POPULARITY
Governance, risk, and compliance (GRC) has long been burdened by heavy manual processes, slow assessments, and limited visibility. In this Brand Story episode, Sean Martin and Marco Ciappelli are joined by Anders Søborg, Co-Founder of Eve, and Mark Humphrey, who brings two decades of fraud and cybersecurity experience to the team. Together, they unpack how Eve is challenging traditional GRC tools by offering something entirely different: automation with evidence-based intelligence at its core.Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve's mission. He describes a world where compliance doesn't have to mean complexity. Eve's AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.This isn't about replacing people. It's about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99Note: This story contains promotional content. Learn more.Guests:Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/ResourcesRedefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1mlLearn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrcLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
What happens when you inject thousands of fake identities into the political ecosystem to monitor how personal data is used—or abused? That's the question Virginia Tech's Alan Michaels and Jared Byers explore through their multi-year research project, “Use and Abuse of Personal Information: The Politics Edition.”With support from 130 students across 21 majors, Michaels and Byers create realistic digital personas—complete with phone numbers, emails, and physical addresses—and sign them up across 1,400 political campaigns. Their goal? Understand how political organizations treat personal data: whether it's used ethically, shared with third parties, or even exposed through insecure systems.The findings are both fascinating and concerning. Their data shows that candidates across the political spectrum often prioritize fundraising above all else. The language and targeting vary, but the endgame is consistent: solicit donations and votes. And yes—these candidates frequently share or leak personal data. Sometimes it's deliberate, sometimes it's sloppy, and occasionally it's the result of potential breaches.The team examines differences in how data is handled based on whether an identity donates or not, or whether it's tied to in-state versus out-of-state addresses. They even explore how generative AI and psychometric modeling can craft convincing personalities for these fake identities—tools that can just as easily be used for political influence campaigns and psychological manipulation.But this project isn't about political sides—it's about accountability. The research remains strictly apolitical, letting the data speak for itself. Michaels and Byers are careful to avoid influencing public opinion through misinformation, focusing instead on documenting the reality of digital privacy in modern campaigning.As more of the political playbook shifts into the digital arena, this session at Black Hat USA 2025 pushes attendees to confront an uncomfortable truth: the cost of participation in political life may include the exploitation of your digital identity.___________Guests:Alan Michaels, Professor and Director, Spectrum Dominance Division at Virginia Tech | On LinkedIn: https://www.linkedin.com/in/alan-michaels-1066814/Jared Byers, Research Associate at Virginia Tech National Security Institute | On LinkedIn: https://www.linkedin.com/in/jared-byers-8a477324b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesSession: Use and Abuse of Personal Information -- Politics Edition: https://www.blackhat.com/us-25/briefings/schedule/#use-and-abuse-of-personal-information----politics-edition-45529Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Digital risk is no longer confined to the enterprise perimeter. Executives and board members—along with their families—are increasingly targeted outside of work, in personal settings, and online. Dr. Chris Pierson, Founder and CEO of BlackCloak, joins Sean Martin and Marco Ciappelli to discuss the current state of digital executive protection and why a piecemeal approach is insufficient.Chris outlines how threats to privacy, cybersecurity, and physical safety intersect across personal and professional domains. A breached home network, a deepfake circulating online, or a targeted social engineering campaign could all become entry points back into a company's infrastructure—or lead to reputational or financial fallout. That's why BlackCloak takes a holistic view, combining identity protection, device hardening, social listening, concierge response, and physical risk monitoring into a single service.One of the key resources discussed is the vendor-agnostic Digital Executive Protection Framework. Free to download and use, it offers CISOs and CSOs a 14-point checklist covering areas like financial data protection, social media monitoring, physical threats, and personal cyber hygiene. According to Chris, it's designed to be practical, actionable, and easy to integrate into quarterly reviews and budget planning cycles.While many security vendors promise protection through tools alone, BlackCloak emphasizes relationships—human connection is built into the service. The platform includes real-time threat response and one-on-one interaction, going far beyond 1-800 numbers or chatbots.Whether you're managing executive risk for a Fortune 500 company or navigating new board-level cyber obligations, this conversation outlines the real gaps in current corporate protections—and a solution that meets executives where they are.Learn more about BlackCloak: https://itspm.ag/itspbcwebNote: This story contains promotional content.Learn more.Guest:Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations
At Black Hat USA 2025, Jennifer Granick—Surveillance and Cybersecurity Counsel at the American Civil Liberties Union—takes the keynote stage to make a bold case: we are long overdue for a new threat model, one that sees government surveillance not as a background risk, but as a primary threat to constitutional privacy.Granick draws from decades of experience defending hackers, fighting surveillance overreach, and engaging with the security community since DEFCON 3. She challenges the audience to reconsider outdated assumptions about how the Fourth Amendment is interpreted and applied. While technology has made it easier than ever for governments to collect data, the legal system hasn't kept pace—and in many cases, fails to recognize the sheer scope and sensitivity of personal information exposed through modern services.Her talk doesn't just raise alarm; it calls for action. Granick suggests that while legal reform is sluggish—stymied by a lack of political will and lobbying power—there's an urgent opportunity for the technical community to step up. From encryption to data minimization and anonymization, technologists have the tools to protect civil liberties even when the law falls short.The session promises to be a wake-up call for engineers, designers, policymakers, and privacy advocates. Granick wants attendees to leave not only more informed, but motivated to build systems that limit the unnecessary collection, retention, and exposure of personal data.Her keynote also surfaces a critical cultural shift: from the “Spot the Fed” days of DEFCON to a more nuanced understanding of government roles—welcoming collaboration where it serves the public good, but not at the expense of unchecked surveillance.This conversation reframes privacy as a design problem as much as a legal one—and one that requires collective effort to address. If the law can't fix it, the question becomes: will the technology community rise to the challenge?___________Guest:Jennifer Granick, Surveillance and Cybersecurity Counsel at American Civil Liberties Union | On LinkedIn: https://www.linkedin.com/in/jennifergranick/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesKeynote: Threat Modeling and Constitutional Law: https://www.blackhat.com/us-25/briefings/schedule/index.html#keynote-threat-modeling-and-constitutional-law-48276Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what's scheduled.Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.This episode is not just about placing bets on buzzwords. It's about uncovering what's real, what's noise, and what still needs fixing—no matter how long we've been talking about it.___________Guests:Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/“This year, it's the news cycle—not the sessions—that's driving what media cover at Black Hat.”Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/“Why are we still finding bugs older than the people presenting the research?”Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/“Responsible AI use isn't a policy—it's something we have to actually implement.”Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/“The business side is racing to deploy AI—but security still hasn't caught up.”Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
