Podcasts about security program

The FedRAMP program at the General Services Administration has enabled agencies to safely use commercial cloud computing for more than a decade. Last month the GSA launched an update called FedRAMP 20-X. It's designed to make it easier and faster for vendors to get the authorization they need to take on federal customers. For how it looks to industry, we turn to the founder and CEO of RegScale, Travis Howerton.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Host Saeed Khan talks with guests, former Fox 2 anchor Huel Perkins, attorneys Bill Seikaly, Steve Fishman and Joel Sklar, community and labor activist Barb Ingalls, veteran journalist Nancy Derringer and Deadline Detroit co-founder Allan Lengel.They talk about: Donald Trump helps Canadian liberal prime minister win; Trump's first 100 Days, Oy!  Amazon posts tariff cost on items until White House objects; DOD Secretary ends Ivanka Trump's signature “Women, Peace, Security Program” for being too woke; Shri Thanedar to face primary opponent; Two Hamtramck City Councilmen living outside the city; Office vacancy rates in Detroit jump. Schmuck of the Week.

Could your routine data transfers now violate federal law? The DOJ's new Data Security Program (DSP) targets the flow of U.S. sensitive personal and government data to foreign adversaries — and the clock is ticking. In this episode of Corruption, Crime and Compliance, Michael Volkov breaks down the Justice Department's sweeping new Data Security Program, enacted under Executive Order 14117 and finalized in January 2025.You'll hear him discuss:The origins of the DSP, created through Executive Order 14117 under the Trump Administration, and the key national security concerns it addresses.What constitutes a “covered data transaction” and the thresholds for U.S. personal and government data that trigger compliance obligations.The list of “countries of concern” and what it means for companies doing business with entities tied to these regions.The types of U.S. data covered by the DSP, including biometric, genomic, financial, and geolocation data, and the specific quantity thresholds that trigger restrictions.Why data brokerage and bulk human genomic data transactions are prohibited outright, raising new compliance challenges for affected industries.How “restricted transactions” like cloud computing services and vendor agreements are subject to conditional exceptions under the DSP.The critical actions U.S. companies must take during the 90-day enforcement hiatus, including vendor assessments, renegotiations, and compliance system updates before the July 8th deadline.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Earlier this month President Trump announced radical new taxes on foreign imports amounting to what he described as ‘Liberation Day' for the United States. It was a promise he made to American voters during last year's election campaign but the scale of the tariffs caught many countries by surprise.Global financial markets plunged as investors braced themselves for a shock to the flow of international trade. Faced with prolonged market turmoil, within days the US President paused most of his plans.A to-and-fro between Washington and Beijing has left many world leaders confused who to side with, as many look towards the White House wondering if there is a detailed plan at the heart of these unprecedented few weeks.Contributors: ● Carla Sands, Vice Chair for the Center for Energy and Environment at America First Policy Institute and former US Ambassador to Denmark ● Emily Kilcrease, Senior Fellow and Director of the Energy, Economics and Security Program at the Center for a New American Security ● Victor Gao, Chair professor at Suzhou University and Vice President at the Center for China and Globalization ● Gillian Tett, Provost of King's College at Cambridge University and Financial Times columnistPresented by Tanya Beckett Produced by Daniel Rosney Researched by Katie Morgan and Ben Hughes Technical producer Nicky Edwards Production Co-ordinator Liam Morrey Editor Tara McDermott

How far do you think American President Donald Trump could go in his adversity toward the European Union? Let's say on a scale from zero to ten, where 10 is the worst scenario akin to the EU being at war with the US. "I think probably somewhere like 8,5," Minna Ålander said to me. She is a Non-resident Fellow with the Transatlantic Defense and Security Program at the Center for European Policy Analysis (CEPA) and the Chatham House Associate Fellow. Minna recently wrote an article - Is Trump Making Europe Great Again? - so we discussed her piece in a more detailed way and we also talked about if Europeans can and should lead the free world, however we define it. Listen to our conversation. And if you enjoy what I do, please support me on Ko-fi! Thank you. ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ko-fi.com/amatisak

In this episode of The New CISO, host Steve Moore sits down with Yannick Herrebaut, Cyber Resilience Manager at the Port of Antwerp-Bruges, to explore his unconventional journey from intern to security leader. Yannick shares how his early passion for technology, sparked by gaming and building his own PCs, laid the foundation for his career in cybersecurity.They discuss the importance of strong internship programs, the transition from network engineering to security leadership, and the key lessons learned when stepping into a CISO role for the first time. Yannick also reflects on the challenges of building a security program from scratch and the critical skills needed to lead a growing security team.Key topics include:How internships can shape future cybersecurity leadersThe transition from network engineering to security leadershipThe importance of business alignment in cybersecurityLessons learned in managing a growing security teamAdvice for aspiring CISOs on stepping into leadership roles00:00 - Introduction & Meet Yannick Herrebaut02:30 - From Gaming to Cybersecurity: A Passion for Technology06:30 - Internship at the Port of Antwerp: A Career Launchpad10:00 - The Value of Cybersecurity Internships & Mentorship17:00 - From Network Admin to CISO: A Big Career Leap27:00 - Building a Security Program from Scratch35:00 - Lessons in Leadership & Team Growth45:30 - What It Means to Be a New CISOLinks: LinkedIn

CSIS's Gracelin Baskaran, Director of the Critical Minerals and Security Program, joins the podcast to break down the recent U.S.-Ukraine minerals deal and its implications for global resource security. They discuss why Ukraine agreed to the deal without security guarantees, the risks this poses for private investment, and the broader geopolitical stakes. Baskaran also draws comparisons to China's mineral deals in the Democratic Republic of Congo and highlights the urgency of securing U.S. supply chains. Plus, a look at her upcoming book, Critical Minerals in the Future of the U.S. Economy, and what it means for national security. Background Reading: https://www.csis.org/analysis/critical-minerals-and-future-us-economy

