POPULARITY
Hosted by Sean Martin
Hosted by Sean Martin
Hosted by Sean Martin
670 episodes with Sean Martin
117 episodes with Sean Martin
42 episodes with Sean Martin
21 episodes with Sean Martin
20 episodes with Sean Martin
10 episodes with Sean Martin
12 episodes with Sean Martin
10 episodes with Sean Martin
5 episodes with Sean Martin
9 episodes with Sean Martin
3 episodes with Sean Martin
2 episodes with Sean Martin
3 episodes with Sean Martin
6 episodes with Sean Martin
2 episodes with Sean Martin
As organizations race to adopt AI, many discover an uncomfortable truth: ambition often outpaces readiness. In this episode of the ITSPmagazine Brand Story Podcast, host Sean Martin speaks with Julian Hamood, Founder and Chief Visionary Officer at TrustedTech, about what it really takes to operationalize AI without amplifying risk, chaos, or misinformation.Julian shares that most organizations are eager to activate tools like AI agents and copilots, yet few have addressed the underlying condition of their environments. Unstructured data sprawl, fragmented cloud architectures, and legacy systems create blind spots that AI does not fix. Instead, AI accelerates whatever already exists, good or bad.A central theme of the conversation is readiness. Julian explains that AI success depends on disciplined data classification, permission hygiene, and governance before automation begins. Without that groundwork, organizations risk exposing sensitive financial, HR, or executive data to unintended audiences simply because an AI system can surface it.The discussion also explores the operational reality beneath the surface. Most environments are a patchwork of Azure, AWS, on-prem infrastructure, SaaS platforms, and custom applications, often shaped by multiple IT leaders over time. When AI is layered onto this complexity without architectural clarity, inaccurate outputs and flawed business decisions quickly follow.Sean and Julian also examine how AI initiatives often emerge from unexpected places. Legal teams, business units, and individual contributors now build their own AI workflows using low-code and no-code tools, frequently outside formal IT oversight. At the same time, founders and CFOs push for rapid AI adoption while resisting the investment required to clean and secure the foundation.The episode highlights why AI programs are never one-and-done projects. Ongoing maintenance, data validation, and security oversight are essential as inputs change and systems evolve. Julian emphasizes that organizations must treat AI as a permanent capability on the roadmap, not a short-term experiment.Ultimately, the conversation frames AI not as a shortcut, but as a force multiplier. When paired with disciplined architecture and trusted guidance, AI enables scale, speed, and confidence. Without that discipline, it simply magnifies existing problems.Note: This story contains promotional content. Learn more.GUESTJulian Hamood, Founder and Chief Visionary Officer at TrustedTech | On LinkedIn: https://www.linkedin.com/in/julian-hamood/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlightKeywords: sean martin, julian hamood, trusted tech, ai readiness, data governance, ai security, enterprise ai, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
⬥EPISODE NOTES⬥Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build software.This conversation focuses on a shift that security leaders can no longer ignore. Malicious packages are not exploiting accidental coding errors. They are intentionally engineered to steal credentials, exfiltrate secrets, and compromise environments long before traditional security tools see anything wrong. Attacks increasingly begin on developer machines through social engineering and poisoned repositories, then propagate into CI pipelines where access density and sensitive credentials converge.Paul outlines why many existing security approaches fall short. Vulnerability databases were built for mistakes, not hostile code. AppSec teams are overloaded burning down backlogs. Security operations teams rarely receive meaningful telemetry from build systems. The result is a visibility gap where malicious code can run, disappear, and leave organizations unsure what was touched or stolen.The episode also explores why simple advice like “only use vetted packages” fails in practice. Open source ecosystems move too fast for manual approval models, and internal package repositories often collapse under friction. Meanwhile, attackers exploit maintainer accounts, typosquatting domains, and ecosystem trust to reach billions of downstream installations in a single event.This discussion challenges security leaders to rethink how software supply chain risk is defined, detected, and owned. The problem is no longer theoretical, and it no longer lives only in development teams. It sits at the intersection of intellectual property, identity, and delivery velocity, demanding attention from anyone responsible for protecting modern software-driven organizations.⬥GUEST⬥Paul McCarty, NPM Hacker and Software Supply Chain Researcher | On LinkedIn: https://www.linkedin.com/in/mccartypaul/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥LinkedIn Post: https://www.linkedin.com/posts/mccartypaul_i-want-to-introduce-you-to-my-latest-project-activity-7396297753196363776-1N-TOpen Source Malware Database: https://opensourcemalware.comOpenSSF Scorecard Project: https://securityscorecards.dev⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
As NAMM approaches its 125th year, the conversation around The NAMM Show 2026 centers less on products alone and more on the people, relationships, and creative energy that sustain the music industry. In this episode, John Mlynczak, President and CEO of NAMM, joins Sean Martin and Marco Ciappelli to frame the upcoming show as a moment shaped by resilience, adaptation, and shared purpose.Mlynczak positions NAMM's history as a long record of responding to disruption. Musical genres shift. Technologies rise and fall. Companies appear and disappear. Music itself remains. That continuity shapes how NAMM views its role today, particularly amid global trade pressures and ongoing debates around AI in music creation. These pressures are not framed as endpoints, but as forces the industry has encountered many times before, each eventually reshaped into opportunity.A major theme is the renewed emphasis on human connection. While innovation remains central, differentiation increasingly comes through artists, creators, and authentic storytelling. Product launches are no longer just technical showcases. They are expressions of identity, collaboration, and trust between musicians and the tools they choose. According to Mlynczak, this shift is driving a larger presence of artists and creators at The NAMM Show 2026, reinforcing the idea that brands are ultimately represented by people, not specifications.Education also plays a defining role. With more than 200 sessions planned, alongside new half-day and full-day summits, The NAMM Show 2026 expands its commitment to learning across experience levels and professional communities. Retailers, educators, engineers, marketers, and performers each have distinct paths through the show, designed intentionally rather than left to chance. Data-driven planning allows NAMM to understand how attendees engage, enabling more tailored experiences now and in the years ahead.Underlying it all is energy. Not hype, but momentum built through in-person connection. The NAMM Show is described as a space where competitors share ideas, musicians find inspiration, and creativity compounds simply by being present. For those who attend, The NAMM Show 2026 serves as a springboard into the year ahead, shaped by music's enduring ability to connect, adapt, and move people forward.The NAMM Show 2026 is taking place from January 20-24, 2026 | Anaheim Convention Center • Southern California — Coverage provided by ITSPmagazine — Follow our coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/the-namm-show-2026GUEST:Guest: John Mlynczak, President and CEO of NAMM | View Website | Visit NAMMHOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comNAMM Organization: https://www.namm.org/The NAMM Show 2026: https://www.namm.org/thenammshow/attendCatch more stories from NAMM Show 2026 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/the-namm-show-2026Music Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/More from Marco Ciappelli on Redefining Society and Technology Podcast: https://redefiningsocietyandtechnologypodcast.com/Want to share an Event Briefing as part of our event coverage? Learn More
