Podcasts about Security culture

Send us a textStruggling to secure AI in 2025? Join Joe and Invary CEO Jason Rogers as they unpack NSA-licensed tech, zero trust frameworks, and the future of cybersecurity. From satellite security to battling advanced threats, discover how Invary's cutting-edge solutions are reshaping the industry. Plus, hear Jason's startup journey and Joe's wild ride balancing a newborn with a PhD. Subscribe now for the latest cyber trends—don't miss this!Chapters00:00 Navigating Parenthood and Professional Life02:53 The Startup Mentality: Decision-Making and Adaptability06:13 Blending Technical Skills with Sales08:58 Background and Journey into Cybersecurity12:10 Establishing a Security Culture in Organizations14:51 Collaborating with Government Entities17:47 Understanding NSA Licensed Technology23:06 Understanding Application and Server Security25:01 Exploring Zero Trust Frameworks28:57 Bridging Government and Private Sector Security31:27 The Role of Security Professionals33:55 Innovations in Cybersecurity Technology38:05 Invariance in Security SystemsSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training

Zero Trust World 2025: Strengthening Cybersecurity Through Zero TrustZero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.A Deep Dive into Windows Security and Zero Trust

Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.Defining Zero Trust in PracticeSean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.A Focus on Security OperationsSecurity operations and incident response are among the core themes of this year's discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.Learning Through EngagementOne of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.The Power of CommunityBeyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.Zero Trust World 2025 is just getting started, and there's much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Episode SummarySecurity is more than just a checklist—it's a cultural movement. In this episode, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to explore the intersection of security, engineering, and culture. They discuss how to foster security champions, scale security programs, and build a culture where developers naturally integrate security into their workflows. Dustin shares insights from his extensive career, offering practical strategies for creating lasting change in security practices.Show NotesSecurity isn't just about tools—it's about people. In this episode of The Secure Developer, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to discuss the importance of building a strong security culture within engineering teams.Dustin shares his journey from software engineering to security leadership, emphasizing how security should be an extension of software quality. He highlights how security champions programs can empower developers to take ownership of security without disrupting their workflow.Key topics include:The evolution of software development and how security fits inBest practices for launching and sustaining a security champions programThe psychology of change and how to influence developer behaviorThe role of AI in security culture—what works and what doesn'tMetrics and strategies for measuring the success of security initiativesWith real-world insights and actionable advice, this episode is a must-listen for security and engineering leaders looking to scale security through culture, not just technology.LinksKatilyst – Dustin Lehr's company focused on security cultureSecurity Champion Program Success Guide – A free resource for building effective security champion programsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rinki Sethi, vp and CISO, BILL. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. This episode was recorded in front of a live audience at Cyera's first DataSec conference (November 2024) in Dallas. Thanks to Adam Holland, CISO, Wendy's, Farray Rahman of Vibrant Emotional Health and 988 Lifeline, and Biji John of USAA for our questions in the episode. In this episode: Shifting from traditional recovery Do you know where your data is? The science of tradeoffs How do you measure security culture? Thanks to our podcast sponsor, Cyera! Cyera's data security platform discovers your data attack surface, protects sensitive data, governs data access, monitors critical data events, and quickly responds to data risks. Cyera's agentless design allows us to deploy within minutes across any environment and provide a 95% precision rate through our AI-powered classification engine. Learn more at Cyera.io

From hard-coded credentials to boardroom buy-in, join four tech security leaders from Clumio, Mongo DB, Symphony and AWS, as they unpack how building the right security culture can be your organization's strongest defense against cyber threats.Topics Include:Security culture is crucial for managing organizational cyber riskGood culture enables quick decision-making without constant expert consultationMany security incidents occur from well-meaning people getting dupedPanel includes leaders from AWS, Symphony, MongoDB, and ClumioMeasuring security culture requires both quantitative and qualitative metricsBoard-level engagement indicates organizational security culture maturitySelf-reporting of security incidents shows positive cultural developmentSecurity committees' participation helps measure cultural engagementHard-coded credentials remain persistent problem across organizationsInternal audits and risk committees strengthen security governancePublic security incidents change board conversations about prioritiesLeadership vulnerability and transparency help build trustBeing pragmatic beats emotional responses in security leadershipSecurity programs should align with business revenue goalsCustomer security requirements drive program improvementsExcessive security questionnaires drain resources from actual securitySecurity culture started as exclusionary, evolved toward collaborationFinancial institutions often create unnecessary compliance burdenEarly security involvement in product development prevents delaysSecurity teams must match development team speedTrust between security and development teams enables efficiencySmall security teams can support large enterprise requirementsVendor partnerships help scale security capabilitiesProcess changes work better than adding security toolsSecurity leaders need deep business knowledgeTechnical depth and breadth remain essential skillsEvangelism capability critical for security leadership successInfluencing without authority key for security effectivenessCrisis moments create opportunities for security improvementSocializing between security and development teams builds trustDEF CON attendance helps developers understand security perspectiveBug bounty programs provide continuous security feedbackRegular informal meetings between teams improve collaborationBuilding personal relationships improves security outcomesModern security leadership requires balance of IQ and EQParticipants:Jacob Berry – Head of Information Security, ClumioGeorge Gerchow – Interim CISO, Head of Trust, Mongo DBBrad Levy – Chief Executive Officer, SymphonyBrendan Staveley – Global Sales Leader, Security Services, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/