With the 2025 season of men's majors fully in the rearview mirror, we've called upon friend of the pod, Sean Martin to challenge Soly and TC in the latest edition of our quiz show as DJ tests the guys on their knowledge of what we saw at Augusta, Quail Hollow, Oakmont and Portrush. Join us in our support of the Evans Scholars Foundation: https://nolayingup.com/esf Support our Sponsors: Rhoback The Stack System If you enjoyed this episode, consider joining The Nest: No Laying Up's community of avid golfers. Nest members help us maintain our light commercial interruptions (3 minutes of ads per 90 minutes of content) and receive access to exclusive content, discounts in the pro shop, and an annual member gift. It's a $90 annual membership, and you can sign up or learn more at nolayingup.com/join Subscribe to the No Laying Up Newsletter here: https://newsletter.nolayingup.com/ Subscribe to the No Laying Up Podcast channel here: https://www.youtube.com/@NoLayingUpPodcast Learn more about your ad choices. Visit megaphone.fm/adchoices
ITSPmagazine Weekly Update | From Black Hat to Black Sabbath / Ozzy: AI Agents and Guitars (again!) + Entry Level Cybersecurity Jobs, Robots Evolution, and the Weekly Recap You Didn't Expect - On Marco & Sean's Random & Unscripted Podcast __________________Marco Ciappelli and Sean Martin are back with another random and unscripted weekly recap—from pre-Black Hat buzz and AI agents to vintage wood guitars, talent gaps, and Glen Miller debates. This week's reflection hits tech, music, and philosophy in all the right ways. Tune in, ramble with us, and subscribe. __________________Full Blog Article This week's recap was a ride.Sean and I kicked things off with the big news: we're officially consistent. Weekly recap number… I lost count. But we're doing it. We covered what ITSPmagazine's been working on, what we've been publishing, and where our minds are wandering lately (spoiler: everywhere).Black Hat USA 2025 is just around the corner, and we're deep into prep mode. I even bought a paper map. Why? I don't know. But we've got some great pre-event conversations already out—like our annual chat with Black Hat GM Steve Wylie, plus briefings with Dropzone AI (get ready for “agentic automation” to be the next big buzzword) and Akamai (yes, bots and APIs again, but with a solid strategy twist).We also talked about a fantastic episode Sean did on resonance and reinvention—featuring Cindy, a luthier in NYC who builds custom guitars using century-old beams from historic buildings. The pickups even use the old nails. Music and wood with a past life. It's beautiful stuff.Speaking of stories, I officially closed down the Storytelling podcast. But don't worry—I'm still telling stories. I've just shifted focus to “Redefining Society and Technology,” my newsletter and podcast series where I explore how humans and tech evolve together. This week's edition tackled the merging of humans and machines as a new species. Isaac Asimov meets Andy Clark.We also got a bit philosophical about AI and jobs. If machines take over the “easy” roles, where do humans begin? Are we cutting off our own training paths?Sean's episode with John Solomon dug into the cybersecurity hiring crisis—challenging the idea that we have a “talent gap.” The real issue? We're not hiring or nurturing people properly.Oh, and I finally released my long-overdue interview with Michael Sheldrick from Global Citizen. Music. Social impact. Doing good. It's all there. I'm honored to support even a small piece of what he's building.And yes… Ozzy. RIP. Music never dies.So if you're into random reflections with meaning, tech with humanity, and stories that don't always follow the rules—subscribe, share, and join the ride.See you in Vegas. Or the future. Or somewhere in between.________________ KeywordsBlack Hat USA 2025, ITSPmagazine recap, Marco Ciappelli, Sean Martin, cybersecurity podcast, AI in cybersecurity, agentic automation, Dropzone AI, Akamai APIs, HITRUST security, Global Citizen, Michael Sheldrick, storytelling podcast, Redefining Society, Andy Clark, Isaac Asimov, human-machine evolution, cybersecurity talent gap, custom guitar NYC, Ozzy tributeHosts links:
Ahead of Black Hat USA 2025, Sean Martin and Marco Ciappelli sit down once again with Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, for a forward-looking conversation on the state of AI security. From new threat trends to enterprise missteps, Rupesh lays out three focal points for this year's security conversation: protecting generative AI at runtime, addressing the surge in AI scraper bots, and defending the APIs that serve as the foundation for AI systems.Rupesh shares that Akamai is now detecting over 150 billion AI scraping attempts—a staggering signal of the scale and sophistication of machine-to-machine activity. These scraper bots are not only siphoning off data but also undermining digital business models by bypassing monetization channels, especially in publishing, media, and content-driven sectors.While AI introduces productivity gains and operational efficiency, it also introduces new and uncharted risks. Agentic AI, where autonomous systems operate on behalf of users or other systems, is pushing cybersecurity teams to rethink their strategies. Traditional firewalls aren't enough—because these threats don't behave like yesterday's attacks. Prompt injection, toxic output, and AI-generated hallucinations are some of the issues now surfacing in enterprise environments, with over 70% of organizations already experiencing AI-related incidents.This brings the focus to the runtime. Akamai's newly launched Firewall for AI is purpose-built to detect and mitigate risks in generative AI and LLM applications—without disrupting performance. Designed to flag issues like toxic output, remote code execution, or compliance violations, it operates with real-time visibility across inputs and outputs. It's not just about defense—it's about building trust as AI moves deeper into decision-making and workflow automation.CISOs, says Rupesh, need to shift from high-level discussions to deep, tactical understanding of where and how their organizations are deploying AI. This means not only securing AI but also working hand-in-hand with the business to establish governance, drive discovery, and embed security into the fabric of innovation.Learn more about Akamai: https://itspm.ag/akamailbwcNote: This story contains promotional content. Learn more.Guests:Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
As Black Hat USA 2025 approaches, the cybersecurity world is buzzing with innovation—and Dropzone AI is right at the center of it. With roots in Seattle and a mission to bring true intelligence into the security operations center (SOC), the Dropzone AI team is gearing up for a packed week in Las Vegas, from BSides to the AI Summit, and finally at Startup City (booth #6427).Founded by Edward Wu, former Head of AI/ML at ExtraHop Networks, Dropzone AI was built on a key realization: the last thing SOCs need is another flood of alerts. Instead, they need help processing and acting on them. That's where Dropzone comes in—offering an AI-powered security analyst that doesn't just detect threats, but investigates, correlates, and takes action.During a recent pre-event chat with ITSPmagazine's Sean Martin and Marco Ciappelli, Edward explained the core philosophy behind the platform. Unlike hype-driven claims of “fully autonomous SOCs,” Dropzone takes a practical, tiered approach to automation. Their agentic AI system performs full investigations, determines the nature of alerts (true vs. false positives), and recommends or executes containment actions depending on risk tolerance and policy.The tech has found particular traction with lean security teams, or those expanding toward 24/7 coverage without adding headcount. Rather than replacing humans, the platform augments them—freeing analysts from the drudgery of low-priority alert triage and giving them space to focus on strategic work. As Edward put it, “Nobody wants to be a tier-one analyst forever.” Dropzone helps make sure they don't have to be.The platform integrates across existing security stacks and data sources, drawing from threat intel, logs, and endpoint signals to build a full picture of every alert. Security teams retain full control, with human-in-the-loop decision-making remaining the standard in most use cases. However, for low-risk assets and off-hours scenarios, some customers are already authorizing autonomous action.With conversations at Black Hat expected to revolve around the reality of AI in production—not just the vision—Dropzone is entering the perfect arena. From demonstrating real-world impact to sharing insights on agentic design and trust boundaries, their presence will resonate with everyone from analysts to CISOs.Whether you're building out your SOC, questioning your MDR provider, or simply overwhelmed with alert fatigue, this may be your signal. Dropzone AI isn't selling buzzwords. They're delivering results. Visit them at Startup City, booth #6427, and see for yourself what the future of alert triage and SOC efficiency looks like—one investigation at a time. Note: This story contains promotional content. Learn more.Guests:Edward Wu, Founder/CEO at Dropzone AI On LinkedIn: https://www.linkedin.com/in/edwardxwu/DROPZONE AI: https://itspm.ag/dropzoneai-641Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesVisit the DROPZONE Website to learn more: https://itspm.ag/dropzoneai-641Learn more and catch more stories from Dropzone on ITSPmagazine: https://www.itspmagazine.com/directory/dropzoneaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