Risk has always been part of doing business. What has changed is its scale, speed, and interconnected nature. In this episode, Sean Martin and Marco Ciappelli are joined by Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, to explore how organizations can think more clearly about digital risk without becoming paralyzed by complexity.Kumar shares how digital resilience is no longer a technical problem alone. Regulations, infrastructure dependencies, geopolitical tensions, supply chain exposure, and emerging technologies such as AI now converge into a single operational reality. Organizations that treat these as isolated issues often miss the real picture, where one decision quietly amplifies risk across multiple domains.A central theme of the conversation is proportion. Kumar emphasizes that risk management is not about eliminating uncertainty, but aligning effort with value. Not every threat matters equally to every organization. Understanding who you are, where you operate, and where you are going determines which signals deserve attention and which are simply noise.The discussion also reframes geopolitics as a daily business concern rather than a distant policy issue. Companies operate inside global power dynamics whether they acknowledge it or not. Technology choices, supplier relationships, and market expansion decisions increasingly carry political and regulatory consequences that surface quickly and without warning.Rather than advocating for massive new departments or rigid frameworks, Kumar outlines a practical approach. Organizations can decide whether to avoid, mitigate, transfer, or tolerate risk, then revisit those decisions as conditions change. This mindset supports growth and innovation while avoiding the false comfort of static checklists.The episode closes on culture. Effective risk management depends on listening across roles, disciplines, and seniority. Internal dissent, diverse viewpoints, and external validation are presented as assets, not obstacles. In a world where uncertainty is constant, resilience comes from clarity, not control.Learn more about CyXcel: https://itspm.ag/cyxcel-922331Note: This story contains promotional content. Learn more.GUESTMegha Kumar, Partner, Chief Product Officer & Head of Geopolitical Risk at CyXcel | On LinkedIn: https://www.linkedin.com/in/drmeghakumarcyxcel/RESOURCESLearn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcelAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today. Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift. Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows. A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities. Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More
What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today. Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift. Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows. A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities. Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More
This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
⬥EPISODE NOTES⬥Understanding the Startup Engine Behind CybersecurityThis episode brings Sean Martin together with Ross Haleliuk, author, investor, product leader, and creator of Venture Insecurity, for a candid look at the forces shaping cybersecurity startups today. Ross shares how his decade of product leadership and long involvement in the security community give him a unique perspective on what drives founders, what creates market gaps, and why new companies keep entering a space already full of tools.Why Security Produces So Many ProductsRoss explains that the large number of security tools is not evidence of an industry losing control. Instead, it reflects a technology ecosystem where entrepreneurship has become easier and where attackers, not practitioners, define what defenders need. Because threats shift constantly, security leaders must always look for clues on what could fail next. That constant uncertainty fuels innovation.What Motivates FoundersDespite outside assumptions, Ross observes that most founders are motivated by the problems they have lived themselves. Some come from enterprise teams. Others come from military backgrounds. Many find traction with early open source work. Few come into cybersecurity to chase quick wins, and most do not survive long enough to chase profits even if they wanted to.Security as Business EnablementSean and Ross discuss the role of security as a business driver. In regulated sectors, companies invest because they must. In technology companies, strong security is a sales enabler that gives customers confidence to use their products. Outside of tech, the priority is more about resilience and operational continuity.How Buyers Should Think About StartupsRoss outlines the tradeoffs. Startups deliver speed, responsiveness, fresh architecture, and modern user experience. Large vendors provide stability, predictability, and broad coverage. Neither is perfect. Security leaders should decide based on the importance of the capability, the level of influence they want, and the outcomes they need.This conversation highlights the practical realities behind the security products organizations choose and the people who build them. Listeners will hear both the optimism and the honesty that define today's cybersecurity innovation economy.⬥GUEST⬥Ross Haleliuk, Security product leader, author, advisor, board member and investor | On LinkedIn: https://www.linkedin.com/in/rosshaleliuk/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Blog: https://ventureinsecurity.net/p/not-every-security-leader-works-at⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validate the strength of their culture and workflows.Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.Learn more about Screenly: https://itspm.ag/screenly1oNote: This story contains promotional content. Learn more.GUESTViktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/RESOURCESLearn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenlyLinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkkBlog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlightKeywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
⬥EPISODE NOTES⬥Understanding the Startup Engine Behind CybersecurityThis episode brings Sean Martin together with Ross Haleliuk, author, investor, product leader, and creator of Venture Insecurity, for a candid look at the forces shaping cybersecurity startups today. Ross shares how his decade of product leadership and long involvement in the security community give him a unique perspective on what drives founders, what creates market gaps, and why new companies keep entering a space already full of tools.Why Security Produces So Many ProductsRoss explains that the large number of security tools is not evidence of an industry losing control. Instead, it reflects a technology ecosystem where entrepreneurship has become easier and where attackers, not practitioners, define what defenders need. Because threats shift constantly, security leaders must always look for clues on what could fail next. That constant uncertainty fuels innovation.What Motivates FoundersDespite outside assumptions, Ross observes that most founders are motivated by the problems they have lived themselves. Some come from enterprise teams. Others come from military backgrounds. Many find traction with early open source work. Few come into cybersecurity to chase quick wins, and most do not survive long enough to chase profits even if they wanted to.Security as Business EnablementSean and Ross discuss the role of security as a business driver. In regulated sectors, companies invest because they must. In technology companies, strong security is a sales enabler that gives customers confidence to use their products. Outside of tech, the priority is more about resilience and operational continuity.How Buyers Should Think About StartupsRoss outlines the tradeoffs. Startups deliver speed, responsiveness, fresh architecture, and modern user experience. Large vendors provide stability, predictability, and broad coverage. Neither is perfect. Security leaders should decide based on the importance of the capability, the level of influence they want, and the outcomes they need.This conversation highlights the practical realities behind the security products organizations choose and the people who build them. Listeners will hear both the optimism and the honesty that define today's cybersecurity innovation economy.⬥GUEST⬥Ross Haleliuk, Security product leader, author, advisor, board member and investor | On LinkedIn: https://www.linkedin.com/in/rosshaleliuk/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Blog: https://ventureinsecurity.net/p/not-every-security-leader-works-at⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
