Podcasts about Secureworks

Josh Singh, sales director at Turning Point Technology Services Josh Singh didn’t arrive at Dell Technologies World simply as a partner – he arrived as someone who spent nearly eight years on the vendor side, in Dell sales roles, before crossing over to Turning Point as the company’s sales lead. That dual perspective shapes everything about how Turning Point operates. The Vancouver-based solution provider, founded in 2012, runs exclusively on Dell in the data center – a deliberate, all-in single-vendor bet that Josh frames not as a constraint but as a competitive advantage. Nearly half of the team is ex-Dell, which means when a customer needs an answer fast, Turning Point knows exactly who to call inside Dell’s notoriously complex internal matrix. That navigational fluency, Josh argues, is the kind of differentiation that doesn’t show up in a spec sheet but shows up every time there’s urgency. Turning Point recently formalized that depth by opening what Dell designates as its first official solution center in Canada, in their Vancouver office, giving the team and their clients hands-on access to the full portfolio – including the GB10 for deskside AI development. On AI, Josh’s read is that the “AI factory” framing was right directionally but too large a first step for most of the Canadian market. Dell’s move toward more modular, consumable AI infrastructure – starting at one or two servers, proving a use case, then scaling – is what actually unlocks adoption for SMB customers. Small wins first, then the appetite for something bigger. On security and resilience, Josh drew a clear line: backup is the last line of defense, and if that last line gets hit – or gets frozen by a ransomware insurance claim – you’re rebuilding from scratch. Dell’s Data Domain and its proprietary DDBoost protocol, alongside Veeam, form the core of what Turning Point puts in front of customers who need to actually recover, not just theoretically recover. And rounding it out: the supply chain disruption, compounded by Broadcom‘s reshaping of the virtualization market, is forcing Canadian organizations to plan differently – more external awareness, more budget flexibility, earlier commitment. That’s a challenge across the industry, Josh notes. But for partners who can guide customers through it, it’s also an opening. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. We’re continuing our series from Dell Technologies World in Las Vegas. This week, we’re deep on the partner perspective. Today’s guest brings a point of view you don’t usually get. Nearly a decade inside Dell Technologies, followed by a move to the partner side – specifically to a partner that has made one of the most deliberate, all-in single-vendor bets you’ll find in the Canadian channel. Josh Singh leads the sales team at Turning Point Technology Services, a Vancouver-based solution provider founded in 2012 that operates exclusively on Dell in the data center. Not mostly Dell, not primarily Dell – exclusively. In a channel where diversification is almost reflexively treated as risk management, Turning Point went the other way, and they did it right at the beginning of Dell’s channel investment cycle, which turned out to be good timing. Josh brings to that an unusual lens. He spent almost eight years in Dell’s sales roles, where he learned early that the channel was the key to his success, and that knowing how to navigate Dell’s internal matrix is an advantage that translates directly into faster, better outcomes for customers. Roughly half of Turning Point’s team is ex-Dell. They recently opened what Dell designates as its first official solution center in Canada, right there in their Vancouver office. We talked about what it actually means to make the single-vendor bet and why it’s holding up. How the AI adoption conversation is changing for SMB customers who weren’t ready for the Dell AI Factory, but might be ready for something smaller. The security and data resilience story, and why backup shouldn’t be confused with business continuity. And what the supply chain situation, plus Broadcom’s disruption of the market, is doing to how customers have to plan. Let’s get right into it. My chat with Josh Singh. Josh, thanks for taking the time. I appreciate it. I’m sure it’s been a busy week. Josh Singh: It has been a busy week, and thanks for having me. Robert Dutt: I guess to open it up, I want to start with a question that frames the perspective that you have at an event like this. Turning Point made the explicit call to go all-in on Dell on the infrastructure side, as I understand. A lot of partners diversify, carry multiple vendors, pick and choose their spots. What’s the logic behind that bet? What does a week like this one – where Dell’s making a lot of big moves around AI and the direction of the partner program and all that – feel like for a shop that’s tied its future to the Dell story? Josh Singh: Very good question. I’ve been asked this numerous times, and it’s clear you’ve done your research on us. As you said, Robert, we are 100% Dell-exclusive in the data center. We do have other technologies that are complementary to Dell to give our clients an end-to-end ecosystem of technology, but we have doubled, tripled, and quadrupled down on Dell in the data center. Turning Point was formed in 2012. Three founders – Lee, Sean, and Lauren – they came from a value-added reseller that sold a multitude of technologies. What they found out at the time was Dell had a portfolio that covered the end-to-end, especially in the data center. They branched out, all three of them from [Seven Group – verify company name], and they formed Turning Point. They just realized that Dell was at the beginning of their partner program. You’ll see a legacy fabric still embedded in some aspects of Dell Technologies where they still are partial to selling direct, but they have put a large amount of emphasis and investment in the channel over the last fifteen years. Turning Point was formed at the very beginning of that cycle. Since then, we have had no regrets. Dell has really come to the table as a really solid partner for us, allowing us to offer our clients the end-to-end data center strategy with Dell Technologies. Robert Dutt: Your lens is unique too in that you have some time at Dell EMC – a viewpoint that a lot of partners don’t have in terms of having seen both sides of that fence, especially around the same vendor. What does that vendor-side time teach you about what Dell actually needs and wants from partners, and the reality of what Dell values in a partner? Josh Singh: Yeah, that’s a really good question. I spent almost eight years at Dell in various sales roles. I learned very quickly, and early on in my Dell sales career, that the channel was the key to my success. The core reason why is I’m one individual. I have a solutions engineer, I have some overlays, and we manage a pretty large territory. I found that if I could just introduce a channel partner into the mix, I could lob it over the fence, play quarterback a little bit, get enough updates from the channel partner so I can update my leadership – because that’s really important. But I was able to scale my business significantly when I started to work with the channel. Actually, Turning Point was one of those channel partners that I worked very closely with. So it’s a bit of a full circle moment for me to come back and I lead the sales team at Turning Point. Robert Dutt: I have to imagine the Dell team is happy to have you, because clearly you’ve got that lens for exactly what they are looking for from you as a partner. Josh Singh: Yeah, you know, every vendor has their own methodology and go-to-market culture. And so it does help. Actually, almost half of Turning Point’s team is ex-Dell Technologies employees. So that really gives us a unique perspective on how Dell wants to sell, how to update Dell, what’s important to them – what’s important to each level in the organization, from the sales rep to the manager, to the director, to the senior director, to the president. So we understand what is important to Dell Technologies. And also, for our customers, it’s really important to pick the right technologies. But as we all know, this world is moving so fast and our customers need answers, and they need us to be on their requests in a really time-sensitive way. And so, typically with most vendors, you know your account executive and that individual is the key to the organization. When you come from Dell, you all of a sudden know how to navigate the matrix of Dell. And so when a customer has a question, you know exactly who to call. You can pick up the phone and get that answer in a much more time-sensitive way than navigating the matrix of Dell, which can be large and daunting. Robert Dutt: So the secret sauce is as simple as spending more than half a decade inside the company itself. Josh Singh: Simple. Yeah, easy peasy. Robert Dutt: Big week for AI infrastructure here, and the Dell AI thesis – in so much as they’ve for a while been pulling on the idea of running AI models on-prem and on their infrastructure – was really amplified this week. Between that, desktop agentic AI, and the whole server and storage announcements underneath that, how does what was announced here resonate with what you guys are doing now and what your customers are asking for in terms of technology and how it’s delivered? Josh Singh: Yeah, no, that’s a really good question. So I’ve been at Dell Technologies World almost every year, and I’m finding a big difference in the talk tracks this year. AI was a concept, it was a lot of buzzwords, it was a lot of fluff, to be honest with you as well. Everyone’s trying to chase what AI means to them. But I think this year is the first year where I started to see concepts materialize into practicality, whether it comes to data locality or infrastructure, or really how to go to the next steps of adopting AI. The Canadian market is more pragmatic in their approach to adoption of technology – a little laggard, but not in a negative way, just a bit more conservative. And so what Dell Technologies World enables me and us to do is learn from people actually deploying AI in a much more meaningful and scalable way, for us to then be able to go back to Canada and start to talk about potential use cases, potential outcomes – because it is a very daunting topic, AI, sometimes it can be very overwhelming. So Dell Technologies World allows us to take some key facts about AI, bring them back into our local market, and then help them through that journey. And also, we’re meeting a lot of experts here as well. So it’s not just that we take these concepts and go back to Canada and try to do it ourselves – we’re really supported by the Dell channel ecosystem as well, to help our clients evolve in their AI journey. Robert Dutt: What are the ideas that you’re hearing that specifically are making you think, “All right, this is going to change something in how we do business internally, or this is something I have to take to customer X, customer Y, customer Z,” because it maps to what they’re thinking about or where they should be thinking? Josh Singh: Yeah. I think Dell, when they first wanted to address AI, they came out with the Dell AI Factory, and that was the message. So for a lot of Canadian organizations – which are largely SMB – adoption of an AI Factory is not consumable. It’s too large. They need to prove the model out. And then as soon as they get some small wins and successes, then they can scale out, because the smallest AI Factory was large for them. And this is what we noticed, actually, in the last twelve months. So what Dell is doing now is making it a bit more economical, a bit more consumable – in the AI data platform, starting at one server, maybe two servers, a little PowerScale, and then using that to prove out a use case. And then once we prove out a use case, our customers say, “Hey, there’s really something to this AI thing that everybody keeps talking about.” Now they can really start to invest in a much more scalable, larger way. So I think what Dell has released – very small products with the GB10 all the way up to that massive AI Factory – I mean, you saw when Michael Dell came out with Jensen, and he came out on stage and showed the entire portfolio of AI with a small little itty-bitty – not quite Raspberry Pi size, but not too far from that. Robert Dutt: Really, yeah. Josh Singh: And then having Jensen talk about the next model and how much more powerful that next model is – 100x, 100x, 100x, all the way up to that big AI Factory. So I think it just allows us to be a bit more practical in AI adoption rather than, “Mr. Customer, you have to adopt an AI Factory and that’s how you’re going to achieve AI.” So yeah. Robert Dutt: Has some of the stuff they’re talking about – deskside AI, and specifically deskside agents – when you talk about a GB10 and the lower end of that, and even for more casual users, they would make the case down to the AI-enabled PC – how does that kind of map with how your customers are approaching AI, given that they aren’t going to be going out and buying even a bottom-end, full-on AI Factory experience as a day-one thing? Josh Singh: Yeah. So at Turning Point, we have our data center – it’s actually a solution center. Dell has multiple across the world. There was none in Canada. So actually, with Dell leadership, we opened up Dell’s first solution center in Vancouver in our office. There was a big unveiling with the president of Dell Canada, all Dell leadership came out, and we stood up our solution center in conjunction with Dell. So in that solution center, we have every piece of technology that Dell has – from PowerStore to PowerScale to ObjectScale. And we recently adopted the GB10 so we’re able to actually learn it, use practical use cases that actually help Turning Point, and then we can actually know how to speak to our customers as an adopter ourselves of the GB10 and some of the use cases. So anything from OpenClaw to using different language models and trying to help business productivity in that manner. We serve customers in almost every single vertical. So we are working with healthcare – we’re doing some work right now with healthcare and looking at different use cases when it comes to X-rays and things like that. And then we also work with legal, looking at contractual ways to actually pull out data from thousands or millions of contracts to find commonalities to help an organization improve their operational efficiency. So we’ve got our system in our solution center and we’re actually going through those use cases ourselves so that we can better serve our customers. Robert Dutt: Given that you’ve got that data center and you’ve got that – choose your own analogy, eat your own dog food, drink your own champagne – approach to things, how have you guys approached AI internally, and what have you learned from how you’ve done that over the last year or two? Josh Singh: So it’s a good question. Admittedly, we are a little bit at the beginning of that journey as well. So at Turning Point, as well as many of our customers, we were a bit overwhelmed with what AI meant. And so we have a practice when it comes to consultation to navigate what AI means for them. We do specific workshops to get a client to understand what they want out of AI and to conceptualize what AI is capable of doing. Now we’re really getting into how product is going to help that. So this is the next iteration of our AI journey to help our customers – going over and beyond the consultative nature of how AI works and models and inferencing and all those buzzwords that customers understand but don’t really understand. And then we’ll take whatever is the output from that workshop, and now with our solution center, we’re looking to actually take the results of that and try to replicate it using product and technology and actual outcome. Robert Dutt: How often do you find that the outcome of the workshop – “this is what AI would do best for you” – maps with what they came in thinking AI would do best for them? Josh Singh: It’s fascinating to see, actually, because in a lot of SMB organizations, there is no AI data scientist, there is no AI leader. So it’s essentially decision by committee. And that committee could be a storage admin, a network admin, a compute admin, an application admin, all the way up to leadership, cybersecurity, of course, for governance and compliance. So seeing the different perspectives in these AI committees is really interesting – to watch the customer look at each other and each individual have their own expertise and go, “Oh, that’s interesting. Oh, that’s interesting. Why did I know you viewed the world through the lens of this?” And so coming in with these workshops, it’s typically not one outcome. It’s actually allowing a conversation between these committees at our customer organizations to really help push what AI means for each of those individuals. And then they branch out, actually not with Turning Point but internally, to foster more discussion. And then we come back in and help prod and push in certain areas with our AI knowledge. But really, it’s more contextual. It’s not really about language models and things like that. It’s more about blue sky – like, what do we want to do? And what’s success for you, and what’s success for you, and what’s success for you? You’ll notice that success for each of these individuals is very different. So it’s been fascinating for us to watch. Robert Dutt: It’s funny how often some of these things do – for all the technology behind it – come down to breaking down internal silos. Josh Singh: Yes, yes, yeah. It’s a big part of our job. We help bridge technology to business, to legal, to cybersecurity, all the way up to business goals. So it’s really – it’s an honor to work in this industry and see those conversations play out. Robert Dutt: We saw some fairly significant changes to the partner program and the rollout of the Modern Partner Platform – in terms of the agentic AI stuff that’s rolling into the partner portal and the partner experience, deal registration improvements, a whole bunch of things – especially where you guys are at as a boutique, exclusively Dell-focused operation on the data center side. What did you see in there that really caught your interest – “okay, that’s going to make my life better”? And in a more art-of-the-possible mode, what do you think AI appearing in partner platforms is going to mean in the long run in terms of what you can do, and what you can get from the overall experience you have with key vendors like Dell? Josh Singh: Yeah, good question. So they haven’t fully rolled out the One Dell Way platform yet – they’re chipping away at it. First is with CSG on the client side, and they’re starting that internally. So we haven’t actually seen the result of a lot of that change yet. But I do know theoretically