Dr. Dave Chatterjee hosts a discussion on elevating your offensive program with Mark Carney, CEO @ Evolve Security, and Yaron Levi, Chief Information Security Officer (CISO) at Dolby Labs. They emphasize the importance of a proactive, continuous approach to cybersecurity, contrasting it with traditional reactive measures. Key points include the need for a threat-informed, programmatic mindset, continuous threat exposure management (CTEM), and the integration of business objectives. They stress the importance of intelligence, risk assessment, and the role of third-party providers as partners. The conversation highlights the necessity of senior leadership commitment and the challenges of defining and measuring risk in cybersecurity.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-81-elevating-your-offensive-security-program/Latest Articles and Press Release on The Cybersecurity Readiness Podcast Series:Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Yahoo!Finance, Dec 16, 2024Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Marketers Media, Dec 12, 2024.Cybersecurity Readiness Podcast by Dr. Dave Chatterjee Reaches 10,000 Downloads Globally, Business Insider/Markets Insider, Dec 10, 2024.Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications & Press Releases:Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.

Could the transatlantic alliance fall apart? Many EU leaders have rejected the US vice president's criticism of democracy on the continent. JD Vance called into question how their countries are governed. So, can Europe still count on Washington? In this Episode: Jessica Berlin, Non-resident Senior Fellow, Transatlantic Defense and Security Program, Center for European Policy Analysis. Benjamin Friedman, Policy Director, Defense Priorities. Olaf Boehnke, Director and Senior Adviser, Alliance of Democracies Foundation. Host: Adrian Finighan Connect with us:@AJEPodcasts on Twitter, Instagram, Facebook At Al Jazeera Podcasts, we want to hear from you, our listeners. So, please head to https://www.aljazeera.com/survey and tell us your thoughts about this show and other Al Jazeera podcasts. It only takes a few minutes!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Andrew Wilder, CISO, Vetcor. In this episode: It comes down to growth Maintenance mode is anything but simple An asymmetric arrangement Integrating with the business  Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Australia’s compulsory super system has been in place for more than 30 years, but do we need more guidance heading into our retirements?See omnystudio.com/listener for privacy information.

In this episode, host Ashish Rajan sits down with Prahathess Rengasamy, a cloud security expert with extensive experience at companies like Credit Karma, Block, and Apple. Together, they explore the challenges and best practices for scaling cloud security, especially in the complex scenarios of mergers and acquisitions. Starting with foundational elements like CSPMs and security policies, Prahathess breaks down the evolution of cloud security strategies. He explains why cloud security cannot succeed in isolation and emphasizes the need for collaboration with platform and infrastructure engineering teams. The conversation delves into real-world examples, including managing AWS and GCP security post-acquisition and navigating the cultural and technical challenges that come with multi-cloud environments. Guest Socials:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Prahathess's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (02:02) A bit about Prahathess (02:36) How does Cloud Security Scale? (07:51) Where do we see just in time provisioning? (10:05) Cloud Security for Mergers and Acquisitions (14:31) Should people become MultiCloud Experts? (15:28) The need for data insights (16:54) Data sources to have as part of data insights (21:06) Benefits of Data insights for Cloud Security Teams (21:30) How to bring the new team along the cloud security journey? (24:29) How to learn about data insights? (26:35) How to maximize security efforts with data? (36:21) The Fun Section

Episode 117 examines the intersection of climate change, national security, and irregular warfare, with a particular focus on how environmental changes are reshaping global security challenges from the Arctic to the Pacific Islands. Our guests begin by exploring pivotal moments in the evolution of environmental security and its impact on national defense policy. They then discuss how climate-related changes affect military operations and strategic partnerships, particularly in the Pacific region. The conversation continues with an analysis of how both state and non-state actors leverage environmental crises in irregular warfare tactics. They conclude by offering policy recommendations for addressing climate security challenges and building resilient international partnerships. Sherri Goodman is a Senior Fellow at the Wilson Center's Environmental Change and Security Program and Polar Institute. As the former Deputy Undersecretary of Defense for Environmental Security, she coined the term "threat multiplier" to describe climate change's impact on national security. She has served on numerous advisory boards and is the author of "Threat Multiplier: Climate, Military Leadership, and the Fight for Global Security." Ambassador John Hennessey-Niland is a Professor of Practice at the Bush School of Government and Public Service. As the former U.S. Ambassador to Palau, he brings extensive experience in Pacific region affairs. His previous roles include serving as the foreign policy advisor to the Commander of U.S. Marine Corps Forces Pacific, and he has held various diplomatic positions across Europe and the Pacific, providing him with unique insights into the intersection of environmental security and irregular warfare.

