey from building a security software company in a garage, to taking a leap of faith to join Oracle, and then finally founding Strata Identity. Tune in to hear his story and the tips, tricks, and experiences he has learned along the way.In this episode, you will learn the following:1. Why Strata didn't do any outbound in early days; instead honed in on a long-term, thoughtful content strategy approach2. Why you need to hire people willing to do the work3. Why grit is important for founders & early employeesSponsor:This episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchResources:Strata IdentityEric OldenOther episodes you'll enjoy:Why your team may be "losing" prospects and ONE drastic way to stop itOne tip to avoid sounding stupid in conversations with your prospectsOutbound is brokenAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you!  If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Cybersecurity startups do best when their prospects are innovators.  People and companies who are able to buy from and work with startups and less mature technology. But how do you know if your prospects are innovators? This episode covers one way to qualify prospects by just asking a few simple questions.  Here's what I cover:1. Example questions to ask your prospect to determine if they are innovators and able to work with you without wasting time and effort2. Tips on when and how to ask those questions3. Strategies for being upfront with buyers to show you are someone they can trustSponsorThis episode was brought to you by IT-Harvest.With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:6 reasons security leaders buy from startupsDenise Hayman, CRO at Sonrai Security talks journey in cyber security and her biggest learnings Jay Wallace, VP of Worldwide Sales at Rumble, on building a sales teamAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you!  If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R.  It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

This week on Sales Bluebird, we sat down with Ted Miracco, CEO of Approov Mobile Security. Hear what he has to say about the future of mobile security and why his company is so well-positioned to make an impact.In this episode, you will learn the following:1. Why Approov is so well positioned2. Ted's main focus as the new CEO for the next few quarters3. The challenge Approov faces with reaching application developers and getting noticed in a very noisy marketResources:https://approov.io/https://www.linkedin.com/in/tedmiracco/SponsorThis episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:72: Top 8 reasons why great sales people leave71: Why you should hire lines not dots (and what the heck that means!)192: How to transform a boring case study into a compelling storyAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you!  If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R. It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

Telling great stories is a powerful tool to convert more first meetings into second meetings, and more second meetings into demos, and demos into POCs. We are often given case studies and told to “use them with customers”. But how do you do that? How do you turn a case study into a great story?In this episode, I'll walk you through an example of how to take a 4-page case study and turn it into a powerful story you can tell live to a prospect.In this episode, you will learn the following:1. How to tell a compelling customer story in 90 seconds or less2. How to use the hero's journey story structure to create a powerful narrative3. How to transform a case study into a compelling storySponsorThis episode was brought to you by IT-Harvest. With over 3,200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as researching and analyzing categories and subcategories…that's where the IT-Harvest cybersecurity platform comes in.  IT-Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Stiennon who has done it all in cybersecurity. Find out more by going to salesbluebird.com/researchOther episodes you'll enjoy:Chris Beall, CEO at ConnectAndSell, on how to make a great cold call (and he improves mine!)Mike Rogers, CRO at Noetic Cyber, breaks down why Ionic Security was not a financial successSimple framework for value-oriented discoveryAction:You know how every podcast host asks you to rate and review their podcast but doesn't tell you how and where to actually do that?! Well, I've made it easy for you!  If you enjoy the podcast, please could you give a review with this easy-to-use tool by going to Salesbluebird.com/R.  It would mean a lot to me personally and it helps grow the podcast.Connect with me: YouTube: https://www.youtube.com/@salesbluebirdTwitter: https://www.twitter.com/unstoppable_doLinkedIn: https://www.linkedin.com/in/andrewmonaghanSupport the show

In this episode, Mat Newfield, Mitchell Ashley and Alan Shimel are joined by Chenxi Wang and Richard Stiennon for a great discussion on what security technologies are winners and losers with the COVID-19 environment.

Today's guest is Richard Stiennon, Chief Research Analyst at IT-Harvest. In a nod to Clausewitz and Gaddis, this episode is called On Cyber Warfare. In this episode, Richard discusses founding IT-Harvest and his current role there, the transition to data-driven research, the biggest industry shifts and trends, the threat and the current state of cyber warfare, his feelings towards cyber defense, and as always, his toughest lesson learned.

Matthew Lewis, Product Marketing Director at HID Global, and Richard Stiennon, Chief Research Analyst at IT-Harvest,  discuss why authentication is still such an issue. They address the significance of passwords in our daily lives, zero trust strategies, security, and SSO. They dig deep into the drive for usability and user experience. 