what the plan is for that, and I think it’s going to be really advantageous for us. We are seeing a little bit of the benefits right now where human intervention – as vendors start to consolidate a bit more in sales and back office – the role of the sales rep is changing. There are a lot of tasks that that sales rep now has to do. And so they can sometimes be the bottleneck of operational efficiency. Let’s talk about deal registration, for example: they will get an email, and if they’re busy in meetings, by the time they get to that email and press OK, it could be twenty-four, it could be forty-eight hours, it could be seventy-two hours if that person’s out of town. So then you have to chase – and with how fast IT is moving with our customers, we can’t afford to wait that long. So we’re starting to see a bit more intelligence and automation in how deal registrations are approved. It is a bit of a complicated topic because the channel relies on Dell’s ability to recognize who our accounts are, who our loyal customers are. And so there have been some conflicts since then. But I do see that Dell is on it and they are working it out. And I do love the transparency and honesty from Dell in owning up where mistakes were made and correcting them in the field. So I am seeing some AI adoption when it comes to the partner program, but it’s not fully rolled out yet. So I am looking forward to seeing what they come out with. Robert Dutt: In terms of future state – whether it’s stuff that they’re already discussing or stuff that’s just possible but not yet on the roadmap – what would be the most impactful for you and your organization to move to a more automated, more agentic motion with a key vendor like Dell? Josh Singh: Yeah. I’m sure you’ve heard of Dell Sales Chat. It’s basically their version of GPT, but it references all of Dell’s information – presentations, documents, white papers, service briefs, and things like that. So the Dell rep just types in a query into Dell Sales Chat, and an answer comes out while referencing all Dell documentation. What I really want to see is Dell enabling that for the channel. And so I’ve talked to Dell leadership – specifically people that own this product – and that is the plan. And so I’m really, really excited for that, because especially when we respond to RFPs in public sector, it’s a very time-consuming endeavor. And so for us to be able to type in queries on very specific questions that public sector has about technology would be really valuable. And I do know that there are compliance and governance issues as well. The labeling of documentation has to be accurate – otherwise, the channel would get access to potentially confidential data from Dell Sales Chat. But that’s the biggest thing that I’m waiting for Dell to offer the channel. Robert Dutt: Cool. I wanted to talk a little bit about security and data resilience, because that was another theme here at the event – an area where you guys have a fair bit going on with vCISO and MDR, cyber recovery, all that kind of stuff. Basically, how does the Dell cyber resilience narrative from this week connect with what you’re already doing? Does it strengthen the story you’re telling clients? Does it give you new opportunities? How are you viewing the message here? Josh Singh: Yeah. So I actually come from the security and resilience team at Dell – that’s my most recent role there. So it’s near and dear to me and my heart, and I am seeing a lot of product updates when it comes to security. That’s really exciting for me to see, actually. So Dell has a security and data platform in Data Domain, and there are other partners in the ecosystem like Druva and others. There are some partnerships with CrowdStrike and other MDR companies. And that’s what I really appreciate about Dell – they did have Secureworks for a period of time, which got spun off, but I do appreciate Dell constantly looking at where their gaps are from a technology perspective and then partnering up with other vendors to complete the end-to-end strategy. As I mentioned, each individual product in the technology portfolio – they are releasing a lot of security updates and functionality embedded in PowerStore, more in Data Domain when it comes to immutability and things like that, and PowerScale anomaly detection in each of the different products, end-to-end encryption with secure [HPAs – unclear; possibly “HBAs” or “APIs” – verify]. So there’s a lot of attention right now when it comes to security. And to come back to AI – AI is really cool and it can create a lot of really cool outcomes. That’s if you’re wearing a white hat. If you’re wearing a black hat, it can be equally exciting for them as well. And so Dell has to keep up now with not just asking what are the positive outcomes that can drive more efficiency and unlock human progress, but what are the black hats going to be doing with AI, and how do we respond? Robert Dutt: I was sharing a detail this week that backup infrastructure is kind of a primary target for attacks. Curious – does that kind of match with what you’re seeing? And how do you, especially with customers who are newer to you or just going through the process, help them reconcile what they think they’re protecting with their backup versus what they actually have in terms of protection? Josh Singh: Yeah, this is – I mean, every backup vendor says the same thing. This becomes really difficult, actually, to undo a lot of the conditioning from a lot of the backup vendors. I joined DPS – which is now the SRP, the Security and Resiliency Platform, at Dell – for a very specific reason. I actually used to also work for Secureworks. And I realized that talking to people about managed security services was resonating at the time. But the answer was always, “Hey, we just go back to our backup target and we restore, we recover, we’re up and running within a couple of hours.” So I thought, I could spend the same amount of time with a different team and a different product and achieve much more success, because that’s what most organizations are relying on. So they really rely on backup. Now, backup should not be confused with business continuity. Backup is the last line of defense – and it really is the last line of defense. So when you have a last line of defense, you need to make sure that that is locked down. If you don’t trust your last line of defense, it doesn’t really matter what you do on top of that. You can spend millions of dollars per year operationally on subscriptions and monitoring and things like that. But if you don’t trust your last line of defense, you are hooked. And so Dell’s backup product, Data Domain, is the most secure, purpose-built backup appliance out there in the market – hands down. It’s not even a comparison, from my perspective – and it could be a biased perspective – against other competition and other vendors that also play in the same area. There are just so many features in Data Domain when it comes to immutability and governance and compliance and DDBoost, which is a proprietary protocol – it’s not CIFS, it’s not NFS. A bad actor can scan a CIFS or NFS directory so easily and then just encrypt it. So while we do work very well with PPDM – which is Dell’s backup software – we also use Veeam as well. And so the Veeam-to-Data Domain story is very powerful, and it’s really good for the SMB market as well. So we’re constantly looking at the market and seeing what’s compatible, what plays well with Dell products, and we’re introducing that into our ecosystem as well. Robert Dutt: All right. To wrap it up – sitting where you sit as a partner who’s made a pretty significant single-vendor bet on Dell, what’s the one thing from this week that you sit back and go, “Yeah, that validates the decision”? And also, was there anything that gives you pause – that makes you go, “Okay, I need to learn more about that before I’m sure that we’re aligned”? Josh Singh: Yeah. I mean, I can’t deny that we haven’t been forced to think about more vendor adoption. And as every company needs to iterate and evolve and stay on top of industry trends, we need to constantly be surveying other technologies. And we do. We look at NetApp all the time. We look at Pure. We look at HPE constantly. And what we’ve noticed is we don’t need to take on a different vendor. And especially – one thing I will say about Dell, and I’m not sure if this is an answer to your question, but I do have to mention this – Dell’s supply chain is second to none. So we’re in this world right now which is shifting aggressively to shortages and components and things like that. And that’s where Dell’s really shining right now – in their ability to go to different geographic areas and fast-track product from other areas. So that’s just one thing that I have to plug Dell for: very impressive about what they’re doing there. But from a Dell perspective, they’re constantly innovating. All the thought leaders of the world – in different companies and different partners and vendors – they’re all here. And so if we have that big bet on Dell and they’re constantly innovating and adding new partnerships and are at the forefront of innovation, then that means we are too. And if we are, then we don’t need to look anywhere else – and we’re going to double down on the bet. Robert Dutt: To go back to what you were saying about the supply chain situation – it’s no doubt wild times trying to get infrastructure for everyone on the planet right now. And we hear pretty clearly from Jeff Clarke the idea, the message to customers: put your hand up early – really early, if you can – because that’ll give you the best chances of getting what you want when you want it. If you’re thinking two years out or something, how are you approaching timelines and guidance to customers on – okay, so you want to be here at some point – speccing that out in light of the uncertainty of availability, the uncertainty of price, all the fun stuff that’s going on right now? Josh Singh: We’re living in that world right now and it’s changing the way customers have to respond to their stakeholders in their organizations. Back in the day – and by back in the day, I mean six months ago – a customer needed compute and they would buy compute and they would get it within three weeks, likely two. Now we’re looking at two months, three months, sometimes six-month delays, depending on if they need very specific components. So it is a little bit like the COVID days, where there was a big push to remote connectivity. Now customers are looking at public cloud again in a bigger way because they need immediate resources. So what we’re trying to do as an organization is say, “Yes, you could go to the cloud – that is an option. It always has been an option and always will be an option. But is that the right thing for your organization economically, from a security perspective, from a latency perspective?” There are so many more considerations, especially in the Canadian market with data sovereignty. And so the shift of parts shortages – and this wouldn’t be a current interview unless we talked about Broadcom and the changes they’ve made in the market as well. These two very big changes in our market are now affecting the way that organizations have to respond to their stakeholders and the immediacy of resources. So planning now is critically important. The way that customers are now trying to secure budget within their organizations is changing, because they need to be a bit more adaptable and flexible to what’s externally offered. Previously, it was internal operational methodologies on how they adopted technologies. Now they’re being affected by the external. So they have to be a bit more flexible and adaptable as to how they need to support their growing environment – by way of data, by way of compute resources, and especially AI. Now that I need GPUs and memory and CPUs, which are now in shortage, it is a very big challenge. But it’s not a Dell challenge, it’s a customer challenge. It’s happening across the entire industry. So that’s a good thing for us. If it was a Dell challenge, then we’d have a challenge ourselves and be in a bit of a corner. But it’s a global challenge right now that we are constantly seeing changes to. And I suspect we’ll continue to see changes for the rest of the year. Robert Dutt: It’s wild times when you hear folks who are very intelligent on these things saying this is going to be a multi-year kind of cycle. I guess AI giveth, AI taketh away. Josh Singh: Yes, yes. And geopolitics – we’ve got some leaders in the world right now that are making decisions that are affecting our geopolitical climate as well, which is then downstream affecting IT. So it’s interesting times. Exciting times. And I think we’ll look back on today just like we looked back on COVID – we’ll get through it. We’re all in it together. Robert Dutt: Here’s hoping the war stories end up good at the end of the day. Josh Singh: That’s right. Robert Dutt: Thanks for taking the time. I appreciate it. Josh Singh: Thanks very much, Rob. I appreciate it. Thank you. Robert Dutt: There you have it, Josh Singh from Turning Point Technology Services. I’d like to thank Josh for his time in Las Vegas. The full-circle element of his story – spending years inside Dell, working alongside Turning Point as a channel partner, and then joining the company he was selling through – comes through clearly in how he talks about the business. And I think that perspective showed throughout the conversation. A few things I’d like to take away from this one. First, the single-vendor bet argument. A lot of partners hedge on vendor relationships as a form of risk management, but Turning Point went the other way. And the case Josh makes is essentially that depth beats breadth – that knowing how to navigate a large vendor’s internal matrix quickly is itself a competitive advantage for customers. When someone needs an answer today, knowing exactly who to call inside Dell and getting it done in hours instead of days is a real differentiator. Doesn’t show up in a product spec, but it does show up in the relationship. Second, the AI adoption ladder. The AI Factory is the right concept, but maybe too large a bite for most of the Canadian market. What’s changing now – and what you heard Josh describe with the solution center and the GB10 pilots – is AI becoming consumable at the entry level. Small win, prove the model, scale it up. That’s how it actually gets adopted in the mid-market and SMB space, and the partners who figured out how to structure that journey are the ones who are going to win those accounts. And third, backup is the last line of defense, not the first. Josh put it plainly: if you don’t trust your last line of defense, it doesn’t really matter what you spend on top of it. And if your backup infrastructure gets hit with a ransomware attack – which is increasingly the whole point of the attack – and you’ve filed an insurance claim on top of that, you can’t touch it until the insurance company is done with their analysis. You’re building from scratch. That air gap, clean recovery point is the whole game. Not a nice-to-have. If you’re enjoying the show, please follow or subscribe wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, the usual suspects. And if you have a moment to leave a rating or review, please do. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Show DescriptionJoe Levy is the CEO of Sophos and a 30-year cybersecurity veteran who has held technical and executive roles across some of the industry's most recognizable brands. In this episode, we dig into a stat that should reframe how the entire industry thinks about its mission: out of roughly 359 million businesses worldwide, fewer than 32,000 have a CISO. That's less than one in 10,000 organizations with a security strategy leader — and it's a number Joe worked with Cybersecurity Ventures to quantify for the first time.We explore what that structural gap means for how vendors build products, why the cybersecurity market is a 40-year-old market failure where spending goes up every year but outcomes don't improve, and how Sophos is betting that agentic AI can deliver CISO-level intuition to the hundreds of millions of organizations that could never conceive of hiring one. Joe breaks down where AI is genuinely delivering in security operations — and where the industry is overselling — drawing from Sophos's experience running the world's largest MDR service with 36,000 customers.We also get into Sophos's Pacific Rim disclosure, a five-year engagement with a Chinese nation-state actor targeting their firewalls that Joe calls the highest form of threat intelligence sharing. He walks through the calculus of going public with that story, including the kernel-level monitoring they deployed on a handful of devices to stay one step ahead of the attacker. Plus, we discuss the SecureWorks acquisition, the CTO-to-CEO transition, competing with hyperscalers like Microsoft, and what the next chapter looks like for a billion-dollar PE-backed security company approaching maturity with Thoma Bravo.Show NotesThe cybersecurity poverty line quantified: out of 359 million businesses worldwide, fewer than 32,000 have a CISO — less than one in 10,000 — and this leadership gap compounds with the skills shortage and what Joe calls an "AI-enhanced market for lemons" where information asymmetry between buyers and vendors is getting worseThe real problem isn't missing technology — most organizations already have endpoints and firewalls — it's misconfigurations, ignored alerts, undeployed agents, and no SOC to respond, which is why secure-by-default design and hybrid product-service models like MDR create more predictable outcomes than tools aloneAI in the SOC is overhyped but not hype: Sophos runs 36,000 MDR customers and says the vast majority of Tier 1 (triage, false positive management) and Tier 2 (investigation, response) can now be performed by agents — but the industry lacks standard vocabulary for metrics like MTTR, letting vendors be "intentionally opaque" about what "response" actually meansJoe introduces the concept of "humans as the accountability API" in an agentic world — AI can approximate analyst intuition, but someone still needs to be held accountable for remediation decisions, and a fully autonomous SOC may just be "a protection product with a very long data pipeline"The Pacific Rim story: Sophos spent five years engaged with a Chinese nation-state actor targeting their firewalls, deployed a kernel implant on fewer than a handful of attacker-controlled devices to observe exploit development in real time, and concealed targeted fixes among 150 other patches to avoid tipping off the adversarySophos's CISO Advantage program aims to deliver the intuitions of a skilled security leader to the hundreds of millions of organizations that could never hire one — Joe calls it fixing a 40-year-old market failure and says they're shipping it this year