This episode of the Amazing Cities and Towns Podcast sponsored by Bearing Advisors, Jim Hunt interviews Mayor Terry Richardson   ·       A candid conversation about restoring city hall. ·       And, much more   7 Steps to an Amazing City:   Attitude Motivation Attention to Detail Zing Inclusiveness Neighborhood Empowerment Green Awareness   Thanks for listening and look forward to having you join us for the next episode.   Links Mentions During Show:  https://www.greaternapanee.com/town-hall/council-committees/council/  ·       www.AmazingCities.org ·       www.AmazingCities.org/podcast to be a guest on the podcast   About Mayor Terry Richardson:     Terry Richardson was born and raised in Napanee, being a fourth-generation family to live, work and raise a family in the community. He attended both public and high school in the Napanee area, subsequently graduating from Napanee District Secondary School in 1982. Terry was, and still is, very active in local community sports, playing for All Ontario Championship softball and hockey teams. He served as the captain of a number of these teams, including the Napanee Junior "C" hockey team. His competitive hockey concluded after playing for the Loyalist College Varsity hockey team. In 1984, Terry continued with his post-secondary education, attending Loyalist College in Belleville, Ontario, successfully obtaining a Diploma from Loyalist College in the Law and Security Program. In 1986, Terry embarked on a successful career in the Policing field, having served with both the Peel Regional Police and the Ontario Provincial Police, later retiring in 2016. Terry served in several capacities in the Policing field, from uniform patrol and administrative court duties to many specialized functions, ranging from drug undercover work, large-scale joint forces criminal investigations, and property and rural agricultural crime investigations. In 2018, Terry participated in the 2018 Municipal election, running for Councillor of Ward 2, Greater Napanee. He was successful in obtaining the Ward 2 Council seat, subsequently sitting on several Committees of Council during that time. These included the Cataraqui Conservation Authority, Committee of Adjustment, Physician Recruitment Committee, Municipal Heritage Committee, Property Standards Committee, and Council alternate for the County of Lennox and Addington. Terry and his wife Charyl have two grown sons and one beautiful granddaughter. Office of the Mayor 124 John Street, P.O. Box 97, Napanee, ON, K7R 3L4 Telephone: 613-530-5485 Email Mayor Richardson   About Your Host, Jim Hunt: Welcome to the “Building Amazing Cities and Towns Podcast” … The podcast for Mayors, Council Members, Managers, Staff and anyone who is interested in building an Amazing City.   Your host is Jim Hunt, the author of “Bottom Line Green, How American Cities are Saving the Planet and Money Too” and his latest book, “The Amazing City - 7 Steps to Creating an Amazing City”   Jim is also the former President of the National League of Cities, 27 year Mayor, Council Member and 2006 Municipal Leader of the Year by American City and County Magazine.   Today, Jim speaks to 1000's of local government officials each year in the US and abroad.   Jim also consults with businesses that are bringing technology and innovation to local government.   Amazing City Resources:   Buy Jim's Popular Books: ·       The Amazing City: 7 Steps to Creating an Amazing City:   https://www.amazingcities.org/product-page/the-amazing-city-7-steps-to-creating-an-amazing-city   ·       Bottom Line Green: How America's Cities and Saving the Planet (And Money Too)  https://www.amazingcities.org/product-page/bottom-line-green-how-america-s-cities-are-saving-the-planet-and-money-too   FREE White Paper: ·       “10 Steps to Revitalize Your Downtown”  www.AmazingCities.org/10-Steps   Hire Jim to Speak at Your Next Event: ·       Tell us about your event and see if dates are available at www.AmazingCities.org/Speaking   Hire Jim to Consult with Your City or Town: ·       Discover more details at https://www.amazingcities.org/consulting   Discuss Your Business Opportunity/Product to Help Amazing Cities: ·       Complete the form at https://www.amazingcities.org/business-development   A Special Thanks to Bearing Advisors for the support of this podcast:  www.BearingAdvisors.Net

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO? In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-367

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO? Show Notes: https://securityweekly.com/bsw-367

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO? In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-367

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO? Show Notes: https://securityweekly.com/bsw-367

Ariel Shin joins Ken Johnson (@cktricky on social media) and Seth Law (@sethlaw) for a special episode of Absolute AppSec. Ariel is currently a Security Engineering Manager at Datadog after a three-year stint at Twilio where she worked as an engineering manager in product security, a product security team lead, and a senior product security engineer. This year at Bsides SF 2024, she presented on her time at Twilio in a retrospective talk entitled “Six Years in Review: Transforming Company Culture to Embrace Risk.” The video from Bsides SF can be found here: https://www.youtube.com/watch?v=cQE1OqCpeI8. Before Twilio, Ariel worked at one medical as an appsec engineer as well as spending time as a Technology and Privacy consultant with Protiviti. She also helps build the professional appsec and prodsec communities as a frequent commenter and presenter at security conferences.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Not all education requires tests Understand your users Building reflexes An ounce of prevention Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.  Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

The impact of climate change on the world around us is there for everyone to see—from stronger and more frequent storms to the loss of Arctic Sea ice.  But Sherri Goodman says the threat isn't just to crops or the polar bears, but to American national security. Sherri Goodman, Senior Fellow at the Wilson Center's Environmental Change and Security Program and Polar Institute, and Secretary General of the International Military Council on Climate & Security, is credited with educating a generation of US military and government officials about the nexus between climate change and national security, using her famous coinage, “threat multiplier,” to fundamentally reshape the national discourse on the topic. Sherri serves as Vice Chair of the Secretary of State's International Security Advisory Board and on the EXIM Bank's Council on Climate. A former first Deputy Undersecretary of Defense (Environmental Security) and staff member on the Senate Armed Services Committee, Goodman has founded, led, or advised nearly a dozen research organizations on environmental and energy matters, national security, and public policy.See omnystudio.com/listener for privacy information.

In this edition of Wilson Center NOW, Sherri Goodman, a Senior Fellow with the Wilson Center's Polar Institute and Environmental Change and Security Program, discusses her new book, “Threat Multiplier: Climate, Military Leadership, and the Fight for Global Security.” The book “takes us onto the battlefield and inside the Pentagon to show how the US military is confronting the biggest security risk in global history: climate change.”

Claire de Mézerville López welcomes Razwana Begum Bt Abdul Rahim to the Restorative Works! Podcast.  Razwana joins us and shares her unique insights into the importance of healing, accountability, and ethical leadership within the realms of public safety and community support. Listen as she describes how her extensive experience working with vulnerable children and probationers has shaped her approach to education and policymaking. Razwana sheds light on the necessity of restorative practices, not just in the criminal justice system but also within social services, where the emotional well-being of practitioners is just as vital as the clients they serve. Razwana is currently an associate professor at the Singapore University of Social Sciences (SUSS) and is Head of the Public Safety and Security Program within the School of Humanities and Behavioral Sciences, Singapore University of Social Sciences. She was appointed as a Nominated Member of Parliament on July 24, 2023. Razwana is regarded as a leading national and international expert, and is regularly approached to provide advice and training, cooperate on research projects, and present at seminars and conferences. Her research interests include restorative justice, public safety and criminal justice systems, children and family protection, and leadership and ethical behavior within the commercial and social services sector. Razwana holds a Ph.D. in business ethics and restorative justice from Monash University, Australia, as well as a Bachelor of Law from University of Wolverhampton, UK, a Master of Law from the University of London, UK, and a Master of Counseling from Monash University. She also holds a Graduate Diploma in Social Work, an International Diploma in Computer Studies, and a Diploma in Administrative Management from the National University of Singapore. Tune in to learn how Razwana is fostering a culture of restorative justice through innovative courses and ground-up initiatives that aim to empower the next generation of leaders. 