This week, we're featuring an anonymized chat with a longtime anarchist on lessons learned trying to stay sane  while facing state repression. We talk about experiencing trauma, the need for strong relationships and movements offering shelter and strong alternatives to the alienated society of state and capital, while also speaking on the challenges of mental health and inviting in new participants in anarchist movement. Transcript PDF (Unimposed) Zine (Imposed PDF) Chapters: Introduction and Disclaimer [00:00:23] Post-911/Patriot Act State of Heightened Repression and build up to today [00:02:29] Navigating security amidst a post-social media and post-smart phone era [00:23:33] Creating safer and more secure revolutionary communities that can better withstand the heat [00:31:02] Recognizing and overcoming repression-based trauma on an individual and community level [00:40:02] Supporting comrades overcoming mental health episodes (spiralling) amidst repression and burnout [01:09:13] On infiltrators and the depths the state will go to inflict trauma, fish, and divide [01:15:57] Recognizing the ‘severity' of our position, and taking ourselves seriously [01:26:22] Some tips on facing trauma or intimidation, or supporting others experiencing repression-related trauma [01:34:18] Descending References and Resources List According to Interview:   Green Scare Background Green Scare Intro and Article References Mainstream Media Story (MSM Story): The Green Scare: How a Movement That Never Killed Anyone Became the FBI's No. 1 Domestic Terrorism Threat TFSR Interviews: Green Is The New Red with Will Potter Eric McDavid after his release Grand Juries CLDC: Grand Juries Surviving a Grand Jury: Three Narratives from Grand Jury Resisters People's Law Office: The Improper Use of the Federal Grand Jury: An Instrument for the Internment of Political Activists Surviving a Grand Jury What it means to resist a grand jury; stories from those who have; how to support North Carolina grand jury resistance (PodCast) Border Detention Crossing the United States Border A Security Guide for Citizens and Non-Citizens Police Visitation Center for Constitutional Rights: If An Agent Knocks Resource When the Police Knock on Your Door Your Rights and Options: A Legal Guide and Poster If the FBI Approaches You to Become an Informant An FAQ: What You Need to Know National Lawyers Guild: If An Agent Knocks On Phone and Digital Security Culture Taking Ourselves Seriously: Digital Harm Reduction (PDF Format) Electronic Frontier Foundation: Mainstream Resource and Non-Profit Advocate for Digital Privacy Infiltration Cases: MSM Story on Mark Kennedy: How a Married Undercover Cop Having Sex With Activists Killed a Climate Movement TFSR interview on Spy Cops MSM Story on Eric McDavid case: Manufacturing Terror: An FBI Informant Seduced Eric McDavid Into a Bomb Plot. Then the Government Lied About It Earth First!: Informants List Anti-Repression Resources: NYC Anarchist Black Cross Support Defendants & Prisoners From the George Floyd Uprisings TFSR interview: Anti-Repression, Supporting Uprising and Anarchist Prisoners A Tilted Guide to Being a Defendant (PDF Zine) J20 Case Lessons from #DefendJ20 on Building Movement Defense Against Repression Sobriety Discussion Sobriety and Anarchist Struggle (PDF Version) Mental Health/Trauma/Burn Out Survivors Manual: Surviving In Solitary (PDF) Sub.Media video: Redefining Sanity Through Struggle Conflictual Wisdom: On Burning Out and Anarchist Self-Preservation Against the Struggle of the Coward: A Note of Strength for the Underdogs Repression, Resiliency, & Movement Support: An Interview Solidarity Apothecary (Podcast) Broader Wellness Resources by Mutual Aid Disaster Relief Trauma & Recovery Brochure (PDF) Solidarity Is Greater Than Fear: Lessons from G20 to Stop Cop City (Youtube Link) A Life Worth Living: Care, Survival, Suicide, and Grief (Zine Resource on the Subjects) . ... . .. Featured Track: Hold Onto Each Other by Thee Silver Mt. Zion Memorial Orchestra & Tra-La-La Band from Horses In The Sky

In episode 110 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Lee Noriega, Executive Director of the Cybersecurity Services Organization and Acting General Manager of Sales and Business Services at the Center for Internet Security® (CIS®); and Jerry Gitchel, founder of Leverage Unlimited and listener to Cybersecurity Where You Are. Together, they examine a question sent in by Jerry: if a corporate culture is lacking, can a security culture exist?Here are some highlights from our episode:01:33. What security culture is and how it differs from corporate culture05:30. What elements factor into a strategy to drive corporate culture09:30. The importance of a feedback loop for culture15:43. How to cultivate "institutional ownership" in an organization's workforce19:03. What goes into fostering security consciousness in support of security champions25:14. The challenges of engaging corporate culture to think about security culture29:13. Examples and takeaways for listenersResourcesWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 107: Continuous Improvement via Secure by DesignSeth Godin | Why People Like Us Do ThisThe Cuckoo's Egg: Tracking a Spy Through the Maze of Computer EspionageIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