Please enjoy this encore of Career Notes. Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises those interested in cybersecurity to just start. We thank Eric for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises those interested in cybersecurity to just start. We thank Eric for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Podcast: ICS Arabia PodcastEpisode: From Academia to Cybersecurity Leadership (Arabic) | 42Pub date: 2025-11-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of ICS Arabia Podcast, I sit down with Dr. Haitham Rashwan, Field CTO at Dell, to discuss his journey from Electrical Engineering to Cybersecurity, his experience as a pen tester at IBM, SecureWorks, and Dell, and his insights on OT SOCs, AI in security, pen testing, and the cybersecurity market. We also debunk the air gap myth and explore how to build a strong cybersecurity program.The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Sophos represents one of cybersecurity's most vulnerable companies, founded in 1985 as an antivirus provider and now operating at massive scale with $1.5 billion in ARR and 5,700 global employees. Under CEO Joe Levy's leadership, the company has undergone a fundamental transformation from a traditional product-focused vendor to a services-driven platform that addresses core market failures in cybersecurity. In a recent episode of Category Visionaries, we sat down with Joe Levy to learn about the company's pivot to managed detection and response (MDR) services, their $860 million SecureWorks acquisition, and their vision for democratizing cybersecurity strategy across millions of organizations worldwide. Topics Discussed:  Sophos's evolution from antivirus origins through multiple business model reinventions over four decades  The strategic pivot to managed detection and response (MDR) services starting in 2018-2019 Building organizational support for major business model changes through experimental frameworks  Managing channel partner relationships during service transformation with 25,000 global partners  The $860 million SecureWorks acquisition and integration strategy to achieve category leadership  Scale as a competitive advantage in cybersecurity platform operations  The future vision of democratizing cybersecurity through "virtual CISO" services at massive scale GTM Lessons For B2B Founders: Address systemic market failures through business model innovation: Joe identified that cybersecurity's core problem wasn't technology quality but post-sale execution. "As an industry we have been really good at buying and selling products, but we've never been good. In fact, we've been terrible at their implementation and their lifecycle management." This insight led to Sophos's services transformation. B2B founders should look beyond surface-level customer complaints to identify fundamental market failures that create opportunities for entirely new business models. Structure major strategic pivots as controlled experiments: When proposing the MDR services pivot, Joe framed it as a measurable experiment rather than a leap of faith. "The conversation primarily consisted of, I want to run an experiment. Here are the parameters of the experiment that I would like to run... This is the investment that I think that we need to make in order to bootstrap it." This approach included specific cost models, growth projections, and profitability targets. B2B founders can reduce organizational resistance to major changes by presenting them as structured experiments with clear success metrics and defined risk parameters. Invest heavily in stakeholder alignment during business model transitions: The most challenging aspect wasn't technical but maintaining relationships with 25,000 channel partners who might view new services as competitive threats. Joe spent a full year ensuring partners viewed MDR as "augmentation and greater opportunity and an opportunity for them to offer tiering to the kinds of services that they're doing." B2B founders making significant business model changes must prioritize extensive stakeholder communication and alignment, especially when changes could affect existing revenue streams or partner relationships. Shift sales focus from product features to guaranteed outcomes: Sophos had to retrain their sales organization for services selling. "The fundamental difference between selling a product and selling a service is... what the expectations of the outcome that service is going to provide for them." Instead of selling technology specifications with implementation uncertainty, they began guaranteeing predictable business results. B2B founders transitioning to services models must fundamentally change their sales approach from feature-based selling to outcome-based value propositions. Use strategic M&A to achieve immediate category leadership: Rather than relying solely on organic growth, Sophos accelerated their MDR strategy through the $860 million SecureWorks acquisition. "It technically makes us the largest MDR operator, pure play cybersecurity MDR operator... on the planet today." The acquisition instantly provided market positioning that organic growth might have taken years to achieve. B2B founders should consider strategic acquisitions not just for technology or customers, but for category leadership and competitive positioning that enables further market expansion. Build scale as a defensible competitive advantage: Joe argues that scale is "an often overlooked but a critically important element when it comes to the selection of information technology vendors." In platform businesses handling massive data volumes and real-time operations, the ability to operate at scale becomes a key differentiator. "The customer should be asking them, what are your strategies in order to be able to scale?" B2B founders in platform businesses should explicitly communicate their scaling strategies to customers and position their ability to handle growth as a core competitive advantage, especially when competing against smaller vendors.   //  Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role.  Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