⬥GUEST⬥John Salomon, Board Member, Cybersecurity Advisors Network (CyAN) | On LinkedIn: https://www.linkedin.com/in/johnsalomon/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity industry keeps repeating a familiar line: there's a shortage of talent. But what if the real issue isn't the number of people—but the lack of access, mentorship, and investment in human potential?In this episode of Redefining CyberSecurity, Sean Martin speaks with John Salomon, an independent cybersecurity consultant and a contributor to the Cybersecurity Advisors Network (CyAN), about how the hiring structure in our industry may be the problem—not the solution. Together, they explore why entry-level roles rarely provide an actual point of entry, and how hiring practices have been shaped more by finance and compliance than by people development.Salomon draws on decades of experience to outline the problem: security is often treated as a pure cost center, so training and mentorship are deprioritized. Early-career professionals are expected to be “job-ready” from day one, and organizations rarely account for the long-term payoff of investing in apprenticeships or junior hires.He also points to the silent collapse of informal mentorship that once defined the field. Leaders used to take risks on new talent. Now, hiring decisions are driven by headcount limitations and performance metrics that leave no room for experimentation or learning through failure.The conversation shifts toward action. Business and security leaders need to reframe cybersecurity as a growth enabler and start viewing mentorship as a risk mitigation tool. Investing in new talent not only strengthens your team—it supports the stability of the industry as a whole.And it's not just on companies. Universities and student organizations must create more opportunities for experiential learning and interdisciplinary collaboration. Leaders can support these efforts with time, not just budget, by showing up and sharing what they've learned.Whether you're a CISO, founder, or just getting started, this episode challenges the idea that “mentorship is nice to have” and shows how it's a cornerstone of sustainable cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7332679935557300224-1lBv/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥John Salomon, Board Member, Cybersecurity Advisors Network (CyAN) | On LinkedIn: https://www.linkedin.com/in/johnsalomon/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity industry keeps repeating a familiar line: there's a shortage of talent. But what if the real issue isn't the number of people—but the lack of access, mentorship, and investment in human potential?In this episode of Redefining CyberSecurity, Sean Martin speaks with John Salomon, an independent cybersecurity consultant and a contributor to the Cybersecurity Advisors Network (CyAN), about how the hiring structure in our industry may be the problem—not the solution. Together, they explore why entry-level roles rarely provide an actual point of entry, and how hiring practices have been shaped more by finance and compliance than by people development.Salomon draws on decades of experience to outline the problem: security is often treated as a pure cost center, so training and mentorship are deprioritized. Early-career professionals are expected to be “job-ready” from day one, and organizations rarely account for the long-term payoff of investing in apprenticeships or junior hires.He also points to the silent collapse of informal mentorship that once defined the field. Leaders used to take risks on new talent. Now, hiring decisions are driven by headcount limitations and performance metrics that leave no room for experimentation or learning through failure.The conversation shifts toward action. Business and security leaders need to reframe cybersecurity as a growth enabler and start viewing mentorship as a risk mitigation tool. Investing in new talent not only strengthens your team—it supports the stability of the industry as a whole.And it's not just on companies. Universities and student organizations must create more opportunities for experiential learning and interdisciplinary collaboration. Leaders can support these efforts with time, not just budget, by showing up and sharing what they've learned.Whether you're a CISO, founder, or just getting started, this episode challenges the idea that “mentorship is nice to have” and shows how it's a cornerstone of sustainable cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7332679935557300224-1lBv/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
The HITRUST 2025 Trust Report sheds light on a critical question organizations continue to ask: can you really rely on a certification to mean what it says? According to Vincent Bennekers, Vice President of Quality, and Bimal Sheth, Executive Vice President of Standards Development and Assurance Operations at HITRUST, the answer comes down to one word: reliability.The conversation highlights how HITRUST goes beyond a simple checklist by layering in both threat intelligence and maturity modeling. Their framework isn't just built on abstract risk—it incorporates real-world attack techniques, aligning controls to the MITRE ATT&CK framework. This means that the certification reflects actual adversarial tactics rather than hypothetical risk scenarios.Bennekers shares that 99.41% of HITRUST-certified organizations did not report a breach in the last year, and that consistency over two annual reports points to meaningful outcomes—not just marketing claims. Sheth explains how each certification is reviewed in full by HITRUST, not just sampled, and every control is assessed for maturity—not pass/fail. It's a model that helps companies continuously improve, while also giving relying parties better information.For executive teams and boards, the report surfaces where organizations commonly struggle, including access control, vulnerability management, and third-party risk. It also highlights a growing use of external inheritance—leveraging cloud service providers' security posture—as a strategic move for organizations with tighter budgets.Looking ahead, the conversation points to continuous assurance and the evolving role of AI—both as a source of new risks and a tool to enhance security operations. HITRUST is already exploring certification models that reduce drift and increase visibility year-round.For organizations wanting to build more than just a paper shield, this episode unpacks how certification—done right—can be a strategic, measurable advantage.Note: This story contains promotional content. Learn more.Guests:Bimal Sheth, Executive Vice President of Standards Development and Assurance Operations at HITRUST | On LinkedIn: https://www.linkedin.com/in/bimal-sheth-248219130/Vincent Bennekers, Vice President of Quality at HITRUST | On LinkedIn: https://www.linkedin.com/in/vincent-bennekers-a0b3201/Host:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/______________________Keywords: sean martin, bimal sheth, vincent bennekers, hitrust, trust report, cybersecurity, compliance, certification, quality assurance, risk management, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesHITRUST 2025 Trust Report: https://itspm.ag/hitrusz49cWebinar: Beyond the Checkbox: Rethinking SOC 2, Cybersecurity, and Third-Party Risk in 2025 — An ITSPmagazine Webinar with HITRUST (https://www.crowdcast.io/c/beyond-the-checkbox-rethinking-soc-2-cybersecurity-and-third-party-risk-in-2025-an-itspmagazine-webinar-with-hitrust)Visit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