It's been a news-heavy week, but we have the most fun in this episode with ChatGPT. Jane Bambauer, Richard Stiennon, and I pick over the astonishing number of use cases and misuse cases disclosed by the release of ChatGPT for public access. It is talented—writing dozens of term papers in seconds. It is sociopathic—the term papers are full of falsehoods, down to the made-up citations to plausible but nonexistent New York Times stories. And it has too many lawyers—Richard's request that it provide his bio (or even Einstein's) was refused on what are almost certainly data protection grounds. Luckily, either ChatGPT or its lawyers are also bone stupid, since reframing the question fools the machine into subverting the legal and PC limits it labors under. I speculate that it beat Google to a public relations triumph precisely because Google had even more lawyers telling their artificial intelligence what not to say. In a surprisingly under covered story, Apple has gone all in on child pornography. Its phone encryption already makes the iPhone a safe place to record child sexual abuse material (CSAM); now Apple will encrypt users' cloud storage with keys it cannot access, allowing customers to upload CSAM without fear of law enforcement. And it has abandoned its effort to identify such material by doing phone-based screening. All that's left of its effort is a weak option that allows parents to force their kids to activate an option that prevents them from sending or receiving nude photos. Jane and I dig into the story, as well as Apple's questionable claim to be offering the same encryption to its Chinese customers. Nate Jones brings us up to date on the National Defense Authorization Act, or NDAA. Lots of second-tier cyber provisions made it into the bill, but not the provision requiring that critical infrastructure companies report security breaches. A contested provision on spyware purchases by the U.S. government was compromised into a useful requirement that the intelligence community identify spyware that poses risks to the government. Jane updates us on what European data protectionists have in store for Meta, and it's not pretty. The EU data protection supervisory board intends to tell the Meta companies that they cannot give people a free social media network in exchange for watching what they do on the network and serving ads based on their behavior. If so, it's a one-two punch. Apple delivered the first blow by curtailing Meta's access to third-party behavioral data. Now even first-party data could be off limits in Europe. That's a big revenue hit, and it raises questions whether Facebook will want to keep giving away its services in Europe.   Mike Masnick is Glenn Greenwald with a tech bent—often wrong but never in doubt, and contemptuous of anyone who disagrees. But when he is right, he is right. Jane and I discuss his article recognizing that data protection is becoming a tool that the rich and powerful can use to squash annoying journalist-investigators. I have been saying this for decades. But still, welcome to the party, Mike! Nate points to a plea for more controls on the export of personal data from the U.S. It comes not from the usual privacy enthusiasts but from the U.S. Naval Institute, and it makes sense. It was a bad week for Europe on the Cyberlaw Podcast. Jane and I take time to marvel at the story of France's Mr. Privacy and the endless appetite of Europe's bureaucrats for his serial grifting. Nate and I cover what could be a good resolution to the snake-bitten cloud contract process at the Department of Defense. The Pentagon is going to let four cloud companies—Google, Amazon, Oracle And Microsoft—share the prize. You did not think we would forget Twitter, did you? Jane, Richard, and I all comment on the Twitter Files. Consensus: the journalists claiming these stories are nothingburgers are more driven by ideology than news. Especially newsworthy are the remarkable proliferation of shadowbanning tools Twitter developed for suppressing speech it didn't like, and some considerable though anecdotal evidence that the many speech rules at the company were twisted to suppress speech from the right, even when the rules did not quite fit, as with LibsofTikTok, while similar behavior on the left went unpunished. Richard tells us what it feels like to be on the receiving end of a Twitter shadowban.  The podcast introduces a new feature: “We Read It So You Don't Have To,” and Nate provides the tl;dr on an New York Times story: How the Global Spyware Industry Spiraled Out of Control. And in quick hits and updates: Jane covers the San Francisco city council's reversion to the mean. On second thought, it will not be letting killer police robots out on San Francisco's streets. Nate tells us that the Netherlands (and Japan, I might add) is likely to align with the U.S. and impose new curbs on chip-making equipment sales to China.

It's been a news-heavy week, but we have the most fun in this episode with ChatGPT. Jane Bambauer, Richard Stiennon, and I pick over the astonishing number of use cases and misuse cases disclosed by the release of ChatGPT for public access. It is talented—writing dozens of term papers in seconds. It is sociopathic—the term papers are full of falsehoods, down to the made-up citations to plausible but nonexistent New York Times stories. And it has too many lawyers—Richard's request that it provide his bio (or even Einstein's) was refused on what are almost certainly data protection grounds. Luckily, either ChatGPT or its lawyers are also bone stupid, since reframing the question fools the machine into subverting the legal and PC limits it labors under. I speculate that it beat Google to a public relations triumph precisely because Google had even more lawyers telling their artificial intelligence what not to say. In a surprisingly under covered story, Apple has gone all in on child pornography. Its phone encryption already makes the iPhone a safe place to record child sexual abuse material (CSAM); now Apple will encrypt users' cloud storage with keys it cannot access, allowing customers to upload CSAM without fear of law enforcement. And it has abandoned its effort to identify such material by doing phone-based screening. All that's left of its effort is a weak option that allows parents to force their kids to activate an option that prevents them from sending or receiving nude photos. Jane and I dig into the story, as well as Apple's questionable claim to be offering the same encryption to its Chinese customers. Nate Jones brings us up to date on the National Defense Authorization Act, or NDAA. Lots of second-tier cyber provisions made it into the bill, but not the provision requiring that critical infrastructure companies report security breaches. A contested provision on spyware purchases by the U.S. government was compromised into a useful requirement that the intelligence community identify spyware that poses risks to the government. Jane updates us on what European data protectionists have in store for Meta, and it's not pretty. The EU data protection supervisory board intends to tell the Meta companies that they cannot give people a free social media network in exchange for watching what they do on the network and serving ads based on their behavior. If so, it's a one-two punch. Apple delivered the first blow by curtailing Meta's access to third-party behavioral data. Now even first-party data could be off limits in Europe. That's a big revenue hit, and it raises questions whether Facebook will want to keep giving away its services in Europe.   Mike Masnick is Glenn Greenwald with a tech bent—often wrong but never in doubt, and contemptuous of anyone who disagrees. But when he is right, he is right. Jane and I discuss his article recognizing that data protection is becoming a tool that the rich and powerful can use to squash annoying journalist-investigators. I have been saying this for decades. But still, welcome to the party, Mike! Nate points to a plea for more controls on the export of personal data from the U.S. It comes not from the usual privacy enthusiasts but from the U.S. Naval Institute, and it makes sense. It was a bad week for Europe on the Cyberlaw Podcast. Jane and I take time to marvel at the story of France's Mr. Privacy and the endless appetite of Europe's bureaucrats for his serial grifting. Nate and I cover what could be a good resolution to the snake-bitten cloud contract process at the Department of Defense. The Pentagon is going to let four cloud companies—Google, Amazon, Oracle And Microsoft—share the prize. You did not think we would forget Twitter, did you? Jane, Richard, and I all comment on the Twitter Files. Consensus: the journalists claiming these stories are nothingburgers are more driven by ideology than news. Especially newsworthy are the remarkable proliferation of shadowbanning tools Twitter developed for suppressing speech it didn't like, and some considerable though anecdotal evidence that the many speech rules at the company were twisted to suppress speech from the right, even when the rules did not quite fit, as with LibsofTikTok, while similar behavior on the left went unpunished. Richard tells us what it feels like to be on the receiving end of a Twitter shadowban.  The podcast introduces a new feature: “We Read It So You Don't Have To,” and Nate provides the tl;dr on an New York Times story: How the Global Spyware Industry Spiraled Out of Control. And in quick hits and updates: Jane covers the San Francisco city council's reversion to the mean. On second thought, it will not be letting killer police robots out on San Francisco's streets. Nate tells us that the Netherlands (and Japan, I might add) is likely to align with the U.S. and impose new curbs on chip-making equipment sales to China.