Eldon put a $150K line of credit on his house to start eSentire in 2001. No VCs would touch him—they didn't understand services businesses. He worked 12-hour days, 7 days a week for 7 years to hit $1M in revenue. His co-founder coded while he flew to New York on $99 JetBlue flights from Buffalo to save money. Then something clicked: they brought in an experienced CEO who transformed their scrappy cybersecurity consulting into a managed service. Revenue grew from $1M to $10M in just 3 years. They won 95% of competitive deals against Dell-backed SecureWorks by comparing themselves to a local burger joint versus McDonald's. Today eSentire is worth over a billion dollars. This is the raw, unfiltered story of building a massive B2B company without following any of the Silicon Valley playbook—no YC, no venture capital for years, just pure survival mode.Why You Should Listen:How to win head-to-head sales battles against bigger competitors with no marketing budget.Why taking a long time to hit $1M ARR doesn't mean failure.How bringing in an experienced CEO after 8 years saved the company.Keywords (comma-separated):Startup podcast, Startup podcast for founders, eSentire, Eldon Sprickerhoff, cybersecurity, bootstrapping, managed services, B2B sales, Canadian startup, MSSP, founder-led sales, pivot00:00:00 Intro00:01:00 Starting eSentire after 9/1100:03:26 The dot-com crash reality00:05:23 $150K home equity line to start00:08:32 Landing first customer at ING00:14:03 Making up the rules as they went00:19:09 Bringing in an experienced CEO00:22:44 The hamburger pitch that beat Dell00:28:36 From $1M to $10M in 3 years00:34:39 Common founder mistakes00:40:39 Chief survival officer mindsetSend me a message to let me know what you think!

