Podcasts about Security culture

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

This special Playbook episode distills the most important lessons from previous discussions — not as stories, but as rules. A framework for those who still believe digital safety is something they possess rather than something they must earn. If you think you understand the risk, start here and test that belief.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

In this episode of Product Talk, host Peter Pflaster sits down with Automox Staff Security Engineer Henry Smith to discuss what it really means to be secure by default. Together, they explore how Automox builds security into the foundation of its products, from engineering practices to company culture.You'll learn how Automox's “no security tax” philosophy gives every customer access to enterprise-grade protection — without hidden costs or trade-offs. Henry also shares his journey from IT support to cybersecurity engineering, offering practical advice for anyone looking to grow a career in IT or security.Tune in to hear how Automox approaches product security, fosters trust between engineering and security teams, and collaborates with industry peers to keep customers safe.

Cybersecurity isn't just firewalls and tech jargon—it's people, habits, and everyday choices. Kicking off National Cybersecurity Awareness Month, we bring together two voices who live this every day: Michael Nouguier, Partner, Cybersecurity Services at Richey May, and Tony Rehmer, Senior VP of IT at Children's Miracle Network Hospitals (CMN Hospitals). Their message is clear: strong security starts with culture.Tony sets the tone early: “We take a major part, but it is everyone.” In other words, security isn't a back-office task—it's a shared responsibility. With hospitals, HIPAA, and multi-state operations in the mix, CMN Hospitals treats staff as the front line. That means training that actually sticks: shorter, “microlearning” nudges delivered through internal channels, real examples, and peer-to-peer conversations. As Tony puts it, “We never, ever shame a person.” Instead, they use supportive coaching after incidents to encourage fast reporting and continuous learning.Michael maps the big picture. Attacks have matured, and wishful thinking won't cut it. “Hope has then become a liability when it's your only defense.” The antidote? Make security part of the mission—top-down and day-to-day. That looks like updating mission statements (“do the work securely”), enabling multifactor for everyone (leaders included), and building a culture where staff quickly raise their hand when something feels off. He provides memorable visual: “Everybody needs a pitchfork… so they can do what they need to do to protect your organization.”The conversation gets real with a story from CMN Hospitals at the start of COVID-19. Threat actors bought credentials on the dark web, slipped into a mailbox, swapped a message body for malware, and re-sent it. Because staff had been invited into the security effort, the team was alerted within five minutes. That fast reporting changed the outcome. Culture wasn't a slogan; it was the safety net.Both guests agree: this is ongoing work. Threats keep shifting—from credit cards to ransomware and data theft—so messaging, training, and audience targeting must evolve too. Practically, that means appointing security champions, aligning IT with communications pros who can translate across departments, and weaving security into leadership conversations and board funding decisions.Takeaways you can use: treat people as partners, keep learning in snackable moments, celebrate fast reporting, and put “securely” in your strategy—not just in your tech stack.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

Tyler Warden, SVP of Product at Sonatype, shares surprising research on security, productivity and prioritization, with actionable strategies for organizational transformation. Topics Include:Tyler from Sonatype (Maven creators) shares research on security culture in developmentSecurity is more cultural than tooling, with rising supply chain attacksDevelopment speeds up while global regulations rapidly change across marketsTyler's background: wanted to be a Broadway conductor, not tech speakerBeethoven's 9th Symphony story: nephew missed a dot, changing tempo foreverWe can "be the dot" - small changes creating big organizational impactThree organization types: Leaders (collaborative), Adapters (balanced), Protectors (security-first)Leaders achieve best productivity and security but face executive skepticismResearch reveals balanced teams outperform purely security-focused or productivity-focused approachesHigh-performance teams go faster AND stay more secure than alternatives"Yes" philosophy from improv comedy: fun happens when we enable innovationApply proven supply chain principles from manufacturing to software development security Participants:Tyler Warden – Senior Vice President, Product, SonatypeFurther Links:Sonatype: Website | LinkedIn | AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Marisa Fagan, Head of Product at Katilyst and veteran security culture expert joins us today to  share practical strategies for building and scaling security champions programs that actually work, from designing effective pilots to avoiding common pitfalls that can derail your initiatives. Learn how to motivate developers using the SAPs model (Status, Access, Power, Stuff), why getting management buy-in is crucial before launching, and discover the metrics that truly demonstrate security culture success. Marisa reveals why most programs fail, shares her blueprint for creating sustainable security culture initiatives, and discusses the evolution beyond security champions to include privacy and accessibility programs. Resources Mentioned: • Security Champion Success Guide: https://securitychampionsuccessguide.org/ • OWASP Security Champions Guide: securitychampions.owasp.org • People-Centric Security book by Lance Hayden FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Mike Franklin, Australian cyber security lead at Protecht, to discuss the current cyber security landscape, the importance of top-down cyber security culture, and the impact of AI on cyber security. Garman and Franklin begin with a discussion on the current cyber security landscape, such as the importance of risk management and the evolving techniques used by malicious actors. The pair also discuss the importance of differentiating IT risk, such as product availability and other operational issues, and cyber risk. Franklin then highlights the importance of understanding and prioritising an organisation's critical assets and the need for a strong top-down cyber security culture. Finally, Franklin discusses the impact of AI on cyber security and how the role of the technology is quickly evolving from both a defence and an offence perspective. Enjoy the episode, The Cyber Uncut team