Richard Stiennon, Chief Research Analyst for IT-Harvest, joins us for The Return: Episode 2. Author of the recent Security Yearbook 2022, Richard started his career before cyber was cyber, a story he originally shared with Brian on a walk along some train tracks. How does a guy go from an ISP start-up to Gartner to IT-Harvest and being a bestselling author?Richard started IT-Harvest to literally harvest data, and that's resulted in his latest project, an app for data obsessives called the Analyst Dashboard. He talks about what it took to get there and some surprising results he's discovered from the tool.The cybersecurity space, he's found, has focused and refocused and reframed and refocused again. Now, it's apparent globally that cybercriminals and nation-states are looking at IoT as the new frontline. When new technologies come up, they're developed with no thought to security, says Richard. Now we're reaping what was sown. Let's get into Things on the IoT Security Podcast!Follow Richard Stiennon on all his platforms: https://www.linkedin.com/in/stiennonhttps://stiennon.substack.comhttps://twitter.com/stiennonhttps://www.it-harvest.comFollow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Nikki: With your latest book, the Security Yearbook for 2022 ,this is the third iteration of the series right? It started in 2020 and has only grown since then. Can you talk a little bit about why you started this annual compilation of research? Nikki: For any other security practitioners or anyone in the field who's interested in writing a book or putting together a comprehensive manuscript or research, do you have any tips or advice for them to get started?Chris: Can you tell us about your endeavors with IT-Harvest and your IT industry research, what is it and how did you get started?Chris: I know you serve in various advisory roles. How does your industry research help inform your advisory perspective?Chris: Based on your current IT industry research what are some of the most alarming or interesting trends around vendors, investors and M&A you see currently? Nikki: What is one of the most surprising statistics that you've uncovered year after year? I know one that continues to surprise me is just how prevalent and SUCCESSFUL phishing attacks are. What about you? Nikki: What are your top recommendations, based on your research, for security practitioners and business owners to be aware of and focus on when it comes to risk mitigation?Chris: Looking at the current IT industry and trends, what is one prediction you have for some of the most significant changes we can expect in say 3-5 years?

David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China's semiconductor industry—and its Western suppliers. The reverberations of the administration's new measures will be felt for years, and the Chinese government's response, not to mention the ultimate consequences, remains uncertain. Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding.  Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google's acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company.  David walks us through the new White House national security strategy—and puts it in historical context.  Mark and I cross swords over PayPal's determination to take my money for saying things Paypal doesn't like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they're already subject to extensive government regulation.   Richard and I dive into the market for identity security. It's hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio.   In updates and quick hits: The Texas social media law is on hold again, but do not get excited. It is a  voluntary deal designed to speed Supreme Court consideration of a review petition.  Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia. After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand.  And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.

David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China's semiconductor industry—and its Western suppliers. The reverberations of the administration's new measures will be felt for years, and the Chinese government's response, not to mention the ultimate consequences, remains uncertain. Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding.  Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google's acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company.  David walks us through the new White House national security strategy—and puts it in historical context.  Mark and I cross swords over PayPal's determination to take my money for saying things Paypal doesn't like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they're already subject to extensive government regulation.   Richard and I dive into the market for identity security. It's hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio.   In updates and quick hits: The Texas social media law is on hold again, but do not get excited. It is a  voluntary deal designed to speed Supreme Court consideration of a review petition.  Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia. After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand.  And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.

A software supply chain attack is when someone infiltrates your system by attacking a third-party provider or partner with access to your data.  Recent high-profile supply chain attacks, most notably SolarWinds, has this type of attack into the public eye, and it's clear that with more suppliers handling sensitive data than ever before, the attack surface of a typical enterprise has been changed dramatically.  In this episode of the EM360 Podcast, Analyst https://em360tech.com/user/3627 (Richard Stiennon) speaks to https://www.linkedin.com/in/suresh-bhandarkar-36277895/ (Suresh Bhandarkar), Director of Product Solution Architecture at https://em360tech.com/solution-providers/beyond-identity (Beyond Identity), to discuss: Software supply chain attacks Weaknesses in the CI/CD pipeline The issue of software code provenance Beyond Identity cuts through the anonymity of to provide a secure, scalable way for development and GitOps teams to immutably sign and verify the author of every commit. Their author verification API in proves that what you've shipped is what your developers actually built—and that nothing else got added.