Guest: Kim Jones, Director, Intuit [@Intuit]On LinkedIn | https://www.linkedin.com/in/kimjones-cism/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk.Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively.One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment.Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals.Top Questions AddressedHow can organizations achieve velocity in their cybersecurity operations?Why is cultural alignment important for achieving velocity?What role does effective leadership play in achieving cybersecurity velocity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Kim Jones, Director, Intuit [@Intuit]On LinkedIn | https://www.linkedin.com/in/kimjones-cism/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk.Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively.One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment.Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals.Top Questions AddressedHow can organizations achieve velocity in their cybersecurity operations?Why is cultural alignment important for achieving velocity?What role does effective leadership play in achieving cybersecurity velocity?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Captain John Cox has been in aviation for over 54 years and man of those, dedicated to safety. This includes focussing on investigating air incidents and accidents.  Trigger warning.   We will be discussing, quite openly, the names of some incidents that have happened over the years.  However, if you can bear it, you should find his level of expertise and investigative skills very reassuring for the nervous flyer.  www.lovefly.co.uk/courses/ FB - Lovefly  Insta - @loveflyhelp  #fearofflying #lovefly #flyingwithoutfear #johncox    Intro music 'Fearless' Daniel King   More information: Captain John Cox is the President and CEO of Safety Operating Systems LLC, and is a veteran major airline, corporate and general aviation pilot. Capt. Cox has flown over 14,000 hours with over 10,000 in command of jet airliners. Before founding Safety Operating Systems LLC, Capt. Cox acted as Executive Air Safety Chairman for the Air line Pilots Association International for 3 years. Captain Cox has worked with the NTSB on numerous accident investigations. Capt. Cox received his Masters in Business Administration in Aviation Management in July 2010 from Daniel Webster College, and received the Aviation Safety Certificate from USC Aviation Safety & Security Program in 1996. Captain Cox received a postgraduate degree in Aviation Safety Command from the Naval Postgraduate School in Monterey, California in 1998. He is a Fellow of the Royal Aeronautical Society and his most recent article is entitled “Aeroplane Upset Recovery Training, History, Core Concepts & Mitigation.” He authors the “Ask the Captain” column for USA Today, serves as the Aviation Analyst for NBC News, and provides expertise to numerous other media outlets. He also frequently appears as an expert on the television programs Air Disasters and Why Planes Crash.  

Mary Writz, SVP of Product Management at Red Canary is our feature interview this week. News from Tattered Cover, Arrow Electronics, PhotoPacks.ai, Ping Identity, Lares, LogRhythm and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Morrison's new cameras flag 9,000 speeders in less than two weeks - Canyon Courier Barnes & Noble CEO explains Tattered Cover bookstores deal New AI summit in Denver to focus on how to address affordability Colorado public companies notch big profits and big losses in DBJ rankings Denver startup uses AI to generate professional headshots How Colorado's tech leaders want the state's new AI law changed Denver lacks comprehensive approach to cybersecurity risks, city auditor says How Session Management Works and Why It's Important The Power of Modern-Day Purple Teaming: A Consultant's Perspective How to Ensure Your Data is Ready for an AI-Driven SOC  | LogRhythm Job Openings: Pax8 - IAM Architect Gates - Sr Cybersecurity Analyst Brownstein Hyatt Farber Schreck - CISO Affirm - Director of Product, Trust & Safety Bank of America - Senior Information Security Officer Meta - Security Partner - Mergers & Acquisitions HealthEdge - Director, Governance, Risk, and Compliance Presidio - Vice President, Cyber Security Practice DAT - Security Analyst 1 Ryder System - Application Security Engineer Upcoming Events: This Week and Next: ISSA COS - Cybersecurity First Friday - 7/12 ISSA COS - July meeting - Conversations that count - 7/16 CSA Colorado - Responding to the Quantum Computing Threat - 7/16 Denver ISSA - BBQ - 7/17 Denver OWASP - AI in the Age of Application Security - 7/17 ISSA COS - July Mini Seminar "Blackout Brainstorm" Tabletop around EMPs - 7/20 Let's Talk Software Security - What do the Developers Think of your Security Program? - 7/23 ISC2 Pikes Peak - July Meeting - 7/24 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Send us a Text Message.This month, we welcome Swathi Joshi, VP of SaaS Cloud Security at Oracle, to discuss key moments and decisions that shaped her career path, including rejections from Google and Twitter. She emphasizes the importance of learning from rejection and seeking feedback to improve. Swathi also shares insights on the role of mentors and advises on finding and working with mentors. In the second part of the conversation, she discusses building a SaaS security program as an enterprise consumer of SaaS. She highlights the importance of addressing misconfigurations, ensuring visibility and access control, and meeting compliance needs. Swathi also suggests asking about backup and exploring risk scoring for vendors. In this conversation, Swathi discusses best practices for managing vendor risk, vulnerability management through third parties, and incident response in SaaS applications. She also shares insights on privacy operations and critical privacy controls in SaaS. Swathi emphasizes the importance of collaboration, robust incident response plans, and data lifecycle management. She also highlights the need for identity and access control and the challenges of normalizing incident response across different SaaS platforms. Swathi's leadership philosophy is collaborative and pace-setting, and she emphasizes the importance of stress management.TakeawaysLearn from rejection and seek feedback to improveBuild long-term relationships with mentors and create a personal advisory boardWhen building a SaaS security program, focus on addressing misconfigurations, ensuring visibility and access control, and meeting compliance needsAsk about backup and explore risk scoring for vendors. Managing vendor risk requires close collaboration with privacy, legal, and contract partners.Incident response in SaaS applications shares foundational principles with traditional on-prem software, but there are differences in data snapshotting and managing dependencies.Privacy operations can be operationalized by focusing on identity, access control, and data lifecycle management.Leadership should be collaborative, open to ideas, and adaptable to different situations.Stress management is crucial for effective leadership and should be acknowledged and actively managed.LinksPrivacy Operations TemplateSwathi's LI ProfileChapters00:00 Navigating Career Challenges and Learning from Rejection08:13 The Role of Mentors in Career Growth15:26 Building a Strong SaaS Security Program21:20 Meeting Compliance Needs in a SaaS Environment21:56 Backup and Risk Scoring for SaaS Vendors22:38 Managing Vendor Risk26:12 Improving Vulnerability Management through Third Parties26:35 Navigating Incident Response in SaaS Applications34:03 Operationalizing Privacy Operations in SaaS40:50 The Importance of Collaboration in Leadership43:04 Managing Stress for Effective LeadershipSecure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.The IcebreakerThe conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin's cybersecurity culture.Life at Aston MartinRobin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin's values and brand prestige.Building a Cybersecurity CultureRobin describes how he introduced a comprehensive security program that aligns with Aston Martin's renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.Lessons LearnedThe conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.The Vision for the FutureRobin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.Impact on Customers and CommunityMarco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.Community and CollaborationSean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.Wrapping UpAs the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.The IcebreakerThe conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin's cybersecurity culture.Life at Aston MartinRobin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin's values and brand prestige.Building a Cybersecurity CultureRobin describes how he introduced a comprehensive security program that aligns with Aston Martin's renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.Lessons LearnedThe conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.The Vision for the FutureRobin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.Impact on Customers and CommunityMarco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.Community and CollaborationSean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.Wrapping UpAs the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Hosts: Adrianna Gugel, Chief Product Officer and Co-Founder, Stealth CompanyOn LinkedIn | https://www.linkedin.com/in/adriannagugel/Kayla WilliamsOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williamsTaylor ParsonsOn ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons________________________________This Episode's SponsorsAre you interested in sponsoring an ITSPmagazine Channel?