In this episode of the Cyber Uncut podcast, host Liam Garman is joined by Mike Franklin, Australian cyber security lead at Protecht, to discuss the current cyber security landscape, the importance of top-down cyber security culture, and the impact of AI on cyber security. Garman and Franklin begin with a discussion on the current cyber security landscape, such as the importance of risk management and the evolving techniques used by malicious actors. The pair also discuss the importance of differentiating IT risk, such as product availability and other operational issues, and cyber risk. Franklin then highlights the importance of understanding and prioritising an organisation's critical assets and the need for a strong top-down cyber security culture. Finally, Franklin discusses the impact of AI on cyber security and how the role of the technology is quickly evolving from both a defence and an offence perspective. Enjoy the episode, The Cyber Uncut team

James Dyson explores the foundations of building strong security culture with insights from Joonatan Vilén (CISO, NetNordic Finland), Tuomas Karhula (Infrastructure Security Manager, Metso), and Antti Laatikainen (Principal Consultant, Reversec). The episode covers leadership's role in shaping secure behavior, embedding best practices across infrastructure, and aligning teams around cybersecurity values. These seasoned professionals share lessons from their industries and real-world experiences to help organizations strengthen internal security posture and foster a culture of resilience in an evolving threat landscape.

Title: “These Aren't Soft Skills — They're Human Skills”A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'AltonGuestsRob BlackUK Cyber Citizen of the Year 2024 | International Keynote Speaker | Master of Ceremonies | Cyber Leaders Challenge | Professor | Community Builder | Facilitator | Cyber Security | Cyber Deceptionhttps://www.linkedin.com/in/rob-black-30440819/Anthony D'AltonProduct marketing | brand | reputation for cybersecurity growthhttps://www.linkedin.com/in/anthonydalton/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________ Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they're far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D'Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren't just “nice to have” in cybersecurity — they're critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.Whether you're a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.If you still think “soft skills” are soft… you haven't been paying attention.⸻Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions

What's the role of a "CIO PLUS"?Noel Toal is CIO at DPV Health and was recognized on the prestigious #CIO50 list in 2022 and 2023 and the #CSO30 list for 2023.Although Noel initially aspired to be a lawyer, his passion for technology began with his first computer, a ZX Spectrum. Over his 30-year career, he has worked across various fields, including IT, Data & AI, and Cybersecurity.---Connect with Noel Toalhttps://www.linkedin.com/in/noeltoal/Connect with Host Anton Roe:https://www.linkedin.com/in/talentsolutions/Tune in now on your favourite platform: https://podcasters.spotify.com/pod/talesfromtechtitansFollow Tales from Tech Titans on LinkedIn: https://bit.ly/45vUr2zFollow Emmbr for more tech career insights:LinkedIn: https://bit.ly/4bcTihIInstagram: https://bit.ly/3KND7ww | https://bit.ly/3VNA9g

This week on The Gedunk Show with Dan and Bobby, we dive into the national security implications of SignalGate and what it means for trust in our intelligence infrastructure. We then unpack the reported efforts by the Trump administration to defund and dismantle the National Museum of African American History and Culture — and what that says about the broader cultural and political landscape. Finally, we lighten it up with a full-court press into March Madness, breaking down the Final Four and what to expect in the closing games of the tournament. It's a mix of serious, surprising, and straight-up sports talk — all in one episode. Follow us here: https://linktr.ee/valormedianetwork

;NAB: Fighting Scams, Laura Hartley-Quinn-Head Security Culture at NAB The post Saturday, 29th March, 2025; NAB: Fighting Scams, Laura Hartley-Quinn-Head Security Culture at NAB appeared first on Saturday Magazine.