How does the tone from the top influence fraud investigations, organizational culture, security training, and technology upgrades? Scot Walker, PCI, Manish Mehta, and John Rodriguez join this episode of the SM Highlights podcast to talk through how proactive relationship-building and partnerships can drive tactical and strategic success. Additional Resources Join the ASIS International Investigations Community here: https://community.asisonline.org/subjectareahome?CommunityKey=e3a5949e-d103-40a3-80f9-38f8476100b1 Get resources from the Society for Human Resource Management (SHRM) on investigations here: https://www.shrm.org/topics-tools/tools/how-to-guides/how-to-conduct-investigation To learn more about security operations centers (SOCs), check out Security Management's coverage from September: https://www.asisonline.org/security-management-magazine/articles/2024/09/soc/ Read Manish Mehta's take on modernizing SOCs in his article: https://www.asisonline.org/security-management-magazine/articles/2024/09/soc/modernizing-socs/ More interested in security culture and how it affects leadership? Read more here: https://www.asisonline.org/security-management-magazine/articles/2024/10/culture/ Hear more from John Rodriguez about how security leaders can leverage and influence culture in his article: https://www.asisonline.org/security-management-magazine/articles/2024/10/culture/culture-security-differentiator/

Register here for AWS re:Invent 2024, Dec 2-6, Las Vegas, NV-------Executive leaders from Arctic Wolf, Docker and Illumio share insights on fostering a strong security culture, balancing innovation with security, and addressing challenges in data protection and AI model development.Topics Include:Overview of security culture in different company teamsImportance of guidelines and secure IT infrastructure for AI modelsChallenges of accessing customer data while maintaining securityNeed for anonymization in early AI model developmentDocker's open-source ecosystem and security integrationDogfooding own products to ensure product reliability and trustworthinessIllumio's high customer trust and responsibility for strong security practicesBalancing security awareness with development speed at IllumioGamifying security training to increase awarenessInterlocking with customers to enhance security understanding for developersEmbedding security into the development process from the startIllumio's approach to security in agile, cloud-native developmentAdapting customer success strategies for evolving security needsRise of non-developers using AI in enterprisesEducating business leaders on security best practicesScaling customer enablement and education through community engagementChallenges of placing security responsibilities in the developer workflowArctic Wolf's AI strategy for secure developmentUse of anonymized data in secure AI model trainingGenerative AI's potential to augment human creativity and efficiencyPanelists' views on private AI and segmented model developmentMeasuring security culture progress with gamification and development metricsAddressing human factors in cybersecurity and social engineering threatsEmphasizing resiliency and containment in preventing widespread cyberattacks.Participants:Dean Teffer – Vice President of Artificial Intelligence, Arctic WolfDixie Dunn – VP of Customer Success, DockerMario Espinoza – Chief Product Officer, IllumioBrian Shadpour – General Manager, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode we re-visit an earlier theme explored in this series. The theme of mesurement and metrics. The question of how to measure awareness, behaviour or culture is something we consistently come across here at Re-thinking the Human Factor when exploring opportunities to work with clients. There's an palpable feeling, across industry chatter, that there's a real lack of maturity when it comes to how we demonstrate the effectiveness of our effrots to influence employee awareness, behaviour and culture. However, there is hope. In this episode I talk with Bernie Smith. Bernie has a focus on KPI's, not just your standard range but also he brings ideas about how you might create new metrics as well. We discuss his view on the development of metrics and how metrics can help not just measure performance but ultimately influence behaviour and shape culture.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guests: Robin Shostack, Security Program Manager, Google Jibran Ilyas, Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can talk about publicly is one of the biggest healthcare breaches at this time. Could you share how Expedition Behavior played a role in our response?   Apart from during incident response which is almost definitionally an adverse condition, how else can security teams apply this knowledge? If teams are going to embrace an expeditionary behavior mindset, how do they learn it? It's probably not feasible to ship every SOC team member off to the Okavango Delta for a NOLS course. Short of that, how do we foster EB in a new team? How do we create it in an existing team or an under-performing team?   Resources: EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? “Take a few of these: Cybersecurity lessons for 21st century healthcare professionals” blog Getting More by Stuart Diamond book Who Moved My Cheese by Spencer Johnson  book

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.Learn more about  Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.Learn more about  Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Ida Hameete, Application Security Consultant, ZenrosiOn LinkedIn | https://www.linkedin.com/in/idahameete/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesJoin Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Guest: Ida Hameete, Application Security Consultant, ZenrosiOn LinkedIn | https://www.linkedin.com/in/idahameete/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesJoin Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company's dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak's unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company's dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak's unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Today we're talking about security culture with our guest, Sara Duffer, Director of AWS Security Assurance. Sara has an uncommonly deep understanding of how Amazon reinforces its culture of security thanks to her previous role serving as technical advisor to the Amazon CEO. Join Clarke Rodgers, Director of AWS Enterprise Strategy as he interviews Sara about the observations and wisdom she picked up while working alongside the CEO, including how the C-suite sets the bar for security culture.