The Solar Car That Charges Itself While You Live Your LifeGrowing up, I always wondered: why can't cars just recharge themselves as we drive? Turns out, someone finally built exactly that.Robert Hoevers and his team at Squad Mobility created a solar-powered city car that does something brilliantly simple—it charges itself. There's a solar panel on the roof that continuously feeds the battery whether you're parked at the grocery store, sitting in your driveway, or cruising around town.The engineering is impressive, but the user experience is even better. For most people living in sunny climates—anywhere between 45 degrees north and 45 degrees south latitude (roughly Spain to South Africa)—you'll never need to find a charging station. Ever.Here's the reality: the average person drives about 12 kilometers a day for daily errands. School runs, grocery shopping, meeting friends. The Squad solar car has a 150-kilometer maximum range, and the sun replenishes what you use. You just drive it, park it, and forget about charging infrastructure entirely.This is what smart urban mobility looks like. It's street legal with proper crash structures, seat belts, and rollover protection. It tops out at 45 or 70 kilometers per hour depending on which model you choose—fast enough for city streets, not built for highways. In Europe, you only need a moped license for the slower version.The design sits somewhere between a golf cart and a Smart car, which makes perfect sense. Squad isn't trying to replace your family vehicle. They're solving the "second car" problem—those short daily trips where driving a massive SUV feels ridiculous.The market is responding. Squad Mobility has over 5,300 pre-orders and secured 1.5 million euros in European subsidies. They're currently crowdfunding on Republic to bridge the final gap before production starts in about a year.What surprised me most? Ten percent of their pre-orders come from American gated communities and golf cart neighborhoods. These communities already understand the value of compact, efficient vehicles for daily errands. Squad just made them solar-powered and street legal.Yes, you need consistent sunlight. If you live in perpetually cloudy climates, you'll still need to plug in occasionally. But for millions of people in sunny regions tired of hunting for charging stations or paying electricity bills to charge their second car, Squad Mobility built the obvious solution that somehow nobody else did.Sometimes innovation isn't about reinventing the wheel. It's about putting a solar panel on the roof and letting the sun do the work.This is the future of urban mobility, and it's arriving next year. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
AI in Healthcare: Who Benefits, Who Pays, and Who's at Risk in Our Hybrid Analog Digital Society
Show NotesAs artificial intelligence begins generating music from vast datasets of human art, a fundamental question emerges: who truly owns the sound of AI? This episode of Music Evolves brings together a law student and former musician Chandler Lawn, music industry executive and professor Drew Thurlow, Michael Sheldrick, Co-Founder of Global Citizen, and intellectual property attorney Puya Partow-Navid, alongside hosts Sean Martin and Marco Ciappelli, to examine how AI is reshaping authorship, licensing, and the meaning of originality.The panel explores how AI democratizes creation while exposing deep ethical and economic gaps. Lawn raises the issue of whether artists whose works trained AI models deserve compensation, asking if innovation can be ethical when built on uncompensated labor. Thurlow highlights how, despite fears of automation, generative AI music accounts for less than 1% of streaming royalties—suggesting opportunity, not replacement.Sheldrick connects the conversation to a broader global context, describing how music's economic potential could drive sustainable development if nations modernize copyright frameworks. He views this shift as a rare chance to position creative industries as engines for jobs and growth.Partow-Navid grounds the discussion in legal precedent, pointing to landmark cases—from Two Live Crew to George R. R. Martin—as markers of how courts may interpret fair use, causality, and global jurisdiction in AI-driven creation.Together, the guests agree that the debate extends beyond legality. It's about the emotional authenticity that makes music human. As Chandler notes, “We connect through imperfection.” Marco adds that live performance may ultimately anchor value in a world saturated by digital replication.This conversation captures the tension—and promise—of a future where music, technology, and law must learn to play in harmony.GuestsChandler Lawn, AI Innovation and Law Fellow at The University of Texas School of Law | On LinkedIn: https://www.linkedin.com/in/chandlerlawn/Drew Thurlow, Adjunct Professor at Berklee College of Music | On LinkedIn: https://www.linkedin.com/in/drewthurlow/Michael Sheldrick, Co-Founder and Chief Policy, Impact and Government Affairs Officer at Global Citizen | On LinkedIn: https://www.linkedin.com/in/michael-sheldrick-30364051/Puya Partow-Navid, Partner at Seyfarth Shaw LLP | On LinkedIn: https://www.linkedin.com/in/puyapartow/Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comHostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ResourcesLegal Publication: You Can't Alway Get What You Want: A Survey of AI-related Copyright Considerations for the Music Industry published in Vol. 32, No. 3 of the Texas State Bar Entertainment and Sports Law Journal.BOOK: Machine Music: How AI Is Transforming Music's Next Act by Drew Thurlow: https://www.routledge.com/Machine-Music-How-AI-is-Transforming-Musics-Next-Act/Thurlow/p/book/9781032425242BOOK: From Ideas to Impact: A Playbook for Influencing and Implementing Change in a Divided World by Michael Sheldrick: https://www.fromideastoimpact.com/AI and Copyright Blogs:https://www.gadgetsgigabytesandgoodwill.com/category/ai/https://www.gadgetsgigabytesandgoodwill.com/2025/11/dr-thaler-is-right-in-part/https://www.gadgetsgigabytesandgoodwill.com/2025/07/californias-ai-law-has-set-rules-for-generative-ai-are-you-ready/https://www.gadgetsgigabytesandgoodwill.com/2025/06/copyright-office-firings-spark-constitutional-concerns-amid-ai-policy-tensions/Newsletter (Article, Video, Podcast): The Human Touch in a Synthetic Age: Why AI-Created Music Raises More Than Just Eyebrows: https://www.linkedin.com/pulse/human-touch-synthetic-age-why-ai-created-music-raises-martin-cissp-s9m7e/Article — Universal and Sony Music partner with new platform to detect AI music copyright theft using ‘groundbreaking neural fingerprinting' technology: https://www.musicbusinessworldwide.com/universal-and-sony-music-partner-with-new-platform-to-detect-ai-music-copyright-theft-using-groundbreaking-neural-fingerprinting-technology/Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium: https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Global Citizen: https://www.globalcitizen.org/Gallo Music (Gallo Records, South Africa): https://www.gallo.co.za/Global Citizen Festival: https://www.globalcitizen.org/en/festival/Andy Warhol Foundation v. Goldsmith (Shepard Fairey / “Hope” poster context): https://supreme.justia.com/cases/federal/us/598/21-869/case.pdfGeorge R. R. Martin / Authors Guild v. OpenAI (current AI training lawsuit): https://authorsguild.org/news/ag-and-authors-file-class-action-suit-against-openai/Campbell v. Acuff-Rose Music, Inc. (2 Live Crew “Pretty Woman”): https://supreme.justia.com/cases/federal/us/510/569/Vanilla Ice / “Under Pressure” Sampling Case: https://blogs.law.gwu.edu/mcir/case/queen-david-bowie-v-vanilla-ice/MIDiA Research — AI in Music Reports: https://www.midiaresearch.com/reports/ai-and-the-future-of-music-the-future-is-already-hereMerlin (Global Independent Rights Organization): https://www.merlinnetwork.org/Instagram Reel re: Spotify Terms: https://www.instagram.com/reel/DOrgbUNCYj_/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Breaking Free from Data Normalization: A Smarter Path for Security TeamsTraditional security models were built on a simple idea: collect data, normalize it, and analyze it. But as Director of Product Marketing Cory Wallace explains in this conversation with Sean Martin, that model no longer fits the reality of modern security operations. Data now lives across systems, clouds, and lakes—making normalization an inefficient, error-prone step that slows teams down and risks critical blind spots.Rethinking How Analysts Work with DataCory describes how schema drift, inconsistent field naming, and vendor-specific query languages have turned the analyst's job into a maze of manual mapping and guesswork. Each product update or schema change introduces a chance to miss something important—something an attacker is counting on. Crogl's new patent eliminates this problem by enabling search and correlation across unnormalized data, creating a unified analytical view without forcing everything into one rigid format.From Data Chaos to Analyst EmpowermentThis shift isn't just technical—it's cultural. Instead of treating SOC analysts as passive alert closers, Crogl's model empowers them with meaningful context from the start. Alerts now come with historical data, cross-referenced fields, and prebuilt queries, giving analysts the information they need to make decisions faster and more confidently.Efficiency with IntelligenceWallace explains how this approach saves time, reduces training burdens, and cuts dependency on multiple query languages. It helps overworked teams move from reactive triage to proactive investigation. By removing unnecessary layers of data transformation, organizations can accelerate incident resolution, minimize risk, and help analysts focus on what matters most—catching what others miss.At its core, the conversation highlights how removing the barriers of data normalization can redefine what's possible in modern security operations.Watch the full interview: https://youtu.be/Kx2JEE_tYq0Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTCory Wallace, Director of Product Marketing at CROGL | On LinkedIn: https://www.linkedin.com/in/corywallacecrogl/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglPress Release: https://www.globenewswire.com/news-release/2025/11/05/3181815/0/en/Crogl-Granted-Patent-for-Analyzing-Non-Normalized-Data-for-Security.htmlForbes Article: https://www.forbes.com/sites/justinwarren/2025/11/05/tackling-cybersecurity-data-sprawl-without-normalizing-everything/LinkedIn Post: https://www.linkedin.com/posts/activity-7391913358817517569-QaCHAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.
Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.