Guest: Phil Beyer, Owner, Getting Security Done, Inc.On LinkedIn | https://www.linkedin.com/in/pjbeyer/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Phil Beyer, former Head of Security at Etsy, to dive into the nuanced dynamics of interviewing for Chief Information Security Officer (CISO) roles. The discussion provides a multifaceted exploration of the CISO job market from both the employer and candidate perspectives, highlighting the evolving expectations and realities facing security leaders today.Sean and Phil engage in a candid conversation about the state of the cybersecurity job market, emphasizing the shift towards an employer's market for CISO positions. This shift has intensified the challenges faced by candidates, including navigating interviews that may reveal deeper insights into an organization's cybersecurity program and its alignment (or lack thereof) with the candidate's vision and expertise.Phil shares his experience and observations from his recent job searches, noting the complexities inherent in the process and the importance of aligning personal values and professional goals with potential roles. The episode touches on the importance of assessing the culture of potential employers and the critical role of the interviewing process in gauging fit on both sides.A significant theme of the discussion is the need for transparency and clear communication between candidates and employers, particularly regarding the current state and desired direction of the cybersecurity program. Sean and Phil highlight how the expectations set during the interview process can significantly impact the ultimate success of the chosen CISO in driving the cybersecurity strategy forward.Additionally, the episode addresses the broader implications of these hiring dynamics on the cybersecurity industry and the importance of fostering a community where shared experiences and strategies can lead to more effective leadership and program development.Listeners will gain insights into the strategic considerations necessary for both CISO candidates and hiring organizations in today's complex cybersecurity landscape, as well as the leadership and relationship-building skills crucial for success in these influential roles.Top Questions AddressedHow does the shift towards an employer's market impact CISO job candidates?What are the current challenges and complexities in the cybersecurity job market?How can candidates and organizations improve transparency and communication during the hiring process?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Phil Beyer, Owner, Getting Security Done, Inc.On LinkedIn | https://www.linkedin.com/in/pjbeyer/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Phil Beyer, former Head of Security at Etsy, to dive into the nuanced dynamics of interviewing for Chief Information Security Officer (CISO) roles. The discussion provides a multifaceted exploration of the CISO job market from both the employer and candidate perspectives, highlighting the evolving expectations and realities facing security leaders today.Sean and Phil engage in a candid conversation about the state of the cybersecurity job market, emphasizing the shift towards an employer's market for CISO positions. This shift has intensified the challenges faced by candidates, including navigating interviews that may reveal deeper insights into an organization's cybersecurity program and its alignment (or lack thereof) with the candidate's vision and expertise.Phil shares his experience and observations from his recent job searches, noting the complexities inherent in the process and the importance of aligning personal values and professional goals with potential roles. The episode touches on the importance of assessing the culture of potential employers and the critical role of the interviewing process in gauging fit on both sides.A significant theme of the discussion is the need for transparency and clear communication between candidates and employers, particularly regarding the current state and desired direction of the cybersecurity program. Sean and Phil highlight how the expectations set during the interview process can significantly impact the ultimate success of the chosen CISO in driving the cybersecurity strategy forward.Additionally, the episode addresses the broader implications of these hiring dynamics on the cybersecurity industry and the importance of fostering a community where shared experiences and strategies can lead to more effective leadership and program development.Listeners will gain insights into the strategic considerations necessary for both CISO candidates and hiring organizations in today's complex cybersecurity landscape, as well as the leadership and relationship-building skills crucial for success in these influential roles.Top Questions AddressedHow does the shift towards an employer's market impact CISO job candidates?What are the current challenges and complexities in the cybersecurity job market?How can candidates and organizations improve transparency and communication during the hiring process?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax. In this episode: Are we  seeing AI and LLM rapidly push into what was science fiction into production? What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from the real thing?  How do we keep up as security professionals? What are the security implications for this tech hitting the consumer market? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