In this episode of The Digital Executive podcast, Geoff Haydon, CEO of Ontinue, shares how his leadership journey—from SecureWorks and VMware to heading Ontinue—has helped shape a new era of cybersecurity services. Geoff dives into how Ontinue's MXDR platform, Ontinue ION, is transforming legacy MDR practices by combining automation, AI, and a holistic approach to threat management. He explains how today's cybersecurity demands go beyond just alerting and into proactive risk reduction across cloud, network, and identity.Geoff also unpacks how Ontinue's partnership with Microsoft and its integration with the Microsoft security platform is enabling enterprises to reduce tool sprawl, cut costs, and deliver measurable outcomes. With over a third of security incidents resolved autonomously and 99.5% handled without customer intervention, Ontinue is helping CISOs do more with less—replacing outdated "defense in depth" models with scalable, intelligent operations powered by agentic AI.Subscribe to the Digital Executive Newsletter for curated strategies, expert perspectives, and industry trends. Sign up now here.

Effective security management has never been simple and the expanded threat landscape enhanced by AI has only widened the gap between defenders and attackers. Scott Crawford and Greg Zwakman return to discuss the managed security services market with host Eric Hanselman. Security services have been an option for enterprises since the earliest days of IT, but the need for more depth and breadth in security operations has changed market dynamics and the enterprise security calculus. Part of this shift is driven by the scope and scale of security operations. Expanded attack surfaces with more devices, more SaaS applications and hybrid infrastructure can be all the more difficult to secure. Integrated security operations patterns, like Managed Detection and Response (MDR) can provide more comprehensive services and ones that are targeted at delivering improved security outcomes, rather than just operational support. Changing security requirements are driving M&A activity, as well. Where services had been an augmentation to vendor products, some vendors now see them as a critical part of their portfolio and a key to platform aspirations. Zscaler's acquisition of Red Canary and Sophos' pick up of SecureWorks are some of the more notable transactions in this trend. Security management has shifted front of security markets. More S&P Global Content: AI for security: Agentic AI will be a focus for security operations in 2025 The evolution of security platforms – 6 centers of gravity shaping the market For S&P Global subscribers: Managed Security Services Market Monitor & Forecast For sale: MDR vendors 2025 Trends in Information Security Ending SecureWorks' search for a suitor, Sophos takes it off Dell's hands Zscaler expands its platform play into a new market by reaching for Red Canary Credits: Host/Author: Eric Hanselman Guests: Scott Crawford, Greg Zwakman Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc In the leadership and communications segment, The CISO Transformation — A Path to Business Leadership, The CISO's dilemma of protecting the enterprise while driving innovation, When Hiring, Emphasize Skills over Degrees, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-385

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-385

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc In the leadership and communications segment, The CISO Transformation — A Path to Business Leadership, The CISO's dilemma of protecting the enterprise while driving innovation, When Hiring, Emphasize Skills over Degrees, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-385

After Sophos acquires Secureworks, Sailpoint's IPO saves the index. The Security Weekly 25 index is now made up of the following pure play security vendors: SAIL SailPoint Ord Shs PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-385

Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal Listeners of the show are probably aware (possibly painfully aware) that I spend a lot of time analyzing breaches to understand how failures occurred. Every breach story contains lessons organizations can learn from to avoid suffering the same fate. A few details make today's breach story particularly interesting: It was a Chinese APT Maybe the B or C team? They seemed to be having a hard time Their target was a blind spot for both the defender AND the attacker Segment Resources: https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/ https://www.theregister.com/2024/09/18/chinesespiesfoundonushqfirm_network/ This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-393

Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal Listeners of the show are probably aware (possibly painfully aware) that I spend a lot of time analyzing breaches to understand how failures occurred. Every breach story contains lessons organizations can learn from to avoid suffering the same fate. A few details make today's breach story particularly interesting: It was a Chinese APT Maybe the B or C team? They seemed to be having a hard time Their target was a blind spot for both the defender AND the attacker Segment Resources: https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/ https://www.theregister.com/2024/09/18/chinesespiesfoundonushqfirm_network/ This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-393

This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-393

This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-393

Ransomware payments saw a 35% decline in 2024—what's driving the drop? Sophos finalizes its $859 million acquisition of SecureWorks, signaling more M&A activity in cybersecurity for 2025. Plus, DeepSeek AI is gaining traction in healthcare, but its data policies raise serious concerns.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Kyle Falkenhagen is the Chief Product Officer at Secureworks. In this episode, he joins host Charlie Osborne to discuss the concept of taking an open approach to cybersecurity and what it means for organizations, including the main advantages of an open platform, building out a security operations strategy, and more. Secureworks is a leader in cybersecurity, empowering security and IT teams worldwide to accelerate effective security operations. Learn more about our sponsor at https://secureworks.com.

Stacy Leidwinger is the VP of Marketing at Secureworks. In this episode, she joins host Charlie Osborne to discuss the risks and ramifications of cyberattacks, including the role security leaders play, as well as how best to mitigate these risks, and more. Secureworks is a leader in cybersecurity, empowering security and IT teams worldwide to accelerate effective security operations. Learn more about our sponsor at https://secureworks.com.

Curt Yasm is the senior product manager at Secureworks. In this episode, he joins host Charlie Osborne to discuss identity threats, including how the landscape has evolved, the impact on organizations, and more. Secureworks is a leader in cybersecurity, empowering security and IT teams worldwide to accelerate effective security operations. Learn more about our sponsor at https://secureworks.com.

Send us a textBrad's journey from sci-fi enthusiast to cybersecurity expert is an unconventional path filled with unexpected twists and valuable insights. Hear firsthand how his initial pursuit of engineering took a dramatic turn following 9/11, leading him to the military and into the Signal Corps, where his foundation in cybersecurity was forged. Discover how his experiences at SecureWorks highlight his dedication to diversifying the cybersecurity workforce by recruiting and training talent from varied backgrounds, making this field accessible to all with a passion for tech and a willingness to learn.Step into the high-stakes environment of cybersecurity as Brad shares gripping tales from mission deployments where every second counts. Feel the adrenaline of operating in high-pressure situations and the critical role certifications play in carving out a successful career in this field. Brad sheds light on the diverse backgrounds of cybersecurity professionals, illustrating how police officers and others transitioned into this field, proving that aptitude and determination often outweigh traditional education in achieving success.In the face of rapid AI integration, organizations encounter new hurdles with shadow IT and unsanctioned applications. Explore the intricate landscape of AI security threats and the pressing need for secure implementation, as Brad outlines the challenges posed by AI's rise. With over 92% of organizations facing data breaches from unauthorized apps, the urgency for robust security measures is palpable. Concluding with ways to connect with Brad and Morphysack, this episode promises a treasure trove of insights and a peek into future conversations on emerging AI threats.Support the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking. We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures. This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts' sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-382

The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking. We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures. This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts' sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-382

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts' sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-382

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts' sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-382