As Black Hat USA 2025 approaches, General Manager Steve Wylie joins Sean Martin and Marco Ciappelli for the annual pre-conference conversation to highlight what's new—and what's next—for one of cybersecurity's most iconic events. This year's themes and expansions signal a strong return to growth, technical depth, and strategic investment.AI Everywhere—from Training to the Show FloorArtificial intelligence emerges as the dominant force across the agenda. From the main stage to the training rooms, Black Hat is packed with AI-related content designed to meet the rising demand for education and clarity. New this year is a comprehensive lineup of instructor-led AI courses and expanded AI tool showcases in the Arsenal and Arsenal Labs programs. As Wylie notes, three of the four Spotlight competition finalists—FireTail, Keep Aware, and Twine Security—are AI-driven solutions, underscoring the technology's influence on innovation.Investor Energy and Startup MomentumCybersecurity investment is back. That momentum is reflected in the expanded Innovators and Investors Summit and the largest-ever Startup Zone on the show floor, now hosting more than 80 companies. This year's program builds on last year's debut and aims to connect entrepreneurs, investors, and CISOs in a more targeted and collaborative setting.Expanding the Audience: New Summits and KeynotesTo better serve cybersecurity leaders across sectors, Black Hat has introduced new summits tailored to financial services and supply chain security. These gatherings offer strategic-level insights for professionals who don't typically engage in technical briefings. Meanwhile, the keynote lineup includes prominent voices from both public and private sectors—such as Miko Hyppönen, Nicole Perlroth, and Chris Inglis—offering grounded perspectives in a time of uncertainty.Interactive Additions and Community GrowthAttendees can expect hands-on experiences like a new drone hacking zone and an expanded hardware lab area. A Career Development Zone also debuts this year, offering sessions designed to help attendees build or pivot their cybersecurity careers.___________Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech and General Manager at Black Hat | On LinkedIn: https://www.linkedin.com/in/swylie650/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Guest and HostGuest: Cindy Hulej, Luthier/Artist | Website: https://www.cindyguitars.com/Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesWhat happens when the story of a city becomes part of the music we make? In this episode of Music Evolves, host Sean Martin sits down with luthier and artist Cindy Hulej of Cindy Guitars to explore how reclaimed wood from historic New York buildings is transformed into custom electric guitars—each one uniquely shaped by memory, material, and imagination.Craft as InnovationCindy's process at Carmine Street Guitars isn't just about building instruments—it's about listening to what the material has to say. The beams salvaged from landmarks like the Chelsea Hotel and John Lennon's former home aren't just structural—they carry decades of vibration, weather, and presence. That physical history directly shapes how these guitars sound, feel, and resonate—offering a kind of analog innovation rooted in human touch and intention.Cindy describes how she and her husband Johnny repurpose old beams, often salvaged from 1800s-era buildings, and transform them into guitars that are not only playable but deeply resonant—physically and emotionally. The aged wood, shaped by centuries of seasonal change, yields a tone that's warm and chimey, with a resonance modern lumber can't match. “You're working with material that's already lived a hundred lives,” she explains. “You just have to unlock the next one.”Creativity Beyond ConventionEach guitar is made by hand, down to the smallest detail. From collaborating with boutique pickup winders to mixing finishes from shellac flakes, Cindy builds instruments that are both sonic and visual statements. No two are alike—because the creative process isn't about repeating perfection, it's about shaping something personal and alive. Whether players come with a precise vision or just a feeling, Cindy helps translate that into tone and form.Reimagining the Past to Shape the FutureThis isn't just about guitars. It's about the convergence of history, artistry, community, and sound. This episode challenges the idea that innovation must come from new tech or flashy trends. Sometimes, the most meaningful advances come from rethinking old materials and techniques.Cindy's guitars are a form of living history—reminding us that sound isn't just produced, it's inherited, interpreted, and carried forward. And, Cindy's path from bartending to building some of the most soulful instruments in New York is a reminder that craft isn't just skill—it's commitment to meaning.About Rick Kelly and Carmine Street GuitarsCarmine Street Guitars, located in New York City's Greenwich Village, is a hand-built electric guitar workshop led by legendary luthier Rick Kelly. Known for using reclaimed old-growth wood from historic buildings across the city, Rick has built instruments for renowned musicians such as Lou Reed, Patti Smith, Bob Dylan, and many others. His approach blends time-honored techniques with a reverence for the city's past, crafting guitars that are as storied as the musicians who play them. At the heart of the shop's ethos is a commitment to individuality, craftsmanship, and sonic integrity—values continued today through Cindy Guitars and the growing creative community within the space.SponsorsAre you interested in sponsoring this show or placing an ad in the podcast?Sponsorship
ITSPmagazine Weekly Update | From AI Agents to Tape Mixes, to Guitars and Black Hat Buzzwords and much more with Marco & Sean's Random & Unscripted Podcast ⸻ In this weekly unscripted update, Marco Ciappelli and Sean Martin catch up on their latest stories, from AI agents replacing SOC analysts to mixtape nostalgia and vintage guitars made from NYC history. They also tease big things coming at Black Hat USA and reflect on why collaboration is core to ITSPmagazine. ⸻ In this week's Random and Unscripted episode, Marco Ciappelli and Sean Martin return with another lively behind-the-scenes update from the ITSPmagazine world. As always, the conversation flows unpredictably—from music and nostalgia to cybersecurity, AI, and everything in between. Marco kicks off the episode by confessing he saw ASIS live—twice—and is now on a mission for the perfect mod haircut. Sean follows with an unexpected review of an avant-garde opera at Lincoln Center, which explores humanity's attempt to extend life through technology. That sets the stage for deeper reflection on AI, with both co-founders digging into the role of AI agents in cybersecurity operations. Sean recaps his recent contributor-led newsletters on threat intelligence and AI-powered SOC roles. Marco, meanwhile, teases the next chapter in his “Robbie the Robot” newsletter series, which will explore the merger of humans and machines. The episode also spotlights a series of published interviews: a brand story with Greg and John from White Knight Labs, Marco's conversation with Ken Munro wrapping up Infosecurity Europe 2025, and an episode with Abadesi from the Women in Cybersecurity track—discussing how diverse teams build better tech. Sean also drops new Music Evolves episodes, including a conversation with Summer McCoy of the Mixtape Museum and a new story on Carmine Guitars, where vintage NYC wood is repurposed into one-of-a-kind instruments. That sparks a philosophical reflection from Marco on the contrast between analog warmth and digital impermanence. As the episode winds down, Marco and Sean turn their attention to Black Hat USA 2025. With sponsorships nearly sold out, they encourage companies to claim one of the last remaining spots. They also preview an upcoming live webinar where they'll debate the event's inevitable buzzwords with industry peers. As always, the tone is informal, curious, and community-driven. If you want the inside scoop on what's shaping the stories and strategies at ITSPmagazine—this is the episode to hear. ⸻ Keywords: cybersecurity, AI agents, threat intelligence, SOC analyst, mixtape museum, custom guitars, Black Hat USA 2025, ITSPmagazine, analog vs digital, diversity in tech, robotic automation, newsletter strategy, editorial collaboration, pen testing, brand storytelling, tech culture, cybersecurity events, operational technology, digital transformation, music and techHosts links:
⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Title: "Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time"A Post–Infosecurity Europe 2025 Conversation with Ken MunroGuestsKen Munro Security writer & speakerhttps://www.linkedin.com/in/ken-munro-17899b1/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________After a whirlwind week at Infosecurity Europe 2025, I had the chance to reconnect with Ken Munro from Pen Test Partners — a longtime friend, hacker, and educator who brings cybersecurity to life in the most tangible ways. From car hacking escape rooms to flight simulators in pubs, we talked about why touching tech matters, how myth-busting makes us safer, and how learning through play might just be the key to securing our increasingly complex world. Tune in, and maybe bring a cocktail.⸻There's something special about catching up with someone who's not just an expert in cybersecurity, but also someone who reminds you why this industry can — and should — be fun. Ken Munro and I go back to the early days of DEFCON's Aviation Village, and this post-Infosecurity Europe 2025 chat brought all that hacker spirit right back to the surface.Ken and his crew from Pen Test Partners set up shop next to the main Infosecurity Europe venue in a traditional London pub — but this wasn't your average afterparty. They transformed it into a hands-on hacking village, complete with a car demo, flight simulator, ICS cocktail CTF, and of course… a bar. The goal? Show that cybersecurity isn't just theory — it's something you can touch. Something that moves. Something that can break — and be fixed — before it breaks us.We talked about the infamous “Otto the Autopilot” from Airplane, the Renault Clio-turned-Mario Kart console, and why knowing how TCAS (collision avoidance) works on an Airbus matters just as much as knowing your Wi-Fi password. We also dug into the real-world cybersecurity concerns of industrial systems, electronic flight bags, and why European regulation might be outpacing the U.S. in some areas — for better or worse.One of the biggest takeaways? It's time to stop fearing the hacker mindset and start embracing it. Curiosity isn't a threat — it's a superpower. And when channeled correctly, it leads to safer skies, smarter cars, and fewer surprises in the water we drink or the power we use.There's a lot to reflect on from our conversation, but above all: education, community, and creativity are still the most powerful tools we have in security — and Ken is out there proving that, one demo and one pint at a time.Thanks again, Ken. See you at the next village — whichever pub, hangar, or DEFCON corner it ends up in.⸻Keywords: cybersecurity, ethical hacking, pen testing, Infosecurity Europe, embedded systems, car hacking, flight simulator, ICS security, industrial control systems, aviation cybersecurity, hacker mindset, DEFCON___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
When you see someone out there shaking things up for the right reasons, you don't just sit back—you reach out. That's exactly what I did with Sean Martin. His energy, his mission, and his commitment to making a difference immediately stood out to me—not just as impressive, but as aligned. In this episode, we talk about what happens when two purpose-driven minds come together—not to compete, but to collaborate. We break down how partnership can multiply impact, elevate purpose, and move the culture forward. This one goes beyond business—it's about building something that lasts. It's about legacy. Tap in for a powerful conversation on alignment, purpose, and creating real change. Contact Omar https://www.instagram.com/askluisomar/ https://askluisomar.com/ https://HGRNCO.com/ Contact Sean Martin https://www.instagram.com/theseanmartin/ https://www.instagram.com/realmentorspodcast/
Andy Johnson is joined by Fried Egg Golf's Joseph LaMagna and Sean Martin of the PGA Tour for a Ryder Cup discussion ahead of the final men's major of 2025. The three discuss storylines they're watching as the season wraps up and give their rosters for both Team Europe and Team USA as things stand today. Andy, Joseph, and Sean also debate the impact of course setup at Bethpage Black and wonder how the Americans will change things up in order to gain in advantage in September.
Before a power crew rolls out to check a transformer, sensors on the grid have often already flagged the problem. Before your smart dishwasher starts its cycle, it might wait for off-peak energy rates. And in the world of autonomous vehicles, lightweight systems constantly scan road conditions before a decision ever reaches the car's central processor.These aren't the heroes of their respective systems. They're the scouts, the context-builders: automated agents that make the entire operation more efficient, timely, and scalable.Cybersecurity is beginning to follow the same path.In an era of relentless digital noise and limited human capacity, AI agents are being deployed to look first, think fast, and flag what matters before security teams ever engage. But these aren't the cartoonish “AI firefighters” some might suggest. They're logical engines operating at scale: pruning data, enriching signals, simulating outcomes, and preparing workflows with precision."AI agents are redefining how security teams operate, especially when time and talent are limited," says Kumar Saurabh, CEO of AirMDR. "These agents do more than filter noise. They interpret signals, build context, and prepare response actions before a human ever gets involved."This shift from reactive firefighting to proactive triage is happening across cybersecurity domains. In detection, AI agents monitor user behavior and flag anomalies in real time, often initiating mitigation actions like isolating compromised devices before escalation is needed. In prevention, they simulate attacker behaviors and pressure-test systems, flagging unseen vulnerabilities and attack paths. In response, they compile investigation-ready case files that allow human analysts to jump straight into action."Low-latency, on-device AI agents can operate closer to the data source, better enabling anomaly detection, threat triaging, and mitigation in milliseconds," explains Shomron Jacob, Head of Applied Machine Learning and Platform at Iterate.ai. "This not only accelerates response but also frees up human analysts to focus on complex, high-impact investigations."Fred Wilmot, Co-Founder and CEO of Detecteam, points out that agentic systems are advancing limited expertise by amplifying professionals in multiple ways. "Large foundation models are driving faster response, greater context and more continuous optimization in places like SOC process and tools, threat hunting, detection engineering and threat intelligence operationalization," Wilmot explains. "We're seeing the dawn of a new way to understand data, behavior and process, while optimizing how we ask the question efficiently, confirm the answer is correct and improve the next answer from the data interaction our agents just had."Still, real-world challenges persist. Costs for tokens and computing power can quickly outstrip the immediate benefit of agentic approaches at scale. Organizations leaning on smaller, customized models may see greater returns but must invest in AI engineering practices to truly realize this advantage. "Companies have to get comfortable with the time and energy required to produce incremental gains," Wilmot adds, "but the incentive to innovate from zero to one in minutes should outweigh the cost of standing still."Analysts at Forrester have noted that while the buzz around so-called agentic AI is real, these systems are only as effective as the context and guardrails they operate within. The power of agentic systems lies in how well they stay grounded in real data, well-defined scopes, and human oversight. ¹ ²While approaches differ, the business case is clear. AI agents can reduce toil, speed up analysis, and extend the reach of small teams. As Saurabh observes, AI agents that handle triage and enrichment in minutes can significantly reduce investigation times and allow analysts to focus on the incidents that truly require human judgment.As organizations wrestle with a growing attack surface and shrinking response windows, the real value of AI agents might not lie in what they replace, but in what they prepare. Rob Allen, Chief Product Officer at ThreatLocker, points out, "AI can help you detect faster. But Zero Trust stops malware before it ever runs. It's not about guessing smarter; it's about not having to guess at all." While AI speeds detection and response, attackers are also using AI to evade defenses, making it vital to pair smart automation with architectures that deny threats by default and only allow what's explicitly needed.These agents are the eyes ahead, the hands that set the table, and increasingly the reason why the real work can begin faster and smarter than ever before.References1. Forrester. (2024, February 8). Cybersecurity's latest buzzword has arrived: What agentic AI is — and isn't. Forrester Blogs. https://www.forrester.com/blogs/cybersecuritys-latest-buzzword-has-arrived-what-agentic-ai-is-and-isnt/ (cc: Allie Mellen and Rowan Curran)2. Forrester. (2024, March 13). The battle for grounding has begun. Forrester Blogs. https://www.forrester.com/blogs/the-battle-for-grounding-has-begun/ (cc: Ted Schadler)________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