Send us a textStruggling to secure AI in 2025? Join Joe and Invary CEO Jason Rogers as they unpack NSA-licensed tech, zero trust frameworks, and the future of cybersecurity. From satellite security to battling advanced threats, discover how Invary's cutting-edge solutions are reshaping the industry. Plus, hear Jason's startup journey and Joe's wild ride balancing a newborn with a PhD. Subscribe now for the latest cyber trends—don't miss this!Chapters00:00 Navigating Parenthood and Professional Life02:53 The Startup Mentality: Decision-Making and Adaptability06:13 Blending Technical Skills with Sales08:58 Background and Journey into Cybersecurity12:10 Establishing a Security Culture in Organizations14:51 Collaborating with Government Entities17:47 Understanding NSA Licensed Technology23:06 Understanding Application and Server Security25:01 Exploring Zero Trust Frameworks28:57 Bridging Government and Private Sector Security31:27 The Role of Security Professionals33:55 Innovations in Cybersecurity Technology38:05 Invariance in Security SystemsSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training

Zero Trust World 2025: Strengthening Cybersecurity Through Zero TrustZero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.A Deep Dive into Windows Security and Zero Trust

Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.Defining Zero Trust in PracticeSean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.A Focus on Security OperationsSecurity operations and incident response are among the core themes of this year's discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.Learning Through EngagementOne of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.The Power of CommunityBeyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.Zero Trust World 2025 is just getting started, and there's much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Episode SummarySecurity is more than just a checklist—it's a cultural movement. In this episode, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to explore the intersection of security, engineering, and culture. They discuss how to foster security champions, scale security programs, and build a culture where developers naturally integrate security into their workflows. Dustin shares insights from his extensive career, offering practical strategies for creating lasting change in security practices.Show NotesSecurity isn't just about tools—it's about people. In this episode of The Secure Developer, Dustin Lehr, Co-founder of Katilyst, joins Danny Allan to discuss the importance of building a strong security culture within engineering teams.Dustin shares his journey from software engineering to security leadership, emphasizing how security should be an extension of software quality. He highlights how security champions programs can empower developers to take ownership of security without disrupting their workflow.Key topics include:The evolution of software development and how security fits inBest practices for launching and sustaining a security champions programThe psychology of change and how to influence developer behaviorThe role of AI in security culture—what works and what doesn'tMetrics and strategies for measuring the success of security initiativesWith real-world insights and actionable advice, this episode is a must-listen for security and engineering leaders looking to scale security through culture, not just technology.LinksKatilyst – Dustin Lehr's company focused on security cultureSecurity Champion Program Success Guide – A free resource for building effective security champion programsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rinki Sethi, vp and CISO, BILL. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. This episode was recorded in front of a live audience at Cyera's first DataSec conference (November 2024) in Dallas. Thanks to Adam Holland, CISO, Wendy's, Farray Rahman of Vibrant Emotional Health and 988 Lifeline, and Biji John of USAA for our questions in the episode. In this episode: Shifting from traditional recovery Do you know where your data is? The science of tradeoffs How do you measure security culture? Thanks to our podcast sponsor, Cyera! Cyera's data security platform discovers your data attack surface, protects sensitive data, governs data access, monitors critical data events, and quickly responds to data risks. Cyera's agentless design allows us to deploy within minutes across any environment and provide a 95% precision rate through our AI-powered classification engine. Learn more at Cyera.io