In this episode of "Screaming in the Cloud," we're making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he's responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You'll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there's anything you can take away from this episode, it's that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.Show Highlights(0:00) Intro(0:38) Blackblaze sponsor read(1:06) The role of AWS' security team outreach group(2:21) The nuance of the Vulnerability Disclosure Program(4:05) Will the VDP program replace human interactions(10:08) Response disclosure vs. coordinated disclosure(15:26) The high-quality communication of  the AWS security team(17:33) Gitpod sponsor read(18:45) Security researchers vs. "security researchers"(25:54) What's next for the VDP Program?(29:26) Avoiding "security by obscurity"(32:08) Being intentional with security messaging(36:16) Where you can find more from RyanAbout Ryan NoletteRyan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint securityLinksAWS VDP on HackerOne: hackerone.com/aws_vdpAWS VDP inbox: aws-security@amazon.comLinkedIn: www.linkedin.com/in/cloudy-with-a-chance-of-securityAWS Vulnerability Reporting site: https://aws.amazon.com/security/vulnerability-reporting/Give your feedback on the recently expanded VDP program: https://pulse.aws/survey/MOOFGRLMSponsorsBackblaze: https://www.backblaze.com/Gitpod: gitpod.io

00:00:00 - PreShow Banter™ — Log Con00:11:41 - BHIS - Talkin' Bout [infosec] News 2024-10-2100:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil00:27:12 - Story # 4: Debunking Hype: China Hasn't Broken Military Encryption With Quantum00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers' cloud products00:35:03 - Story # 6: Should We Chat, Too? FAQ00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks00:54:55 - Story # 11: Google's Chrome Browser Starts Disabling uBlock Origin01:01:00 - WWHF Recorvery

At Open Compute Summit this past week, key trends shaping the future of computing and infrastructure were discussed. One major concern is the global data center energy consumption, which is projected to triple by 2030, highlighting the urgent need for more efficient energy solutions. As technology advances, the shift from a 3nm process to a 2nm process is proving costly, with design costs estimated to reach a staggering $725 million, according to ARM. In response to both power demands and design challenges, liquid cooling is gaining momentum, emerging as a vital technology to improve efficiency and manage the increasing heat output from advanced computing systems. Time Stamps: 0:00 - Welcome to the Rundown 1:36 - BMC Starts Two New Companies 4:06 - CEO Indicted for Fraud 7:10 - Microsoft goes agentic AI 10:37 - Amazon Teams Up with US Department of Justice 14:30 - Perplexity Is getting Sued by Media Giants 16:44 - Sophos Acuires Secureworks 20:00 - Exciting Developments from Open Compute Summit 31:41 - The Weeks Ahead 32:56 - Thanks for Watching Hosts: Tom Hollingsworth: https://www.linkedin.com/in/networkingnerd/ Jon Swartz: https://www.linkedin.com/in/jonswartz/ Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT #Rundown, #OCPSummit24, #AgenticAI, @NetworkingNerd, @JSwartz, @GestaltIT, @TechstrongGroup, @TechstrongTV, @TheFuturumGroup, @BMCSoftware, @Microsoft, @AWSCloud, @Sophos, @Secureworks, @perplexity_ai, @OpenComputePrj,

Sophos to acquire Secureworks, Microsoft announces 10 new AI agents, DJI sues the US Department of Defense for being listed as a “Chinese military company.” MP3 Please SUBSCRIBE HERE. You can get an ad-free feed of Daily Tech Headlines for $3 a month here. A special thanks to all our supporters–without you, none of thisContinue reading "iOS 18.1 Will Include Using Airpods Pro 2 As Hearing Aids – DTH"

On this episode of the Six Five Podcast - Cybersphere, host Shira Rubinoff is joined by Secureworks' Alex Rose, for a conversation that delves into the critical topic of threat intelligence within the sphere of cybersecurity. Their discussion covers: The evolving landscape of cyber threats and the importance of intelligence-driven security strategies. Insightful analysis of recent high-profile cybersecurity incidents and the lessons learned. Secureworks' unique approach to partnering with governments and organizations to fortify defenses. The role of AI and machine learning in enhancing threat detection and response capabilities. The future of cybersecurity and the collaborative efforts needed to mitigate emerging threats.  

Alexandra Rose is the Director, Government Partnerships & Counter Threat Unit at Secureworks. In this episode, she joins host Heather Engel to discuss the value of threat intelligence for security leaders, including how it can reduce organizational risk, inform strategic decision-making, and more. Secureworks is a leader in cybersecurity, empowering security and IT teams worldwide to accelerate effective security operations. Learn more about our sponsor at https://secureworks.com.

Security analysts respond to security detections and alerts. As part of this, they have to sift through a mountain of data and they have to do it fast. Not in hours, not in days. In minutes.Tom Harrison, security operations manager at Secureworks, explains it perfectly, “We have a time crunch and it's exacerbated by the other big issue security analysts have: we have an absolute ton of data that we have to sift through.”In this episode:Tom explains that security analysts are forced to go back to a pile of data with each subsequent question in their workflow. That's a huge waste of time. And a terrible user experience. Tom says, “It would lead to better accuracy, faster triage, and a better user experience if you can just take me directly to the answer or at the very least a subsection that has the answer I'm looking for.”What does this mean for you as a UX designer designing security products? You need a deep understanding of security analyst workflows to help them identify and respond to attacks as quickly as possible.That way, you can design security products that support users who are under intense pressure to do things quickly. Tom describes how the UX can “guide or complement the workflow.”Tom talks about what gets him excited about integrating AI into security analyst workflows—and what has him worried, as well.Tom Harrison is a Security Operations Manager at Secureworks. We dubbed Tom an “ideas machine” and a fierce advocate for the security analyst user experience. In fact, Tom is conducting UX research in the field better than most UX researchers. He's a passionate teacher and shares his knowledge and resources in a free security reference guide.

Join Lee Rennick at the #CIO100 as she interviews Mike Aiello, CTO, SecureWorks about the award-winning project, Integrated AI for better Security Options and more.

Cybercrime is surging, costing trillions of dollars globally this year alone. Alarmingly, despite this threat, millions of cybersecurity jobs stand vacant. The culprit? A lack of gender diversity. Women are a vast pool of untapped talent, and according to Wendy Thomas, CEO at Secureworks, they hold the key to fortifying our defenses. To learn more about Secureworks, visit https://secureworks.com. For more on women in cybersecurity, you can visit our website at https://cybersecurityventures.com.

Cybercrime Magazine attended the 2024 RSA Conference in San Francisco, California, where we spoke with top executives from some of the hottest companies in cybersecurity. During these discussions, one topic consistently rose to the forefront: artificial intelligence. Featured speakers include Ryan Munsch, Principal Program Manager at Microsoft; Tim Gallo, Head of Global Solutions Architects at Google; Yotam Segev, Co-Founder and CEO at Cyera; Stacy Leidwinger, VP of Marketing at Secureworks; Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4; Debbie Gordon, Founder and CEO at Cloud Range; and Seemant Sehgal, Founder and CEO at Breachlock. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Watch Carol and Tim LIVE every day on YouTube: http://bit.ly/3vTiACF. Bloomberg News National Security Reporter Kate O'Keeffe discusses Huawei Technologies, the Chinese telecommunications giant blacklisted by the US, secretly funding cutting-edge research at American universities including Harvard through an independent Washington-based foundation. Informatica CEO Amit Walia talks about the company's successful transition to a cloud-centric model. Bloomberg Businessweek Columnist Max Chafkin and Bloomberg News US Semiconductor Reporter Ian King provide the details of their Businessweek Magazine story Intel Is Spending $28 Billion to Make Ohio a Global Chip Capital. Wendy Thomas, CEO at Secureworks, discusses the business of cybersecurity ahead of the RSA conference next week. And we Drive to the Close with Louis Navellier, Founder and CIO at Navellier & Associates.Hosts: Carol Massar and Tim Stenovec. Producer: Paul Brennan. See omnystudio.com/listener for privacy information.