Before a power crew rolls out to check a transformer, sensors on the grid have often already flagged the problem. Before your smart dishwasher starts its cycle, it might wait for off-peak energy rates. And in the world of autonomous vehicles, lightweight systems constantly scan road conditions before a decision ever reaches the car's central processor.These aren't the heroes of their respective systems. They're the scouts, the context-builders: automated agents that make the entire operation more efficient, timely, and scalable.Cybersecurity is beginning to follow the same path.In an era of relentless digital noise and limited human capacity, AI agents are being deployed to look first, think fast, and flag what matters before security teams ever engage. But these aren't the cartoonish “AI firefighters” some might suggest. They're logical engines operating at scale: pruning data, enriching signals, simulating outcomes, and preparing workflows with precision."AI agents are redefining how security teams operate, especially when time and talent are limited," says Kumar Saurabh, CEO of AirMDR. "These agents do more than filter noise. They interpret signals, build context, and prepare response actions before a human ever gets involved."This shift from reactive firefighting to proactive triage is happening across cybersecurity domains. In detection, AI agents monitor user behavior and flag anomalies in real time, often initiating mitigation actions like isolating compromised devices before escalation is needed. In prevention, they simulate attacker behaviors and pressure-test systems, flagging unseen vulnerabilities and attack paths. In response, they compile investigation-ready case files that allow human analysts to jump straight into action."Low-latency, on-device AI agents can operate closer to the data source, better enabling anomaly detection, threat triaging, and mitigation in milliseconds," explains Shomron Jacob, Head of Applied Machine Learning and Platform at Iterate.ai. "This not only accelerates response but also frees up human analysts to focus on complex, high-impact investigations."Fred Wilmot, Co-Founder and CEO of Detecteam, points out that agentic systems are advancing limited expertise by amplifying professionals in multiple ways. "Large foundation models are driving faster response, greater context and more continuous optimization in places like SOC process and tools, threat hunting, detection engineering and threat intelligence operationalization," Wilmot explains. "We're seeing the dawn of a new way to understand data, behavior and process, while optimizing how we ask the question efficiently, confirm the answer is correct and improve the next answer from the data interaction our agents just had."Still, real-world challenges persist. Costs for tokens and computing power can quickly outstrip the immediate benefit of agentic approaches at scale. Organizations leaning on smaller, customized models may see greater returns but must invest in AI engineering practices to truly realize this advantage. "Companies have to get comfortable with the time and energy required to produce incremental gains," Wilmot adds, "but the incentive to innovate from zero to one in minutes should outweigh the cost of standing still."Analysts at Forrester have noted that while the buzz around so-called agentic AI is real, these systems are only as effective as the context and guardrails they operate within. The power of agentic systems lies in how well they stay grounded in real data, well-defined scopes, and human oversight. ¹ ²While approaches differ, the business case is clear. AI agents can reduce toil, speed up analysis, and extend the reach of small teams. As Saurabh observes, AI agents that handle triage and enrichment in minutes can significantly reduce investigation times and allow analysts to focus on the incidents that truly require human judgment.As organizations wrestle with a growing attack surface and shrinking response windows, the real value of AI agents might not lie in what they replace, but in what they prepare. Rob Allen, Chief Product Officer at ThreatLocker, points out, "AI can help you detect faster. But Zero Trust stops malware before it ever runs. It's not about guessing smarter; it's about not having to guess at all." While AI speeds detection and response, attackers are also using AI to evade defenses, making it vital to pair smart automation with architectures that deny threats by default and only allow what's explicitly needed.These agents are the eyes ahead, the hands that set the table, and increasingly the reason why the real work can begin faster and smarter than ever before.References1. Forrester. (2024, February 8). Cybersecurity's latest buzzword has arrived: What agentic AI is — and isn't. Forrester Blogs. https://www.forrester.com/blogs/cybersecuritys-latest-buzzword-has-arrived-what-agentic-ai-is-and-isnt/ (cc: Allie Mellen and Rowan Curran)2. Forrester. (2024, March 13). The battle for grounding has begun. Forrester Blogs. https://www.forrester.com/blogs/the-battle-for-grounding-has-begun/ (cc: Ted Schadler)________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
In this Random and Unscripted episode, Marco Ciappelli and Sean Martin connect the dots between AI, robotics, connected systems, and human behavior. How do machines reshape society—and how do we reshape ourselves in response? A conversation born from their latest articles.This Random and Unscripted episode is exactly what the title promises—a raw, thoughtful exchange between Marco Ciappelli and Sean Martin, sparked by their most recent written reflections. The starting point? Two timely articles. Sean unpacks the complexity of securing connected environments—what happens when devices, vehicles, sensors, and platforms become part of something bigger? It's no longer about protecting individual elements, but understanding how they operate as “systems of systems”—intertwined, dynamic, and vulnerable. Meanwhile, Marco revisits Robbie, Isaac Asimov's iconic robot story, to explore how our relationship with technology evolves over time. What felt like distant science fiction in the 1980s now hits closer to home, as AI simulates understanding, machines mimic empathy, and humans blur the lines between organic and artificial. The discussion drifts from cybersecurity to human psychology, questioning how interacting with AI reshapes society—and whether our own behavior starts reflecting the technology we create. Machines are learning, systems are growing more complex, and somewhere along the way, humanity is changing too. Stay random. Stay curious. ⸻
Getting a start in cybersecurity has never been easy — but for today's aspiring pen testers, the entry barriers are even higher than they were a decade ago. In this conversation, Sean Martin and Marco Ciappelli sit down with Greg Hatcher and John Stigerwalt from White Knight Labs to unpack why they decided to flip the script on entry-level offensive security training.Greg, a former Army Special Operations communicator, and John, who got his break as a self-taught hacker, agree that the traditional path — expensive certifications and theoretical labs — doesn't reflect the reality of the work. That's why White Knight Labs is launching the Entry Level Pen Tester (ELPT) program. The idea is straightforward: make high-quality, practical training accessible to anyone, anywhere.Unlike other courses that focus purely on the technical side, the ELPT emphasizes the full skill set a junior pen tester needs. This means not just breaking into systems, but learning how to write clear reports, communicate effectively with clients, and operate as part of a real engagement team. John explains that even the best technical find is worthless if it's not explained properly or delivered with clear guidance for fixing the issue.Greg points out that the team culture at White Knight Labs borrows from his Special Forces days — small, specialized teams where each individual goes deep on a specific domain but works in tight coordination with others. Their goal for trainees mirrors this: to develop focused, practical skills while understanding how their piece fits into bigger, complex attack scenarios.Affordability and global access are key parts of the mission. The team wants the ELPT to open doors for people who might not have thousands to spend on training. By combining hands-on labs, in-depth modules, real-world scenarios, and a tough final exam, they aim to ensure that passing the ELPT means you're truly job-ready.For anyone considering a start in offensive security, this episode is a glimpse into a program designed to create more than just hackers — it's building adaptable, communicative professionals ready to hit the ground running.Learn more about White Knight Labs: https://itspm.ag/white-knight-labs-vukrGuests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/______________________Keywords: sean martin, marco ciappelli, greg hatcher, john stigerwalt, cybersecurity, pentesting, training, certification, whiteknightlabs, hacking, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest and HostGuest: Regan Sommer McCoy, Chief Curator of Mixtape Museum | Website: https://sommer.nyc/Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Show NotesIn this episode of Music Evolves, host Sean Martin connects with Sommer McCoy, founder of the Mixtape Museum, to explore how a simple cassette tape became a cultural vehicle for creativity, connection, and entrepreneurship—especially within hip hop. Sommer's journey starts with managing hip hop artists like the Clipse, where a label dispute revealed the real power of mixtapes as grassroots distribution tools when the industry's gatekeepers were roadblocks.Sommer describes mixtapes as more than just homemade compilations; they are living archives of personal and collective history. From recording DJ sets off the radio to