From hard-coded credentials to boardroom buy-in, join four tech security leaders from Clumio, Mongo DB, Symphony and AWS, as they unpack how building the right security culture can be your organization's strongest defense against cyber threats.Topics Include:Security culture is crucial for managing organizational cyber riskGood culture enables quick decision-making without constant expert consultationMany security incidents occur from well-meaning people getting dupedPanel includes leaders from AWS, Symphony, MongoDB, and ClumioMeasuring security culture requires both quantitative and qualitative metricsBoard-level engagement indicates organizational security culture maturitySelf-reporting of security incidents shows positive cultural developmentSecurity committees' participation helps measure cultural engagementHard-coded credentials remain persistent problem across organizationsInternal audits and risk committees strengthen security governancePublic security incidents change board conversations about prioritiesLeadership vulnerability and transparency help build trustBeing pragmatic beats emotional responses in security leadershipSecurity programs should align with business revenue goalsCustomer security requirements drive program improvementsExcessive security questionnaires drain resources from actual securitySecurity culture started as exclusionary, evolved toward collaborationFinancial institutions often create unnecessary compliance burdenEarly security involvement in product development prevents delaysSecurity teams must match development team speedTrust between security and development teams enables efficiencySmall security teams can support large enterprise requirementsVendor partnerships help scale security capabilitiesProcess changes work better than adding security toolsSecurity leaders need deep business knowledgeTechnical depth and breadth remain essential skillsEvangelism capability critical for security leadership successInfluencing without authority key for security effectivenessCrisis moments create opportunities for security improvementSocializing between security and development teams builds trustDEF CON attendance helps developers understand security perspectiveBug bounty programs provide continuous security feedbackRegular informal meetings between teams improve collaborationBuilding personal relationships improves security outcomesModern security leadership requires balance of IQ and EQParticipants:Jacob Berry – Head of Information Security, ClumioGeorge Gerchow – Interim CISO, Head of Trust, Mongo DBBrad Levy – Chief Executive Officer, SymphonyBrendan Staveley – Global Sales Leader, Security Services, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/

This week, we're featuring an anonymized chat with a longtime anarchist on lessons learned trying to stay sane  while facing state repression. We talk about experiencing trauma, the need for strong relationships and movements offering shelter and strong alternatives to the alienated society of state and capital, while also speaking on the challenges of mental health and inviting in new participants in anarchist movement. Transcript PDF (Unimposed) Zine (Imposed PDF) Chapters: Introduction and Disclaimer [00:00:23] Post-911/Patriot Act State of Heightened Repression and build up to today [00:02:29] Navigating security amidst a post-social media and post-smart phone era [00:23:33] Creating safer and more secure revolutionary communities that can better withstand the heat [00:31:02] Recognizing and overcoming repression-based trauma on an individual and community level [00:40:02] Supporting comrades overcoming mental health episodes (spiralling) amidst repression and burnout [01:09:13] On infiltrators and the depths the state will go to inflict trauma, fish, and divide [01:15:57] Recognizing the ‘severity' of our position, and taking ourselves seriously [01:26:22] Some tips on facing trauma or intimidation, or supporting others experiencing repression-related trauma [01:34:18] Descending References and Resources List According to Interview:   Green Scare Background Green Scare Intro and Article References Mainstream Media Story (MSM Story): The Green Scare: How a Movement That Never Killed Anyone Became the FBI's No. 1 Domestic Terrorism Threat TFSR Interviews: Green Is The New Red with Will Potter Eric McDavid after his release Grand Juries CLDC: Grand Juries Surviving a Grand Jury: Three Narratives from Grand Jury Resisters People's Law Office: The Improper Use of the Federal Grand Jury: An Instrument for the Internment of Political Activists Surviving a Grand Jury What it means to resist a grand jury; stories from those who have; how to support North Carolina grand jury resistance (PodCast) Border Detention Crossing the United States Border A Security Guide for Citizens and Non-Citizens Police Visitation Center for Constitutional Rights: If An Agent Knocks Resource When the Police Knock on Your Door Your Rights and Options: A Legal Guide and Poster If the FBI Approaches You to Become an Informant An FAQ: What You Need to Know National Lawyers Guild: If An Agent Knocks On Phone and Digital Security Culture Taking Ourselves Seriously: Digital Harm Reduction (PDF Format) Electronic Frontier Foundation: Mainstream Resource and Non-Profit Advocate for Digital Privacy Infiltration Cases: MSM Story on Mark Kennedy: How a Married Undercover Cop Having Sex With Activists Killed a Climate Movement TFSR interview on Spy Cops MSM Story on Eric McDavid case: Manufacturing Terror: An FBI Informant Seduced Eric McDavid Into a Bomb Plot. Then the Government Lied About It Earth First!: Informants List Anti-Repression Resources: NYC Anarchist Black Cross Support Defendants & Prisoners From the George Floyd Uprisings TFSR interview: Anti-Repression, Supporting Uprising and Anarchist Prisoners A Tilted Guide to Being a Defendant (PDF Zine) J20 Case Lessons from #DefendJ20 on Building Movement Defense Against Repression Sobriety Discussion Sobriety and Anarchist Struggle (PDF Version) Mental Health/Trauma/Burn Out Survivors Manual: Surviving In Solitary (PDF) Sub.Media video: Redefining Sanity Through Struggle Conflictual Wisdom: On Burning Out and Anarchist Self-Preservation Against the Struggle of the Coward: A Note of Strength for the Underdogs Repression, Resiliency, & Movement Support: An Interview Solidarity Apothecary (Podcast) Broader Wellness Resources by Mutual Aid Disaster Relief Trauma & Recovery Brochure (PDF) Solidarity Is Greater Than Fear: Lessons from G20 to Stop Cop City (Youtube Link) A Life Worth Living: Care, Survival, Suicide, and Grief (Zine Resource on the Subjects) . ... . .. Featured Track: Hold Onto Each Other by Thee Silver Mt. Zion Memorial Orchestra & Tra-La-La Band from Horses In The Sky