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Brent Deterding. Brent has over 25 years of experience in security, both on the vendor side and now as a security leader. He spent a big part of his career with cloud-native security analytics platform SecureWorks, and he's currently the CISO of Afni, a global provider of contact center solutions in the U.S., Philippines, and Mexico. Brent and Thomas discuss: - His unconventional path to becoming a CISO - Building a security team with zero attrition - Removing the burden of stress in incident response - Strategies for risk prioritization - Facing off against cybercriminal group Scattered Spider - Why prioritization and leadership are among security's biggest challenges - Being dubbed "the happy CISO" after reporting high levels of job satisfaction - Brent's four security non-negotiables - The right way to approach CISOs as a security vendor - Measuring success when you're metrics-averse - What the SOC will - and should - look like in five years The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Brent Deterding: LinkedIn: https://www.linkedin.com/in/brent-deterding/ Afni: https://www.afni.com/ Where to find Thomas Kinsella:  LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Twitter/X: https://twitter.com/thomasksec Tines: https://www.tines.com/ Resources mentioned: How to connect with me as a vendor by Brent Deterding on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7146566282128076800/ In this episode: [01:56] Brent's unconventional path to becoming a CISO [04:10] Finding the right fit at Afni [06:09] Separating his identity from his job and removing the burden of stress [10:22] Why Brent sees risk prioritization and leadership as security's biggest challenges [13:02] Brent's first steps as CISO at Afni including deploying MFA across 10,000 employees [16:29] Going up against threat group Scattered Spider [17:43] Brent's custom risk frameworks [23:03] Measuring success as someone who's metrics-averse [26:19] How Brent developed his unique leadership style [29:13] Supporting his team to do their best work [31:55] Brent's tips for security vendors [36:07] Using AI for resilience and protection [39:20] What security could and should look like in five years [42:53] Connect with Brent

Women held 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019 and around 10 percent in 2013. Cybersecurity Ventures predicts that women will represent 30 percent of the global cybersecurity workforce by 2025, increasing to 35 percent by 2031. We need to move the needle to 50 percent. In this episode, Wendy Thomas, CEO at Secureworks, and Gordon Lawson, CEO at Conceal, discuss women in cybersecurity, the talent crunch in our field, diversity, and more. Learn more about our sponsor at https://conceal.io

 Watch Carol and Tim LIVE every day on YouTube: http://bit.ly/3vTiACF. Chipotle CEO Brian Niccol shares his thoughts on the restaurant chain's fourth-quarter sales and profit beating expectations. CVS Health CEO Karen Lynch discusses fourth-quarter results and the impact of rising care expenses in its Aetna insurance unit. Bloomberg Businessweek National Correspondent Josh Green provides the details of his Businessweek Magazine story Reagan's Morning in America Offers Lessons for Biden's Campaign. Wendy Thomas, CEO at Secureworks, talks about protecting businesses from deep fakes. And we Drive to the Close with Larry Pitkowsky, Managing Partner at Goodhaven Capital Management. Hosts: Carol Massar and Tim Stenovec. Producer: Paul Brennan. See omnystudio.com/listener for privacy information.

Host Amy and Host James catch up and catch a tan.    1.) MSP Question of The Week   What is the best business structure for new MSPs?   See: https://www.toptal.com/finance/interim-cfos/c-corp-vs-s-corp#:~:text=Compared%20to%20traditional%20S%20or,it's%20taxed%20as%20a%20corporation   ---   2.) More Tech Layoffs?   EY Announces Layoffs in Response to Economic Struggles   See: https://www.channele2e.com/news/ey-announces-layoffs-in-response-to-economic-struggles   "Less than a week after Broadcom finalized its $61 billion acquisition of VMware, layoffs began. This is a familiar pattern for the company, which followed a similar playbook with its acquisition of CA Technologies in 2018. Overall, it's estimated Broadcom will cut about 2,000 employees post-acquisition.   Google, Amazon, Snap, Splunk, LinkedIn, Cisco, MariaDB and SecureWorks all recently announced layoffs. Other mass layoffs recently included Intel, Wish and LinkedIn in the San Francisco Bay area. At the beginning of September, Rapid7 announced a restructuring plan following disappointing second-quarter results, resulting in the layoffs of about 18% of the company's workforce. Similarly, AppSec firm Snyk laid off 128 people in April. Cloud security vendor Zscaler announced layoffs after what it called a rough fiscal second quarter. Software tools giant Atlassian laid off 5% of its workforce as it “shifted priorities.”    ----   Our upcoming events: AUSTIN TX – MASTERMIND LIVE (March 28-29th) http://bit.ly/kernanmastermind https://kernanconsulting-mastermind.mykajabi.com/mastermind-event Use “EARLYBIRD” as the coupon code to save $200! Irvine CA – SMB Techfest (Feb 8th-9th) Make sure you catch Amy at SMB Techfest! https://www.smbtechfest.com/events.asp   Our Social Links: https://www.linkedin.com/in/james-kernan-varcoach/ https://www.facebook.com/james.kernan https://www.facebook.com/karlpalachuk/ https://www.linkedin.com/in/karlpalachuk/ https://www.linkedin.com/in/amybabinchak/ https://www.facebook.com/amy.babinchak/  

Summary   Eric Escobar (Twitter; LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss compromising networks and information security. He has a coveted DEFCON Black Badge.    What You'll Learn  Intelligence  -What keeps Eric up at night   -Thinking like an ethical hacker (aka a “penetration tester)  -Protecting your information (i.e., “Hardening the attack surface”)  -Plain English explanations of key cyber concepts like “Kill Chains” and “Zero Days”  Reflections  -Having a cool job  -The information revolution and life in the modern world  And much, much more…  Episode Notes  Eric Escobar commits several thousand felonies on any given day, if he didn't have permission to do what he was doing.  A Principal Security Consultant with SecureWorks, Eric has compromised pretty much everything out there: from healthcare and banking to technology and critical infrastructure, through to amusement parks and next generation military aircraft.  “From my perspective, it's the coolest job in the entire world.”  His team consecutively won first place in the Wireless CTF category at DEF CON 23, 24, and 25, snagging a Black Badge along the way. He has a BS and MS in Civil Engineering.   And…  The links between computing, hacking and the 60's counterculture are FASCINATING. Learn more by dipping your toes here and here, or dive deeper with What the Dormouse Said (2005) by John Markoff and From Counterculture to Cyberculture (2006) by Fred Turner.      Quote of the Week  "Watching any critical infrastructure get compromised is really the thing that keeps me up at night because lives are in the balance…and we do a lot of testing for critical infrastructure, and I've seen computers and machines that have been online and not been taken offline, longer than I've been alive…So really interesting to see those types of things because they interact with really big, expensive hardware…there's a catch 22 that happens where you can't really take the machine offline to do maintenance on it because it's critical infrastructure. So then how do you test it to make sure that a hacker can't take it offline, or maintenance can't be done on it? " – Eric Escobar. Resources  *Andrew's Recommendation*  -Word Notes   From beginner thru advanced, you'll find some helpful definitions of things like “Web 3.0,” “NFT's” and “Digital Transformation” on this Cyberwire audio glossary.  *SpyCasts*  -Inside Microsoft's Threat Intelligence Center (MSTIC) – with John Lambert and Cristin Goodwin (2021)  -The Cyber Zeitgeist – with Dave Bittner (2021)  -Securing Cyberspace – with Charlie Mitchell (2016)  *Beginner Resources*  -What is Hacking? The Economic Times (n.d.) [web]  -Ethical Hacking in 8 Minutes, Simplilearn (2020) [8 min video]  -Cybersecurity in 7 minutes, Simplilearn (2020) [7 min video]  Books  -The Cyberweapons Arms Race, N. Perloth (Bloomsbury, 2021)  -Cult of the Dead Cow, J. Menn (PublicAffairs, 2020)  -Breaking & Entering, J. Smith (Mariner Books, 2019)  -The Art of Invisibility, K. Mitnick (L, B & C, 2017)  -Ghost in the Wires, K. Mitnick (Back Bay Books, 2012)  -Kingpin, K. Poulson (Crown, 2012)  -The Cuckoo's Egg, C. Stoll (Doubleday, 1989)  -Neuromancer, W. Gibson (Ace, 1984)  Articles  -2022 State of the Threat: A Year in Review, Secureworks (2022)  -The Anthropology of Hackers, The Atlantic (2010)  -Timeline Since 2006: Significant Cyber Incidents, CSIS (n.d.)  Documentary  -DEFCON, The Documentary Network (2013)  Resources  -Government Hacking Bibliography, S. Quinlan, New America Foundation (2016)  *Wildcard Resource*  -“The Aurora Shard”  Come to the International Spy Museum to see an ugly chunk of metal. Why? Well, it speaks to a revolution in the relationship between the material world and the non-material world. Broken down? 30 lines of code blew up a 27-ton generator. Zeros and ones can cause violent explosions! 

Bloomberg Opinion Columnist John Authers and Bloomberg News Equity Markets Reporter Elena Popina share their thoughts on how the Federal Reserve's plan to come down from high rates will be perilous even as the pivot is making everyday a record breaker in the markets. Wendy Thomas, CEO at Secureworks, discusses the impact of new SEC cybersecurity regulations. Sam Darwish, Co-Founder and CEO at IHS Towers, explains the business of building connectivity in developing regions. Bloomberg Businessweek Editor Joel Weber and Bloomberg News Consumer Reporter Deena Shanker provide the details of the Businessweek Magazine story Lab-Grown Chicken Becomes Another Expensive Silicon Valley Mess. And we Drive to the Close with Jay Jacobs, US Head of Thematics and Active Equity ETFs at BlackRock. Hosts: Tim Stenovec. Producer: Paul Brennan. See omnystudio.com/listener for privacy information.