⬥GUEST⬥Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn't just about money; it's about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent closure is exponentially higher than for a large enterprise.As host of the Redefining CyberSecurity Podcast, I've seen this imbalance repeatedly — and the conversation with Andrew Morgan underscores why it persists and what can be done about it.The Problem: Structural ImbalanceLarge enterprises operate with defined budgets, mature governance, and integrated security operations centers. They can afford redundancy, talent, and tooling. Meanwhile, small and mid-sized organizations are often left with fragmented controls, minimal staff, and reliance on external vendors or managed providers.The result is a “have and have not” world. The “haves” can detect, contain, and recover. The “have nots” often cannot. When they are compromised, the impact isn't just reputational — it can mean financial collapse or service disruption that directly affects communities.The Hidden Costs of ComplexityEven when smaller organizations invest in technology, they often fall into the trap of overtooling without strategy. Multiple, overlapping systems create noise, false confidence, and operational fatigue. Morgan describes this as a symptom of viewing cybersecurity as a subset of IT rather than as a business enabler.Simplification is key. A rationalized platform approach — even if not best-of-breed — can deliver better visibility and sustainability than a patchwork of disconnected tools. The goal should not be perfection; it should be proportionate protection aligned with business risk.The Solution: Culture, Collaboration, and ContinuityCyber resilience starts with people and culture. As Morgan puts it, programs must be driven by culture, informed by risk, and delivered through people, process, and technology. Security can't succeed in isolation from the organization's purpose or its people.The Australian CISO Tribe provides a real-world model for collaboration. Its members share threat intelligence, peer validation, and practical experiences — a living example of collective defense in action. Whether formalized or ad-hoc, these networks give security leaders context, community, and shared strength.Getting Back to BasicsPractical resilience isn't glamorous. It's about getting the basics right — consistent patching, logging, phishing-resistant authentication, verified backups, and tested recovery plans. It's about ensuring that, if everything fails, you can still get back up.When security becomes a business-as-usual practice rather than a project, organizations begin to move from reactive defense to proactive resilience.The TakeawayBridging the cybersecurity divide doesn't require endless budgets. It requires prioritization, simplification, and partnership. The “have nots” may never mirror enterprise scale, but they can adopt enterprise discipline — and that can make all the difference between temporary disruption and permanent failure.⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/andrewmorgancism_last-night-i-was-fortunate-enough-to-spend-activity-7383972144507994112-V3Zr/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn't just about money; it's about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent closure is exponentially higher than for a large enterprise.As host of the Redefining CyberSecurity Podcast, I've seen this imbalance repeatedly — and the conversation with Andrew Morgan underscores why it persists and what can be done about it.The Problem: Structural ImbalanceLarge enterprises operate with defined budgets, mature governance, and integrated security operations centers. They can afford redundancy, talent, and tooling. Meanwhile, small and mid-sized organizations are often left with fragmented controls, minimal staff, and reliance on external vendors or managed providers.The result is a “have and have not” world. The “haves” can detect, contain, and recover. The “have nots” often cannot. When they are compromised, the impact isn't just reputational — it can mean financial collapse or service disruption that directly affects communities.The Hidden Costs of ComplexityEven when smaller organizations invest in technology, they often fall into the trap of overtooling without strategy. Multiple, overlapping systems create noise, false confidence, and operational fatigue. Morgan describes this as a symptom of viewing cybersecurity as a subset of IT rather than as a business enabler.Simplification is key. A rationalized platform approach — even if not best-of-breed — can deliver better visibility and sustainability than a patchwork of disconnected tools. The goal should not be perfection; it should be proportionate protection aligned with business risk.The Solution: Culture, Collaboration, and ContinuityCyber resilience starts with people and culture. As Morgan puts it, programs must be driven by culture, informed by risk, and delivered through people, process, and technology. Security can't succeed in isolation from the organization's purpose or its people.The Australian CISO Tribe provides a real-world model for collaboration. Its members share threat intelligence, peer validation, and practical experiences — a living example of collective defense in action. Whether formalized or ad-hoc, these networks give security leaders context, community, and shared strength.Getting Back to BasicsPractical resilience isn't glamorous. It's about getting the basics right — consistent patching, logging, phishing-resistant authentication, verified backups, and tested recovery plans. It's about ensuring that, if everything fails, you can still get back up.When security becomes a business-as-usual practice rather than a project, organizations begin to move from reactive defense to proactive resilience.The TakeawayBridging the cybersecurity divide doesn't require endless budgets. It requires prioritization, simplification, and partnership. The “have nots” may never mirror enterprise scale, but they can adopt enterprise discipline — and that can make all the difference between temporary disruption and permanent failure.⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/andrewmorgancism_last-night-i-was-fortunate-enough-to-spend-activity-7383972144507994112-V3Zr/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
How to Market to Cybersecurity's Most Elusive Buyers: AI, Emotion, and the Human Touch - Interview with Gianna Whitver and Maria Velasquez | Cyber Marketing Con 2025 Coverage | On Location with Sean Martin and Marco CiappelliCyberMarketingCon 2025 In Person & Virtual https://www.cybermarketingconference.comDec 7-10, 2025 in Austin, Texas Why Cybersecurity Marketing Demands a Different PlaybookThe cybersecurity industry presents a paradox for marketers. While practitioners work with cutting-edge technology, traditional marketing approaches consistently fall flat. Gianna Whitver and Maria Velasquez, co-founders of the Cybersecurity Marketing Society, have spent six years understanding why—and they're sharing those insights at CyberMarketingCon 2025 this December in Austin.The challenge begins with the audience itself. Security professionals operate under constant pressure, actively preventing threats while juggling competing priorities. This stress creates an environment where patience for marketing noise evaporates instantly. Unlike other industries where buyers might browse vendor websites or respond to cold outreach, cybersecurity practitioners have both the technical sophistication to evade tracking and the motivation to control their own buying journey."Our buyer is highly elusive," Whitver explains. "They're saving the world and their companies from threats. When vendors reach out, it's an interruption to critical work." This dynamic forces marketers to rethink fundamental assumptions about how business gets done.The numbers tell part of the story. With over 5,000 cybersecurity vendors flooding the market, standing out based solely on technical specifications has become nearly impossible. Many solutions address similar problems with comparable features. The differentiator, Velasquez argues, isn't in the technology itself but in how that technology transforms the buyer's daily experience."We have to shed that technical layer and go for the emotion," Velasquez says. "If they buy our product, how is it gonna make them feel? Are they gonna get their weekends back with family? Are they actually gonna go to sleep without stress?" This human-centered approach represents a fundamental shift from the feeds-and-speeds messaging that dominated cybersecurity marketing for years.The industry is witnessing what Velasquez calls an "evolution slash revolution" in marketing tactics. Humor, entertainment, and authentic storytelling are replacing dense whitepapers as the first touch point. The goal isn't to dumb down complex technology but to create space for meaningful engagement by first addressing the emotional reality of a stressful profession.Trust remains the currency that matters most. Peer recommendations carry exponentially more weight than any advertising campaign. Security professionals rely on trusted networks to validate purchasing decisions, making community building and genuine thought leadership more valuable than aggressive outreach. Word-of-mouth referrals from colleagues who have seen real results trump even the most sophisticated demand generation campaigns.The emergence of AI as a marketing buzzword presents both opportunity and risk. Whitver notes that countless vendors now position themselves as "AI-native" or "agentic AI" solutions without articulating meaningful differentiation. "If that's what you remember about their product, what do you actually do?" she asks. The challenge for marketers is communicating AI's business value without