In episode 110 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Lee Noriega, Executive Director of the Cybersecurity Services Organization and Acting General Manager of Sales and Business Services at the Center for Internet Security® (CIS®); and Jerry Gitchel, founder of Leverage Unlimited and listener to Cybersecurity Where You Are. Together, they examine a question sent in by Jerry: if a corporate culture is lacking, can a security culture exist?Here are some highlights from our episode:01:33. What security culture is and how it differs from corporate culture05:30. What elements factor into a strategy to drive corporate culture09:30. The importance of a feedback loop for culture15:43. How to cultivate "institutional ownership" in an organization's workforce19:03. What goes into fostering security consciousness in support of security champions25:14. The challenges of engaging corporate culture to think about security culture29:13. Examples and takeaways for listenersResourcesWhy Employee Cybersecurity Awareness Training Is ImportantEpisode 107: Continuous Improvement via Secure by DesignSeth Godin | Why People Like Us Do ThisThe Cuckoo's Egg: Tracking a Spy Through the Maze of Computer EspionageIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

How does the tone from the top influence fraud investigations, organizational culture, security training, and technology upgrades? Scot Walker, PCI, Manish Mehta, and John Rodriguez join this episode of the SM Highlights podcast to talk through how proactive relationship-building and partnerships can drive tactical and strategic success. Additional Resources Join the ASIS International Investigations Community here: https://community.asisonline.org/subjectareahome?CommunityKey=e3a5949e-d103-40a3-80f9-38f8476100b1 Get resources from the Society for Human Resource Management (SHRM) on investigations here: https://www.shrm.org/topics-tools/tools/how-to-guides/how-to-conduct-investigation To learn more about security operations centers (SOCs), check out Security Management's coverage from September: https://www.asisonline.org/security-management-magazine/articles/2024/09/soc/ Read Manish Mehta's take on modernizing SOCs in his article: https://www.asisonline.org/security-management-magazine/articles/2024/09/soc/modernizing-socs/ More interested in security culture and how it affects leadership? Read more here: https://www.asisonline.org/security-management-magazine/articles/2024/10/culture/ Hear more from John Rodriguez about how security leaders can leverage and influence culture in his article: https://www.asisonline.org/security-management-magazine/articles/2024/10/culture/culture-security-differentiator/

Register here for AWS re:Invent 2024, Dec 2-6, Las Vegas, NV-------Executive leaders from Arctic Wolf, Docker and Illumio share insights on fostering a strong security culture, balancing innovation with security, and addressing challenges in data protection and AI model development.Topics Include:Overview of security culture in different company teamsImportance of guidelines and secure IT infrastructure for AI modelsChallenges of accessing customer data while maintaining securityNeed for anonymization in early AI model developmentDocker's open-source ecosystem and security integrationDogfooding own products to ensure product reliability and trustworthinessIllumio's high customer trust and responsibility for strong security practicesBalancing security awareness with development speed at IllumioGamifying security training to increase awarenessInterlocking with customers to enhance security understanding for developersEmbedding security into the development process from the startIllumio's approach to security in agile, cloud-native developmentAdapting customer success strategies for evolving security needsRise of non-developers using AI in enterprisesEducating business leaders on security best practicesScaling customer enablement and education through community engagementChallenges of placing security responsibilities in the developer workflowArctic Wolf's AI strategy for secure developmentUse of anonymized data in secure AI model trainingGenerative AI's potential to augment human creativity and efficiencyPanelists' views on private AI and segmented model developmentMeasuring security culture progress with gamification and development metricsAddressing human factors in cybersecurity and social engineering threatsEmphasizing resiliency and containment in preventing widespread cyberattacks.Participants:Dean Teffer – Vice President of Artificial Intelligence, Arctic WolfDixie Dunn – VP of Customer Success, DockerMario Espinoza – Chief Product Officer, IllumioBrian Shadpour – General Manager, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode we re-visit an earlier theme explored in this series. The theme of mesurement and metrics. The question of how to measure awareness, behaviour or culture is something we consistently come across here at Re-thinking the Human Factor when exploring opportunities to work with clients. There's an palpable feeling, across industry chatter, that there's a real lack of maturity when it comes to how we demonstrate the effectiveness of our effrots to influence employee awareness, behaviour and culture. However, there is hope. In this episode I talk with Bernie Smith. Bernie has a focus on KPI's, not just your standard range but also he brings ideas about how you might create new metrics as well. We discuss his view on the development of metrics and how metrics can help not just measure performance but ultimately influence behaviour and shape culture.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guests: Robin Shostack, Security Program Manager, Google Jibran Ilyas, Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can talk about publicly is one of the biggest healthcare breaches at this time. Could you share how Expedition Behavior played a role in our response?   Apart from during incident response which is almost definitionally an adverse condition, how else can security teams apply this knowledge? If teams are going to embrace an expeditionary behavior mindset, how do they learn it? It's probably not feasible to ship every SOC team member off to the Okavango Delta for a NOLS course. Short of that, how do we foster EB in a new team? How do we create it in an existing team or an under-performing team?   Resources: EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? “Take a few of these: Cybersecurity lessons for 21st century healthcare professionals” blog Getting More by Stuart Diamond book Who Moved My Cheese by Spencer Johnson  book