In episode 206 of America Adapts, the podcast partnered with Battelle for their third annual Innovations in Climate Resilience Conference, ICR24. The conference took place April 22-24th in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynote speakers and attendees join the pod to share their experiences in climate adaptation and also discuss highlights from the conference. The event attracted senior level federal officials along with emerging adaptation professionals from the private sector.  The themes of the conference were resilience, mitigation and sustainability and you learn how Battelle, through the conference, is prioritizing adaptation. This is the third ICR and the first to be hosted in the nation's capital. You'll also hear from a high school student who won Battelle's Climate Challenge - the future of adaptation is in good hands. ICR24 isn't just any conference; it's a convergence of minds, bringing together environmental professionals, scientists, researchers, students, and key leaders. Experts in this Episode: Matt Vaughan - President, Applied Science & Technology at Battelle Dr. Rick Spinrad – Under Secretary of Commerce for Oceans and Atmosphere & NOAA Administrator Dina Esposito – Assistant to the Administrator for the Bureau for Resilience, Environment, and Food Security (REFS) at USAID Lauren Risi – Program Director of the Environmental Change and Security Program at the Wilson Center Matt Huddleston - Senior Data Analytics Consultant at Resilient Analytics Dr. Nadia Seeteram - Postdoctoral Research Scientist at Columbia University's Climate School Emilie Mazzacurati - Co-Founder & Managing Partner of Tailwind Taylor Dimsdale - Senior Fellow, Climate and Disaster Resilience, Fors Marsh Faith Qui - Student Check out the America Adapts Media Kit here! Subscribe to the America Adapts newsletter here. The third annual Innovations in Climate Resilience Conference (ICR24) took place on April 22-24, 2024, in Washington, DC. ICR24 WEBSITE https://www.battelle.org/conferences/conference-on-innovations-in-climate-resilience Linkedin ICR24 Web page Photos taken at ICR24 To learn about partnering with Battelle, contact Lisa Avedon. EMAIL CONTACTS ·         General email climateconf@battelle.org ·         Media inquiry contact - TR Massey masseytr@battelle.org INFORMATION DOWNLOADS ·         ICR22 on-demand: Access all proceedings, presentations, videos, and photos here ·         ICR23 on-demand: Access all proceedings, presentations, videos, and photos here Donate to America Adapts Listen to America Adapts on your favorite app here! Facebook, Linkedin and Twitter: https://www.facebook.com/americaadapts/ @usaadapts https://twitter.com/Battelle https://www.linkedin.com/in/doug-parsons-america-adapts/https://www.linkedin.com/showcase/innovations-in-climate-resilience-conference/posts/?feedView=all Links in this episode: https://www.battelle.org/conferences/conference-on-innovations-in-climate-resilience/on-demand/icr24/photo-gallery?_gl=1*1cv6v4r*_ga*MTI3MDUzMzgyNC4xNjk1MDU5MzE1*_ga_STK7503CND*MTcxNTk0NzgyMS41MS4wLjE3MTU5NDc4MjEuNjAuMC4w Donate to America Adapts Follow on Apple PodcastsFollow on Android Doug Parsons and Speaking Opportunities: If you are interested in having Doug speak at corporate and conference events, sharing his unique, expert perspective on adaptation in an entertaining and informative way, more information can be found here! Now on Spotify! List of Previous Guests on America Adapts Follow/listen to podcast on Apple Podcasts. Donate to America Adapts, we are now a tax deductible charitable organization! Federal Reserve Bank of San Francisco Strategies to Address Climate Change Risk in Low- and Moderate-income Communities - Volume 14, Issue 1https://www.frbsf.org/community-development/publications/community-development-investment-review/2019/october/strategies-to-address-climate-change-low-moderate-income-communities/ Podcasts in the Classroom – Discussion guides now available for the latest episode of America Adapts. These guides can be used by educators at all levels. Check them out here! The 10 Best Sustainability Podcasts for Environmental Business Leadershttps://us.anteagroup.com/news-events/blog/10-best-sustainability-podcasts-environmental-business-leaders The best climate change podcasts on The Climate Advisorhttp://theclimateadvisor.com/the-best-climate-change-podcasts/ 7 podcasts to learn more about climate change and how to fight ithttps://kinder.world/articles/you/7-podcasts-to-learn-more-about-climate-change-and-how-to-fight-it-19813 Directions on how to listen to America Adapts on Amazon Alexahttps://youtu.be/949R8CRpUYU America Adapts also has its own app for your listening pleasure!  Just visit the App store on Apple or Google Play on Android and search “America Adapts.” Join the climate change adaptation movement by supporting America Adapts!  Please consider supporting this podcast by donating through America Adapts fiscal sponsor, the Social Good Fund. All donations are now tax deductible! For more information on this podcast, visit the website at http://www.americaadapts.org and don't forget to subscribe to this podcast on Apple Podcasts.   Podcast Music produce by Richard Haitz Productions Write a review on Apple Podcasts ! America Adapts on Facebook!   Join the America Adapts Facebook Community Group. Check us out, we're also on YouTube! Executive Producer Dr. Jesse Keenan Subscribe to America Adapts on Apple Podcasts Doug can be contacted at americaadapts @ g mail . com

Hosts:Kayla WilliamsOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williamsTaylor ParsonsOn ITSPmagazine | https://itspmagazine.com/itspmagazine-podcast-radio-hosts/taylor-parsons________________________________This Episode's SponsorsAre you interested in sponsoring an ITSPmagazine Channel?