Uncover the Unexpected: Discover the Surprising Key to Enhanced Security Culture. Are you ready to discover the game-changing element that's transforming the cybersecurity industry? Get ready to challenge your perceptions and dive into the human side of cybersecurity with an unexpected twist that's reshaping the landscape. Are you curious to find out what it is? Stay tuned for the inside scoop that will leave you eager for more.Our special guest is Dr. Jessica BarkerDr. Jessica Barker, the co-founder of Cygenta, is a recognized authority in the cybersecurity domain, specializing in the human aspect of cybersecurity. With a Ph.D. in civic design and a background in sociology, Dr. Barker's entry into the cybersecurity field over a decade ago marked the beginning of her influential journey. Her extensive experience and unique blend of expertise in sociology, psychology, and behavioral economics have positioned her as a leading figure in shaping security culture, awareness, and behavior within organizations. Dr. Barker's contributions have played a pivotal role in the industry's evolution, making her insights indispensable for those aiming to fortify their security culture and proactive measures.For me, the big change I have seen is in the human side. Obviously, my focus is in awareness, behavior and culture. But what I've really seen is that go from very much a kind of edge niche, part of the industry, part of what we're kind of working on with corporations, to it becoming really much more mainstream, so many more opportunities, so many more roles. - Dr. Jessica BarkerIn this episode, you will learn:Understand the Impact of Human Behavior on Cybersecurity: Discover the crucial role human factors play in maintaining a secure digital environment.Foster a Strong Security Culture: Learn how to build and nurture a security culture within your organization for enhanced protection against cyber threats.Master Effective Communication in Cybersecurity: Uncover powerful communication strategies that can help you convey security protocols and risks to both technical and non-technical stakeholders.Connect with Dr. Jessica Barker, PhD, MBELinkedIn: https://www.linkedin.com/in/jessica-barker/Twitter: https://twitter.com/drjessicabarkerDr. Jessica Barker on Amazon - Amazon Store LinkHacked - https://a.co/d/czga0PoConfident CyberSecurity - https://a.co/d/3vz3IdFConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

In this episode, we delve into cybersecurity and the importance of making it relevant to each individual, beyond just their organization. My guest is David Shipley, Co-founder and CEO of Beauceron Security. David shares his journey from a career-altering cybersecurity incident at the University of New Brunswick to leading a cloud-based platform designed to enhance personal and organizational cybersecurity practices by empowering people to be in control of technology. The discussion explores current cybercrime trends in the banking industry, as well as the impact of geopolitical instability and technological advancements on cyber risk, the role of AI in both aiding and complicating cybersecurity efforts, and strategies for building positive security cultures within organizations. He also reflects on the challenges and rewards of growing a startup in Canada, emphasizing the importance of team resiliency, continuous learning, and embracing failure as a pathway to innovation.  Thanks to show sponsor, BankTech Ventures. CHAPTER MARKERS: 00:00 Introduction 01:14 Meet David Shipley: From Military to Cybersecurity CEO 02:28 Current Cybersecurity Challenges and Trends 07:36 Strategies for Banks to Combat Cyber Threats 17:23 The Beauceron Inception Story: A Cybersecurity Journey 26:05 Evolving Security Awareness Training 26:59 Customer Success Stories: Phishing Defense and Employee Training 30:13 Reflections on the Startup Journey 33:27 The Impact of Cybersecurity Work 35:45 Operating a Canadian Startup 41:14 Looking Ahead: Growth, AI, and the Future of Cybersecurity 46:34 David's Rituals & Disciplines 50:24 Closing Remarks

In this episode we take a peek at the role of the security teams' own culture and its impact on the broader organisational culture. This, is an important perspective, because whilst many commentators focus on influencing organisational culture they haven't considered the role that the value and behaviours of the security team has in influencing positive security outcomes across the business. To help us explore this perspective, on cultural forces at play, we have a guest who knows a thing or two about how cultures are formed and influenced. Lianne Potter studied in social anthropology, then geeked out on technology before combining the two to shape an industry career which has achieved numerous accolades for her thought leadership in not just the human factor but also information security generally. Lianne, for me, illustrates a small, but growing force within the industry that recognises that the human factor needs to be repositioned not as an after thought once all the work of designing security controls has been done, but as a critical and key part of the process of understanding and managing information security risk. ©Copyright Marmalade Box Limited The content of this podcast is the property of Marmalade Box Limited. Any use of the content of the podcast, either in full or partially, will be considered an infringement of Marmalade Box Limited rights as sole owners of this content. Any enquiries about the use of this content should be directed to Marmalade Box Limited. Contact information can be found at www.marmaladebox.com .

If you're a regular listener then you will have already met today's guest Dr. Char Sample. Char is a force at work deep within the information security community. Char is a rarity, combining a deep knowledge of both the technical and human aspects of the challenges security professionals face when managing cyber security risks. Char and I go back a long way, to a horrible conference lunch in London, where her riveting conversation meant I didn't have to eat what was on the plate in front of me. I have been forever grateful. That riveting conversation was all about our shared understanding of how culture influences everyone's day to day behaviours and how everyday behaviours make up culture. That shared interest has led to many conversations and shared ideas about how the information security industry could step up a level by seeing the potential for improving how we assess and manage human factor risks. In this episode we capture one of those conversations. We talk about heuristics and biases, what they are and what role they might have in artificial intelligence. Why what makes us human often makes us behave in seemingly irrational ways even when presented with all the data we need  and assumptions we frequently make when developing and designing systems and processes and how this is undermining the management of business risks. Be warned, there's a lot of laughter in this episode.