carefully curating tapes for summer camp, these stories form a thread that binds generations. Through the Mixtape Museum, Sommer captures not only the tapes themselves but also the hidden data inside—the handwritten J-cards, the audio quality that degrades with each copy, and the layers of social exchange that gave rise to underground music scenes.What's striking is that the Mixtape Museum does not seek to own every cassette but instead to document, digitize, and study them. Sommer, a database manager by day, focuses on preserving the stories and metadata behind each tape, spotlighting the artists, DJs, collectors, and communities that sustained the mixtape era. Supported by a Grammy Preservation Grant, she's already digitized dozens of tapes while helping other collectors understand how to safeguard their archives.The conversation touches on how mixtapes laid the groundwork for today's playlists and streaming culture—yet today's digital curation lacks the physical, handcrafted artistry that made each cassette unique. Sommer's mission is to encourage collectors and students alike to look deeper: to uncover forgotten shoebox treasures in attics, to share memories, and to research how these tapes shaped music and culture long before social algorithms took over.At its heart, the Mixtape Museum is an open invitation to honor the past while inspiring new ways to think about music's role in documenting who we are. For Sommer, each cassette holds more than songs—it holds a memory worth saving.SponsorsAre you interested in sponsoring this show or placing an ad in the podcast?Sponsorship
Cyber threats are not static—and HITRUST knows assurance can't be either. That's why HITRUST's Michael Moore is leading efforts to ensure the HITRUST framework evolves in step with the threat environment, business needs, and the technologies teams are using to respond.In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that's about improving phishing defenses or updating incident response playbooks.From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.Note: This story contains promotional content. Learn more.Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/Hosts:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/______________________Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
William Lyne of the UK's National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.When the UK's top cyber intelligence strategist sits down with you in London, you listen — and you hit record.At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK's National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It's not just a conversation — it's a rare front-row seat into how one of the world's most serious crime-fighting agencies is tackling ransomware 3.0.The message? Ransomware isn't just a cyber issue. It's a societal one. And it's evolving faster than we're prepared for — unless we change the game.“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn't just about tech — it's about access, scale, and business models. And most importantly, it's no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.Sean brings up the obvious: “Why does this still feel like we're always reacting?”Lyne responds: “We've shifted. We're going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.Marco flips the script by comparing today's cyber landscape to something deeply human. “Extortion is nothing new — we've just digitalized it. This is human behavior, scaled by tech.”From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it's all on their radar. But he's quick to note that cybercriminals aren't bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That's coming. And it will reshape how efficient — and damaging — these threats become.”And then the real insight lands:“You can't wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”That kind of operational openness isn't something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it's essential.William also highlights the NCA's partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.Why does this matter?Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It's not theory. It's strategy, lived on the front lines.
What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]
As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don't always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don't-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what's relevant to their specific networks and business-critical systems.The conversation also explores SSVC's ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.That's where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they're buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.Whether you're tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast
Dr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions.Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them.The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance's Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer's awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use.Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive.The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding.This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security?___________Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn't just about skills—it's about building confidence and community.A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.In closing, Amanda urges us not to forget the enduring principles of security—know what you're protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity's biggest challenges.___________Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
What does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that's evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you've done the work beforehand.Preparation Over PanicCrisis management isn't just a technical checklist—it's a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions.Containment, Communication, and CulturePreparation leads naturally to containment—an organization's ability to limit the damage. Whether it's pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over.Trust and Accountability in a Global EcosystemDigital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who's responsible when things go wrong—becomes harder to establish, but more important than ever.Looking AheadWright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today.___________Guest: Steve Wright, Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
What if the key to cybersecurity isn't more tech—but more humanity?In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology.Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently.A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense.He also pushes back against the industry's obsession with tools for every symptom—drawing a parallel to big pharma's model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis.This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human.___________Guest: Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The After Hours Entrepreneur Social Media, Podcasting, and YouTube Show
What happens when you strip away excuses and look in the mirror? In this powerful episode, Sean Martin, founder of a multimillion-dollar medical supply business and host of The Real Mentors Podcast, shares his raw transformation from addiction and incarceration to fatherhood, faith, and fulfillment.This isn't your average entrepreneurship story. Sean breaks down how mentorship at scale, mindset rewiring, and generational leadership are more essential than ever in a world being flipped upside down by AI, distraction, and cultural shifts.In this conversation, you'll learn:Train custom GPTs using your first-party dataBuild automation systems that scale your impactDominate SEO in a world beyond GoogleLeverage AI influencers and digital personasStay ahead in an economy driven by large language models (LLMs)Overcome excuses and find purpose in a world full of distractionsRewire your mindset and reclaim your futureTakeaways:Sobriety as a Catalyst for Clarity & Purpose.Why Mentorship is the Missing Link in Generational GrowthThe Real Reason Behind the Mental Health “Crisis”Connect with Sean Martin:Website: https://therealseanmartin.com/Instagram: @theseanmartinTimestamps:00:00 – Introduction00:52 – From Bronx Projects to Millionaire Entrepreneur03:00 – The Turning Point: Alcohol & Awakening05:45 – AI, Purpose & The Modern Identity Crisis09:20 – Mentorship at Scale & Community Responsibility14:00 – The Fatherless Epidemic & How to Fix It18:40 – Media Programming vs Real Role Models23:00 – Mindset Over Everything: The New Success Metric29:10 – Breaking Generational Patterns Through Leadership32:00 – The Real Education: Discipline, Not Degrees35:00 – Sean's Final Message to Anyone Feeling Stuck__________________________________________________________________________________________