Part of the ongoing debate about the lawfulness of autonomy in military systems in the manner in which the technology integrates with and interacts with its human masters.  The term Meaningful Human Control (or MHC) has garnered particular relevance in this debate. Today we speak with Dr Lena Trabucco about her upcoming OpinioJuris Symposium on Military AI and the Law of Armed Conflict, co-edited with Dr Magda Packholska, on this issue, as well as her work on legal challenges associated with emerging technology more broadly.Lena is a research fellow, a visiting scholar at the Stockton Center for International Law at the US Naval War College, and research fellow at the Technology, Law and Security Program at American University College of Law and the University of Copenhagen. Her research focuses on the intersection of international law and emerging military technology, particularly autonomous weapon systems. She has multiple projects examining human control throughout an autonomous weapon system life cycle. Previously, she was a post-doctoral researcher at the Centre for Military Studies at the University of Copenhagen. Lena received a PhD in law from the University of Copenhagen and a PhD in international relations from Northwestern University.Additional resources:Opinio Juris Symposium on Military AI and the Law of Armed ConflictKevin Jon Heller, 'The Concept of 'The Human' in the Critique of Autonomous Weapons', 14 Harvard National Security Journal (2023)Magdalena Pacholska, 'Military Artificial Intelligence and the Principle of Distinction: A State Responsibility Perspective', Israel Law Review (2022), 1–21Rebecca Crootof, 'A Meaningful Floor for 'Meaningful Human Control', Temple International & Comparative Law Journal, Vol. 30, 2016Kenneth Payne's SubstackKiller Robot Cocktail Party (Lena and Brad Boyd's substack)

The war in Ukraine has evolved a huge amount since it began nearly 2 years ago, not least in terms of the equipment now being used on the front lines. This has been most starkly seen in the use of drones, as these unmanned aerial technologies are now at the forefront of reconnaissance and combat operations for both sides. Ukraine's drone industry, once chaotic and decentralised, is now one of the most significant in the world. Experts are looking to Ukraine to see how drones are being used in the war, and many see their use as the future of warfare more generally. In this episode, we speak with drone expert Federico Borsari, a Leonardo fellow at the Transatlantic Defense and Security Program at the Centre of European Policy Analysis (CEPA). His work looks at Transatlantic Defense and Security dynamics with a focus on unmanned technologies and their military implications, and he has written a number of fascinating reports on how their use in Ukraine is at the forefront of innovation in the sector. Check out insights.Kyivindependent.com for more in depth analysis of the War in Ukraine, and follow The Kyiv Independent on Twitter and Facebook, and Instagram to get latest news and to stay up to date with our coverage. You can find Message Heard on our website at messageheard.com, and follow us on Twitter, Instagram and Facebook to never miss a show. Learn more about your ad choices. Visit podcastchoices.com/adchoices

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value? Can moving red teaming upstream be more valuable to your organization? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Elizabeth Rogers, partner, sub-group leader, privacy & cybersecurity, Michael Best, and Peggy Smedley talk about the legal standards for establishing a reasonable security program. She says one of the longest serving standards in the United States is the FTC act, section 5, that requires for providing a security program that is not deceptive and not unfair. Passed originally in 1914, the lawmakers weren't thinking about cybersecurity, so today's lawmakers had to establish a reasonable security program. They also discuss: · What regulators will be focusing on and how to create a reasonable security program. · The different new ways of working and how security comes into play. · Cases that can serve as a good learning opportunity.

Dr Michael Guirguis is a Board Certified Emergency Physician with 20 years experience in emeregency medicine, pre hospital EMS, Helo, Dive, and Tactical medicine as well as being sworn LEO reserve deputy for San Bernadino Co Sheriff's Office and is a FAA licensed pilot! He is also the founder and Chief Medical Officer of Raven Medical Support Group which provides Medical Direction and Medical Control for Private Family Offices and Corporate Executive Protection Programs that perform domestic and international duties. Raven Medical Support Group also provides medical consulting for Corporate Security EP teams. RMSG will work with your entity while researching or ready to implement a medical component to your security detail. They will devise a plan, integrating your current personnel to get your Security Program able to provide Medical Support.He is also the Chief Medical Director for XPJ. XPJ is a group of elite Pararescuemen (PJ's) who provide Medical Support to Private and Corporate Executive Protection Teams.You can Dr G at https://michaelguirguismd.com or at RMSG https://ravenmedicalsupportgroup.com

In this episode of Pekingology, Freeman Chair in China Studies Jude Blanchette is joined by Emily Kilcrease, Senior Fellow and Director of the Energy, Economics, and Security Program at the Center for a New American Security to discuss her recent report entitled “No Winners in This Game: Assessing the U.S. Playbook for Sanctioning China.”  

How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris, who is the event chair for fwd:cloudsec, a known cloud security expert and one of the first AWS Heroes for security. Chris shared his insights on how to build a security strategy that is both practical and effective in today's dynamic cloud environment. From discussing the importance of AWS organizations and Identity Centre to breaking down the complexities of cloud security posture management. You will hear actionable advice and best practices. Guest Socials: Chris's Linkedin ⁠(⁠⁠⁠@chrisfarris⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions Asked: (00:00) Introduction (02:59) A bit about Chris Farris (03:30) fwd:cloudsec Conference (04:19) AWS Hero program for Cloud Security (05:23) Building Effective Cloud Security Programs (11:39) Top Recommendations for AWS Cloud Security (13:34) What is AWS IAM Identity Center? (18:02) How to Set Up AWS IAM Identity Center? (20:13) Cloud Security in different industries (29:31) The role of a Cloud Security Engineer (34:30) Cloud Security Breaches (38:02) Educational Resources in Cloud Security (42:41) The Fun Section Resources spoken about in this episode: fwd:cloudsec AWS IAM Identity Center Leveraging AWS SSO (aka Identity Center) with Google Workspaces breaches.cloud

Is Offensive Security part of your 2024 Security Roadmap? We caught up with Sam Kirkman, Director at NetSPI EMEA at BlackHat Europe 2023 about what an Offensive Security Roadmap going into 2024 should look like. Offensive security is much more than pentesting. We spoke about how to build a capable team, different maturity stages of building such a program and resources you can lean on while you are on this journey across different industries. Guest Socials: Sam's Linkedin ⁠(⁠⁠@sam-kirkman-cybersecurity) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠Cloud Security Podcast- Youtube⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (02:53)A bit about Sam Kirkman (03:53) What is offensive security? (04:52) The attack landscape (07:34) Offensive Security Roadmap (09:43) Components of Offensive Security Roadmap (11:04) Whats a good starting point? (12:55) Skillsets required in the team (16:57) Different stages of maturity (19:09) Where can people learn more about this? (22:03) Where you can connect with Sam You can learn more about NetSPI and offensive security here

Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Management at Outshift to talk about the complexities in Cloud Security, the role of GenAI and what can be items to consider for your 2024 Cloud Security Program. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠Cloud Security Podcast- Youtube⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠ Questions Asked: (00:00) Introduction (01:34) A bit about Alex (02:02) Current Cloud Security Landscape (04:43) The cloud security acronyms (08:44) Dealing with complex infrastructure (12:31) Impact of GenAI on Security (15:26) Do you have GenAi in Production? (16:55) We are all one team! (19:04) 2024 Security Program (20:39) Whats not being spoken about? (22:11) The fun section (26:00) Where you can connect with Alex!