This week, we're featuring four segments. First up, you'll hear a chat with organizers of the 2024 Heart of the Valley Anticapitalist Bookfair which ran its first iteration in Corvallis, Oregon from January 19-21st.  A zine of their experiences will appear on that blog soon. [ -> 00:24:18 ] Then, you'll hear a brief segment updating listeners on the conspiracy case against six anarchists and antifascists in Russia known as the Tyumen case (for where it initiated). The six anarchists, some of whom barely knew each other, were tortured into confessions of conspiracy to further anarchist ideology and damage the Russian war machine. [ 00:24:34 - 00:32:53 ] Transcription PDF (Unimposed) Zine (Imposed) Following this, we spoke with Aster, a European anarchist involved in the counter-surveillance and anti-repression project known as the No Trace Project which works to share information about known methods and cases of state surveillance. The project does this in order to improve and expand our collective knowledge, tools and abilities at evading state crackdowns as we organize and act. This interview was conducted via encrypted messages and Aster's portion is being read by an unrelated volunteer. [ 00:35:47 - 01:05:18 ] Transcript in English Transcription en Français PDF (Unimposed) Zine (Imposed) If you plan to visit their site, we suggest at least running a VPN (riseup.net has a free one) and using an anonymized browser. One method is to download the tor browser (find your device/operating system at ssd.eff.org for some tips) and visit the NoTrace Project tor address. Their website can also be found at https://NoTrace.How Finally, you'll hear Sean Swain's reading of names of people killed by cops in the USA during October of 2023. [ 01:09:50 ] Tyumen Links Tyumen Case Support Crew's Russian-language Telegram: https://t.me/tumenskoedelo Articles on the case and individuals on Avtonom: https://avtonom.org/en/taxonomy/term/1761 Music by some of the imprisoned men appear in a compilation to fundraise for their legal funds: https://blackploshad.bandcamp.com/album/music-of-antifascist-prisoners-tortured-by-the-police-tyumen-case . ... . .. Featured Tracks: День дизертира ( Deserter's Day) by Rasputin Меланхолия (Melancholy) by Rocker Balboa

In this episode, Tariq shares his tips for building an effective security culture and his career advice for aspiring cybersecurity professionals.Tariq has been in the tech industry for almost 20 years, working in various roles like helpdesk tech, project manager, software QA, systems and network engineer, security and now he is a compliance officer focused primarily on CMMC and HIPAA compliance.Ask me a Question Here: https://topmate.io/ken_underhill Get better at job interviews and build your confidence with this short course.https://cyberken23.gumroad.com/l/jbilol/youtube20 If you need cybersecurity training, here are some good resources. Please note that I earn a small affiliate commission if you sign up through these links for the training. Learn Ethical Hacking skills https://get.haikuinc.io/crk0rg6li6qd Get Ethical Hacking skills, SOC Analyst skills, and more through StationX. https://www.stationx.net/cyberlife #cybersecurity #cybersecuritycareer Support this podcast at — https://redcircle.com/cyber-life/donations

Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Stuart Archer. Stuart is a dynamic health care leader with a proven track record of quality improvement, growth and innovation. He began his health care career at the bedside as a nurse's aide, building within him a laser-like focus on a patient-first care model and building teams guided by empathy and compassion. He took the helm at Oceans Healthcare in 2015 and has since shepherded in a period of unprecedented improvement and growth.   Oceans is now an industry leader, among very few behavioral health providers to implement much-needed quality benchmarking tools like patient depression and anxiety questionnaires and implementing a companywide electronic medical records system.   Oceans has earned numerous awards, including being named one of the Inc. 5000's fastest-growing companies in America for six consecutive years.   Mr. Archer is an at-large board member of the National Association of Behavioral Healthcare, was named the 2021 D CEO Magazine Outstanding Healthcare Executive and earned the 2018 EY's Entrepreneur of the Year in Healthcare award for the Southwest region. [Nov 20, 2023]   00:00 - Intro 00:20 - Ryan Intro 00:56 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                04:00 - Stuart Archer Intro -          LinkedIn: linkedin.com/in/stuartlarcher/ 06:12 - The Path to Empathy 09:29 - Building a Better Team 13:06 - Corporate Level Introspection 15:15 - Prepare for the Hurricane 18:12 - It Can't Happen To Me 19:38 - Know Your Audience 23:58 - Gone Phishin' 26:18 - Ideal Behavior 31:33 - Advice for an Empathetic Culture 34:09 - Book Recommendations -          And There Was Light - Jon Meacham -          Raven Rock - Garrett Graff 35:46 – Mentors -          Mother 37:07 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Don Weber on Security Culture in Control Environments, STAR MethodologyPub date: 2023-10-26Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR: IACS STAR CalculatorIACS STAR GitHubThe podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 28 · TOP 10% what is this?)Episode: Don Weber on Security Culture in Control Environments, STAR MethodologyPub date: 2023-10-26Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR: IACS STAR CalculatorIACS STAR GitHubThe podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR: IACS STAR CalculatorIACS STAR GitHub

In a perfect world, what would the ultimate Security Culture team look like? What would be the different roles and skill sets on your team? Who would partner with whom, and what would their responsibilities and goals look like? Join SANS Security Awareness Director Lance Spitzner and his guest, Molly McLain, expert in Security Culture, for this episode of Wait Just an Infosec. They'll discuss security culture and human risk, a fitting topic for Cybersecurity Career Week.Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

Join us as we welcome Darren Gallop, the visionary behind Carbide, a trailblazing information security and data privacy company. In an era where business dynamics shift with rapid technological advancements, Darren pulls back the curtain on the vital intersections of security, culture, and global commerce.Darren candidly addresses the labyrinth of data privacy regulations, such as GDPR. As he puts it, "Navigating data privacy today is akin to deciphering a global jigsaw puzzle, where every piece represents a different jurisdiction's expectation." But it's not just about external threats. Darren underscores the fact that "Even with all the tools at our disposal, human error remains a formidable adversary. Employee training isn't just a checkmark; it's a cornerstone."Diving deep into Carbide's ethos, he accentuates the imperative of baking security into the very DNA of business culture. "At Carbide, our mission isn't just to protect but to educate and integrate. Our clients don't just get a platform; they inherit an arsenal of expertise.”Yet, what truly sets this conversation apart is Darren's forward-looking analysis. He envisions a cybersecurity horizon on the brink of consolidation, emphasizing, "Businesses don't want a security stack that's a tower of Babel. They want coherence, collaboration, and simplicity."This episode is more than just a conversation; it's an immersion into the future of cybersecurity for SMBs. Darren's words aren't mere statements; they're proclamations of an evolving industry. Understand why the 'one-size-fits-all' approach is an artifact of the past. Discover the revolutionary steps SMBs can take to not just survive but thrive in the digital age. From the global challenges of cybersecurity to the seamless integration of security in business culture, embark on this enlightening journey with us.

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Biosecurity Culture, Computer Security Culture, published by jefftk on August 30, 2023 on LessWrong. While I've only worked in biosecurity for about a year and my computer security background consists of things I picked up while working on other aspects of software engineering, the cultures seem incredibly different. Some examples of good computer security culture that would be bad biosecurity culture: Openness and full disclosure. Write blog posts with deep detail on how vulnerabilities were found, with the goal of teaching others how to find similar ones in the future. Keep details quiet for a few months if need be to give vendors time to fix but after, say, 90 days go public. Breaking things to fix them. Given a new system, of course you should try to compromise it. If you succeed manually, make a demo that cracks it in milliseconds. Make (and publish!) fuzzers and other automated vulnerability search tools. Enthusiastic curiosity and exploration. Noticing hints of vulnerabilities and digging into them to figure out how deep they go is great. If someone says "you don't need to know that" ignore them and try to figure it out for yourself. This is not how computer security has always been, or how it is everywhere, and people in the field are often fiercely protective of these ideals against vendors that try to hide flaws or silence researchers. And overall my impression is that this culture has been tremendously positive in computer security. Which means that if you come into the effective altruism corner of biosecurity with a computer security background and see all of these discussions of "information hazards", people discouraging trying to find vulnerabilities, and people staying quiet about dangerous things they've discovered it's going to feel very strange, and potentially rotten. So here's a framing that might help see things from this biosecurity perspective. Imagine that the Morris worm never happened, nor Blaster, nor Samy. A few people independently discovered SQL injection but kept it to themselves. Computer security never developed as a field, even as more and more around us became automated. We have driverless cars, robosurgeons, and simple automated agents acting for us, all with the security of original Sendmail. And it's all been around long enough that the original authors have moved on and no one remembers how any of it works. Someone who put in some serious effort could cause immense distruction, but this doesn't happen because the people who have the expertise to cause havoc have better things to do. Introducing modern computer security culture into this hypothetical world would not go well! Most of the cultural differences trace back to what happens once a vulnerability is known. With computers: The companies responsible for software and hardware are in a position to fix their systems, and disclosure has helped build a norm that they should do this promptly. People who are writing software can make changes to their approach to avoid creating similar vulnerabilities in the future. End users have a wide range of effective and reasonably cheap options for mitigation once the vulnerability is known. But with biology there is no vendor, a specific fix can take years, a fully general fix may not be possible, and mitigation could be incredibly expensive. The culture each field needs is downstream from these key differences. Overall this is sad: we could move faster if we could all just talk about what we're most concerned about, plus cause prioritization would be simpler. I wish we were in a world where we could apply the norms from computer security! But different constraints lead to different solutions, and the level of caution I see in biorisk seems about right given these constraints. (Note that when I talk about "good biosecurity culture" I'm desc...

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

Guest: Paul Watts, Distinguished Analyst at Information Security Forum [@securityforum]On Linkedin | https://www.linkedin.com/in/paulewatts____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesAs part of the traditional Chats on the Road to Infosecurity Europe 2023 series, hosts Sean Martin and Marco Ciappelli welcome Paul Watts, keynote speaker, to discuss the importance of communication, collaboration, and diversity in cybersecurity.The conversation touches on several topics, including the need for security professionals to understand customer needs, the importance of being agile and forward-thinking, and the value of having a nurturing relationship with the business. They also discuss Paul's session on the cybersecurity workforce, where he advocates for creativity and skills beyond just technical expertise.Overall, the episode emphasizes the need for constant, progressive conversations and relationships with the business, recognizing that change is a two-way street. Paul invites listeners to join his sessions at InfoSecurity Europe and engage in meaningful conversations. We look forward to seeing you there!____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Paul's session: Managing the Current Demands of a Cyber Workforce Whilst Looking to Secure the Workforce of the FutureBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Guest: Robin Lennon Bylenga, Information Security Awareness, Education and Communications Lead at DWS Group [@DWS_Group]On LinkedIn | https://www.linkedin.com/in/robinlbylenga/On Twitter | https://twitter.com/pedalchic____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aSemperis | https://itspm.ag/semperis-1roo✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesIn this Chats on the Road to Infosecurity Europe Conference podcast episode, In this episode of ITSPmagazine, hosts, Sean Martin and Marco Ciappelli, invite Robin Lennon Bylenga, a human factors expert, to discuss the impact of culture on cybersecurity.The conversation emphasizes the importance of involving humans in cybersecurity instead of just relying on technology. Robin advocates building a cybersecurity awareness culture by making cybersecurity relevant to individuals' daily routines. Robin shares valuable insights on folding security into an organization's culture, making it relevant to employees, and using storytelling to build a security culture.Sean and Marco highlight the significance of Robin's upcoming keynote speech at Infosecurity Europe, where she will explain the importance of a good security culture using stories. The conversation also touches upon GDPR and avoiding over-reliance on technology while making metrics to measure success.The conversation provides an holistic perspective on how the culture of an organization influences cybersecurity, as cybersecurity is not just about technology, but it's also about the way people make sense of it.____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Catch Robin's session: ‘Culture Eats Strategy for Breakfast' - Building a Strong Cyber Security Awareness CultureBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67a✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesIn this Chats on the Road to Infosecurity Europe Conference podcast episode, Ian Hill, a cybersecurity veteran with 25 years in the field, and current Director of Information and Cybersecurity at Upp Corporation, shares his knowledge and experiences. He provides valuable insights into compliance, readiness, and the global challenges that affect cybersecurity.A main focus is the interplay between compliance and security. Hill emphasizes the importance of prioritizing a robust security strategy that organically leads to compliance, rather than letting compliance requirements dictate security measures. This perspective offers a redefined take on building an effective cybersecurity framework.The conversation also explores the concept of readiness in cybersecurity. In a domain where technology continually outpaces regulations, understanding what constitutes readiness is not straightforward. However, the discussion highlights its importance in preparing organizations to respond to evolving threats.The conversation pivots to get a view of global cybersecurity, discussing the cross-border challenges that organizations face in our interconnected world. Hill underscores the implications of navigating diverse laws, cultural attitudes, and standards in a global company, and points to an increasing need for international cooperation to manage the complex, ever-changing threat landscape.Have a listen. Enjoy. And be sure to catch Ian's keynote presentation and panel discussion during the conference.____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

GuestsLinda Gray Martin, Vice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayCecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/On Twitter | https://twitter.com/CMarinier____________________________Host:Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesWe had an amazing conference and are thrilled to close out our Chats On The Road to (from) RSA Conference 2023 with a recap chat with our good friends as they give us the latest and greatest for what took place at this year's event.Be sure to tune in to all of our RSA Conference 2023 USA coverage from San Francisco to hear stories from the keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture a lot of our coverage on video too, so be sure to check out the RSA Conference 2023 playlist on YouTube as well.____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

GuestsNicole Mills, Exhibition Director at Infosecurity Europe [@Infosecurity]On LinkedIn | https://www.linkedin.com/in/nicolemmills/Julia Clarke, Group Marketing Manager at RX [@RXGlobal_]On LinkedIn | https://www.linkedin.com/in/julia-clarke-bab72a222/____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67a✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!____________________________Episode NotesWe are thrilled to kick off our event coverage with our traditional first Chats On The Road to Infosecurity Europe 2023 in London, chatting with our good friends as they give us the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, keynotes, stages, sessions, workshops, speakers, expo hall, community events, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch.Tune in and be sure to join us for all of our coverage coming to you before, from, and after Infosecurity Europe 2023!____________________________ResourcesLearn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:

In this episode of The New CISO, Steve is joined by Martin Fisher, CISO at Northside Hospital.An information security veteran, Martin has worked in the commercial aviation, finance, and healthcare industries and was an award-winning podcast host. Today, he shares how to build a unified team and his approach to managing mental health. Listen to the episode to learn more about the value of hobbies, defining company culture, and being an empowering leader.Listen to Steve and Martin discusses the importance of shared team culture and how CISOs can balance the stress of the job:Meet Martin (1:50)Host Steve Moore introduces our guest today, Martin Fisher. Over his decades-long tech career, Martin has worked in several industries. His podcast, Southern Fried Security Podcast, lasted ten years and was an incredible learning experience. While a podcast host, Martin discovered that he used too much jargon for non-security listeners, encouraging him to expand to a larger audience.Other Hobbies (5:52)Martin considers himself an original nerd, playing Dungeons and Dragons as a kid and an adult. A fan of role-playing tabletop games, Martin has backed many Kickstarters and has a great gaming community within his group of friends.Mental Healthcare (8:22)A CISO for a hospital, Martin stresses that mental healthcare is healthcare. Martin believes in what his non-profit-based workplace stands for, which is why he has chosen this role.The Bad Day Factor (10:27)Martin manages his mental health by setting boundaries. People need to separate their work and personal life because it's essential to have time to decompress. In the IT and security fields, there is a high percentage of neurodivergent employees who may need additional support in dealing with stress. Leaders must have employee assistance programs to help their staff with mental healthcare safely.Being Authentic (16:50)To build lasting relationships, you have to be your authentic self. When Martin looks for people to promote within his team, he looks for genuine individuals. Growing the Team (18:33)When Martin started his current position, he and the company culture aligned.Starting as the original security employee, Martin has been able to grow his team. His company understands that security is an investment and helps protect its patients, which has led to its success. Martin hires employees with their personalities in mind and how they fit the company culture.Patient Safety (22:53)Confidentiality is paramount to uphold in the medical security field. Since they are a patient-safety-first organization, Martin ensures he hires employees who understand that mentality.Defining Work Culture (28:25)Northside lists its company culture on job listings to attract the right candidates, which includes kindness. Since Martin focuses on patient safety and quality care with his CISO work, he hires people who match those ideals.When you have this approach to hiring, you can create a positive feedback loop while forming a strong team.Culture Over Security? (33:35)Steve presses Martin on what's more important: culture or preventing security issues?For Martin, security is still, of course, the focus. People are human and make mistakes, but they've never had a problem they couldn't control. Bad Advice (38:43)The worst career advice Martin ever received was to work for a hedge fund. This environment was not a good fit for Martin, further emphasizing his point on authenticity's value.Military Experience (39:56)Martin explores how he has applied his military service...

GuestsSteve Luczynski, Senior Manager / Critical Infrastructure Security, Accenture Federal Services [@Accenture] and Chairman of the Board for the Aerospace Village [@secureaerospace]On LinkedIn | https://www.linkedin.com/in/steveluczynski/On Twitter | https://twitter.com/cyberpilot22Henry Danielson, Adjunct Professor/Lecturer, Cal Poly College of Liberal Arts [@CalPolyCLA], Technical Advisor, California Polytechnic State University California Cybersecurity Institute [@CalPolyCCI], and Volunteer at Aerospace Village [@secureaerospace]On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/On Twitter | https://twitter.com/hdanielsonAt Cal Poly | https://cci.calpoly.edu/about-cci/staff____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode Notes"Discover the exciting world of the Aerospace Village at RSA Conference 2023, and dive into hands-on experiences with cybersecurity experts and cutting-edge technology." Welcome to ITSPmagazine's RSA Conference 2023 coverage, where we dive into the world of cybersecurity and engage with experts in a week full of fun and exciting activities. We're on the road to RSA Conference 2023 in San Francisco, and one event we can't miss is the Sandbox, specifically the Aerospace Village. In this podcast episode, we're joined by our good friends Steve Luczynski and Henry Danielson from the Aerospace Village to discuss what's in store for us at this year's conference.The Aerospace Village is a small nonprofit run by volunteers from around the world, aiming to build relationships between government, industry, security researchers, and hackers, inspire people to join the cybersecurity workforce, and promote awareness in the aviation and space sectors. This year, RSA Conference 2023 features a Sandbox where attendees can interact with the latest technical hands-on experiences, learn from experts, and explore what's happening in the cybersecurity world.In this episode, our guests discuss the various partners and activities in the Aerospace Village, such as CT Cubed's drone quadcopter simulation in AR and VR experience, IntelleGenesis's runway lighting scenario demonstration, and Boeing's continuous security level maintenance activity. You'll also get a chance to try out a real Airbus simulator, courtesy of pen test partners, to understand the potential vulnerabilities in electronic flight bags and their impact on pilot operations.Join us for an exciting, fun-filled week at RSA Conference 2023, where you can learn, network, and discover the latest trends in cybersecurity. Don't miss out on this unique opportunity to interact with experts, explore cutting-edge technologies, and immerse yourself in the world of aerospace cybersecurity. Be sure to listen, share, and subscribe to ITSPmagazine's podcast for more exciting episodes and insights from the RSA Conference 2023!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

How Poor Security Culture Can Lead to Breaches in Church Security. In this episode of the Church Security Made Simple Podcast were discussing the dangers of the insecure rear door. Have you joined us inside the Worship Securiy Academy Facebook community, yet? Want to learn more about our online teachings? Check us out here: Worship Security Academy

GuestsLinda Gray Martin, Vice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta Glade, Senior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittaglade____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode NotesWe are thrilled to kick off our event coverage with our traditional first Chats On The Road to RSA Conference 2023, chatting with our good friends as they give us the latest and greatest for what we can expect at this year's event.Listen in to hear more about the theme, keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.Tune in and be sure to join us for all of our coverage coming to you before, from, and after RSA Conference USA 2023!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

Photo: No known restrictions on publication. @Batchelorshow #EU: Migration rethinking includes security, culture, labor, order. Judy Dempsey, Carnegie Strategic Europe, Berlin https://carnegieeurope.eu/strategiceurope/88486

This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer."