POPULARITY
Connect with Early Riders // Connect with OnrampWhy MIC Is Winner Take All (Early Riders Research)Presented collaboratively by Early Riders & Onramp Media…Final Settlement is a weekly podcast covering the underlying mechanics of the bitcoin protocol, its ongoing development and funding, and real-world applications of the technology.00:00 - Introduction and Current Events in Bitcoin03:40 - Trump's Bitcoin Treasury Announcement06:33 - Market Reactions and Implications09:42 - The Role of Institutional Investors12:43 - Risks and Challenges in Bitcoin Investments15:53 - Government Debt and Economic Policies18:47 - Chamath's Insights on Spending Bills21:52 - The Future of Bitcoin and Hard Assets24:26 - Security Risks in the Crypto Space31:29 - Navigating Risks in Bitcoin Custody33:49 - Barriers to Bitcoin Adoption39:50 - The Debate on Proof of Reserves45:44 - The Importance of Multi-Institution Custody50:16 - The Future of Financial Services with Multi-Institution CustodyIf you found this valuable, please subscribe to Early Riders Insights for access to the best content in the ecosystem weekly.Links discussed:https://www.cnbc.com/2025/05/27/djt-trump-media-bitcoin.htmlhttps://cointelegraph.com/news/american-tourist-drugged-fake-uber-driver-robbed-123k-btchttps://www.washingtonpost.com/nation/2025/05/25/bitcoin-torture-new-york-crypto/Keep up with Michael: X and LinkedInKeep up with Brian: X and LinkedInKeep up with Liam: X and LinkedIn
The Trump administration's plan to accept the luxury jet from the Qatari government, to use as Air Force One, is raising some security concerns. Ryan Vogel joins Dave and Debbie to explain some of the security risks involved with accepting this foreign gift.
keywordscybersecurity, leadership, startups, failure, vendor trust, HACKERverse, communication, investment, innovation, beginner's mindset, job search, LinkedIn, networking, AI, personal branding, cybersecurity, lifestyle polygraph, superheroes, career advice, mentorshipsummaryIn this episode of No Password Required, host Jack Clabby and co-host Kaylee Melton engage in a thought-provoking conversation with Mariana Padilla, co-founder and CEO of HACKERverse.AI. The discussion revolves around the importance of embracing failure as a learning opportunity, the role of leadership in fostering a positive work environment, and the challenges faced in the cybersecurity vendor landscape. Mariana shares her insights on the need for better communication in the industry and the importance of a beginner's mindset in driving innovation. The conversation also touches on the future of investment in cybersecurity and the necessity of rebuilding trust within the industry. In this engaging conversation, Mariana discusses the challenges of job searching in the current landscape dominated by AI and the importance of networking and personal branding. She emphasizes that building trust and connections is crucial in the cybersecurity field. The discussion transitions into a fun segment called the lifestyle polygraph, where Mariana shares her thoughts on superheroes and their relevance to personal and professional growth. The episode concludes with Mariana providing insights on how to connect with her and her work.takeawaysEmbracing failure is crucial for personal and professional growth.Leadership should focus on transparency and learning from mistakes.A beginner's mindset can lead to innovative solutions in cybersecurity.The cybersecurity industry struggles with communication and trust.Venture capital influences the direction of cybersecurity startups.Sustainable business practices are essential for long-term success.The sales process in cybersecurity needs to be more efficient.Understanding vendor interoperability is critical for security.Cybersecurity vendors must demonstrate product viability effectively.The industry must evolve to meet the rapid pace of technological change. You're competing against AI for some of these jobs.Networking is so, so, so important.The online application system has been dying for quite some time.Your personal brand matters and you have to have one.Conferences are a prime opportunity to peacock a little bit.Batman has real feelings and real demons.The correct answer is Star Trek.Margot Robbie, I really like her.You're on the fantasy cybersecurity squad.Come follow me on LinkedIn for lots of shenanigans.titlesEmbracing Failure in CybersecurityThe Importance of Leadership in StartupsInnovating with a Beginner's MindsetHACKERverse: Revolutionizing CybersecuritySound Bites"It's all about leadership and leading by example.""I think we have a gap here.""We should focus on sustainably built businesses.""It's just a bunch of nonsense.""Networking is so, so, so important.""Batman has real feelings and real demons.""The correct answer is Star Trek.""Margot Robbie, I really like her.""You're on the fantasy cybersecurity squad."Chapters 00:00 Introduction to Cybersecurity Conversations02:00 Embracing Failure as a Learning Opportunity06:02 The Role of Leadership in Startups09:00 The Value of a Beginner's Mindset11:58 Understanding HACKERverse's Mission13:59 Challenges in the Cybersecurity Vendor Landscape17:08 Shaking Up the Status Quo in Cybersecurity21:52 The Future of Investment in Cybersecurity24:36 Navigating Job Searches in the Age of AI29:35 The Importance of Personal Branding30:23 Lifestyle Polygraph: Fun and Games39:05 Superheroes and Their Lessons43:45 Connecting with Mariana: Final Thoughts
Tom and co-host Producer Drew take listeners deep into the high-stakes world of global economics, trade wars, and political theater with none other than special guest Donald Trump. As President Trump celebrates the announcement of a new, potentially game-changing trade deal with the UK, Tom and Drew rigorously break down what it really means for American exports, tariffs, and the unfolding chess match with China. The conversation doesn't pull punches, exploring not only the economic realities facing the US but also the psychological strategies behind deal-making on the world stage. Tom and Drew offer behind-the-scenes analysis of political spin, the art of negotiation, and the critical importance of international alliances in the context of escalating trade tensions. Get ready for an unvarnished exploration of geopolitics, leadership styles, and the strategies shaping the future of American business and security. SHOWNOTES00:00 – Trump's Announcement: US-UK Trade Deal Overview01:05 – Tariff Breakdown: Who Really Won?02:07 – Negotiation Psychology & Political Theater03:52 – The UK's Perspective and Global Positioning05:24 – Isolating China: The Bigger Strategic Game07:02 – Building Alliances: The Path to Outmaneuvering China09:02 – Switzerland Talks: US and China Meet, But Will Anything Change?10:13 – Economic Resilience: Comparing US and Chinese “Dry Powder”12:54 – Trade War Tactics: Currency Manipulation and Industrial Policy14:29 – Why US-China Competition is More Than Just Math16:28 – Critical Supply Chains: Chips, Drones, and Strategic Independence18:37 – Measuring Success: When Will We Know If These Deals Pay Off?20:47 – Partisan Spin and the Reality of Global Power Plays21:25 – Political Theater: Inside Congressional Testimonies and Bureaucracy23:23 – The Doge Debate: Audits, Efficiency, and Tech's Role in Government27:11 – Security Risks or Political Kabuki? The Doge Employees Controversy29:33 – Why Government Efficiency Matters & What's At Stake33:02 – Can Tech-Led Solutions Fix America's Fiscal Future? CHECK OUT OUR SPONSORS ButcherBox: Ready to level up your meals? Go to https://ButcherBox.com/impact to get $20 off your first box and FREE bacon for life with the Bilyeu Box! Vital Proteins: Get 20% off by going to https://www.vitalproteins.com and entering promo code IMPACT at check out Netsuite: Download the CFO's Guide to AI and Machine Learning at https://NetSuite.com/THEORY iTrust Capital: Use code IMPACTGO when you sign up and fund your account to get a $100 bonus at https://www.itrustcapital.com/tombilyeu Mint Mobile: If you like your money, Mint Mobile is for you. Shop plans at https://mintmobile.com/impact. DISCLAIMER: Upfront payment of $45 for 3-month 5 gigabyte plan required (equivalent to $15/mo.). New customer offer for first 3 months only, then full-price plan options available. Taxes & fees extra. See MINT MOBILE for details. What's up, everybody? It's Tom Bilyeu here: If you want my help... STARTING a business: join me here at ZERO TO FOUNDER SCALING a business: see if you qualify here. Get my battle-tested strategies and insights delivered weekly to your inbox: sign up here. ********************************************************************** If you're serious about leveling up your life, I urge you to check out my new podcast, Tom Bilyeu's Mindset Playbook —a goldmine of my most impactful episodes on mindset, business, and health. Trust me, your future self will thank you. ********************************************************************** LISTEN TO IMPACT THEORY AD FREE + BONUS EPISODES on APPLE PODCASTS: apple.co/impacttheory ********************************************************************** FOLLOW TOM: Instagram: https://www.instagram.com/tombilyeu/ Tik Tok: https://www.tiktok.com/@tombilyeu?lang=en Twitter: https://twitter.com/tombilyeu YouTube: https://www.youtube.com/@TomBilyeu Learn more about your ad choices. Visit megaphone.fm/adchoices
George Chen heads the Cloud and Application Security functions at Dyson. In this episode, he joins host Melissa O'Leary and Alina Tan, senior program manager at Dyson, to discuss recent findings regarding dashcam security risks, which Chen and Tan recently shared at Black Hat Asia, as well as sharing a breakdown of the vulnerabilities and their impact on drivers. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Jason Schwent, cybersecurity attorney at Clark Hill, addresses the growing cyber security risks facing the cannabis industry. The discussion highlights the unique vulnerabilities of cannabis businesses due to heavy regulation, reliance on third-party vendors, and challenges with payment processing. Clark Hill wrote an article on The Growing Cybersecurity Risks in the Cannabis IndustryAn attorney specializing in cyber security emphasizes the importance of due diligence when selecting vendors, particularly point-of-sale systems, and stresses the need for robust security protocols to protect sensitive customer data, including government IDs and medical information.We also explore the potential legal and financial repercussions of data breaches, including regulatory scrutiny, lawsuits, and damage to brand reputation. It concludes with recommendations for proactive measures, such as developing incident response plans, obtaining appropriate cyber security insurance, and treating cyber security compliance as an ongoing process integrated into regular business operations.Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
In this episode of 'Hashtag Trending,' host Jim Love discusses warnings from Anthropic about the security risks posed by AI virtual employees expected to integrate into corporate networks next year. The episode also explores the potential impact of recent US immigration policies on its tech leadership and global competitiveness, especially concerning Chinese and other international students. Additionally, Apple faces scrutiny for misleading AI marketing claims, leading to changes in their promotional material. The show delves into how these developments could shape the future landscape of technology and innovation. 00:00 AI Virtual Employees: Security Risks Ahead 01:52 US Tech Leadership Under Threat 03:03 Impact of US Immigration Policies on Science 04:57 China's Rise in Scientific Research 06:00 Canada's Growing Appeal for STEM Talent 07:45 Apple's Misleading AI Promotions 09:08 Conclusion and Contact Information
Navigating AI in IT Consulting: Insights from Michael Thomsen In this episode of Command Control Power, hosts welcome Michael Thomsen of Origin 84, dialing in from Australia. Michael shares critical insights into the use of AI in IT consulting. Topics range from the pros and cons of binge-listening to tech podcasts to the practical uses of AI tools like ChatGPT and Google's Gemini. Michael emphasizes the importance of balancing automation with human interaction, sharing examples of how AI can enhance efficiency, such as generating meeting summaries, handling complex client requests, and improving ticketing systems. The discussion also touches on the risks of data leakage, the necessity of well-defined policies, and the future implications of AI in both enhancing productivity and posing security challenges. 00:00 Introduction and Guest Welcome 00:36 Listener Feedback and Follow-Up 02:41 AI Tools in Daily Work 05:51 AI Integration in Business 09:08 Real-World AI Use Cases 13:52 Challenges and Best Practices with AI 23:50 AI in Education and Policy 27:22 Understanding AI Policies and Data Leakage 28:28 Balancing AI Empowerment and Security Risks 29:21 Credential Stuffing and Security Examples 30:49 Implementing Effective AI Policies 32:10 Microsoft Tools for Data Security 35:03 Challenges in Modern Security Practices 39:14 Leveraging AI for Productivity 42:09 AI in Client Communication and Ticketing 47:48 The Human Element in AI Integration 51:32 Concluding Thoughts on AI and Security
In this episode of Command Control Power, the hosts discuss several interesting and challenging situations they've encountered. They start by encouraging listeners to support them on Patreon for additional content, including unedited YouTube broadcasts. The main discussions cover a range of topics: the idea of maintaining up-to-date hardware for clients, how to strategically manage old equipment, and the peculiar case of a client getting inundated with spam emails likely as a cover for fraudulent activities involving a Best Buy purchase. They explore possible solutions and share their experiences dealing with such disruptions. Additionally, Jerry shares a humorous story about helping a client with her TV and encountering an unexpected twist with a generous tip to a technician. 00:00 Introduction and Patreon Promotion 01:38 Unedited YouTube Broadcasts 02:52 Barcelona Travel Talk 04:00 Tech Truisms and Client Discussions 06:38 Client Hardware Upgrade Policies 12:31 Unsupported Hardware Fees and Security Risks 27:45 Apple Business Manager and iCloud Issues 34:40 The Mysterious Phone Issue 35:28 Joe's Story: The Spam Attack 37:07 Understanding the Hacker's Tactics 39:28 Dealing with the Spam Flood 46:44 A Disgruntled Employee? 47:59 The Best Buy Clue 49:15 The Police Involvement 50:20 The Amateur Hacker Theory 55:27 Jerry's Funny TV Repair Story 01:02:27 Conclusion and Next Steps
Former Head of the British Secret Intelligence Service Richard Dearlove discusses the security and intelligence risks China poses and how Britain and other nations should respond to the US-China trade war. He joined Stephen Carroll on Bloomberg Daybreak Europe.See omnystudio.com/listener for privacy information.
AI applications are evolving beyond chatbots into more complex and transformative solutions, according to Marco Palladino, CTO and co-founder of Kong. In a recent episode of The New Stack Makers, he discussed the rise of AI agents, which act as "virtual employees" to enhance organizational efficiency. For instance, AI can now function as a product manager for APIs—analyzing documentation, detecting inaccuracies, and making corrections.However, reliance on AI agents brings security risks, such as data leakage and governance challenges. Organizations need observability and safeguards, but developers often resist implementing these requirements manually. As GenAI adoption matures, teams seek ways to accelerate development without rebuilding security measures repeatedly.To address these challenges, Kong introduced AI Gateway, an open-source plugin for its API Gateway. AI Gateway supports multiple AI models across providers like AWS, Microsoft, and Google, offering developers a universal API to integrate AI securely and efficiently. It also features automated retrieval-augmented generation (RAG) pipelines to minimize hallucinations.Palladino emphasized the need for consistent security in AI infrastructure, ensuring developers can focus on innovation while leveraging built-in protections.Learn more from The New Stack about Kong's AI GatewayKong: New ‘AI-Infused' Features for API Management, Dev ToolsFrom Zero to a Terraform Provider for Kong in 120 HoursJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
Today, Les, Jeffrey, and Jess unpack the fallout from the Atlantic's bombshell report on leaked Signal messages between top national security officials. The controversy erupted when Atlantic editor Jeffrey Goldberg was mistakenly added to the "Houthi PC small group" chat by National Security Advisor Mike Waltz, exposing sensitive national security discussions taking place over unsecured personal devices—including while one official was in Russia. The revelations raise serious concerns about negligence, security breaches, and the erosion of institutional discipline.What does this leak reveal about decision-making at the highest levels? Will U.S. allies lose trust in Washington's ability to protect intelligence? And with no sign of accountability or investigation, does this signal a larger breakdown in how national security is handled?Check out the answers to these questions and more in this episode of Fault Lines.Check out the sources that helped shape our Fellows' discussion: https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176/?gift=0MX4QOJ8hj9Td0f7h7prWQ6KNbodYHBJ3UBWR7do19A&utm_source=copy-link&utm_medium=social&utm_campaign=share https://www.huffpost.com/entry/pete-hegseth-sued-over-signal-text-debacle_n_67e2f9b5e4b074f0c26efadc?nurhttps://www.cbsnews.com/news/trump-envoy-steve-witkoff-signal-text-group-chat-russia-putin/# Follow our experts on Twitter: @lestermunson@NotTVJessJones Like what we're doing here? Be sure to rate, review, and subscribe. And don't forget to follow @masonnatsec on Twitter!We are also on YouTube, and watch today's episode here: https://youtu.be/6xqrFup-Z7Q Hosted on Acast. See acast.com/privacy for more information.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. William Sako is a security and risk expert. Justin and William address issues such as how security tech makes buildings smarter and safer, examples of the risk tech used in these buildings, and mistakes that risk leaders might make today. They discuss how COVID-19 has facilitated change in enhancing security measures that will be with us forever. They talk about the important role of the risk manager when designing a security plan for a building. They dig into how risk managers can lead the charge, going above and beyond check-the-box compliance. Listen to William's perspectives on risk technology, communication within an organization, and the future of building security. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! Engage Today and Embrace Tomorrow with RIMS at RISKWORLD from May 4th through May 7th in Chicago, Illinois. Register at RIMS.org/RISKWORLD. [:31] About this episode of RIMScast. We will be joined by Bill Sako of Telgian Engineering to discuss security risk management in 2025. [:58] RIMS-CRMP Workshops! As part of RIMS's continuing strategic partnership with Purima, we have a two-day course coming up on April 22nd and 23rd. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:15] Virtual Workshops! On March 26th, Pat Saporito will host “Generative AI for Risk Management”. The next course will be on June 26th. [1:29] On April 16th and 17th, Chris Hansen will lead “Managing Worker Compensation, Employer's Liability, and Employment Practices in the U.S.” [1:42] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:53] RISKWORLD registration is open. Engage Today and Embrace Tomorrow, May 4th through 7th in Chicago. Register at RIMS.org/RISKWORLD. Also, remember that there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. [2:12] These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” “Contractual Risk Transfer,” “Fundamentals of Insurance,” “Fundamentals of Risk Management,” RIMS-CRMP Exam Prep, and more! The links are in the show notes. [2:35] Our guest today, Bill Sako, is the Vice President and Senior Security Consultant at Telgian Engineering and Consulting. He has 50 years of experience in security risk management. [2:49] Bill will tell us what's keeping him up at night in security, risk management, visitor management, and workplace safety in 2025. We'll also provide tips for risk managers on how to be more of a leading voice in finding a new location, renovating it, and installing security tech. [3:15] Interview! Bill Sako, welcome back to RIMScast! [3:33] Bill got into the business of security in 1974 by starting Sako & Associates, a security consulting firm. It became the second largest in the U.S. with 28 engineers and support staff, doing every kind of security project in buildings and venues. [3:54] Sako & Associates did security projects at U.S. Embassies, F.B.I. Headquarters, super highrise buildings all over the world, large mixed-use projects, and developing multiple security programs that have to meld together in a large, complicated building. [4:20] These projects include large medical centers and college campuses around the world. A lot of its work was done with architects in corporate America when they were developing office buildings. [4:39] Sako & Associates developed over $2.2 billion in security plans over many projects. [5:33] Today's security tech is transforming buildings into smarter and safer environments through advanced sensors, AI, and connectivity. AI-powered surveillance cameras detect unusual behavior, recognize faces, and track movement in real-time. [5:58] That technology was in its infancy 10 years ago. It's come a long way and the technology is becoming rock-solid. The systems can differentiate between threats and harmless activities to reduce false alarms and help the person monitoring the system understand them. [6:18] Access control to the building and tenant spaces within the building is provided through biometric scanners, mobile-based apps, and smart card readers, with logs for digital security auditing. [6:37] Smart IoT sensors monitor temperature and air quality. They trigger alarms very quickly in case of fire, gas leak, or unauthorized entry, to keep the building occupants safe. [6:54] Automated threat response is provided through automatically locking doors, alerting authorities, and activating emergency lighting, in response to hazards and breaches. We've had this capability for 20 years, but it is being used more now. [7:27] Cloud-based surveillance allows remote monitoring by management and first responders through web access and smartphones to see the cameras in the building in real time. It's becoming a trend. [7:59] Cyber security measures, with increased connectivity, can provide solutions to protect networks from threats like hacking and data breaches to ensure physical security systems are uncompromised. [8:12] Fire response systems have been hardwired for years. Engineers are starting to implement connected capabilities for them. [8:39] Bill talks about companies paying to install cameras, but when a camera fails, not paying to replace them, leaving black monitor screens. That gave birth to predictive maintenance plans with established lifelines for any piece of equipment and budgets for replacement as needed. [9:49] All the functions of emergency management are being automated. These innovations collectively create smarter buildings that are more secure, efficient, and responsive to any potential threat. [10:40] Many times, the technology that's put into a building is assumed to be static. That's true until you make changes to the building. Then you have to update the system. [11:02] Security is a different ball game. Security is based on behaviors. The threat environment can change from hour to hour or day to day, depending on who's visiting the building and what's going on down the street. You have to have flexibility and people to operate the equipment. [11:28] The technology needs a human operator to interpret the signals and determine the right response in real time. AI and machine learning are great technologies and we're using them virtually in every piece of equipment going in. [12:09] You still need a human to be able to assess what's happening and how they're supposed to respond when multiple sensors are going off. Bill tells of a break-in when the right response was to send three armed security officers to the asset vault. The suspects were apprehended. [13:46] Bill explains some of the changes in security technology that have been incorporated as a result of COVID-19. Increased reliance on technology led to changes in security practices. Touchless access control came about as a result of COVID-19. [14:28] Occupancy management lets building owners know who is in the building and allows for the building to be evacuated safely. [14:48] With people working from home, COVID-19 led to an expansion in remote monitoring. [15:02] Visitor management is important. Healthcare facilities realize today that they have to protect their staff and patients in the building. They need screening in the lobby and must use visitor management. Automated systems make it easy. [16:28] Touchless and mobile access control will be with us forever. Bill also includes hybrid security management, AI-powered surveillance and analytics, and moving security and surveillance to the cloud provides greater capability. Your command center can be your laptop. [17:35] As security moved more into the digital domain, we figured out how to operate across networks and maintain security for all the data we have. Bill says it's rock-solid today. [17:55] Bill believes cloud-based services are the way to go for most buildings today. It gives you the capability to do everything remotely. [18:04] Data-driven decision-making will stay with us for a long time. It allows you to predict and mitigate risk on the fly. You have to train people well to know how to respond to the data. [18:26] Zero trust is a practice where no one coming into the network is trusted without proof through multi-factor identification. Even the Chairman of the Board must be verified. [19:01] Bill continues with crisis management and business continuity planning. A bullet list is not a business continuity plan. With crisis management and business continuity, you have to train people so they understand the plans. [19:24] The pandemic introduced new security practices and accelerated the modernization of legacy systems. Security includes integrating legacy systems with new systems. Command centers may have multiple disparate systems in one security management enterprise system. [20:14] Plug Time! RIMS Webinars! On Wednesday, March 26th at 2:00 p.m. Eastern Time, members of the RIMS Strategic and Enterprise Risk Management Council will extend the dialog that began in the recent RIMS Executive Report “Understanding Interconnected Risks”. [20:33] On Thursday, March 27th, Descartes Underwriting will make its RIMS Webinar debut with a session about parametric insurance. On April 3rd, join Zurich for “Understanding Third-Party Litigation Funding”. [20:47] On April 10th, Audit Board will present “What CISOs Want Risk Executives to Know About Cyber Risk in 2025”. [20:54] Following the success of their recent webinar, HUB International returns for the next installment of their Ready for Tomorrow Series, “From Defense to Prevention: Strengthening Your Liability Risk Management Approach”. That session will be on April 17th. [21:10] On April 24th, RiskConnect returns to deliver “Better Together: The Marriage of Insurable Risk and Business Continuity”. [21:18 More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [21:30] Let's Resume Our Dialogue about Security Risks with Bill Sako! [22:10] In 50 years of security work, Bill did not encounter many leaders with Risk in their titles. While all insurance is about risk, in the corporate world, only very large companies have risk officers. Everything is in its silo. Getting the silos to talk together can be a nightmare. [22:48] Typical buildings don't have risk managers. Corporate campuses may have a risk manager to manage 50 or 60 buildings. That person is strained. [23:02] When Telgian Engineering & Consulting is brought in for an audit or to develop a new system design for a client, they identify who the risk leader is, whatever title they may have. They team with the people who know the vulnerabilities and the threats of the organization. [23:47] Telgian has recommended to several clients that they should hire a risk management person on staff. In a lot of cases, they say they don't have the budget but they'll think about it for the future. At that organization, who is evaluating risk for them? [24:07] Telgian, as a consultant, takes that role for the organization while they're doing the assessment, creating detailed risk models. Then they educate the client to the extent that the client understands what the risks are and the risk mitigation techniques they could use. [24:47] Bill says the hard thing is to dig into organizations internally to find who that risk leader might be. Someone is doing it, even without the title. It might be the CEO. [25:36] In organizations with a titled risk officer, they may be siloed, in a lot of cases. That risk manager needs to understand whom to work with within the organization to address all the organization's security concerns. The siloes need to be taken down. [26:17] Telgian Engineering & Consulting has always had the responsibility to educate its clients. The clients may think they understand what security is and what the risks are, but they often have a very narrow view without seeing the big picture. [27:06] The person at the lobby reception desk of an office building is often the first line of defense. There may be security officers there. What happens when the visitor goes up the elevator? [27:38] The organization should provide security training for the lobby receptionist. They can see if a visitor is acting agitated. They can attempt to de-escalate an angry visitor. They need to be briefed on the organization's security practices, especially when they identify a threat. [29:23] When Telgian does an assessment, they don't want one point person to show them around. They want to talk to everybody who is in touch with what's going on in the organization. Receptionists are one of the primary sources of information for Telgian. [30:13] Bill says that risk leaders and officers need to find a way to become embedded in the organization and the things that are going on. The risk manager needs to be part of the security team, the facilities team, the legal team, and the IT team. [30:32] Bill has recommended to risk managers that they should set up monthly or bi-monthly meetings with the leaders of the siloes to discuss concerns and risks and how to solve those problems together. The risk manager is usually the right person to pull that team together. [31:42] Bill says identifying risks through AI on video cameras and following a visitor through the building is happening in many organizations now. This is critical for post-incident analysis. [33:07] One thing the government is great at is doing a full-blown report after an incident. That incident report winds up informing security of the risks to watch for. [33:19] On every consultation project, Bill got past reports upfront from the organization to see what the issues have been with the organization. They design security systems to meet those threats. Organizations have to do that to manage their risks properly. [33:42] Special thanks again to William Saco for joining us here on RIMScast. In this episode's show notes, I have links to more RIMS Risk Management magazine and RIMScast coverage on security risks and workplace violence preparedness and prevention. [33:59] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [34:27] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:46] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [35:03] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [35:20] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [35:34] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:41] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RISKWORLD 2025 — May 4‒7. | Register today! Nominations for the Donald M. Stuart Award [Canada] Spencer Educational Foundation — General Grants 2026 — Application Dates Spencer's RISKWORLD Events — Register or Sponsor! RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now RIMS Webinars: RIMS.org/Webinars “Understanding Interconnected Risks” | Presented by RIMS and the Strategic and Enterprise Risk Management Council | March 26, 2025 “Parametric Insurance and Climate Risk: An Innovative Tool for CAT Risk Management” | Sponsored by Descartes Underwriting | March 27, 2025 “Understanding Third-Party Litigation Funding” | Sponsored by Zurich | April 3, 2025 “What CISOs Want Risk Executives to Know About Cyber Risk in 2025” | Sponsored by Auditboard | April 10, 2025 “Ready for Tomorrow? From Defense to Prevention: Strengthening Your Liability Risk Management Approach” | Sponsored by Hub International | April 17, 2025 “Better Together: The Marriage of Insurable Risk and Business Continuity” | Sponsored by Riskonnect | April 24, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Exam Prep with PARIMA | April 22‒23 Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Generative AI for Risk Management” | March 26 and June 26 | Instructor: Pat Saporito “Managing Worker Compensation, Employer's Liability and Employment Practices in the U.S.” | April 16‒17 | Instructor: Chris Hansen See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Evolving Fire Risks with Ralph Bless” “Public Violence and Workplace Safety with Lauris Freidenfelds” “E-Commerce's Impact on Fire Safety in Supply Chains with Leonard Ramo” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Solving Wicked Problems with Dr. Gav Schneider” Sponsored RIMScast Episodes: “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog (New!) “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring Walmart ERM Director Michelle Black! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: William Sako, Vice President, Senior Security Consultant at Telgian Engineering & Consulting, LLC Production and engineering provided by Podfly.
The Last Trade // Connect with Onramp // Onramp Terminal // Tim Kotzman on X // Bram Kanstein on XThe Last Trade: a weekly, bitcoin-native podcast covering the intersection of bitcoin, tech, & finance on a macro scale. Hosted by Jackson Mikalic, Michael Tanguma, Brian Cubellis, & Tim Kotzman. Join us as we dive into what bitcoin means for how individuals & institutions save, invest, & propagate their purchasing power through time. It's not just another asset...in the digital age, it's The Last Trade that investors will ever need to make.00:00-Intro & Market Analysis06:26-Understanding Bitcoin's Asymmetrical Opportunity09:28-Public Perception and Adoption of Bitcoin12:25-Bitcoin as a Savings Technology15:27-Comparing Bitcoin and Traditional Assets18:33-The Role of Gold in the Modern Economy21:24-Bitcoin's Volatility and Market Confidence24:27-Central Banks and Bitcoin Reserves27:28-Security Risks in Digital Assets30:23-Budget Neutral Strategies for Bitcoin Acquisition46:43-Governments' Approach to Bitcoin and Strategic Reserves54:39-The Role of Insurance in Bitcoin Custody01:05:58-Future Market Movements and Bitcoin's Potential01:13:04-Outro & DisclaimerPlease subscribe to Onramp Media channels and sign up for weekly Research & Analysis to get access to the best content in the ecosystem weekly.