Identity Governance and Administration (IGA) systems are a fundamental part of an enterprises identity and access management strategy.  For companies that need functionalities like role-based access and automated approval, IGA systems can be essential in ensuring that the right people are getting access to the right things.  Sounds easy enough, but issues with adoption, sponsorship and employee access speak to the fact that plenty of things can derail a deployment.  In this episode of the EM360 Podcast, Analyst https://em360tech.com/user/3627 (Richard Stiennon) speaks to https://www.linkedin.com/in/rodlsimmons/ (Rod Simmons), VP of Product Strategy at https://em360tech.com/tech-index/omada (Omada), about: Automating already broken processes Disconnect between IGA goals and business goals Testing, testing, testing

Richard shares the knowledge he has amassed over his long career on how to research the entire cybersecurity industry. He tells us about his journey from a pentester to an industry analyst. He has started over 24 companies over that time. Richard talks about the process he has developed over 17 years to sort through all the data. Most people struggle sorting through the incoming flood of data. He starts by finding and classifying all the vendors. He goes into major categories like zero trust and machine learning, but have to dig deeper to see what the vendors actually do. He breaks them down into 17 major buckets. Clarifying the vendors through the cycle is the challenge. He has over 9k he has researched. It is a continuous process since some just disappear. If there are 3,000 out there, he has easily looked at 8,000 possible vendors. It takes 5 minutes or more to vet a vendor. You can do the math and see how that adds up. It gives you dynamic data to make decisions and act off of. The fastest growing in API security over the last 18 months. Fraud prevention is the slowest, actually shrinking over the last year.   Connect with Richard: https://www.linkedin.com/in/stiennon/ Visit IT-Harvest: https://it-harvest.com/shop/   Visit Short Arms website: https://www.shortarmsolutions.com/    You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions  YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured  Twitter: https://twitter.com/ShortArmSAS

Richard shares the knowledge he has amassed over his long career on how to research the entire cybersecurity industry. He tells us about his journey from a pentester to an industry analyst. He has started over 24 companies over that time. Richard talks about the process he has developed over 17 years to sort through all the data. Most people struggle sorting through the incoming flood of data. He starts by finding and classifying all the vendors. He goes into major categories like zero trust and machine learning, but have to dig deeper to see what the vendors actually do. He breaks them down into 17 major buckets. Clarifying the vendors through the cycle is the challenge. He has over 9k he has researched. It is a continuous process since some just disappear. If there are 3,000 out there, he has easily looked at 8,000 possible vendors. It takes 5 minutes or more to vet a vendor. You can do the math and see how that adds up. It gives you dynamic data to make decisions and act off of. The fastest growing in API security over the last 18 months. Fraud prevention is the slowest, actually shrinking over the last year.   Connect with Richard: https://www.linkedin.com/in/stiennon/ Visit IT-Harvest: https://it-harvest.com/shop/   Visit Short Arms website: https://www.shortarmsolutions.com/    You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions  YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured  Twitter: https://twitter.com/ShortArmSAS

It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Richard Stiennon!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS

It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Tracy Z. Maleeff!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS

It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Richard Stiennon!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS

It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guest Tracy Z. Maleeff!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS

It's Hacker Summer Camp time! Thank you for joining this live stream during Black Hat and DEF CON with guests Chloé Messdaghi and Nick Misner!Watch the live stream video on our Black Hat and DEF CON coverage page: https://www.itspm.ag/bhdc22Follow our social media as everything will be streamed live as it is. No editing, no script, and most of all … no BS

Authentication is the art of determining whether something is what it says it is. Passwords provide a great way for customers and consumers to access their personal information but when it comes to the enterprise, newer concepts like two-factor authentication (2FA) and zero trust network access (ZTNA) may be required.  It's been part of computing since its inception two decades ago - yet IT teams and businesses are still putting a lot of time into it. So why is authentication still such an issue?In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to https://www.linkedin.com/in/matthewlewis33/ (Matthew Lewis), Director of Product Marketing at https://em360tech.com/solution-providers/hid-global (HID Global), to explore: How the work from home movement impacted employee authentication “Passwordless” vs client-side certificates Adaptive authentication

TechSpective Podcast Episode 094   There are nearly 3,000 cybersecurity companies out there–and you can find them all in the Security Yearbook 2022. This is the third annual release of the Security Yearbook by research analyst and author Richard Stiennon. … Richard Stiennon Talks about Security Yearbook 2022 Read More » The post Richard Stiennon Talks about Security Yearbook 2022 appeared first on TechSpective.

The Nature of Cybersecurity is undergoing rapid evolution. Cyber attacks are becoming more violent - and sophisticated. Big developments in tech over the last few years have led to some of the most shocking ransomware incidents. In this episode of the EM360 podcast, Chief Research Analyst at https://it-harvest.com/ (IT-Harvest), https://www.linkedin.com/in/stiennon/ (Richard Stiennon) speaks to https://www.linkedin.com/in/mmmpp/?originalSubdomain=uk (Mariana Periera), Director of Email Security Products at https://www.darktrace.com/en/ (Darktrace), to explore: How businesses can come back stronger following a threat The email supply chain and how attackers are using legitimate credentials to attack Core capabilities and the importance of augmenting with AI The true changing nature of cybersecurity

Cyber risk intelligence is critical for businesses that operate in the digital world. It is the collection, evaluation, and analysis of cyber threat information by those with access to all-source information. Like other areas of important business intelligence, cyber threat intelligence is qualitative information put into action to help develop security strategies and aid in identifying threats and opportunities. In this episode of the EM360 podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Caitlin Gruenberg Director, Risk Solutions Engineer at CyberGRX as the pair explore: Third-party cyber risk management vs self-assessments Cyber risk intelligence in the wake of huge, high-profile breaches The meaning of a true risk exchange

CIAM enables organisations to securely capture and manage customer identity and profile data, as well as control customer access to certain applications and services. Usually providing a variety of features including customer registration, self-service account management, and 2FA/MFA, the best CIAM solutions ensure a secure and seamless customer experience. But how can enterprises hit a balance between security and customer friction? In the first of two EM360 analyst podcasts with Beyond Identity, Chief Research Analyst at IT-Harvest, Richard Stiennon speaks to Jing Gu, Senior Product Marketing Manager, about the role CIAMs play when it comes to managing end-user activities.

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory  this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor's health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory  this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor's health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?