While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture. As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while. Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor. Segment Resources: Secureworks State of the Threat Report Press Release Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-341

While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelley Misata joins us today to explain how her own non-profit helps other non-profits improve their cybersecurity posture. As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while. Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor. Segment Resources: Secureworks State of the Threat Report Press Release Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-341

As with any category of trends, the success rate of cybercrime ebbs and flows. As Russia seems be a safe haven for cybercriminals, it seemed for a while that the war in Ukraine might disrupt this activity. It did, but only for a short while. Keith Jarvis walks us through the latest types, tactics, and trends in cybercrime. Secureworks' latest State of the Threat report reveals a disturbing dichotomy: how is it we understand our adversaries' so well, but continue to fail to stop them? In this interview, we aim to understand what needs to happen to tilt the odds a bit back in our favor. Segment Resources: Secureworks State of the Threat Report Press Release Show Notes: https://securityweekly.com/esw-341

Wendy Thomas, CEO at Secureworks, discusses identifying and protecting against cyberattacks. Hosts: Carol Massar and Tim Stenovec. Producer: Paul Brennan. See omnystudio.com/listener for privacy information.

Summary   Eric Escobar (Twitter; LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss compromising networks and information security. He has a coveted DEFCON Black Badge.    What You'll Learn  Intelligence  What keeps Eric up at night   Thinking like an ethical hacker (aka a “penetration tester)  Protecting your information (i.e., “Hardening the attack surface”)  Plain English explanations of key cyber concepts like “Kill Chains” and “Zero Days”  Reflections  Having a cool job  The information revolution and life in the modern world  And much, much more…  Episode Notes  Eric Escobar commits several thousand felonies on any given day, if he didn't have permission to do what he was doing.  A Principal Security Consultant with SecureWorks, Eric has compromised pretty much everything out there: from healthcare and banking to technology and critical infrastructure, through to amusement parks and next generation military aircraft.  “From my perspective, it's the coolest job in the entire world.”  His team consecutively won first place in the Wireless CTF category at DEF CON 23, 24, and 25, snagging a Black Badge along the way. He has a BS and MS in Civil Engineering.   And…  The links between computing, hacking and the 60's counterculture are FASCINATING. Learn more by dipping your toes here and here, or dive deeper with What the Dormouse Said (2005) by John Markoff and From Counterculture to Cyberculture (2006) by Fred Turner.      Quote of the Week  "Watching any critical infrastructure get compromised is really the thing that keeps me up at night because lives are in the balance…and we do a lot of testing for critical infrastructure, and I've seen computers and machines that have been online and not been taken offline, longer than I've been alive…So really interesting to see those types of things because they interact with really big, expensive hardware…there's a catch 22 that happens where you can't really take the machine offline to do maintenance on it because it's critical infrastructure. So then how do you test it to make sure that a hacker can't take it offline, or maintenance can't be done on it? " – Eric Escobar.   Resources  *Andrew's Recommendation*  Word Notes   From beginner thru advanced, you'll find some helpful definitions of things like “Web 3.0,” “NFT's” and “Digital Transformation” on this Cyberwire audio glossary.  *SpyCasts*  Inside Microsoft's Threat Intelligence Center (MSTIC) – with John Lambert and Cristin Goodwin (2021)  The Cyber Zeitgeist – with Dave Bittner (2021)  Securing Cyberspace – with Charlie Mitchell (2016)  *Beginner Resources*  What is Hacking? The Economic Times (n.d.) [web]  Ethical Hacking in 8 Minutes, Simplilearn (2020) [8 min video]  Cybersecurity in 7 minutes, Simplilearn (2020) [7 min video]  Books  The Cyberweapons Arms Race, N. Perloth (Bloomsbury, 2021)  Cult of the Dead Cow, J. Menn (PublicAffairs, 2020)  Breaking & Entering, J. Smith (Mariner Books, 2019)  The Art of Invisibility, K. Mitnick (L, B & C, 2017)  Ghost in the Wires, K. Mitnick (Back Bay Books, 2012)  Kingpin, K. Poulson (Crown, 2012)  The Cuckoo's Egg, C. Stoll (Doubleday, 1989)  Neuromancer, W. Gibson (Ace, 1984)  Articles  2022 State of the Threat: A Year in Review, Secureworks (2022)  The Anthropology of Hackers, The Atlantic (2010)  Timeline Since 2006: Significant Cyber Incidents, CSIS (n.d.)  Documentary  DEFCON, The Documentary Network (2013)  Resources  Government Hacking Bibliography, S. Quinlan, New America Foundation (2016)  *Wildcard Resource*  “The Aurora Shard”  Come to the International Spy Museum to see an ugly chunk of metal. Why? Well, it speaks to a revolution in the relationship between the material world and the non-material world. Broken down? 30 lines of code blew up a 27-ton generator. Zeros and ones can cause violent explosions! 

Summary   Eric Escobar (Twitter; LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss compromising networks and information security. He has a coveted DEFCON Black Badge.    What You'll Learn  Intelligence  What keeps Eric up at night   Thinking like an ethical hacker (aka a “penetration tester)  Protecting your information (i.e., “Hardening the attack surface”)  Plain English explanations of key cyber concepts like “Kill Chains” and “Zero Days”  Reflections  Having a cool job  The information revolution and life in the modern world  And much, much more…  Episode Notes  Eric Escobar commits several thousand felonies on any given day, if he didn't have permission to do what he was doing.  A Principal Security Consultant with SecureWorks, Eric has compromised pretty much everything out there: from healthcare and banking to technology and critical infrastructure, through to amusement parks and next generation military aircraft.  “From my perspective, it's the coolest job in the entire world.”  His team consecutively won first place in the Wireless CTF category at DEF CON 23, 24, and 25, snagging a Black Badge along the way. He has a BS and MS in Civil Engineering.   And…  The links between computing, hacking and the 60's counterculture are FASCINATING. Learn more by dipping your toes here and here, or dive deeper with What the Dormouse Said (2005) by John Markoff and From Counterculture to Cyberculture (2006) by Fred Turner.      Quote of the Week  "Watching any critical infrastructure get compromised is really the thing that keeps me up at night because lives are in the balance…and we do a lot of testing for critical infrastructure, and I've seen computers and machines that have been online and not been taken offline, longer than I've been alive…So really interesting to see those types of things because they interact with really big, expensive hardware…there's a catch 22 that happens where you can't really take the machine offline to do maintenance on it because it's critical infrastructure. So then how do you test it to make sure that a hacker can't take it offline, or maintenance can't be done on it? " – Eric Escobar.   Resources  *Andrew's Recommendation*  Word Notes   From beginner thru advanced, you'll find some helpful definitions of things like “Web 3.0,” “NFT's” and “Digital Transformation” on this Cyberwire audio glossary.  *SpyCasts*  Inside Microsoft's Threat Intelligence Center (MSTIC) – with John Lambert and Cristin Goodwin (2021)  The Cyber Zeitgeist – with Dave Bittner (2021)  Securing Cyberspace – with Charlie Mitchell (2016)  *Beginner Resources*  What is Hacking? The Economic Times (n.d.) [web]  Ethical Hacking in 8 Minutes, Simplilearn (2020) [8 min video]  Cybersecurity in 7 minutes, Simplilearn (2020) [7 min video]  Books  The Cyberweapons Arms Race, N. Perloth (Bloomsbury, 2021)  Cult of the Dead Cow, J. Menn (PublicAffairs, 2020)  Breaking & Entering, J. Smith (Mariner Books, 2019)  The Art of Invisibility, K. Mitnick (L, B & C, 2017)  Ghost in the Wires, K. Mitnick (Back Bay Books, 2012)  Kingpin, K. Poulson (Crown, 2012)  The Cuckoo's Egg, C. Stoll (Doubleday, 1989)  Neuromancer, W. Gibson (Ace, 1984)  Articles  2022 State of the Threat: A Year in Review, Secureworks (2022)  The Anthropology of Hackers, The Atlantic (2010)  Timeline Since 2006: Significant Cyber Incidents, CSIS (n.d.)  Documentary  DEFCON, The Documentary Network (2013)  Resources  Government Hacking Bibliography, S. Quinlan, New America Foundation (2016)  *Wildcard Resource*  “The Aurora Shard”  Come to the International Spy Museum to see an ugly chunk of metal. Why? Well, it speaks to a revolution in the relationship between the material world and the non-material world. Broken down? 30 lines of code blew up a 27-ton generator. Zeros and ones can cause violent explosions!