Cybersecurity Today: Critical IBM AIX Vulnerability and Major Browser Exploits Revealed In this episode, host Jim Love discusses pressing cybersecurity issues, including IBM's AIX operating system scoring a perfect 10 in security vulnerability, leaving critical sectors exposed to remote attacks. The episode also covers the mishandling of sensitive data by U.S. government agencies amid rapid layoffs, the viral exposure of dangerous browser exploits by YouTuber Matt Johansson, and the removal of over 300 malicious Android apps from the Google Play Store. Key recommendations for protecting against these threats are provided. 00:00 Introduction to Cybersecurity News 00:26 IBM AIX Vulnerabilities Exposed 02:12 Government Layoffs and Security Risks 04:02 Browser Exploits and Malicious Extensions 06:39 Malicious Android Apps on Google Play 08:45 Conclusion and Upcoming Topics
Oron Noah of Wiz outlines how organizations evolve their security practices to address new vulnerabilities in AI systems through improved visibility, risk assessment, and pipeline protection.Topics Include:Introduction of Oron Noah, VP at Wiz.Wiz: largest private service security company.$1.9 billion raised from leading VCs.45% of Fortune 100 use Wiz.Wiz scans 60+ Amazon native services.Cloud introduced visibility challenges.Cloud created risk prioritization issues.Security ownership shifted from CISOs to everyone.Wiz offers a unified security platform.Three pillars: Wiz Cloud, Code, and Defend.Wiz democratizes cloud security for all teams.Security Graph uses Amazon Neptune.Wiz has 150+ available integrations.Risk analysis connects to cloud environments.Wiz identifies critical attack paths.AI assists in security graph searches.AI helps with remediation scripts.AI introduces new security challenges.70% of customers already use AI services.AI security requires visibility, risk assessment, pipeline protection.AI introduces risks like prompt injection.Data poisoning can manipulate AI results.Model vulnerabilities create attack vectors.AI Security Posture Management (ASPM) introduced.Four key questions for AI security.AI pipelines resemble traditional cloud infrastructure.Wiz researchers found real AI security vulnerabilities.Wiz AI ASPM provides agentless visibility.Supports major AI services (AWS, OpenAI, etc.).Built-in rules detect AI service misconfigurations.Participants:Oron Noah – VP Product Extensibility & Partnerships, WizSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/
This episode also covers recent ransomware as a service (RaaS) trends, including the rise of SpearWing and Akira groups, advanced ransomware techniques exploiting IoT vulnerabilities, and issues with the ESP32 microcontroller's hidden commands. Additionally, Signal President Meredith Whitaker warns about privacy risks in agentic AI systems. Tune in for in-depth cybersecurity updates and more. 00:00 The Talk: Supporting Our Podcast 01:37 Cybersecurity Today: Ransomware as a Service 04:57 Akira Ransomware: Exploiting IoT Devices 06:50 ESP32 Microcontroller Vulnerabilities 08:21 AI Agents: Privacy and Security Risks 09:56 Conclusion and Contact Information
Understanding Insider Threats in Cybersecurity with Eran Barak Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from innocent mistakes to malicious actors, and how companies can effectively protect their sensitive data. Learn about data loss prevention strategies, the impact of remote work, and the role of AI in enhancing data security. Get insights on practical steps that CISOs can take to mitigate risks and safeguard their organization's crown jewels. 00:00 Introduction and Guest Welcome 00:10 Understanding Insider Threats 01:20 Types of Insider Threats 02:18 Monitoring and Preventing Data Leaks 03:37 Remote Work and Security Risks 06:03 Access Control and Permissions 08:41 Real-World Scenarios and Solutions 21:20 The Role of AI in Data Security 34:53 Final Thoughts and Conclusion
AI Security in High-Risk Sectors In a recent conversation, Alec and I dove into the critical role of AI security, especially in high-risk sectors like healthcare and banking. Alec stressed that AI must be secure and aligned with business strategies while ensuring governance, risk management, regulatory compliance, and cybersecurity remain top priorities. I couldn't agree more—AI in the wrong hands or without proper safeguards is a ticking time bomb. Sensitive data needs protection, and businesses must stay ahead of evolving regulations. We also touched on the growing need for private AI solutions, given the rising threats of cyberattacks like prompt injections. Cybersecurity and AI in Organizations Our discussion expanded into cybersecurity and AI adoption within organizations. Unvetted AI solutions pose significant risks, making internal development and continuous monitoring essential. Alec's company, Artificial Intelligence Risk, Inc., deploys private AI within clients' firewalls, reinforcing security through governance and compliance measures. One key takeaway? Awareness is everything. Many organizations jump into AI without securing their systems first. I was particularly interested in the “aha moments” Alec's clients experience when they see AI-driven security solutions in action. AI Governance and Confidentiality Concerns Alec shared a governance issue where a company implemented Microsoft Copilot—only to discover it unintentionally exposed confidential employee data. This highlighted a major concern: AI needs strict guardrails. Alec advocated for a “belt and suspenders” approach—limiting system access, assigning AI agents to specific groups, and avoiding over-reliance on super users who could inadvertently misuse AI. The lesson? AI governance isn't optional; it's a necessity. AI Applications in Call Centers AI's potential spans across industries, and call centers are a prime example. Alec described a client who leveraged AI to analyze 150,000 call transcripts, leading to a 30% reduction in call length and an additional 30% drop in overall call volume—all thanks to AI-driven website improvements. Beyond customer service, AI is making waves in investment research, analyzing earnings calls and regulatory filings. I even shared a fun hypothetical—using AI to predict the Toronto Blue Jays' performance—proving that AI's applications go beyond business into fields like sports analytics. AI Adoption, Security, and Privacy Wrapping up, Alec and I discussed the double-edged sword of AI adoption. While AI presents massive opportunities, it also comes with security, ethical, and privacy risks. Alec emphasized the need for strong leadership in AI implementation, ensuring data quality remains a top priority. I pointed out that the fear of missing out (FOMO) on AI can lead companies to make reckless decisions—often at the cost of security. Alec's company specializes in AI security solutions that safeguard against data breaches and attacks on Large Language Models, reinforcing the importance of a strategic, security-first approach to AI adoption. Alec Crawford is Founder & CEO of Artificial Intelligence Risk, Inc., a company that accelerates enterprise Gen AI adoption - safely. He has been working with AI since the 1980's when he built neutral networks from scratch for his Harvard senior thesis. He is a thought leader for Gen AI with a blog at aicrisk.com and podcast called AI Risk Reward. He has more than 30 years of experience on Wall Street with his last role being Partner and Chief Risk Officer for Investments at Lord Abbett. linkedin.com/in/aleccrawford Our Story Dedicated to shaping the future. At AI Risk, Inc., we are dedicated to shaping the future of AI governance, risk management, and compliance. With AI poised to become a cornerstone of business operations, we recognize the need for software solutions that ensure its safety, reliability, and regulatory adherence. Learn more Our Journey Founded in response to the burgeoning adoption of AI without proper safeguards, AI Risk, Inc. seeks to pioneer a new era of responsible AI usage. Our platform, AIR GRCC, empowers companies to manage AI effectively, mitigating risks and ensuring regulatory compliance across all AI models. Why Choose AI Risk, Inc.? Comprehensive Solutions: We offer an all-encompassing platform for AI governance, risk management, regulatory compliance, and cybersecurity. Expertise: With extensive experience across industries and global regulations, we provide tailored solutions to meet diverse business needs. Futureproofing: As AI regulations evolve, our platform remains updated and adaptable, ensuring businesses stay ahead of compliance requirements. Cybersecurity Focus: Recognizing the unique challenges of AI cybersecurity, we provide cutting-edge solutions to protect against threats and ensure data integrity. Get Started with AI Risk, Inc. Whether you're a large corporation or a budding startup, AI Risk, Inc. is your partner in navigating the complexities of AI implementation securely and responsibly. Join us in shaping a future where AI drives innovation without compromising integrity or security.
In this episode of the Risk Management Show podcast, we explore AI Security Risks and what every risk manager must know. Dr. Peter Garraghan, CEO and co-founder of Mind Guard and a professor of computer science at Lancaster University, shares his expertise on managing the evolving threat landscape in AI. With over €11M in research funding and 60+ published papers, he reveals why traditional cybersecurity tools often fail to address AI-specific vulnerabilities and how organizations can safely adopt AI while mitigating risks. We discuss AI's role in Risk Management, Cyber Security, and Sustainability, and provide actionable insights for Chief Risk Officers and compliance professionals. Dr. Garraghan outlines practical steps for minimizing risks, aligning AI with regulatory frameworks like GDPR, and leveraging tools like ISO 42001 and the EU AI Act. He also breaks down misconceptions about AI and its potential impact on businesses and society. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Inquiry." Don't miss this essential conversation for anyone navigating AI and risk management!
Kevin Szczepanski and Bob Buda, one of the first-ever certified Oracle database administrators, dive into database design, security, and management. To frame the conversation, Bob asks a hypothetical CEO this question: “What percentage of your annual salary would you wager that your data is totally secure?” He provides background about database design and the critical need for data security. Bob and Kevin also discuss the significance of selecting valuable use cases for AI implementation within businesses of all sizes and the need for comprehensive security measures, including the concept of zero trust. Listen in for the full conversation.
Stewart Alsop sat down with Nick Ludwig, the creator of Kibitz and lead developer at Hyperware, to talk about the evolution of AI-powered coding, the rise of agentic software development, and the security challenges that come with giving AI more autonomy. They explored the power of Claude MCP servers, the potential for AI to manage entire development workflows, and what it means to have swarms of digital agents handling tasks across business and personal life. If you're curious to dive deeper, check out Nick's work on Kibitz and Hyperware, and follow him on Twitter at @Nick1udwig (with a ‘1' instead of an ‘L').Check out this GPT we trained on the conversation!Timestamps00:00 Introduction to the Crazy Wisdom Podcast00:52 Nick Ludwig's Journey with Cloud MCP Servers04:17 The Evolution of Coding with AI07:23 Challenges and Solutions in AI-Assisted Coding17:53 Security Implications of AI Agents27:34 Containerization for Safe Agent Operations29:07 Cold Wallets and Agent Security29:55 Agents and Financial Transactions33:29 Integrating APIs with Agents36:43 Discovering and Using Libraries43:19 Understanding MCP Servers47:41 Future of Agents in Business and Personal Life54:29 Educational and Medical Revolutions with AI56:36 Conclusion and Contact InformationKey InsightsAI is shifting software development from writing code to managing intelligent agents. Nick Ludwig emphasized how modern AI tools, particularly MCP servers, are enabling developers to transition from manually coding to overseeing AI-driven development. The ultimate goal is for AI to handle the bulk of programming while developers focus on high-level problem-solving and system design.Agentic software is the next frontier of automation. The discussion highlighted how AI agents, especially those using MCP servers, are moving beyond simple chatbots to autonomous digital workers capable of executing complex, multi-step tasks. These agents will soon be able to operate independently for extended periods, executing high-level commands rather than requiring constant human oversight.Security remains a major challenge with AI-driven tools. One of the biggest risks with AI-powered automation is security, particularly regarding prompt injection attacks and unintended system modifications. Ludwig pointed out that giving AI access to command-line functions, file systems, and financial accounts requires careful sandboxing and permissions to prevent catastrophic errors or exploitation.Containerization will be critical for safe AI execution. Ludwig proposed that solutions like Docker and other containerization technologies can provide a secure environment where AI agents can operate freely without endangering core systems. By restricting AI's ability to modify critical files and limiting its spending permissions, businesses can safely integrate autonomous agents into their workflows.The future of AI is deeply tied to education. AI has the potential to revolutionize learning by providing real-time, personalized tutoring. Ludwig noted that LLMs have already changed how people learn to code, making complex programming more accessible to beginners. This concept can be extended to broader education, where AI-powered tutors could replace traditional classroom models with highly adaptive learning experiences.AI-driven businesses will operate at unprecedented efficiency. The conversation explored how companies will soon leverage AI agents to handle research, automate customer service, generate content, and even manage finances. Businesses that successfully integrate AI-powered workflows will have a significant competitive edge in speed, cost reduction, and adaptability.We are on the verge of an "intelligence explosion" in both AI and human capabilities. While some fear AI advancements will outpace human control, Ludwig argued that AI will also dramatically enhance human intelligence. By offloading cognitive burdens, AI will allow people to focus on creativity, strategy, and high-level decision-making, potentially leading to an era of rapid innovation and problem-solving across all industries.
In this episode of AI + a16z, a trio of security experts join a16z partner Joel de la Garza to discuss the security implications of the DeepSeek reasoning model that made waves recently. It's three separate discussions, focusing on different aspects of DeepSeek and the fast-moving world of generative AI.The first segment, with Ian Webster of Promptfoo, focuses on vulnerabilities within DeepSeek itself, and how users can protect themselves against backdoors, jailbreaks, and censorship. The second segment, with Dylan Ayrey of Truffle Security, focuses on the advent of AI-generated code and how developers and security teams can ensure it's safe. As Dylan explains, many problem lie in how the underlying models were trained and how their security alignment was carried out.The final segment features Brian Long of Adaptive, who highlights a growing list of risk vectors for deepfakes and other threats that generative AI can exacerbate. In his view, it's up to individuals and organizations to keep sharp about what's possible — while the the arms race between hackers and white-hat AI agents kicks into gear.Learn more: What Are the Security Risks of Deploying DeepSeek-R1?Research finds 12,000 ‘Live' API Keys and Passwords in DeepSeek's Training DataFollow everybody on social media:Ian WebsterDylan AyreyBrian LongJoel de la Garza Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
In our latest Electronic Specifier Insights podcast, Managing Editor Paige West speaks to Gianni Cuozzo, Founder and CEO of Exein, about the latest trends on Chinese EVs and potential security risks.
Steve Satterwhite On Cyber is a Cybercrime Magazine Podcast series brought to you by Entelligence. In this episode, Steve Satterwhite, founder and CEO at Entelligence, joins host Scott Schober and M.K. Palmore, Director at Google Cloud's Office of the CISO, to discuss some of the biggest challenges that CISOs and security leaders are faced with today. An industry leader in delivering affordable, high value professional services to security-conscious enterprise and government organizations worldwide, Entelligence addresses the cyber skills gap by working as a seamless extension of each customer's organization, providing a set of customized services that include security readiness assessments, quick-start solution deployments, and longer-term resident expert engagements. Learn more about our sponsor at https://entelligence.com
In this episode, we break down the chaos at the National Nuclear Security Administration, where mass firings put U.S. nuclear safety at risk, and the tragic story of a young girl driven to suicide after classmates threatened to call ICE. Plus, AOC takes on immigration hardliners without backing down. https://www.msnbc.com/opinion/msnbc-opinion/elon-musk-doge-nuclear-safety-weapons-danger-rcna192661 https://wearemitu.com/wearemitu/news/ice-threats-texas-middle-school-suicide/ https://www.msnbc.com/opinion/msnbc-opinion/aoc-tom-homan-immigration-deportation-latino-voters-rcna192616See omnystudio.com/listener for privacy information.
Jack Martin chats with David Duley, founder of PlanGap, about how advisors can navigate the ever-shifting landscape of Social Security. The post Beyond Optimization: The New Social Security Risks (and How to Solve Them) (Ep. 82) first appeared on Simplicity InsurMark.
Social Security benefits could face cuts by 2034, potentially affecting retirement and income plans. With the uncertainty surrounding Social Security, Certified Financial Planner Mike Douglas explains that planning for alternative income streams such as annuities is crucial. Mike brings up the example of laddered annuities, which when carefully chosen, can offer protection against benefit reductions and provide stability for unforeseen circumstances. He discusses why diversifying your income streams helps maintain your lifestyle even if Social Security benefits are reduced. Schedule your complimentary appointment today: MichigansRetirementCoach.com Follow us on social media: YouTube | Facebook | Instagram | LinkedInSee omnystudio.com/listener for privacy information.
This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur talk hector's much-needed vacation in the rainforest, and onto the major cybersecurity stories they missed while away. They discuss the recent pardon of Ross Ulbricht, second chances in life, and the complexities of law enforcement and the justice system. The conversation covers everything from insider threats, corporate security risks, personal attack surface reduction and even a recent high-profile crypto kidnapping. Send HATF your questions at questions@hackerandthefed.com.
The episode highlights the fallout of DeepSeek, an open-source large language model that has gained traction for its cost-effectiveness and performance. Microsoft has integrated DeepSeek's R1 model into its Azure AI foundry and GitHub, while businesses like ZoomInfo report substantial cost reductions by switching from OpenAI's models to R1. However, the rise of DeepSeek raises concerns about data privacy, bias, and security, particularly given its reported vulnerabilities and the influence of the Chinese government.Sobel also covers the U.S. Copyright Office's recent clarification regarding AI-generated content, stating that such content can receive copyright protection if a human significantly contributes to or modifies it. This announcement aims to address the legal gray areas surrounding AI and copyright, providing clearer guidelines for IT service providers and content creators. The episode emphasizes the importance of human creativity in copyright law while acknowledging that the subjective nature of "significant human involvement" could still lead to legal disputes.In addition to copyright issues, the episode discusses Super Ops' successful $25 million Series C funding round, which positions the company to enter the direct IT market with an AI-powered endpoint management tool. This move reflects a broader trend in the IT service market toward automation-first solutions, as companies like Super Ops and Syncro seek to enhance operational efficiency. Sobel advises IT leaders to remain cautious about efficiency claims and to evaluate real-world performance before adopting new technologies.Finally, the episode delves into the ethical implications of data usage in AI development, particularly in light of OpenAI's allegations against DeepSeek for potentially misusing its API. Sobel critiques the hypocrisy of OpenAI's outrage over data theft, given its own history of data collection practices. The discussion raises fundamental questions about the future of AI development, the legal frameworks governing it, and the potential for commoditized AI models to benefit both service providers and customers. As the landscape evolves, Sobel encourages listeners to stay informed and engaged with these critical issues. Four things to know today 00:00 Cheap AI Comes at a Price: DeepSeek's Rise Sparks Security and Bias Concerns04:31 AI Can Be Copyrighted—As Long As a Human Puts in the Work, Says U.S. Copyright Office07:32 SuperOps Lands $25M—And a Spot in the Direct IT Market With AI in Tow09:01 AI's Ultimate Irony: OpenAI Furious Over Data Theft… After Doing the Same? Supported by: https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
The Supreme Court refused to rescue TikTok on Friday from a law that required the short-video app to be sold by its Chinese parent company ByteDance or banned on Sunday in the United States on national security grounds. President-Donald Trump said today he spoke with Chinese leader Xi Jinping about the matter.South Dakota Gov. Kristi Noem, Donald Trump's pick to lead the Department of Homeland Security, faced senators at confirmation hearing. In her opening remarks, Noem said Americans felt less safe in their own country and vowed that "President-elect Trump is going to change that."President Joe Biden announced he has ratified the Equal Rights Amendment (ERA), despite the U.S. archivist recently saying the president could not ratify the constitutional amendment.
In this episode of Crazy Wisdom, Stewart Alsop welcomes Christopher Canal, co-founder of Equistamp, for a deep discussion on the current state of AI evaluations (evals), the rise of agents, and the safety challenges surrounding large language models (LLMs). Christopher breaks down how LLMs function, the significance of scaffolding for AI agents, and the complexities of running evals without data leakage. The conversation covers the risks associated with AI agents being used for malicious purposes, the performance limitations of long time horizon tasks, and the murky realm of interpretability in neural networks. Additionally, Christopher shares how Equistamp aims to offer third-party evaluations to combat principal-agent dilemmas in the industry. For more about Equistamp's work, visit Equistamp.com to explore their evaluation tools and consulting services tailored for AI and safety innovation.Check out this GPT we trained on the conversation!Timestamps00:00 Introduction and Guest Welcome00:13 The Importance of Evals in AI01:32 Understanding AI Agents04:02 Challenges and Risks of AI Agents07:56 Future of AI Models and Competence16:39 The Concept of Consciousness in AI19:33 Current State of Evals and Data Leakage24:30 Defining Competence in AI31:26 Equistamp and AI Safety42:12 Conclusion and Contact InformationKey InsightsThe Importance of Evals in AI Development: Christopher Canal emphasizes that evaluations (evals) are crucial for measuring AI models' capabilities and potential risks. He highlights the uncertainty surrounding AI's trajectory and the need to accurately assess when AI systems outperform humans at specific tasks to guide responsible adoption. Without robust evals, companies risk overestimating AI's competence due to data leakage and flawed benchmarks.The Role of Scaffolding in AI Agents: The conversation distinguishes between large language models (LLMs) and agents, with Christopher defining agents as systems operating within a feedback loop to interact with the world in real time. Scaffolding—frameworks that guide how an AI interprets and responds to information—plays a critical role in transforming static models into agents that can autonomously perform complex tasks. He underscores how effective scaffolding can future-proof systems by enabling quick adaptation to new, more capable models.The Long Tail Challenge in AI Competence: AI agents often struggle with tasks that have long time horizons, involving many steps and branching decisions, such as debugging or optimizing machine learning models. Christopher points out that models tend to break down or lose coherence during extended processes, a limitation that current research aims to address with upcoming iterations like GPT-4.5 and beyond. He speculates that incorporating real-world physics and embodied experiences into training data could improve long-term task performance.Ethical Concerns with AI Applications: Equistamp takes a firm stance on avoiding projects that conflict with its core values, such as developing AI models for exploitative applications like parasocial relationship services or scams. Christopher shares concerns about how easily AI agents could be weaponized for fraudulent activities, highlighting the need for regulations and more transparent oversight to mitigate misuse.Data Privacy and Security Risks in LLMs: The episode sheds light on the vulnerabilities of large language models, including shared cache issues that could leak sensitive information between different users. Christopher references a recent paper that exposed how timing attacks can identify whether a response was generated by hitting the cache or computing from scratch, demonstrating potential security flaws in API-based models that could compromise user data.The Principal-Agent Dilemma in AI Evaluation: Stewart and Christopher discuss the conflict of interest inherent in companies conducting their own evals to showcase their models' performance. Christopher explains that third-party evaluations are essential for unbiased assessments. Without external audits, organizations may inflate claims about their models' capabilities, reinforcing the need for independent oversight in the AI industry.Equistamp's Mission and Approach: Equistamp aims to fill a critical gap in the AI ecosystem by providing independent, safety-oriented evaluations and consulting services. Christopher outlines their approach of creating customized evaluation frameworks that compare AI performance against human baselines, helping clients make informed decisions about deploying AI systems. By prioritizing transparency and safety, Equistamp hopes to set a new standard for accountability in the rapidly evolving AI landscape.
The conversation discusses the recent data breach targeting the customers of cloud storage firm Snowflake. The breach has resulted in hundreds of customer passwords being found online, potentially exposing millions of accounts. The conversation highlights the ease of access to hacking tools and the importance of using multi-factor authentication to protect against such breaches. It also raises concerns about the security of cloud infrastructure and the need for organizations to improve their security measures. The conversation concludes with a discussion on the passwordless future and the potential challenges it may bring. Please LISTEN
In this crucial episode of CISO Tradecraft, host G Mark Hardy delves into the urgent topic of the 'Salt Typhoon' threat, with insights from experts Adam Isles and Andreas Kurland from the Chertoff Group. The episode covers the implications for corporate security using SMS text messages when Chinese actors are breaking into major telecommunication entities. The conversation focuses on encryption, secure communications, and measures to mitigate risks from vulnerabilities in telecommunications infrastructure. The discussion includes practical steps for securing messaging, voice calls, virtual meetings, and emails. Learn actionable strategies to bolster your organization's cybersecurity posture and ensure robust defense against sophisticated state-level cyber threats. Thank you to our sponsor Threat Locker https://www.threatlocker.com/pages/essential-eight-fast-track?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=essential-eight_q4_24&utm_content=essential-eight&utm_term=podcast Link to recommendations: https://chertoffgroup.com/end-to-end-encryption-is-essential/ Transcripts https://docs.google.com/document/d/13NKPUBU3c-qYQtX18NR08oYVRSSnHD_a Chapters: 00:00 Introduction to Salt Typhoon 01:31 Meet the Experts: Adam Isles and Andreas Kurland 02:03 Understanding the Salt Typhoon Threat 04:49 Telecommunications and Security Risks 07:37 Messaging Security: Risks and Recommendations 20:14 Voice Communication Security 28:44 Securing Virtual Meetings 34:45 Email Security: Challenges and Solutions 41:35 Conclusion and Contact Information
TJ Sayers, cybersecurity expert with the Center for Internet Security, joins us to explore the security concerns around AI and, specifically, large language models. From integrating AI and LLMs into workflows, safeguarding sensitive data with techniques like anonymization and tokenization, to navigating security risks and privacy concerns, we discuss practical strategies to mitigate AI risks. We also examine AI's role in national defense, and we address the growing challenge of verifying the authenticity of content in an AI-driven information age.
Send us a textNate Lee discusses his transition from a CISO role to fractional CISO work, emphasizing the importance of variety and exposure in his career. He delves into the rise of AI, particularly large language models (LLMs), and the associated security concerns, including prompt injection risks. Nate highlights the critical role of orchestrators in managing AI interactions and the need for security practitioners to adapt to the evolving landscape. He shares insights from his 20 years in cybersecurity and offers recommendations for practitioners to engage with AI responsibly and effectively.TakeawaysNate transitioned to fractional CISO work for variety and exposure.Prompt injection is a major vulnerability in LLM systems.Orchestrators are essential for managing AI interactions securely.Security practitioners must understand how LLMs work to mitigate risks.Nate emphasizes the importance of human oversight in AI systems.Link to Nate's research with the Cloud Security Alliance.The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Join us in the latest episode of "Altitude," where host Jason Gervickas sits down with Sarmed Faraj, Security Consultant Manager at Accenture and Aviatrix Certified Engineer (ACE), to delve into the dynamic realm of network security and the significant impact of AI on cloud security. With a robust background in both civil engineering and computer science, Sarmed has transitioned seamlessly into IT, establishing himself as a leader in security and consulting.Together, Jason and Sarmed tackle the complex challenges enterprises face today in multicloud and hybrid environments, including the limitations of traditional firewalls, lack of visibility and control, challenges with hybrid connectivity, and the growing demand for real-time data processing. Additionally, Sarmed discusses the instrumental role of Aviatrix in streamlining network management, bolstering security, and driving cost efficiency.Sarmed also discusses the role of AI in networking and security, addressing common skepticism and drawing parallels between its evolutionary path and that of the internet. Emphasizing the critical need for AI investments, Sarmed states that companies hesitant to adopt these technologies will struggle to remain competitive in the coming years.This episode is essential for professionals looking to understand the current and future landscapes of network security and how AI continues to shape this industry.Learn More: Discover how Aviatrix Secure High-Performance Datacenter Edge can help you securely connect your data centers to the cloud with optimal performance and simplicity here. Get Multicloud Certified: Advance in your career and get multicloud certified through the Aviatrix Certified Engineer (ACE) Program here. Connect with Sarmed: Learn more about Sarmed's background and connect with him on LinkedIn here. Timestamped Overview:00:00 Intro01:36 Majored in computer science after preferring coding.05:14 Accenture's impressive leadership and consulting support.06:48 On-site training and supportive, engaging leadership.10:42 Replacing NAT gateways for cost savings.14:34 Issue with AVN threads causing connectivity problems.17:58 Firewalls struggle with cloud security dynamics.19:07 Troubleshooting firewall issues with AI assistance.25:31 Secure egress traffic and reduce NAT costs.27:11 Accenture uses AI for security threat detection.31:58 AI needs regulation to prevent misuse and hacking.
How CI/CD Tools can expose your Code to Security Risks? In this episode, we're joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments. Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks. Guest Socials: Mike's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introductions (01:56) A word from episode sponsor - ThreatLocker (02:31) A bit about Mike Ruth (03:08) SDLC in 2024 (08:05) Mitigating Challenges in SDLC (09:10) What is Buildkite? (10:11) Challenges observed with Buildkite (12:30) How Terraform works in the SDLC (15:41) Where to start with these CICD tools? (18:55) Threat Detection in CICD Pipelines (21:31) Building defensive libraries (23:58) Scaling solutions across multiple repositories (25:46) The Fun Questions Resources mentioned during the call: GitHub Actions Terraform Buildkite Mike's BSidesSF Talk
It's Week D. Do you know where your preview updates are? Windows 11 Windows 11 version 22H2/23H2 get the same update Windows 11 version 24H2 gets a different update, but at least it's on time Beta: Media controls on the Lock screen, more Windows security update borks small number of Linux bootloaders, is perfect example of misplaced and faux outrage Right-click doesn't work correctly with Windows and a touchpad. It's not you M$FT Microsoft took Paul's advice. Instead of just blaming the EU, it's holding a security summit with CrowdStrike and other partners to solve the problems highlighted by the botched update outage. (Which it said it would do back in July.) Microsoft shuffles the decks below its three primary business units Microsoft: It's all about transparency! Paul: Nope Hardware Lenovo ThinkPad T14s is the best business-class Snapdragon X Copilot+ PC yet ThinkPad X12 Detachable Gen 2 is the last gasp of the Surface Pro-alikes Paul got a Pixel 9 Pro XL - Eerily iPhone Pro-like design, crazy AI features - The combination of hardware and software here is nuts Pixel 9 series is shipping with Android 14. Google planned to ship Android 14 earlier than ever before this year. Users with Pixel 9 series phones can enroll in Android 15 Beta now. But Android 15 was quietly delayed to October, the normal release time frame Mark Gurman leaks all the iPhone 16 things Apple announces launch event Some navel-gazing about Apple's place in our lives Magic of Software Microsoft announces Loop 2.0 on Twitter, no one has it yet LibreOffice is now native on Windows on Arm! Google Essentials app will be bundled with some new PCs, starting with HP Proton Drive for Business now available standalone, and with sale pricing (and more storage) Brave gets major privacy updates on desktop and mobile Apple makes further DMA concessions, will let iPhone users change default apps for phone, messaging, more Threads is testing posts that are as ephemeral as your facts Paid version of Alexa will allegedly launch in October Google Meet gets auto PIP for all and AI meeting notes for some Xbox Xbox August Update starts rolling out with those new Discord features Raven labor union files complaint against Microsoft Microsoft brings Xbox Cloud Gaming to more Fire TV devices Tips and Picks Tip of the week: You can still upgrade to 24H2 right now App pick of the week: Win11Debloat RunAs Radio this week: The Security Risks of AI with Steve Poole Brown liquor pick of the week: Mosgaard Moscatel Single Malt Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: bigid.com/windowsweekly e-e.com/twit 1password.com/windowsweekly Melissa.com/twit
In the inaugural episode of IT SPARC Cast, John Barger and Lou Schmidt dive into the latest happenings in the IT world with a mix of insights and a touch of humor. Starring John Barger and Lou Schmidt Support the show on Patreon by becoming a supporter!
In the inaugural episode of IT SPARC Cast, John Barger and Lou Schmidt dive into the latest happenings in the IT world with a mix of insights and a touch of humor.Starring John Barger and Lou Schmidt
Episode 3755: High Ranking Officials Fear Security Risks As Biden Mentally Declines