Recently, the fifth National Climate Assessment was released by the US government. It is an interagency effort mandated by Congress to provide the scientific foundation for informed decision making about climate change for the next five years. “The report states that no part of the US is insulated from climate change impacts even if they differ geographically,” says Dr. Geoff Dabelko, professor at the Voinovich School of Leadership and Public Service at Ohio University and a senior advisor for the Environmental Change and Security Program at the Wilson Center in Washington, D. C. The Assessment says we are experiencing climate changes that are “unprecedented over thousands of years.” Although the Assessment focuses primarily on the US, it also examines climate change internationally. Dr. Dabelko was one of the authors of the International Chapter. “What happens with climate change overseas does not stay overseas,” Dabelko says. “Both impacts and international responses affect the US economically, politically, and security wise.” We cannot understand climate change in isolation, he says. Instead, we must study environmental, economic, and political connectivity to form viable solutions. The Assessment stresses three terms necessary for addressing climate change: mitigation, adaption, and resilience.

Guest: Allyn Stott, Senior Staff EngineerOn LinkedIn | https://www.linkedin.com/in/whyallyn/On Twitter | https://twitter.com/whyallynOn Mastodon | https://infosec.exchange/@whyallynAt Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#allyn-stott-42433____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________Episode NotesIn this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin engages in a thought-provoking conversation with guest Allyn Stott, a seasoned cybersecurity professional and senior staff engineer. The discussion orbits around the challenges and solutions in building a modern detection response program.Allyn shares his unique perspective on why blue teams often fail. He suggests that the failure is not due to a lack of technical skills, but rather a lack of a broader strategy and understanding of the overall detection response program. He emphasizes the importance of integrating the detection response team into broader business conversations, thereby fostering a more holistic approach to managing risk.The conversation also explores the role of threat intelligence and the need for continuous learning and adaptation in the face of evolving threats. Allyn underscores the importance of understanding the business's actual risk and aligning the detection response program accordingly.Allyn also shares his experience in creating a framework to help teams understand their current capabilities and how to evolve towards a more effective detection response program. This framework, he suggests, can help prioritize work within the program and provide a roadmap for reporting out.This episode is a treasure trove of insights for CISOs, managers, directors, and builders in the cybersecurity field. It provides a roadmap for identifying skill sets, prioritizing work within the program, and reporting out, all crucial elements in building a modern detection response program.The conversation is a blend of practical advice and philosophical musings on the nature of cybersecurity, making it a must-listen for anyone interested or practicing in the field.About Allyn's Black Hat Europe 2023 Session, 'How I Learned to Stop Worrying and Build a Modern Detection & Response Program': You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.* How worrying can be a superpower* Why blue teams fail* The framework I've developed for building a detection and response program____________________________ResourcesHow I Learned to Stop Worrying and Build a Modern Detection & Response Program: https://www.blackhat.com/eu-23/briefings/schedule/#how-i-learned-to-stop-worrying-and-build-a-modern-detection--response-program-34241A Security Newsletter with a Cute Cat: https://www.meoward.co/subscribeLearn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelBlack Hat Europe 2023 playlist:

All links and images for this episode can be found on CISO Series. Usually the buck stops with the CEO. But for a CISO, what do you do when a CEO wants to exempt themselves from your security program? Whether it's granting privileged network access or just ignoring protocols, it can put a CISO in a tough spot. So how do you deal with a leader that thinks they're above the controls you have in place? Is it enough to document your disagreement or is there anything else you can do in that position?  This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and John C. Underwood, VP, information security, Big 5 Sporting Goods. Joining me is our guest, Joshua Scott, Head of Security and IT, Postman. Thanks to our podcast sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. In this episode: For a CISO, what do you do when a CEO wants to exempt themselves from your security program? How do you deal with a leader that thinks they're above the controls you have in place? Is it enough to document your disagreement or is there anything else you can do in that position?

Recent developments in transatlantic data sharing agreements serve as a baseline for the importance of cooperation between countries in the digital age. From the new Trans-Atlantic Data Privacy Framework (TDPF) to the cybersecurity proposals before the United Nation, there are both areas of agreement and concern.To walk through some of the recent global protocols, Shane spoke with Sujit Raman about his expertise in data protection, national security, and negotiating legal agreements on behalf of the United States on many of these important policy priorities.Sujit is the Chief Legal Officer of TRM Labs, a leading blockchain and Web 3 analytics company, and a senior fellow in the Tech, Law and Security Program at American University. From 2017-2020 he served as US Associate Deputy Attorney General with responsibility for data protection, emerging technologies, and cyber-related criminal and national security investigations and prosecutions. In this capacity, he represented the United States in high-profile negotiations with the United Kingdom Australia, and the European Union, and co-led the U.S. delegation to the G6 Interior Minister's conference in Munich in 2019.

Season THREE Episode ONE of the Your Story Our Fight® podcast welcomes Shamekka Marty. In 2012, Shamekka was diagnosed with Lupus, Scleroderma, Mixed Connective Tissue Disease,Reynaud's, and Sjogren's Syndrome. Shamekka seeks to motivate others who are in the same boat as her. She speaks on various public platforms, has a blog, a vlog , provides career counseling, and more to help Lupus patients in their journey. She currently resides in the Bay Area in California with her husband and three children.