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.Learn more about  Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.Learn more about  Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guest: Ida Hameete, Application Security Consultant, ZenrosiOn LinkedIn | https://www.linkedin.com/in/idahameete/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesJoin Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Guest: Ida Hameete, Application Security Consultant, ZenrosiOn LinkedIn | https://www.linkedin.com/in/idahameete/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesJoin Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company's dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak's unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company's dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak's unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Today we're talking about security culture with our guest, Sara Duffer, Director of AWS Security Assurance. Sara has an uncommonly deep understanding of how Amazon reinforces its culture of security thanks to her previous role serving as technical advisor to the Amazon CEO. Join Clarke Rodgers, Director of AWS Enterprise Strategy as he interviews Sara about the observations and wisdom she picked up while working alongside the CEO, including how the C-suite sets the bar for security culture.

Uncover the Unexpected: Discover the Surprising Key to Enhanced Security Culture. Are you ready to discover the game-changing element that's transforming the cybersecurity industry? Get ready to challenge your perceptions and dive into the human side of cybersecurity with an unexpected twist that's reshaping the landscape. Are you curious to find out what it is? Stay tuned for the inside scoop that will leave you eager for more.Our special guest is Dr. Jessica BarkerDr. Jessica Barker, the co-founder of Cygenta, is a recognized authority in the cybersecurity domain, specializing in the human aspect of cybersecurity. With a Ph.D. in civic design and a background in sociology, Dr. Barker's entry into the cybersecurity field over a decade ago marked the beginning of her influential journey. Her extensive experience and unique blend of expertise in sociology, psychology, and behavioral economics have positioned her as a leading figure in shaping security culture, awareness, and behavior within organizations. Dr. Barker's contributions have played a pivotal role in the industry's evolution, making her insights indispensable for those aiming to fortify their security culture and proactive measures.For me, the big change I have seen is in the human side. Obviously, my focus is in awareness, behavior and culture. But what I've really seen is that go from very much a kind of edge niche, part of the industry, part of what we're kind of working on with corporations, to it becoming really much more mainstream, so many more opportunities, so many more roles. - Dr. Jessica BarkerIn this episode, you will learn:Understand the Impact of Human Behavior on Cybersecurity: Discover the crucial role human factors play in maintaining a secure digital environment.Foster a Strong Security Culture: Learn how to build and nurture a security culture within your organization for enhanced protection against cyber threats.Master Effective Communication in Cybersecurity: Uncover powerful communication strategies that can help you convey security protocols and risks to both technical and non-technical stakeholders.Connect with Dr. Jessica Barker, PhD, MBELinkedIn: https://www.linkedin.com/in/jessica-barker/Twitter: https://twitter.com/drjessicabarkerDr. Jessica Barker on Amazon - Amazon Store LinkHacked - https://a.co/d/czga0PoConfident CyberSecurity - https://a.co/d/3vz3IdFConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