contributing to the noise.CyberMarketingCon 2025 addresses these challenges head-on. Running December 7-10 in Austin, the conference brings together more than 550 marketing professionals for hands-on workshops, peer learning, and practical strategy sessions. Dedicated tracks cover brand, demand generation, operations, communications, and product marketing, with special summits for CEOs and sales leaders.Hands-on AI workshops represent a conference highlight. Attendees can build marketing agents using n8n, explore Clay for go-to-market planning, or participate in a marketer-focused capture-the-flag hacking exercise. The "Marketing Time Machine" theme balances timeless fundamentals with forward-looking innovation, acknowledging that effective marketing requires both solid foundations and experimental thinking.What sets CyberMarketingCon apart is its community-first philosophy. Despite 40-50% year-over-year growth, organizers prioritize maintaining an intimate, reunion-style atmosphere. Many CMOs bring entire teams for what becomes a working offsite, with different members attending specialized sessions then synthesizing insights into unified strategies.The conference's success metric reflects this philosophy. "Our KPI is: is it worth your time?" Whitver says. In an industry where time represents the scarcest resource, that might be the most important question of all.For cybersecurity marketers navigating an increasingly complex landscape, CyberMarketingCon offers something rare—a chance to learn from peers facing identical challenges, build practical skills, and remember that even in a technical industry, it's humans talking to humans. CyberMarketingCon 2025 In Person & Virtual https://www.cybermarketingconference.comDec 7-10, 2025 in Austin, Texas GUEST:Gianna WhitverCo-Founder & CEO, Cybersecurity Marketing Society | Cybersecurity GTM Industry Resource | Cybersecurity Marketing | Bees & Cybersecurity | Podcast Host | Community | (I like to build things & laugh a lot & tell jokes)Maria Velasquez
⬥GUEST⬥Eric O'Neill, Keynote Speaker, Cybersecurity Expert, Spy Hunter, Bestselling Author. Attorney | On Linkedin: https://www.linkedin.com/in/eric-m-oneill/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of the Redefining CyberSecurity Podcast, host Sean Martin reconnects with Eric O'Neill, National Security Strategist at NeXasure and former FBI counterintelligence operative. Together, they explore how cybercrime has matured into a global economy—and why organizations of every size must learn to compete, not just defend.O'Neill draws from decades of undercover work and corporate investigation to reveal that cybercriminals now operate like modern businesses: they innovate, specialize, and scale. The difference? Their product is your data. He argues that resilience—not prevention—is the true marker of readiness. Companies can't assume they're too small or too obscure to be targeted. “It's just a matter of numbers,” he says. “At some point, you will get struck. You need to be able to take the punch and keep moving.”The discussion covers the practical realities facing small and midsize businesses: limited budgets, fragmented tools, and misplaced confidence. O'Neill explains why so many organizations over-invest in overlapping technologies while under-investing in strategy. His firm helps clients identify these inefficiencies and replace tool sprawl with coordinated defense.Preparation, O'Neill says, should follow his PAID methodology—Prepare, Assess, Investigate, Decide. The goal is to plan ahead, detect fast, and act decisively. Those that do not prepare spend ten times more responding after an incident than they would have spent preventing it.Martin and O'Neill also examine how storytelling bridges the gap between security teams and executive boards. Using relatable analogies—like house fires and insurance—O'Neill makes cybersecurity human. His message is simple: security is not a technical decision; it's a business one.Listen to hear how the business of cybercrime mirrors legitimate enterprise—and why understanding that truth might be your best defense.⬥RESOURCES⬥Book: Spies, Lies, and Cybercrime by Eric O'Neill – Book linkBook: Gray Day by Eric O'Neill – Book linkFree, Weekly Newsletter: spies-lies-cybercrime.ericoneill.netPodcast: Former FBI Spy Hunter Eric O'Neill Explains How Cybercriminals Use Espionage techniques to Attack Us: https://redefiningsocietyandtechnologypodcast.com/episodes/new-book-spies-lies-and-cyber-crime-former-fbi-spy-hunter-eric-oneill-explains-how-cybercriminals-use-espionage-techniques-to-attack-us-redefining-society-and-technology-podcast-with-marco-ciappelli⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥Eric O'Neill, Keynote Speaker, Cybersecurity Expert, Spy Hunter, Bestselling Author. Attorney | On Linkedin: https://www.linkedin.com/in/eric-m-oneill/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of the Redefining CyberSecurity Podcast, host Sean Martin reconnects with Eric O'Neill, National Security Strategist at NeXasure and former FBI counterintelligence operative. Together, they explore how cybercrime has matured into a global economy—and why organizations of every size must learn to compete, not just defend.O'Neill draws from decades of undercover work and corporate investigation to reveal that cybercriminals now operate like modern businesses: they innovate, specialize, and scale. The difference? Their product is your data. He argues that resilience—not prevention—is the true marker of readiness. Companies can't assume they're too small or too obscure to be targeted. “It's just a matter of numbers,” he says. “At some point, you will get struck. You need to be able to take the punch and keep moving.”The discussion covers the practical realities facing small and midsize businesses: limited budgets, fragmented tools, and misplaced confidence. O'Neill explains why so many organizations over-invest in overlapping technologies while under-investing in strategy. His firm helps clients identify these inefficiencies and replace tool sprawl with coordinated defense.Preparation, O'Neill says, should follow his PAID methodology—Prepare, Assess, Investigate, Decide. The goal is to plan ahead, detect fast, and act decisively. Those that do not prepare spend ten times more responding after an incident than they would have spent preventing it.Martin and O'Neill also examine how storytelling bridges the gap between security teams and executive boards. Using relatable analogies—like house fires and insurance—O'Neill makes cybersecurity human. His message is simple: security is not a technical decision; it's a business one.Listen to hear how the business of cybercrime mirrors legitimate enterprise—and why understanding that truth might be your best defense.⬥RESOURCES⬥Book: Spies, Lies, and Cybercrime by Eric O'Neill – Book linkBook: Gray Day by Eric O'Neill – Book linkFree, Weekly Newsletter: spies-lies-cybercrime.ericoneill.netPodcast: Former FBI Spy Hunter Eric O'Neill Explains How Cybercriminals Use Espionage techniques to Attack Us: https://redefiningsocietyandtechnologypodcast.com/episodes/new-book-spies-lies-and-cyber-crime-former-fbi-spy-hunter-eric-oneill-explains-how-cybercriminals-use-espionage-techniques-to-attack-us-redefining-society-and-technology-podcast-with-marco-ciappelli⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.
Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.
"Just because you can, doesn't always mean you should."Episode SummaryIn this episode of The Gun Experiment, we're chopping it up in Studio with our good friend and firearms instructor, Sean Martin, aka Pink Shirt Tactical. Big Keith and I dive into gun news, hot takes, and personal stories about hunting, fitness, current political drama, and of course, plenty of Second Amendment talk. We touch on recent matches like the Hero Down Shootout, discuss firearm law updates (like Hawaii's Vampire Rule and the P320 issue in Chicago), and share some hilarious community stories—from kid obsessions with town councilmen to belt buckles for F-150 key fobs. We debate open carry “auditors,” government accountability, and even take a swipe at media soundbites. This episode's a mix of laughs, strong opinions, and actionable insights for anyone who carries or is passionate about gun rights and personal responsibility.Call to Action1. Join our mailing list: Thegunexperiment.com2. Subscribe and leave us a comment on Apple or Spotify3. Follow us on all of our social media: Instagram Twitter Youtube Facebook4. Be a part of our growing community, join our Discord page!5. Grab some cool TGE merch6. Ask us anything at AskMikeandKeith@gmail.com5. Be sure to support the sponsors of the show. They are a big part of making the show possible.Show SponsorsSwig – Protein, Creatine and meal replacement made in America by pro-2A owners. For 20% off, head to swig.com and enter code TGE20 at checkout.Key TakeawaysStaying fit and healthy is just as important as responsible gun ownership.The firearms community needs to use good judgment—just because open-carry activism is legal doesn't mean it's always smart.Court decisions (like Hawaii's Vampire Rule and the P320 recall in Chicago) are reshaping our rights—stay informed.Community involvement, whether with local elections or supporting pro-2A organizations, makes a difference.Don't trust everything mainstream media says—question, verify, and use your own judgment.Fun and function can go together—even if you're rocking a belt buckle for your F-150 keys.Guest InformationSean Martin (aka Pink Shirt Tactical)Firearms instructor, competitor, and regular contributor to The Gun Experiment. Connect with him on Instagram.Keywordsgun rights podcast, Second Amendment, firearms news, open carry debate, P320 recall, gun laws Hawaii, Hero Down Shootout, gun fitness,...
Guest and HostGuest: Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comHost: Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesIn this candid episode of Music Evolves, Sean Martin and Marco Ciappelli unpack the creative, ethical, and deeply personal tensions surrounding AI-generated music—where it fits, where it falters, and where it crosses the line.Sean opens with a clear position: AI can support the creative process, but its outputs shouldn't be commercialized unless the ingredients—i.e., training data—are ethically sourced and properly licensed. His concern is grounded in authorship and consent. If a model learns from unlicensed tracks, even indirectly, is it sampling without credit?Marco responds by acknowledging how deeply embedded influence is in all creative acts. As a writer and musician, he often discovers melodies or storylines in his own work that echo familiar structures—not out of theft, but because of lived experience. “We are made of what we absorb,” he says, drawing parallels between human memory and how AI models are trained.But the critical difference? Humans feel. They reinterpret. They falter. They declare their intent. AI does none of that—at least, not yet.The discussion isn't anti-technology. Instead, it's about boundaries. Both Sean and Marco agree that tools like neural networks can be fascinating collaborators. But when those tools start to blur authorship or generate perfect replicas of a human's imperfection—say, the crackle of a vinyl or the slide of a finger across a string—what are we really listening to? And who, if anyone, should profit from it?They wrestle with questions of transparency (“Did you write that… or did AI?”), authorship (“If you like it but don't know it's AI, does it matter?”), and commercialization (“Is it still your art if someone else feeds it to a machine?”). And perhaps most importantly, they invite you to answer for yourself.
Show NotesIn this episode, we unpack the core ideas behind the Sonic Frontiers article “From Sampling to Scraping: AI Music, Rights, and the Return of Creative Control.” As AI-generated music floods streaming platforms, rights holders are deploying new tools like neural fingerprinting to detect derivative works — even when no direct sampling occurs. But what does it mean to “detect influence,” and can algorithms truly distinguish theft from inspiration?We explore the implications for artists who want to experiment with AI without being replaced by it, and the shifting desires of listeners who may soon prefer human-made music the way some still seek out vinyl, film cameras, or wooden roller coasters — not for efficiency, but for the feel.The article also touches on the burden of rights enforcement in this new age. While major labels can embed detection systems, who protects the independent artist? And if AI enables anyone to create, does it also require everyone to monitor?This episode invites you to reflect on what we value in music: speed and volume, or craft and control?
⬥GUEST⬥Walter Haydock, Founder, StackAware | On Linkedin: https://www.linkedin.com/in/walter-haydock/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥No-Code Meets AI: Who's Really in Control?As AI gets embedded deeper into business workflows, a new player has entered the security conversation: no-code automation tools. In this episode of Redefining CyberSecurity, host Sean Martin speaks with Walter Haydock, founder of StackAware, about the emerging risks when AI, automation, and business users collide—often without traditional IT or security oversight.Haydock shares how organizations are increasingly using tools like Zapier and Microsoft Copilot Studio to connect systems, automate tasks, and boost productivity—all without writing a single line of code. While this democratization of development can accelerate innovation, it also introduces serious risks when systems are built and deployed without governance, testing, or visibility.The conversation surfaces critical blind spots. Business users may be automating sensitive workflows involving customer data, proprietary systems, or third-party APIs—without realizing the implications. AI prompts gone wrong can trigger mass emails, delete databases, or unintentionally expose confidential records. Recursion loops, poor authentication, and ambiguous access rights are all too easy to introduce when development moves this fast and loose.Haydock emphasizes that this isn't just a technology issue—it's an organizational one. Companies need to decide: who owns risk when anyone can build and deploy a business process? He encourages a layered approach, including lightweight approval processes, human-in-the-loop checkpoints for sensitive actions, and upfront evaluations of tools for legal compliance and data residency.Security teams, he notes, must resist the urge to block no-code outright. Instead, they should enable safer adoption through clear guidelines, tool allowlists, training, and risk scoring systems. Meanwhile, business leaders must engage early with compliance and risk stakeholders to ensure their productivity gains don't come at the expense of long-term exposure.For organizations embracing AI-powered automation, this episode offers a clear takeaway: treat no-code like production code—because that's exactly what it is.⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.
First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
Everyone Is Protecting My Password, But Who Is Protecting My Toilet Paper? - Interview with Amberley Brady | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Empty shelves trigger something primal in us now. We've lived through the panic, the uncertainty, the realization that our food supply isn't as secure as we thought. Amberley Brady hasn't forgotten that feeling, and she's turned it into action.Speaking with her from Florence to Sydney ahead of AISA CyberCon in Melbourne, I discovered someone who came to cybersecurity through an unexpected path—studying law, working in policy, but driven by a singular passion for food security. When COVID-19 hit Australia in 2019 and grocery store shelves emptied, Amberley couldn't shake the question: what happens if this keeps happening?Her answer was to build realfoodprice.com.au, a platform tracking food pricing transparency across Australia's supply chain. It's based on the Hungarian model, which within three months saved consumers 50 million euros simply by making prices visible from farmer to wholesaler to consumer. The markup disappeared almost overnight when transparency arrived."Once you demonstrate transparency along the supply chain, you see where the markup is," Amberley explained. She gave me an example that hit home: watermelon farmers were getting paid 40 cents per kilo while their production costs ran between $1.00 to $1.50. Meanwhile, consumers paid $2.50 to $2.99 year-round. Someone in the middle was profiting while farmers lost money on every harvest.But this isn't just about fair pricing—it's about critical infrastructure that nobody's protecting. Australia produces food for 70 million people, far more than its own population needs. That food moves through systems, across borders, through supply chains that depend entirely on technology most farmers never think about in cybersecurity terms.The new autonomous tractors collecting soil data? That information goes somewhere. The sensors monitoring crop conditions? Those connect to systems someone else controls. China recognized this vulnerability years ago—with 20% of the world's population but only 7% of arable land, they understood that food security is national security.At CyberCon, Amberley is presenting two sessions that challenge the cybersecurity community to expand their thinking. "Don't Outsource Your Thinking" tackles what she calls "complacency creep"—our growing trust in AI that makes us stop questioning, stop analyzing with our gut instinct. She argues for an Essential Nine in Australia's cybersecurity framework, adding the human firewall to the technical Essential Eight.Her second talk, cheekily titled "Everyone is Protecting My Password, But No One's Protecting My Toilet Paper," addresses food security directly. It's provocative, but that's the point. We saw what happened in Japan recently with the rice crisis—the same panic buying, the same distrust, the same empty shelves that COVID taught us to fear."We will run to the store," Amberley said. "That's going to be human behavior because we've lived through that time." And here's the cybersecurity angle: those panics can be manufactured. A fake image of empty shelves, an AI-generated video, strategic disinformation—all it takes is triggering that collective memory.Amberley describes herself as an early disruptor in the agritech cybersecurity space, and she's right. Most cybersecurity professionals think about hospitals, utilities, financial systems. They don't think about the autonomous vehicles in fields, the sensor networks in soil, the supply chain software moving food across continents.But she's starting the conversation, and CyberCon's audience—increasingly diverse, including people from HR, risk management, and policy—is ready for it. Because at the end of the day, everyone has to eat. And if we don't start thinking about the cyber vulnerabilities in how we grow, move, and price food, we're leaving our most basic need unprotected.AISA CyberCon Melbourne runs October 15-17, 2025 Virtual coverage provided by ITSPmagazineGUEST:Amberley Brady, Food Security & Cybersecurity Advocate, Founder of realfoodprice.com.au | On LinkedIn: https://www.linkedin.com/in/amberley-b-a62022353/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
Send us a textSEASON 4 PREMIERE: The world of Putting 2&2 Together has been turned upside down. Hot Off the Press is in chaos. Gunshots have been fired, but who shot who? All we can do is pick up the pieces and go on before something else goes wrong. — And who says it won't? Based on the play Two and Two Together by Peter Cosmas Sofronas. Written and Directed by Peter Cosmas Sofronas. Produced by Peter Cosmas Sofronas with Dan Murray, Starring (in alphabetical order) Samuel Berbel as Max, Gordon Ellis as Sean Martin, Adam Everett as the News Anchor, Matthew Garlin as Paul Shaw, Nick Gould as Matt Sharpe, Adam Heroux as David Sharpe, Dan Murray as Tommy Hanson, Alexander Pirnie as Walter Gettelman, and Rachael Rabinovitz as Hayley Gettelman. Credits and Narration by Leonard Caplan. Sound Engineering by Dan Murray. Sound Editing by Peter Cosmas Sofronas. Theme Music by Valerie Forgione.Support the showScripts of Two and Two Together and the first two seasons of Putting 2&2 Together can be purchased at Amazon.com. Merchandise available at TeeSpring. Donations can be made at By Me a Coffee. For further information, please visit puttingtwoandtwotogether.com.
Beyond Blame: Navigating the Digital World with Our KidsAISA CyberCon Melbourne | October 15-17, 2025There's something fundamentally broken in how we approach online safety for young people. We're quick to point fingers—at tech companies, at schools, at kids themselves—but Jacqueline Jayne (JJ) wants to change that conversation entirely.Speaking with her from Florence while she prepared for her session at AISA CyberCon Melbourne this week, it became clear that JJ understands what many in the cybersecurity world miss: this isn't a technical problem that needs a technical solution. It's a human problem that requires us to look in the mirror."The online world reflects what we've built for them," JJ told me, referring to our generation. "Now we need to step up and help fix it."Her session, "Beyond Blame: Keeping Our Kids Safe Online," tackles something most cybersecurity professionals avoid—the uncomfortable truth that being an IT expert doesn't automatically make you equipped to protect the young people in your life. Last year's presentation at Cyber Con drew a full house, with nearly every hand raised when she asked who came because of a kid in their world.That's the fascinating contradiction JJ exposes: rooms full of cybersecurity professionals who secure networks and defend against sophisticated attacks, yet find themselves lost when their own children navigate TikTok, Roblox, or encrypted messaging apps.The timing couldn't be more relevant. With Australia implementing a social media ban for anyone under 16 starting December 10, 2025, and similar restrictions appearing globally, parents and carers face unprecedented challenges. But as JJ points out, banning isn't understanding, and restriction isn't education.One revelation from our conversation particularly struck me—the hidden language of emojis. What seems innocent to adults carries entirely different meanings across demographics, from teenage subcultures to, disturbingly, predatory networks online. An explosion emoji doesn't just mean "boom" anymore. Context matters, and most adults are speaking a different digital dialect than their kids.JJ, who successfully guided her now 19-year-old son through the gaming and social media years, isn't offering simple solutions because there aren't any. What she provides instead are conversation starters, resources tailored to different age groups, and even AI prompts that parents can customize for their specific situations.The session reflects a broader shift happening at events like Cyber Con. It's no longer just IT professionals in the room. HR representatives, risk managers, educators, and parents are showing up because they've realized that digital safety doesn't respect departmental boundaries or professional expertise."We were analog brains in a digital world," JJ said, capturing our generational position perfectly. But today's kids? They're born into this interconnectedness, and COVID accelerated everything to a point where taking it away isn't an option.The real question isn't who to blame. It's what role each of us plays in creating a safer digital environment. And that's a conversation worth having—whether you're at the Convention and Exhibition Center in Melbourne this week or joining virtually from anywhere else.AISA CyberCon Melbourne runs October 15-17, 2025 Virtual coverage provided by ITSPmagazine___________GUEST:Jacqueline (JJ) Jayne, Reducing human error in cyber and teaching 1 million people online safety. On Linkedin: https://www.linkedin.com/in/jacquelinejayne/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.
⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.
When we talk about AI at cybersecurity conferences these days, one term is impossible to ignore: agentic AI. But behind the excitement around AI-driven productivity and autonomous workflows lies an unresolved—and increasingly urgent—security issue: identity.In this episode, Sean Martin and Marco Ciappelli speak with Cristin Flynn Goodwin, keynote speaker at SecTor 2025, about the intersection of AI agents, identity management, and legal risk. Drawing from decades at the center of major security incidents—most recently as the head cybersecurity lawyer at Microsoft—Cristin frames today's AI hype within a longstanding identity crisis that organizations still haven't solved.Why It Matters NowAgentic AI changes the game. AI agents can act independently, replicate themselves, and disappear in seconds. That's great for automation—but terrifying for risk teams. Cristin flags the pressing need to identify and authenticate these ephemeral agents. Should they be digitally signed? Should there be a new standard body managing agent identities? Right now, we don't know.Meanwhile, attackers are already adapting. AI tools are being used to create flawless phishing emails, spoofed banking agents, and convincing digital personas. Add that to the fact that many consumers and companies still haven't implemented strong MFA, and the risk multiplier becomes clear.The Legal ViewFrom a legal standpoint, Cristin emphasizes how regulations like New York's DFS Cybersecurity Regulation are putting pressure on CISOs to tighten IAM controls. But what about individuals? “It's an unfair fight,” she says—no consumer can outpace a nation-state attacker armed with AI tooling.This keynote preview also calls attention to shadow AI agents: tools employees may create outside the control of IT or security. As Cristin warns, they could become “offensive digital insiders”—another dimension of the insider threat amplified by AI.Looking AheadThis is a must-listen episode for CISOs, security architects, policymakers, and anyone thinking about AI safety and digital trust. From the potential need for real-time, verifiable agent credentials to the looming collision of agentic AI with quantum computing, this conversation kicks off SecTor 2025 with urgency and clarity.Catch the full episode now, and don't miss Cristin's keynote on October 1.___________Guest:Cristin Flynn Goodwin, Senior Consultant, Good Harbor Security Risk Management | On LinkedIn: https://www.linkedin.com/in/cristin-flynn-goodwin-24359b4/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcweb___________ResourcesKeynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurityGood Harbor Security Risk Management (Richard Clarke's firm): https://www.goodharbor.net/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More
Neoborn Caveman, your green-tea-slurping host, invites his Purple Rabbit crew (that's you, not the parasitic overlords) to an open tea-house conversation. Sip along as we explore government overreach, from the 1952 UK ID card abolition to modern digital ID scams like Oracle's TikTok ties threatening sovereignty. Neoborn shares personal health journeys, promoting natural remedies like green tea and rejecting victim-playing culture. He calls out media manipulation—think asteroid fear-mongering and AI truth-twisting—and warns against generalizing groups. From Eurovision boycotts to Canadian policy oversteps, this episode urges preserving stories to counter division, learning from history, and embracing your unique worth to stay free-spirited. Gather for more unfiltered episodes at patreon.com/theneoborncavemanshow . With the special appearance of Sean Martin (only in the Patreon episode)Music guests are Sweet Water, Broken Colors, pMad and many othersKey TakeawaysQuestion digital IDs and government motives; the UK's 1952 ID abolition shows control can be reversed.Data privacy is under threat; Oracle-TikTok deals and Mediterranean data schemes demand resistance.Natural remedies, like green tea, can support health, as shown in Neoborn's personal experiments.Media and AI distort reality; bots and fear-mongering (e.g., Apophis asteroid) undermine truth—rely on logic.Human connections through stories heal division and isolation, fostering real bonds.Storytelling preserves personal and historical truths, countering manipulation and neglect.Generalizing groups (ethnicity, politics) fuels hate—judge actions, not people, to avoid historical traps.Historical lessons (UK IDs, population exchanges) warn against unchecked power—act proactively.Embrace your unique value; growth through trials silences naysayers, inner and outer.Sound Bites“Are we the lost souls or who we are? Are we the victims of the new Project Blue Beam coming?“I don't need drugs to breathe. It's interesting, right?”“Don't generalize. If you say all Chinese are bad, then what about Jackie Chan?”“Only the unloved hate, the immature.”“You are special, you are amazing, you are one of a kind."“Prevent before it happens. You know it's a scheme, a scam and a political maneuver.”Timestamps00:00 Welcome to The Neoborn Caveman Show00:47 Exploring Project Blue Beam and Psyops01:12 Green Tea Rituals and Freedom's Erosion05:15 Personal Challenges and Societal Issues07:40 Social Media and Asteroid Fear-Mongering10:04 Digital IDs and Government Overreach12:24 Data Privacy and Tech Control14:47 Government Lies and Public Deception17:16 Canadian Overreach and Freedom Convoy19:39 Natural Remedies and Big Pharma Critique21:43 Media Manipulation and AI Truth-Twisting29:51 Open Tea House Conversations32:13 Human Connections Over News and Noise34:25 Kids' Punk Rock and Creative Expression36:30 Building Real Human Connections38:54 Storytelling to Preserve Humanity40:48 Excuses vs. Genuine Connection46:07 History's Dark Lessons on Control48:30 Eurovision Boycotts and Political Art50:51 Rejecting Generalizations in Israel-Palestine55:21 Rejecting Generalizations and Division57:14 Historical Context for Unity59:44 Only the Unloved Hate01:00:39 UK's ID Card History Lesson01:04:17 Resisting Digital Control Now01:05:52 Embracing Your Unique GreatnessHumanity centered satirical takes on the world & news + music - with a marble mouthed host.Free speech marinated in comedy.Supporting Purple Rabbits. Hosted on Acast. See acast.com/privacy for more information.
Neoborn Caveman invites Sean Martin to talk about his current projects, including music videos that incorporate storytelling and personal experiences from his military background. He emphasizes the importance of addressing social justice issues and the role of government accountability. They also talk about mental health, particularly coping with PTSD, and the impact of social media on public perception and confirmation bias. Sean shares insights on the music industry, the creative process behind his upcoming album, and the healing power of music.Key TakeawaysStorytelling in music videos can create deeper connections.Military experiences can inform artistic expression and social commentary.Coping with PTSD requires ongoing effort and self-investment.Perspective is crucial in understanding emotions and reactions.Social media can amplify confirmation bias and misinformation.Narcissism is increasingly prevalent in society due to mass communication.Music serves as a powerful tool for healing and connection.The music industry has changed, requiring new strategies for success.Empathy and compassion are essential for societal improvement.Art should challenge norms and provoke thought. Sound bites"You can't just follow orders blindly.""Coping with PTSD is a constant work.""Life isn't meant to be easy."Keywordsmusic, storytelling, military, PTSD, social justice, mental health, narcissism, music industry, creativity, healingHumanity centered satirical takes on the world & news + music - with a marble mouthed host.Free speech marinated in comedy.Supporting Purple Rabbits. Hosted on Acast. See acast.com/privacy for more information.
⬥GUEST⬥Aunshul Rege, Director at The CARE Lab at Temple University | On Linkedin: https://www.linkedin.com/in/aunshul-rege-26526b59/⬥CO-HOST⬥Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Cybersecurity Is for Everyone — If We Teach It That WayCybersecurity impacts us all, yet most people still see it as a tech-centric domain reserved for experts in computer science or IT. Dr. Aunshul Rege, Associate Professor in the Department of Criminal Justice at Temple University, challenges that perception through her research, outreach, and education programs — all grounded in community, empathy, and human behavior.In this episode, Dr. Rege joins Sean Martin and co-host Julie Haney to share her multi-layered approach to cybersecurity awareness and education. Drawing from her unique background that spans computer science and criminology, she explains how understanding human behavior is critical to understanding and addressing digital risk.One powerful initiative she describes brings university students into the community to teach cyber hygiene to seniors — a demographic often left out of traditional training programs. These student-led sessions focus on practical topics like scams and password safety, delivered in clear, respectful, and engaging ways. The result? Not just education, but trust-building, conversation, and long-term community engagement.Dr. Rege also leads interdisciplinary social engineering competitions that invite students from diverse academic backgrounds — including theater, nursing, business, and criminal justice — to explore real-world cyber scenarios. These events prove that you don't need to code to contribute meaningfully to cybersecurity. You just need curiosity, communication skills, and a willingness to learn.Looking ahead, Temple University is launching a new Bachelor of Arts in Cybersecurity and Human Behavior — a program that weaves in community engagement, liberal arts, and applied practice to prepare students for real-world roles beyond traditional technical paths.If you're a security leader looking to improve awareness programs, a university educator shaping the next generation, or someone simply curious about where you fit in the cyber puzzle, this episode offers a fresh perspective: cybersecurity works best when it's human-first.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Dr. Aunshul Rege is an Associate Professor here, and much of her work is conducted under this department: https://liberalarts.temple.edu/academics/departments-and-programs/criminal-justiceTemple Digital Equity Plan (2022): https://www.phila.gov/media/20220412162153/Philadelphia-Digital-Equity-Plan-FINAL.pdfTemple University Digital Equity Center / Digital Access Center: https://news.temple.edu/news/2022-12-06/temple-launches-digital-equity-center-north-philadelphiaNICE Cybersecurity Workforce Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Sean Martin is the lead vocalist, guitarist, and driving force behind The Quarantined, a band renowned for its raw, unflinching sound and fearless exploration of challenging subjects. A songwriter who isn't afraid to confront trauma, injustice, and the darker corners of the human experience, Sean brings an intensity and honesty to his music that connects deeply with listeners.Much of his writing is rooted in his own battle with PTSD, which has shaped both his perspective and his art. Songs like “Shadow,” written during a time of personal crisis, channel the weight of dread, intrusive thoughts, and sleepless nights into powerful, cathartic music. For Sean, creating is more than just making records—it's a way of reclaiming control, pushing back against oppressive systems, and transforming pain into something that inspires resilience.On stage and in the studio, Sean delivers with unrelenting passion, blending heavy riffs, haunting melodies, and lyrics that don't shy away from uncomfortable truths. His vision for The Quarantined goes beyond just music; it's about sparking awareness, encouraging defiance against injustice, and giving a voice to those struggling in silence.Highlights from Toby Gribben's Friday afternoon show on Shout Radio. Featuring chat with top showbiz guests. Hosted on Acast. See acast.com/privacy for more information.
The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.Learn more about Asimily: itspm.ag/asimily-104921Note: This story contains promotional content. Learn more.Guest: Shankar Somasundaram, CEO & Founder, Asimily | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/Company Directory: https://www.itspmagazine.com/directory/asimilyResourcesLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Wayne “Radar” Riley and Sean Martin joined Gary Williams on the show today. Williams began the show on Rory McIlroy's Irish Open win the U.S. win in the Walker Cup. “Radar” Riley discussed how big the win was for Riley, the Americans playing in Europe and should Scottie Scheffler be there and gave us a few Europeans that Americans golf fans should keep their eyes on next year. Martin talked about the Fall being a time for golf to go global, qualification for cards the following year and giving the top players time off.
With the 2025 season of men's majors fully in the rearview mirror, we've called upon friend of the pod, Sean Martin to challenge Soly and TC in the latest edition of our quiz show as DJ tests the guys on their knowledge of what we saw at Augusta, Quail Hollow, Oakmont and Portrush. Join us in our support of the Evans Scholars Foundation: https://nolayingup.com/esf Support our Sponsors: Rhoback The Stack System If you enjoyed this episode, consider joining The Nest: No Laying Up's community of avid golfers. Nest members help us maintain our light commercial interruptions (3 minutes of ads per 90 minutes of content) and receive access to exclusive content, discounts in the pro shop, and an annual member gift. It's a $90 annual membership, and you can sign up or learn more at nolayingup.com/join Subscribe to the No Laying Up Newsletter here: https://newsletter.nolayingup.com/ Subscribe to the No Laying Up Podcast channel here: https://www.youtube.com/@NoLayingUpPodcast Learn more about your ad choices. Visit megaphone.fm/adchoices
© 2020-2025 Ivy Podcast Discovery LLC