As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/ Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Cybersecurity isn't just about code, controls, or compliance—it's about people. That's the core message from Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems, and Rob Black, founder of the UK Cyber Leaders Challenge, as they share how genuine collaboration is reshaping security success in high-stakes environments.In this InfoSecurity Europe conversation, Purvi emphasizes that cybersecurity is still too often seen as an IT issue, when in reality it cuts across every aspect of business. Her role spans cybersecurity strategy, leadership development, and advocacy—serving also as Chair of BAE's Women in Cyber program and as a neurodiversity champion. For her, inclusion is more than a policy—it's essential to mission success, especially when coordinating across trilateral government and industry teams on programs as complex as next-gen fighter aircraft.Rob reinforces this point with his focus on developing soft skills in future cybersecurity leaders. His work brings non-traditional talent into cyber, prioritizing communication, empathy, and multidisciplinary collaboration. These human-centric capabilities are crucial when bridging divides between security, legal, HR, and operations.Both guests highlight how assumptions, language, and siloed thinking obstruct progress. Purvi shares how cybersecurity has often been seen as a barrier—brought in too late, misunderstood, or left out of key decisions. She now champions “secure by design” practices through early involvement of cross-functional teams. Rob brings a memorable example: using marriage counseling techniques to help auditors and developers understand each other better—not to resolve personal conflict, but to decode cultural and professional misalignments.Their conversation also touches on practical methods for building shared understanding, from sketching “river journeys” to map project dynamics, to fostering stakeholder buy-in through intentional communication. Whether aligning three governments or managing internal procurement, they show that collaboration isn't just a buzzword—it's a structured, repeatable approach to managing complexity.This episode offers a thoughtful and grounded look at how meaningful human connection—across functions, cultures, and roles—forms the foundation of effective cybersecurity. It's a timely reminder that the path to resilience begins with listening, empathy, and a clear sense of shared purpose.___________Guests:Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems | https://www.linkedin.com/in/purvikay/Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.The Power of the Crowd: Community, Policy, and Lifelong LearningThis year's programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.Tackling Today's and Tomorrow's Threats—From Quantum to GeopoliticsInfosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC's Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.Maximizing the Experience: Prep, Participate, and PartyFrom hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.The message is clear: cybersecurity is no longer just a technical field—it's a societal one.___________Guest: Geoff White, Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it's the relationships and shared purpose that make this event resonate.Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she's learned that you don't need decades of experience to contribute—just a willingness to start.Keynotes and sessions this year reinforced a similar message: security isn't just about hard skills. It's about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané's encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it's your first conference or your tenth, there's always room to jump in.For Maria, OWASP no longer feels like a secret club—it's a growing, open collective focused on helping people bring their best selves to security. That's the power of community: not just lifting up software, but lifting up each other.And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Sometimes, the best conversations happen when there's no agenda. This is one of those moments. With London as the backdrop — its history, energy, and unpredictable charm — Sean and I sat on the grass in Hyde Park and hit record. No script, no plan. Just two friends talking about music, memories, meditation, and why we still believe in experiencing things without a phone between us and reality.From yoga poses on park benches to tales of Clapton at Royal Albert Hall and an upcoming Oasis reunion in Cardiff (yes, really), this is a meandering mix of thoughts and stories — like walking down Portobello Road not knowing what you'll find. We touch on the lost art of being present, why live music changes everything, and how the UK's cultural influence shaped our creative paths.Sure, we dip into punk, rock, film, and a few philosophical musings about why Florence isn't featured more in books and movies — but it's all under one theme: reconnecting with the world around us. It's a conversation that could only happen in a place like London — rich with culture, memories, and endless possibility.If you're tired of content that's too polished, too planned, or too promotional… this episode is a breath of fresh (sometimes damp) British air.⸻Hashtags:#storytelling, #london, #musiclovers, #meditation, #unscripted, #podcastlife, #travelstories, #creativelife, #liveinthemoment, #punkrockNew episodes drop when they drop. Expect the unexpected.Hosts links:
In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today's financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user's smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim's account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech's real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that's not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
As Chief Technology Officer at eSentire, Dustin Hillard brings a deeply rooted background in AI and machine learning—going back over 15 years—to the practical challenges of cybersecurity. In this episode, Hillard discusses how his team is using agentic AI not for the sake of hype, but to augment real human workflows and achieve measurable, high-impact outcomes for clients.The conversation begins with a critical point: AI should be an enabler, not a shiny object. Hillard contrasts the superficial marketing claims that dominate vendor messaging with the grounded, transparent approach his team takes—an approach that fuses technology with hands-on human expertise to deliver results.eSentire's focus is on containment and control. In over 99% of intrusion cases, their platform successfully stops threats at the first host. That is the benchmark by which Hillard wants AI judged—not by its novelty or buzz, but by whether it helps security teams stop attacks before damage spreads.Key to achieving this is the way automation is used to supercharge analysts. Instead of running just three or five high-value queries in a 15-minute response window, eSentire's AI framework runs 30. This allows the system to comb through a customer's historical data, generate hypotheses based on broader knowledge bases, and deliver structured, contextual findings. Analysts can then focus on judgment and decision-making, not searching logs or assembling fragments.Three pillars underpin this approach: direct telemetry gathering from tools like CrowdStrike and Microsoft, threat intelligence correlation, and contextual data from the customer environment. These layers combine to offer rich insights, fast. And importantly, the AI doesn't operate in a black box. Hillard stresses explainability and auditability—every recommendation must be traceable back to concrete evidence, not just LLM-generated summaries.He also touches on the eight assessment areas his team uses to evaluate AI readiness and safety: from autonomy and guardrails to data privacy, effectiveness metrics, and adversarial resilience. The point isn't to convince customers with buzzwords, but to earn trust by demonstrating measurable results and opening the door to real conversations.By encoding the investigative playbooks of seasoned analysts and executing them dynamically, agentic AI at eSentire isn't replacing humans—it's empowering them to respond faster and more accurately. That's the difference between checking a marketing box and actually making a difference when every second counts.Guest: Dustin Hillard | CTO, eSentire | https://www.linkedin.com/in/dustinhillard/RESOURCESSorry We're So Good: An Open Letter: https://itspm.ag/esentire-sorry4ekVisit the eSentire Website to learn more: https://itspm.ag/esentire-594149Learn more and catch more stories from eSentire on ITSPmagazine: https://www.itspmagazine.com/directory/esentireLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story______________________Keywords: dustin hillard, sean martin, marco ciappelli, cybersecurity, ai, machine learning, automation, investigation, containment, transparency, brand story, brand marketing, marketing podcast, brand story podcast