In this episode, we delve into cybersecurity and the importance of making it relevant to each individual, beyond just their organization. My guest is David Shipley, Co-founder and CEO of Beauceron Security. David shares his journey from a career-altering cybersecurity incident at the University of New Brunswick to leading a cloud-based platform designed to enhance personal and organizational cybersecurity practices by empowering people to be in control of technology. The discussion explores current cybercrime trends in the banking industry, as well as the impact of geopolitical instability and technological advancements on cyber risk, the role of AI in both aiding and complicating cybersecurity efforts, and strategies for building positive security cultures within organizations. He also reflects on the challenges and rewards of growing a startup in Canada, emphasizing the importance of team resiliency, continuous learning, and embracing failure as a pathway to innovation.  Thanks to show sponsor, BankTech Ventures. CHAPTER MARKERS: 00:00 Introduction 01:14 Meet David Shipley: From Military to Cybersecurity CEO 02:28 Current Cybersecurity Challenges and Trends 07:36 Strategies for Banks to Combat Cyber Threats 17:23 The Beauceron Inception Story: A Cybersecurity Journey 26:05 Evolving Security Awareness Training 26:59 Customer Success Stories: Phishing Defense and Employee Training 30:13 Reflections on the Startup Journey 33:27 The Impact of Cybersecurity Work 35:45 Operating a Canadian Startup 41:14 Looking Ahead: Growth, AI, and the Future of Cybersecurity 46:34 David's Rituals & Disciplines 50:24 Closing Remarks

In this episode we take a peek at the role of the security teams' own culture and its impact on the broader organisational culture. This, is an important perspective, because whilst many commentators focus on influencing organisational culture they haven't considered the role that the value and behaviours of the security team has in influencing positive security outcomes across the business. To help us explore this perspective, on cultural forces at play, we have a guest who knows a thing or two about how cultures are formed and influenced. Lianne Potter studied in social anthropology, then geeked out on technology before combining the two to shape an industry career which has achieved numerous accolades for her thought leadership in not just the human factor but also information security generally. Lianne, for me, illustrates a small, but growing force within the industry that recognises that the human factor needs to be repositioned not as an after thought once all the work of designing security controls has been done, but as a critical and key part of the process of understanding and managing information security risk. ©Copyright Marmalade Box Limited The content of this podcast is the property of Marmalade Box Limited. Any use of the content of the podcast, either in full or partially, will be considered an infringement of Marmalade Box Limited rights as sole owners of this content. Any enquiries about the use of this content should be directed to Marmalade Box Limited. Contact information can be found at www.marmaladebox.com .

If you're a regular listener then you will have already met today's guest Dr. Char Sample. Char is a force at work deep within the information security community. Char is a rarity, combining a deep knowledge of both the technical and human aspects of the challenges security professionals face when managing cyber security risks. Char and I go back a long way, to a horrible conference lunch in London, where her riveting conversation meant I didn't have to eat what was on the plate in front of me. I have been forever grateful. That riveting conversation was all about our shared understanding of how culture influences everyone's day to day behaviours and how everyday behaviours make up culture. That shared interest has led to many conversations and shared ideas about how the information security industry could step up a level by seeing the potential for improving how we assess and manage human factor risks. In this episode we capture one of those conversations. We talk about heuristics and biases, what they are and what role they might have in artificial intelligence. Why what makes us human often makes us behave in seemingly irrational ways even when presented with all the data we need  and assumptions we frequently make when developing and designing systems and processes and how this is undermining the management of business risks. Be warned, there's a lot of laughter in this episode.