Special guest Richard Stiennon, research analyst and author of Security Yearbook 2021, joins Shahin and Doug to discuss the state of advanced cyberwarfare involving AI and supercomputing, and its potential role in the war in Ukraine. [audio mp3="http://orionx.net/wp-content/uploads/2022/02/014@HPCpodcast_CyberWarfare-HPC-AI_20220227.mp3"][/audio] The post @HPCpodcast-14: Cyberwarfare in the Age of AI and HPC appeared first on OrionX.net.

Congratulations to Zero Networks for their recognition in the 2021 #CISOChoiceAwards. In this interview, leading analyst Richard Stiennon talks with Benny Lakunishok, Co-Founder and CEO of #ZeroNetworks, to discuss their Access Orchestrator which was recognized in the #NetworkSecurity Technology Category. Zero Networks' #AccessOrchestrator uses #microsegmentation to protect all servers and devices within a network with agentless and automated self-service.

Congratulations to Lynx Technology Partners for their win in the 2021 #CISOChoiceAwards for their Governance, Risk and Compliance offering. In this interview, leading analyst, Richard Stiennon talks with Franklin Donahoe, CEO of Lynx Technology Partners, about their #GRC solutions including Lynx 360 Security which enables proactive security through integration, visibility and communication. If you are a #CISO and would like access to more value-added content, request a complimentary membership to #CISOsConnect today: https://CISOsConnect.com

Congratulations to Armorblox for their win in the 2021 CISO Choice Visionary Award for their Email Protection solution. In this interview, leading analyst Richard Stiennon talks with Brian Johnson, CSO of Armorblox, about their vision and their differentiated email solutions which helps to protect companies against threat actors trying to infiltrate through phishing and other targeted attacks. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to Axonius for their recognition in the 2021 CISO Choice Awards in the Partner in Success category. In this interview, leading analyst Richard Stiennon talks with Chris Cochran, Creative Director and Cybersecurity Advocate for Axonius, about their differentiated approach to working with the CISOs to ensure speedy alert triage and incident response. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to Black Kite for their win in the 2021 CISO Choice Awards for their Risk Management solution. In this interview, leading analyst Richard Stiennon talks with Paul Paget, CEO of Black Kite, about Black Kite's Cyber Rating System solution, which was lauded by the CISOs for helping organizations protect themselves against continuous threats from third parties. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to RackTop Systems for their recognition in the 2021 CISO Choice Awards. In this interview, leading analyst Richard Stiennon talks with Jonathan Halstuch, CTO and Co-Founder of RackTop Systems, to discuss their BrickStor SP solution which was recognized in the Data Security category. BrickStor SP helps to protect data from malicious actors and potential ransomware attacks through integrated UEBA and SOAR technologies. Stay tuned for more interviews from the CISO Choice Awards and for more value-added professional development and technology content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to Stacklet for their recognition in the 2021 CISO Choice Awards for their Governance, Risk and Compliance Technology. In this interview, leading analyst Richard Stiennon talks with Travis Stanfield, CEO and Co-Founder of Stacklet, about the Stacklet Platform which is founded on the idea of cloud governance as code. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to the Telos Corporation for their recognition in the 2021 CISO Choice Awards for their Cloud Security Solution. In this interview, leading analyst Richard Stiennon talks with Tom Badders, a Senior Product Manager for the Telos Corporation, about the Telos Ghost solution which is a virtual-based obfuscation network that works to ensure a totally secure online cloud environment. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to Salt Security for their win in the 2021 CISO Choice Awards in the Application Security category. In this interview, leading analyst Richard Stiennon talks with Roey Eliyahu, CEO of Salt Security, about Salt's API Protection Platform which is lauded by the CISOs for helping to protect organizations and their assets in an increasingly digitized information world. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Congratulations to deepwatch for their win in the 2021 CISO Choice Awards for their MSSP offering. In this interview, leading analyst, Richard Stiennon talks with Tim West, Field CTO for deepwatch, about their Managed Detection and Response which is embraced by the CISOs for its differentiated approach to secure their organizations with an “always-on” security team to combat ongoing threats. Stay tuned for more interviews from the CISO Choice Awards and for more value-added content, request complimentary access to CISOs Connect today: https://CISOsConnect.com

Richard Stiennon (the OG Curmudgeon) and I discuss investments and market dynamics in cybersecurity. He provides his views on a variety of topics and breaks down how he sees the market through his lens and vast experience. Check out his books and his insights on this space every chance you get!

Security Yearbook creator Richard Stiennon joins today's podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It's not necessarily with the big firms! – Save 50% on your copy of the Security Yearbook with code "infoseclive": https://it-harvest.com/shop– Join the monthly challenge: https://www.infosecinstitute.com/challenge – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Infosec Skills Monthly Challenge0:50 - Intro 2:50 - How Richard got started in cybersecurity7:22 - Penetration testing in the ‘90s10:17 - Working as a research analyst14:39 - How the cyberwar landscape is changing19:33 - Skills needed as a cybersecurity researcher20:30 - Launching the Security Yearbook27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history30:48 - How do cybersecurity investors see the industry34:08 - Impact of COVID-19 and work from home35:50 - Using the Security Yearbook to guide your career40:38 - How cybersecurity careers are changing43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst48:20 - Plans for Security Yearbook 202250:20 - Learn more about Richard Stiennon51:09 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A true historian, and ex-Gartner VP, Richard is to Cyber Security what Herodotus was to the Ancient Greeks & Romans – researching, writing, and commenting on security since '95. Experience helps him to separate buzzwords from business value, so we were delighted to chat with him about all manner of topics, including how his working life has changed during Covid, what he feels are the key Cyber innovations, and where he sees the future of the market.

TechSpective Podcast Episode 059 If you have worked in or near cybersecurity in the last 20 years or so, there’s a good chance you’re familiar with Richard Stiennon. Richard is a former Gartner analyst who has established himself as a leading independent analyst–as well as an author and speaker in the field. His breadth of [...] The post Richard Stiennon Talks about Security Yearbook 2021 and Getting Through the Pandemic appeared first on TechSpective.

Richard Stiennon is the chief research analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,600+ vendors in the IT security industry. He has held leadership positions at PricewaterhouseCoopers, Webroot and Fortinet. Previously, he was a research VP at Gartner for their IT Security Research Practice and held CMO and CSO roles.

The future of any industry is built upon the foundation of its past. Cybersecurity and where it is today is no different. This week's guest is as much a historian as he is an evangelist for the future of security, Richard Stiennon. Richard's book, Security Yearbook 2020, is the first complete history of the development of IT security solutions. It focuses is on the pioneers in the space and the companies that arose from their efforts. Security Yearbook shares stories from these pioneers, presented in their own voice while the overall story of the space is recounted as it grew from modest beginnings to a $100 billion+ industry with over 2,200 companies. Give this week's episode a listen to hear about: The Russian mafia in Michigan Security Year Book Tales as the second Gartner network security analyst Lessons learned from interacting with cloud security organizations Security alert insanity and how SOCs have evolved A writers dream cabin, built into his garage This week's guest: Author, Analyst, and Cyber Thought Leader Richard Stiennon Host: Thomas Bain, VP of Marketing at Cyware Producer: Elliot Volkman, Editorial Lead at Cyware

    “It's just a straight sequence, which is mind-numbing to me… This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you're first learning how web servers work. I wouldn't even call it a rookie mistake because, as a professional, you would never write something like this."  -- Kenneth White, codirector of the Open Crypto Audit Project     On this episode of InSecurity, Matt Stephenson sits down with Richard Stiennon for a chat about a LOT of things. He has a new book coming, dropped TWO books in 2020 and we find time to take a look at recent security events unfolding around social media site Parler and the cyber attack on the US Government. Could these events have been prevented with a better approach? The Parler breach was ludicrously simple. The Solarwinds event was infinitely more complicated, but would a CI/CD approach have made a difference? Find out what an industry expert thinks…     About Curmudgeon: How to Succeed as an Industry Analyst     Curmudgeon is the first (and only) book on how to become and excel as an industry analyst. It is written by a 20 year veteran of the business, the author of UP and to the RIGHT: Strategy and tactics of Analyst Influence. In addition to Stiennon's first hand experience at Gartner, then as an independent analyst covering the cybersecurity industry, there are contributions from analysts such as Tom Austin, Bob Hafner, Jon Oltsik, and others. If you have ever considered becoming an analyst this is the book you should read. If you interact with analysts you should read Curmudgeon to inform your understanding of the analyst life.     About Security Yearbook 2021     Security Yearbook 2021 is the second edition of an annual publication that records the history of the IT Security industry and provides a complete catalog of all the vendors. Thousands of copies will be in the hands of media, analysts, and most importantly, security technology buyers.  The industry directory is updated to reflect the changes to the vendorscape in 2020 including M&A, launches, and new funding. Over 3,000 vendors are listed by country and category. Each entry includes the number of employees and growth from the previous year. Security Yearbook 2021 is the only place this data is published. Security Yearbook is an indispensable desk reference for IT security practitioners, marketers, CISOs, and investors.     About Richard Stiennon     Richard Stiennon (@stiennon) is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 29 countries on six continents.   Richard is the author of Secure Cloud Transformation: The CIO'S Journey, Surviving Cyberwar and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes and The Analyst Syndicate.   In previous lives, he was Chief Strategy Officer for Blancco Technology Group, Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc.   Richard has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London     About Matt Stephenson       Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts me in front of crowds, cameras, and microphones all over the world. I am the regular host of the InSecurity podcast and video series at events around the globe.   I have spent the last 10 years in the world of Data Protection and Cybersecurity. Since 2016, I have been with Cylance (now BlackBerry) extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to network security, can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty they weren't there for us, but you never know...   Every week on the InSecurity Podcast, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   InSecurity is about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...   Can’t get enough of Insecurity? You can find us at Spotify, Apple Podcasts and ThreatVector as well as GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Chief Research Analyst and author Richard Stiennon joins the podcast again to discuss his new book, Security Yearbook 2020, in which he characterizes the modern evolving cyber security vendor and the market today.

Chief Research Analyst and author Richard Stiennon joins the podcast again to discuss his new book, Security Yearbook 2020, in which he characterizes the modern evolving cyber security vendor and the market today.

Richard Stiennon, Chief Research Analyst with IT-Harvest and industry executive, joins the podcast. Richard gives insight on some of the bigger and most known data attacks in reference to what we are learning for future avoidance. What are some of the security lessons that we’ve learned from these attacks? On both the supplier side as well as the consumer side. Are current verification methods sufficient to assure security from attacks? Scott dives into Richard’s recent publishings including the Forbes article “There is No Cloud Security Segment” and his book the Security Yearbook 2020 John asks Richard about automating security in the Cloud. What if there was a completely engineered security environment that handled security in an automated way? We discuss “What is true cloud security” and how can companies move this security to the cloud. Richard gives insight into what needs to happen next to see larger security models fully deployed in the cloud. Richard shares thoughts on the overlap of so many security vendors. Are they doing the same thing or is there something different?

A major breach captures world attention. Then there's ransomware, the effects of Covid-19, the emergence of SASE, and a whole lot of other IT security impacts. In this episode, analyst and author Richard Stiennon explores these topics with Ken Presti in advance of Stiennon's upcoming release, "The Security Yearbook 2021."

Richard Stiennon, leading author and analyst, speaks with Mark Rasch, well-known attorney, on the charges against Joe Sullivan, former Uber CSO. With more than 30 years of experience in cybersecurity and data privacy – including within the U.S. Department of Justice, where he created the DOJ Computer Crime Unit and Cyber-Forensics practice, Mark discusses the implications and what it could mean for CSOs and CISOs.

Richard joins us to discuss what cyber war looks like and how we can prepare for the proverbial "Digital Pearl Harbor". For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e74

When I read Richard Stiennon's latest article in Forbes, The Demise of Symantec, I thought it was absolutely fascinating. Richard walks through the process of what happened at Symantec, how it was an acquisition engine for so many years, and now how it's started to decline. I got in touch with Richard and told him I'd like to have him read his article for the podcast, and he responded right away. What you'll hear in this episode is Richard talking about and reading from his article, The Demise of Symantec. Resources for this podcast: The Demise of Symantec, Forbes Online https://www.forbes.com/sites/richardstiennon/2020/03/16/the-demise-of-symantec/#6522117b5fc7 Security Yearbook 2020 https://www.security-yearbook.com/

Hmm, wonder what topic Matt, Rich, and guest host Mike Semel, of Semel Consulting, will talk about this week. Surprise! It’s the Coronavirus outbreak, and the challenges of coping with remote work generally and security specifically these days, a subject they get into in detail with interview guest Richard Stiennon, of security consultancy IT-Harvest. They also discuss the pros and cons of rotating passwords, getting your business right for a sale, and Kaseya Compliance Manager’s new no-wait cyber insurance integration. Hat tip on that last story to Ned Ryerson! Remember folks, if you have cyber insurance, you could always use a little more. Am I right or am I right? Subscribe to ChannelPro Weekly! ​​​​​​​​​​ ​​​​​​​ ​​​​​​​​​​ Look for us in your favorite podcast app. If you don't see us (yet) then you can subscribe via RSS in almost any podcast app using this link: http://www.channelpronetwork.com/rss/cpw Show Information: Episode #: 138Title: Needle Nose NedDuration: 1:41:04File size: 46.8MBRegulars: Rich Freeman - Executive Editor, Matt Whitlock - Technology EditorGuest Host: Mike Semel, CEO of Semel Consulting Video of ChannelPro Weekly #138 - Needle Nose Ned Topics and Related Links Mentioned:  In the Age of COVID-19, Paul Nebb is an “IT First Responder” Tekie Geek Taking a Proactive Approach to COVID-19 for Customers Kaseya Adds No-Wait Cyber Insurance to Compliance Manager Letting Password Expirations Expire M&A the Right Way, Part 1: Your Pre-Sale Checklist Richard Stiennon's Security Yearbook 2020 Rich's ICYMI plug and quickie preview of the week ahead 

Hmm, wonder what topic Matt, Rich, and guest host Mike Semel, of Semel Consulting, will talk about this week. Surprise! It’s the Coronavirus outbreak, and the challenges of coping with remote work generally and security specifically these days, a subject they get into in detail with interview guest Richard Stiennon, of security consultancy IT-Harvest. They also discuss the pros and cons of rotating passwords, getting your business right for a sale, and Kaseya Compliance Manager’s new no-wait cyber insurance integration. Hat tip on that last story to Ned Ryerson! Remember folks, if you have cyber insurance, you could always use a little more. Am I right or am I right? Subscribe to ChannelPro Weekly! Topics and Related Links Mentioned:  In the Age of COVID-19, Paul Nebb is an “IT First Responder” Tekie Geek Taking a Proactive Approach to COVID-19 for Customers Kaseya Adds No-Wait Cyber Insurance to Compliance Manager Letting Password Expirations Expire M&A the Right Way, Part 1: Your Pre-Sale Checklist Richard Stiennon's Security Yearbook 2020 Rich's ICYMI plug and quickie preview of the week ahead 

Richard shares what he thinks a successful SASE architecture looks like and why it will lead us to secure Cloud. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e69

Bill and Greg interview Richard Stiennon, who discusses his new book Security Yearbook 2020 and how it is a survey and history of the industry. We discuss that how non-security CEOs fare in the security market, and why non-security companies don't lead in security. And how awesome/nasty an "I Told You So, Security Edition" book would be, how small the cybersecurity industry is, and our favorite security leaders.His book is available here: https://www.amazon.com/dp/1945254041/ref=cm_sw_em_r_mt_dp_U_VwxxEb5J3J4CW We don't have one of those cool discount codes, but you can say "REALCYBERSECURITY" out loud when you order it and feel better.

Richard Stiennon: Security Yearbook 2020     Security Yearbook 2020 is the story of the people, companies, and events that comprise the history of of the IT security industry. In this inaugural edition, author Richard Stiennon digs into the early history of Symantec, Network Associates, BorderWare, Check Point Software. These iconic names and dozens of other companies contributed to the growth of an industry now is comprised of over 2,000 vendors of security products.  In addition to the history there are stories from industry pioneers such as Gil Shwed CEO and founder of Check Point Software; Chris Blask Co-inventor of Borderware Firewall and Sandra Toms Chief Organizer of the RSA Conference. The directory lists all the vendors alphabetically, by country, and by category, making an invaluable desk reference for students, practitioners, researchers, and investors.   For the first time ever, a complete history of the development of IT security solutions is presented in one place. The focus is on the pioneers in the space and the companies that arose from their efforts. Individual stories from these pioneers are presented in their own voice while the overall story of the space is recounted as it grew from modest beginnings to a $100 billion+ industry with over 2,200 companies.   This week on InSecurity, Matt welcomes Richard Stiennon back to the show. Already a legend in cybersecurity, Richard poured his knowledge and skill into creating the Security Yearbook 2020. Is this THE definitive guide to the ever-evolving and growing Cybsecurity world? Tune in and find out!   If you are coming to the RSA Conference in San Francisco at the end of the month you can find copies all over. Check out Where to Find Stiennon at RSAC 202.   About Richard Stiennon     Richard Stiennon (@stiennon & @cyberwar)played his own part in the IT security industry starting in 1995 at Netrex, one of the first MSSPs. He was a Manager of Technical Risk Services at PricewaterhouseCoopers before being drafted into Gartner in 2000 to cover the network security industry.   He left Gartner in 2004 to join Webroot Software as VP of Threat Research. He has also had roles as Chief Marketing Officer at Fortinet, and Chief Strategy Officer at data erasure company, Blancco Technology Group.   Richard is the author of four books, including Secure Cloud Transformation: The CIO's Journey. He is an aerospace engineer (University of Michigan '82) turned historian (King's College, London, 2014)   About Matt Stephenson     Insecurity Podcast host Matt Stephenson (@packmatt73) leads the broadcast media team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe.   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Richard Stiennon, serial author, industry expert, and Chief Research Analyst at IT-Harvest, recaps the short timeline of quality assurance in manufacturing and argues for the same approach it to cybersecurity as a core function of the business. Do investors and CISOs aligning their digital strategies accordingly and where exactly does ownership lie if, and when, the unexpected happens?

Richard Stiennon, serial author, industry expert, and Chief Research Analyst at IT-Harvest, recaps the short timeline of quality assurance in manufacturing and argues for the same approach it to cybersecurity as a core function of the business. Do investors and CISOs aligning their digital strategies accordingly and where exactly does ownership lie if, and when, the unexpected happens?

Richard Stiennon: The IT Security Industry: A Complete History We here at InSecurity have a question… Why Hasn’t Anyone Catalogued the Entirety of the IT Security Industry? Why hasn’t the Cybersecurity industry gotten better at protecting all the things? There are SO many companies offering variations on existing solutions or brand new solutions… but the threats remain and the bad actors continue to be successful. Outside of The Internet… where can we go to get information on and analysis of the companies who are creating solutions that work? Can we learn where they came from? Have they been successful previously? If only we knew someone who could compile a compendium of all that is going on in the IT Security world… In this week’s episode of InSecurity, Matt Stephenson somehow managed to wrangle 60 minutes with industry legend Richard Stiennon. The take a walk through Richard’s work as author of multiple books on the threat of cyberwar, the role analysts play in the industry and his eye toward the future. His latest project is creating a Farmer’s Almanac of the entirety of Cybersecurity. It is such a fabulous idea, we’re kind of flummoxed as to how no one has done it yet. It is also such a breathtaking undertaking… we kind of understand why no one has done it yet. Come grab a seat with one of the greatest historians in all of the IT world and find out what is coming next! About Richard Stiennon Richard Stiennon (@stiennon) is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 29 countries on six continents. He is a lecturer at Charles Sturt University in Australia. He is the author of Secure Cloud Transformation: The CIO'S Journey, Surviving Cyberwar and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes and The Analyst Syndicate. Stiennon was Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. He has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London  About Matt Stephenson Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlayas well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!

Dr. Eric Cole explains what threats you should be looking for, discusses the benefit of failure, and measures you should take to protect your life savings from a cyber threat. This week's guest is Richard Stiennon. Stiennon is an industry analyst who not only covers the IT security space but has spent a lot of time investigating the technology research business. He and Dr. Cole discuss his new book Secure Cloud Transformation and share what exactly it means to use the cloud and how you can ensure your information is secure.

David Weaver and Doron York of Great Lakes Angels discusses a new angel fund. James Carpp, Director of Consulting at Rehmann, discusses how new acquisition Trivalent Group has been ranked as one of the top 100 MSPs in the world. Richard Stiennon will updates all the cybersecurity threats that will keep you up at night...

Data Sanitization as defined by IDSC (International Data Sanitization Consortium) is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. Furthermore, GDPR compliance will require the “right to erasure,” and PCI DSS states organizations must “Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes.” In this episode of the InSecurity Podcast, host Shaun Walsh is joined by special guest Richard Stiennon, Chief Strategy Officer at Blancco Technology Group and Director of the IDSC, to discuss the often-overlooked topic of data sanitization.

Richard Morrell, Red Hat's Principal Security Strategist returns to the radio mic to talk to Richard Stiennon live from The Moscone Center San Francisco as part of RSA Conference 2016. Talking about CNAP, challenges of US Federal Government security and some realities.

Richard Stiennon, Author of “Surviving Cyberwar and There Will Be Cyberwar: How the Move to NCW Has Set the Stage for Cyberwar” participates in Risk Roundup to discuss The New World of Cyber-warfare. The New World of Cyber-warfare The new world cyber-warfare brings us a vicious power struggle. This new emerging cyber battleground is full of […] The post The New World Of Cyber-Warfare appeared first on Risk Group.

Surviving Cyberwar author Richard Stiennon, Forbes commentator & founder of IT-Harvest, discusses cybersecurity & American vulnerability to cyber attack.

This week on The Voice, our host Graham Machacek sits down with Richard Stiennon, founder of IT-Harvest. Richard shares with us some insights on interacting with analyst firms and discusses some opportunities for how to increase influence. We'll define key concepts such as the “magic quadrant” then dig into effective ways for targeting the right analysts. Richard then treats us to some examples of organizations who have successfully utilized their reach and influence. If you'd like more information about the different resources available, here are some examples mentioned during the episode:- You can join Richard's lecture course on Udemy through Analyst Influence- You can also get your copy of Richard's book UP and to the RIGHT Join the conversation!You can connect with guest via email at richard@it-harvest.com and host @grahamxperience.Leave a comment or question below, or rate the show on iTunes. The Voice is a MediaStyle production. We create strategic communications plans and killer content for web, radio and television.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He relaunched the security blog ThreatChaos.com and is the founder of IT-Harvest.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He relaunched the security blog ThreatChaos.com and is the founder of IT-Harvest.