This week, we're featuring four segments. First up, you'll hear a chat with organizers of the 2024 Heart of the Valley Anticapitalist Bookfair which ran its first iteration in Corvallis, Oregon from January 19-21st.  A zine of their experiences will appear on that blog soon. [ -> 00:24:18 ] Then, you'll hear a brief segment updating listeners on the conspiracy case against six anarchists and antifascists in Russia known as the Tyumen case (for where it initiated). The six anarchists, some of whom barely knew each other, were tortured into confessions of conspiracy to further anarchist ideology and damage the Russian war machine. [ 00:24:34 - 00:32:53 ] Transcription PDF (Unimposed) Zine (Imposed) Following this, we spoke with Aster, a European anarchist involved in the counter-surveillance and anti-repression project known as the No Trace Project which works to share information about known methods and cases of state surveillance. The project does this in order to improve and expand our collective knowledge, tools and abilities at evading state crackdowns as we organize and act. This interview was conducted via encrypted messages and Aster's portion is being read by an unrelated volunteer. [ 00:35:47 - 01:05:18 ] Transcript in English Transcription en Français PDF (Unimposed) Zine (Imposed) If you plan to visit their site, we suggest at least running a VPN (riseup.net has a free one) and using an anonymized browser. One method is to download the tor browser (find your device/operating system at ssd.eff.org for some tips) and visit the NoTrace Project tor address. Their website can also be found at https://NoTrace.How Finally, you'll hear Sean Swain's reading of names of people killed by cops in the USA during October of 2023. [ 01:09:50 ] Tyumen Links Tyumen Case Support Crew's Russian-language Telegram: https://t.me/tumenskoedelo Articles on the case and individuals on Avtonom: https://avtonom.org/en/taxonomy/term/1761 Music by some of the imprisoned men appear in a compilation to fundraise for their legal funds: https://blackploshad.bandcamp.com/album/music-of-antifascist-prisoners-tortured-by-the-police-tyumen-case . ... . .. Featured Tracks: День дизертира ( Deserter's Day) by Rasputin Меланхолия (Melancholy) by Rocker Balboa

Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Stuart Archer. Stuart is a dynamic health care leader with a proven track record of quality improvement, growth and innovation. He began his health care career at the bedside as a nurse's aide, building within him a laser-like focus on a patient-first care model and building teams guided by empathy and compassion. He took the helm at Oceans Healthcare in 2015 and has since shepherded in a period of unprecedented improvement and growth.   Oceans is now an industry leader, among very few behavioral health providers to implement much-needed quality benchmarking tools like patient depression and anxiety questionnaires and implementing a companywide electronic medical records system.   Oceans has earned numerous awards, including being named one of the Inc. 5000's fastest-growing companies in America for six consecutive years.   Mr. Archer is an at-large board member of the National Association of Behavioral Healthcare, was named the 2021 D CEO Magazine Outstanding Healthcare Executive and earned the 2018 EY's Entrepreneur of the Year in Healthcare award for the Southwest region. [Nov 20, 2023]   00:00 - Intro 00:20 - Ryan Intro 00:56 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                04:00 - Stuart Archer Intro -          LinkedIn: linkedin.com/in/stuartlarcher/ 06:12 - The Path to Empathy 09:29 - Building a Better Team 13:06 - Corporate Level Introspection 15:15 - Prepare for the Hurricane 18:12 - It Can't Happen To Me 19:38 - Know Your Audience 23:58 - Gone Phishin' 26:18 - Ideal Behavior 31:33 - Advice for an Empathetic Culture 34:09 - Book Recommendations -          And There Was Light - Jon Meacham -          Raven Rock - Garrett Graff 35:46 – Mentors -          Mother 37:07 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Join us as we welcome Darren Gallop, the visionary behind Carbide, a trailblazing information security and data privacy company. In an era where business dynamics shift with rapid technological advancements, Darren pulls back the curtain on the vital intersections of security, culture, and global commerce.Darren candidly addresses the labyrinth of data privacy regulations, such as GDPR. As he puts it, "Navigating data privacy today is akin to deciphering a global jigsaw puzzle, where every piece represents a different jurisdiction's expectation." But it's not just about external threats. Darren underscores the fact that "Even with all the tools at our disposal, human error remains a formidable adversary. Employee training isn't just a checkmark; it's a cornerstone."Diving deep into Carbide's ethos, he accentuates the imperative of baking security into the very DNA of business culture. "At Carbide, our mission isn't just to protect but to educate and integrate. Our clients don't just get a platform; they inherit an arsenal of expertise.”Yet, what truly sets this conversation apart is Darren's forward-looking analysis. He envisions a cybersecurity horizon on the brink of consolidation, emphasizing, "Businesses don't want a security stack that's a tower of Babel. They want coherence, collaboration, and simplicity."This episode is more than just a conversation; it's an immersion into the future of cybersecurity for SMBs. Darren's words aren't mere statements; they're proclamations of an evolving industry. Understand why the 'one-size-fits-all' approach is an artifact of the past. Discover the revolutionary steps SMBs can take to not just survive but thrive in the digital age. From the global challenges of cybersecurity to the seamless integration of security in business culture, embark on this enlightening journey with us.

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

Photo: No known restrictions on publication. @Batchelorshow #EU: Migration rethinking includes security, culture, labor, order. Judy Dempsey, Carnegie Strategic Europe, Berlin https://carnegieeurope.eu/strategiceurope/88486

This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer."