Podcasts about Security Strategy

Red models associated with AI technologies highlight real-world vulnerabilities and the importance of proactive security measures. It is vital to educate users about how to explore the challenges and keep AI systems secure. Today's guest is Dr. Aditya Sood. Dr. Sood is the VP of Security Engineering and AI Strategy at Aryaka and is a security practitioner, researcher, and consultant with more than 16 years of experience. He obtained his PhD in computer science from Michigan State University and has authored several papers for various magazines and journals. In this conversation, he will shed light on AI-driven threats, supply chain risks, and practical ways organizations can stay protected in an ever-changing environment. Get ready to learn how the latest innovations and evolving attack surfaces affect everyone from large companies to everyday users, and why a proactive mindset is key to staying ahead. Show Notes: [01:02] Dr. Sood has been working in the security industry for the last 17 years. He has a PhD from Michigan State University. Prior to Aryaka, he was a Senior Director of Threat Research and Security Strategy for the Office of the CTO at F5. [02:57] We discuss how security issues with AI are on the rise because of the recent popularity and increased use of AI. [04:18] The large amounts of data are convoluting how things are understood, the complexity is rising, and the threat model is changing. [05:14] We talk about the different AI attacks that are being encountered and how AI can be used to defend against these attacks. [06:00] Pre-trained models can contain vulnerabilities. [07:01] AI drift or model or concept drift is when data in the training sets is not updated. The data can be used in a different way. AI hallucinations also can create false output. [08:46] Dr. Sood explains several types of attacks that malicious actors are using. [10:07] Prompt injections are also a risk. [12:13] We learn about the injection mapping strategy. [13:54] We discuss the possibilities of using AI as a tool to bypass its own guardrails. [15:18] It's an arms race using AI to attack Ai and using AI to secure AI. [16:01] We discuss AI workload analysis. This helps to understand the way AI processes. This helps see the authorization boundary and the security controls that need to be enforced. [17:48] Being aware of the shadow AI running in the background. [19:38] Challenges around corporations having the right security people in place to understand and fight vulnerabilities. [20:55] There is risk with the data going to the cloud through the LLM interface. [21:47] Dr. Sood breaks down the concept of shadow AI. [23:50] There are also risks for consumers using AI. [29:39] The concept of Black Box AI models and bias being built into the particular AI. [33:45] The issue of the ground set of truth and how the models are trained. [37:09] It's a balancing act when thinking about the ground set of truth for data. [39:08] Dr. Sood shares an example from when he was researching for his book. [39:51] Using the push and pretend technique to trick AI into bypassing guardrails. [42:51] We talk about the dangers of using APIs that aren't secure. [43:58] The importance of understanding the entire AI ecosystem. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Aditya K Sood Aditya K Sood - LinkedIn Aditya K Sood - X Aryaka COMBATING CYBERATTACKS TARGETING THE AI ECOSYSTEM: Assessing Threats, Risks, and Vulnerabilities Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402

In Folge 67 diskutieren Uli und Markus mit Linus Neumann, Head of Security Strategy bei Security Research Labs, über die Frage, ob IT-Sicherheit ein reines Managementthema ist. Linus berät als IT-Sicherheitsexperte Unternehmen und Betreiber kritischer Infrastrukturen in Fragen der IT-Sicherheit. Seit 2012 ist er zudem einer der Sprecher des Chaos Computer Clubs, Europas größter Hackervereinigung. Linus räumt mit dem verbreiteten Irrglauben auf, IT-Sicherheit sei in erster Linie ein technisches Thema. Tatsächlich, so seine Erfahrung, liegen die Ursachen für Sicherheitslücken fast immer im Organisatorischen: fehlende Verantwortlichkeiten, zu viel Komplexität und mangelnde Priorisierung. Warum reichen Backups nicht aus? Warum versagen viele Sicherheitsprodukte in der Praxis? Und was kann eine sogenannte "Human Firewall" wirklich leisten? Gemeinsam mit Linus beleuchten Uli und Markus, wie IT-Sicherheit effektiv gestaltet werden kann – jenseits von Buzzwords und technischer Kosmetik. Besonders spannend ist der Blick auf die Rolle von Management und Regulierung: Sollen Softwarehersteller für ihre Sicherheitslücken haften? Eine klarsichtige und überraschend praxisnahe Folge über Verantwortung, die richtigen Fragen in der IT-Sicherheit – und warum echte Resilienz weniger mit Firewalls als mit Psychologie und Führungswillen zu tun hat. Wer mehr wissen möchte, findet hier weitere Informationen: - Website der Security Research Labs: https://www.srlabs.de - Website von Linus Neumann: https://linus-neumann.de - Website des Podcast Logbuch:Netzpolitik: https://logbuch-netzpolitik.de Euer Feedback zur Folge und Vorschläge für Themen und Gäst:innen sind sehr willkommen! Vernetzt Euch und diskutiert mit: - Linus Neumann: https://www.linkedin.com/in/linus-neumann/ - Ulrich Irnich: https://www.linkedin.com/in/ulrichirnich/ - Markus Kuckertz: https://www.linkedin.com/in/markuskuckertz/ Mitwirkende - Hosts: Ulrich Irnich & Markus Kuckertz // Redaktion: Marcus Pawlik © Digital Pacemaker Podcast 2025

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Today we are joined by Dr. Lydia Kostopoulos. Dr. Kostopoulos is a globally recognized strategist that brings clarity and context as to what is on the horizon. Her unique expertise at the intersection of emerging technology, security and macro-trends has been sought by the United Nations, U.S. Special Operations, the European Commission, NATO, multi-nationals, tech companies, design agencies, academia, such as MIT and Oxford Saïd Business School, and foreign governments. She helps her clients understand new technologies, emerging value chains, and contextualizes the convergences of our time. She founded the boutique consultancy Abundance Studio and has experience working in the US, Europe, Middle East and East Asia. [March 10, 2025]   00:00 - Intro 00:19 - Intro Links -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                02:10 - Dr. Lydia Kostopoulos Intro 03:30 - From Counter Terrorism to Conflict Landscapes 05:35 - The Imagination Dilemma 09:13 - Technological Tit for Tat 11:38 - Four Facets of Imagination 12:18 - Facet 1) Identity 13:36 - Facet 2) Convergence 15:38 - Facet 3) Humanity 16:48 - Facet 4) Dreams 18:18 - Turning Crisis Into Strategy 22:39 - Being Human 26:04 - Future-Proofing Organizations 29:51 - Real Value Proposition 31:26 - Webinar Series -          Website: imaginationdilemma.com -          YouTube: @ImaginationDilemma 32:12 - Find Dr. Lydia Kostopoulos online -          Website: abundance.studio -          LinkedIn: in/lydiak -          Instagram: @HiLydiak 32:46 - Book Recommendations -          The 100-Year Life - Andrew Scott & Lynda Gratton -          Imagination Dilemma - Dr. Lydia Kostopoulos 37:02 - Mentors -          Parents -          Women Suffragists 38:15 - Guest Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

archTIS Chief Operating Officer and Kurt Mueffelmann joined Steve Darling from Proactive's OTC studio in New York City to discuss the company's strategic expansion and advanced data security solutions. archTIS focuses on protecting sensitive data and documents, ensuring that even if systems are compromised, critical information remains secure—a growing concern in today's geopolitical landscape. A key highlight is the company's indicative offer to acquire Direktive, adding advanced technology orchestration to its portfolio. This move strengthens defenses against AI-related threats, including risks from ChatGPT and Copilot, by safeguarding intellectual property and sensitive documents from unintended public exposure. archTIS is expanding beyond its successful engagements with the Australian Ministry of Defense, targeting growth in the U.S. and international markets. The company is pursuing contracts with the U.S. Department of Defense, NATO, and coalition forces, aiming to establish itself as a leader in military-grade data security. Additionally, archTIS's OTC Market listing in 2021 has increased its visibility among U.S. investors, creating new opportunities for growth. Mueffelmann emphasized that this listing is helping attract investors with deep technology sector expertise, supporting the company's long-term vision for secure, scalable data protection. #proactiveinvestors #archtis #otcqb #arhlf #asx #ar9 DataSecurity #CyberSecurity #KurtMueffelmann #DirektiveAcquisition #AIProtection #DefenseTechnology #USMarketExpansion #OTCMarkets #ProactiveInvestors

The latest episode of the On Location series, recorded at ThreatLocker's Zero Trust World 2025 in Orlando, brings forward a deep and practical conversation about implementing Zero Trust principles in real-world environments. Hosted by Marco Ciappelli and Sean Martin, this episode features Avi Solomon, CIO of a law firm with nearly 30 years in IT and a strong focus on cybersecurity.The Journey to Proactive SecurityAvi Solomon shares his experience transitioning from traditional security models to a proactive, preventive approach with ThreatLocker. With a background in engineering, consulting, and security (CISSP certified), Solomon outlines his initial concerns with reactive endpoint detection and response (EDR) solutions. While EDR tools act as a secondary insurance policy, he emphasizes the need for a preventive layer to block threats before they manifest.Solomon's firm adopted ThreatLocker a year ago, replacing a legacy product to integrate its proactive security measures. He highlights the platform's maturation, including network control, storage control, application whitelisting, and cloud integration. The shift was not only a technological change but also a cultural one, aligning with the broader philosophy of Zero Trust—approaching security with a mindset that nothing within or outside the network should be trusted by default.Implementing Zero Trust with EaseA standout moment in the episode is Solomon's recount of his implementation process. His conservative approach included running ThreatLocker in observation mode for two months before transitioning fully to a secure mode. When the switch was finally flipped, the result was remarkable—zero disruptions, no pushback from users, and a smooth transition to a less risky security posture. Solomon attributes this success to ThreatLocker's intuitive deployment and adaptive learning capabilities, which allowed the system to understand normal processes and minimize false positives.Redefining Zero Trust: “Near Zero Trust”Solomon introduces a pragmatic take on Zero Trust, coining the term “Near Zero Trust” (NZT). While achieving absolute Zero Trust is an ideal, Solomon argues that organizations should strive to get as close as possible by layering strategic solutions. He draws a clever analogy comparing Zero Trust to driving safely before relying on a seatbelt—proactive behavior backed by reactive safeguards.Tune in to the full episode to explore more of Avi Solomon's insights, hear stories from the conference floor, and learn practical approaches to embedding Zero Trust principles in your organization's security strategy.Guest: Avi Solomon, Chief Information Officer at Rumberger | Kirk | On LinkedIn: https://www.linkedin.com/in/aviesolomon/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

At ThreatLocker Zero Trust World 2025 in Orlando, Chase Cunningham, often referred to as “Dr. Zero Trust,” delivered a thought-provoking session titled The Grand Delusion. The event, filled with IT professionals, managed service providers (MSPs), and small to midsize business (SMB) leaders, provided the perfect backdrop for a candid discussion about the state of cybersecurity and the real-world application of Zero Trust strategies.Challenging the Status QuoCunningham emphasized the need for businesses to adopt realistic cybersecurity practices that align with their resources and needs. He pointed out the pitfalls of smaller organizations attempting to emulate enterprise-level security strategies without the necessary infrastructure. “Cyber shouldn't be any different” than outsourcing taxes or other specialized tasks, he explained, advocating for MSPs and external services as practical solutions.Zero Trust as a Strategy, Not Just a TermThe session underscored that Zero Trust is not merely a buzzword but a strategic approach to security. Cunningham stressed the importance of questioning the validity of industry claims and seeking concrete data to support cybersecurity initiatives. He encouraged attendees to avoid being “delusional” by blindly accepting security solutions without a critical evaluation of their impact and effectiveness.Actionable Steps for Small BusinessesCunningham shared practical advice for implementing Zero Trust principles within smaller organizations. He recommended focusing on foundational controls like identity and access management, micro-segmentation, and application allow and block lists. He noted that achieving security is a journey, requiring a structured, strategic approach and an acceptance that immediate results are unlikely.The Future of Zero TrustLooking ahead, Cunningham expressed optimism about the continued evolution of Zero Trust. He highlighted its growing global significance, with his upcoming engagements in Taiwan, Colombia, and Europe serving as evidence of its widespread adoption. Ultimately, he framed Zero Trust as not only a business imperative but a fundamental human right in today's digital world.Tune in to this episode to hear more insights from Chase Cunningham and explore what Zero Trust means for businesses of all sizes.Guest

➡️ Help to make the existence of Decoding Geopolitics possible by joining our community of geopolitics enthusiasts on PATREON: https://www.patreon.com/DecodingGeopolitics➡️ Sign up to my geopolitics newsletter: https://stationzero.substack.com/Thank you Conducttr for sponsoring the podcast. Take a look at Conducttr's services and its crisis exercise software at: https://www.conducttr.comThis is a conversation with Anne Applebaum, recorded at the Munich Security Conference. Anne is an American-Polish journalist and historian who has been writing on Russia and Eastern Europe for decades and whose insights I consider extremely valuable. In the conversation we talk about the big speech that J.D. Vance gave at the conference how Europe should respond to the increasingly unpredictable foreign policies of the United States. And we also talked about Russia and Ukraine, possible negotiations and the end of the war or if this will finally be the wake up call for Europe or whether we will remain asleep at the wheel. 

If you've ever wondered what it's like to scream into the cybersecurity void, this episode might feel oddly relatable. We dive into why “bare minimum” isn't a security strategy—it's more like playing Russian roulette with your data. From regulatory head-scratchers to the harsh reality that a “bare minimum” security strategy is about as effective as locking your front door while leaving the windows wide open, this episode is your wake-up call, packed with sharp insights, analogies involving go-karts on the interstate, and the occasional frustrated sigh. More info at HelpMeWithHIPAA.com/495

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

In today's technological landscape, integrating AI into business operations presents both opportunities and complex security challenges. Our podcast will explore the importance of our Security Strategy and Architecture track, which examines robust security strategies from a diverse set of subject matter experts. We will cover foundational topics including the evolution of defense in depth, advanced threat modeling, adherence to established and evolving security standards and frameworks, and addressing more sophisticated attacks. We'll also highlight innovative solutions and open-source frameworks shaping security, helping businesses enhance their security posture, comply with regulations, and fully harness emerging technologies to drive growth and efficiency. Additionally, we will explore the trends we have seen this year while reading the submissions. Join us for actionable insights to navigate the complexities of cybersecurity by careful design and implementing effective strategies to safeguard your organization and drive progress. Speakers: Abhilasha Bhargav-Spantzel, Partner Security Architect, Microsoft Kelley Misata, Founder and Chief Trailblazer, Sightline Security & President, Open Information Security Foundation (OISF/Suricata) Ed Moyle, Partner, SecuirtyCurve Tatyana Sanchez, Content & Program Coordinator, RSAC Kacy Zurkus, Director, Content, RSAC Listen to more RSAC Podcasts here: https://www.rsaconference.com/library/podcast

In this Brand Story episode, Theresa Lanowitz, recently joined Sean Martin to share valuable insights drawn from LevelBlue's comprehensive 2024 Futures Report, a global study involving over 1,050 executives from C-suite levels across industries. The report offers a unique lens into the critical alignment between innovation, cybersecurity, and resilience. By examining seven key industry verticals—healthcare, retail, finance, manufacturing, transportation, energy, and state/local/higher education—LevelBlue highlights actionable strategies for building a resilient business ecosystem.Cyber Resilience: Beyond TechnologyLanowitz emphasizes that cyber resilience extends far beyond IT and cybersecurity; it represents the organization's ability to withstand and recover from disruptions affecting its entire digital and operational footprint. For instance, industries like manufacturing illustrate how sensors and IoT devices on production lines are now vital to efficiency. A single cyber event disrupting these systems could halt production, leading to cascading impacts. Lanowitz underscores the importance of cross-functional collaboration—between cybersecurity, application development, and operations teams—to ensure systems are brought back online effectively and seamlessly.Innovation vs. Security: A Delicate BalanceOne of the most striking findings from the report is that 73% of organizations prioritize innovation over mitigating risk, and 85% are willing to accept security risks in the pursuit of innovation. This trend spans industries, with examples ranging from healthcare's increased use of robotics in surgeries to transportation companies leveraging AI for optimizing fleet routes. Yet, Lanowitz points out a concerning disconnect: cybersecurity teams are often brought into projects late, treated as an afterthought rather than an integral part of the innovation process. This fragmented approach weakens resilience, leaving organizations vulnerable to threats.The Case for Secure by DesignLanowitz stresses the importance of adopting a “secure by design” approach, where security is integrated from the start. Treating security as a core architectural requirement prevents costly redesigns later and supports operational and performance goals. She draws a parallel between neglecting security during development and building a house without planning for heating or cooling systems—essential but often deprioritized elements.Trusted Advisors and Cybersecurity as a ServiceLanowitz also highlights the growing reliance on cybersecurity-as-a-service (CSaaS) and trusted advisors to bridge gaps in skills and resources. From setting up Security Operations Centers (SOCs) to conducting tabletop exercises and securing IoT networks, organizations increasingly turn to external partners like LevelBlue to fast-track initiatives. By leveraging these advisors, businesses gain industry-specific expertise, enabling tailored and scalable solutions that align security with innovation.Looking Ahead to 2025As LevelBlue prepares for its 2025 research, Lanowitz notes an increased focus on software supply chain security and the convergence of IT and operational technology (OT). These areas, coupled with a deeper exploration of how cybersecurity and business functions must align, will shape the next wave of insights into resilience and innovation.Theresa Lanowitz's expertise and LevelBlue's research underscore that building resilience requires more than just technical fixes—it demands an integrated approach where innovation, security, and business goals coexist seamlessly.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:https://itspm.ag/levelbjk57Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this week's episode of STRAT, LtCol Hal Kempfer, a retired Marine Intelligence Officer, delves into the shifting dynamics of terrorism in our contemporary world. He provides an in-depth analysis of recent attacks, including the alarming vehicle ramming incident in New Orleans, and outlines the pressing implications of security investments. As domestic extremism rises in the U.S., Kempfer emphasizes the importance of understanding attacker profiles to enhance prevention strategies. The discussion also spans global trends in terrorism, highlighting the operational challenges faced by Hezbollah and Hamas. Additionally, Kempfer addresses geopolitical developments in Syria and Africa, revealing how the fall of the Assad government has affected regional stability and contributed to a growing power vacuum due to Russia's withdrawal. Tune in for vital insights on comprehensive threat assessments and proactive security measures that are crucial in today's volatile landscape.Takeaways• The Assad government has fallen, impacting regional stability.• The New Orleans attack highlights vulnerabilities in urban security.• Cost-cutting measures can lead to catastrophic consequences.• Understanding the profile of attackers is crucial for prevention.• Domestic extremism is a growing concern in the U.S.• Investing in security can save money in the long run.• Hezbollah's operational capabilities are being tested.• Hamas is losing its grip on power in Gaza.• The Sahel region is becoming increasingly unstable.• Russia's withdrawal from Africa creates a power vacuum.#StrategicRiskAssessment #STRATPodcast #LtColHalKempfer #MarineIntelligenceOfficer #threatassessment #MutualBroadcastingSystem #NationalSecurity #terrorism #NewOrleansAttack #vehicleRamming #domesticExtremism #securityInvestments #globalTerrorism #Syria #Sahel #RussianInfluence

Recent events have driven home a simple fact: neither your devices nor your network services can be trusted totally, and they could all be turned against you, possibly fatally. Join us as we discuss the harsh realities of the evolving cybersecurity space, and how enterprise leaders in and out of IT need to change their... Read more »

Recent events have driven home a simple fact: neither your devices nor your network services can be trusted totally, and they could all be turned against you, possibly fatally. Join us as we discuss the harsh realities of the evolving cybersecurity space, and how enterprise leaders in and out of IT need to change their... Read more »

How evolving methods of work are expanding the attack surfaceGrowth of supply chain attacks targeting devices touching sensitive dataIncreased nation-state targeting of Critical National InfrastructureThis episode is hosted by Thom Langford:https://www.linkedin.com/in/thomlangford/Richard Absalom, Principal Research Analyst, Information Security Forum (ISF)https://uk.linkedin.com/in/richard-absalom-48879116Tom O'Driscoll, Head of Security Strategy and Intelligence, National Highwayshttps://www.linkedin.com/in/odte/Michael Covington, Vice President, Portfolio Strategy, Jamfhttps://www.linkedin.com/in/michaelcovington/

We're diving deep into international diplomacy and Israeli security with none other than Israel's Foreign Minister, Gideon Sa'ar. Recorded in November 2023, this discussion comes at a critical juncture for Israel and the broader Middle East. We'll explore the pressing concerns over the burgeoning alliance between Russia and Iran, the existential threat posed by Iran, and the political landscape in Israel following a brutal attack on October 7. Minister Sa'ar shares his insights on the formation of a national unity government, the ongoing war efforts against Hamas and Hezbollah, and Israel's strategy to combat proxies funded by Iran. We'll also touch on U.S.-Israel relations under President Biden and the significant role of evangelical Christians in supporting Israel. Additionally, we delve into these developments' broader geopolitical and prophetic implications, with references to the scripture and the potential war of Gog and Magog. Stay tuned as we also discuss the importance of prayer for our leaders, the impact of the Joshua Fund in supporting Israel and its neighbors, and the paramount need for unity and decisive action in these turbulent times.  (04:09) Challenging ministry, reliant on God's grace, is essential.(07:29) Foreign minister advances Israel, fights misinformation globally.(11:24) Understanding God's blessing leads to action.(18:53) Interview with Gideon Sa'ar on the Iran-Russia threat.(23:05) Pray for leaders to ensure religious freedom.(24:12) Pray for peaceful coexistence and leadership guidance.(31:28) Discuss the Iran threat and security context emphasized.(34:53) The Russia-Iran alliance influences Europe's stance.(40:19) Uproot Hamas aligning with international law.(43:55) Discussion on the Russian-Iranian alliance and biblical prophecies.(45:45) Gideon Sa'ar was elevated as Israel's chief spokesman. Learn more about The Joshua Fund: JoshuaFund.comMake a tax-deductible donation: Donate | The Joshua FundStock Media provided by DimmySad / Pond5 Verse of the Day: I Timothy 2:1-2 - First of all, then, I urge that entreaties and prayers, petitions and thanksgivings, be made on behalf of all men, for kings and all who are in authority, so that we may lead a tranquil and quiet life in all godliness and dignity. PrayerPraying for the hostages all to be released and to be alive and for the Lord to bring supernatural healing to every Israeli and every Palestinian, every Lebanese person who has been devastated and traumatized by this horrible horrible war.Pray for world leaders and everyone in their inner circle that they make wise decisions as they lead and have soft hearts that they would want to build relationships with evangelical Christians. Related Episodes:Netanyahu's Risky Move of Firing Gallant Amidst Israel's 7 Front War and Iran Threats #235Danny Ayalon - Former Israeli Ambassador Discusses U.S.-Israeli Relations and Middle East Politics #233Special - Yahya Sinwar Elimination, A Turning Point in the Israel-Hamas Conflict #225Special Episode - Iran's Aggression and Israel's Resolve #220   Links For Reference https://allisrael.com/russia-turning-against-israel-growing-dangerously-close-with-iran-says-israeli-minister-gideon-sa-arhttps://allisrael.com/keep-your-eye-on-israeli-security-cabinet-member-gideon-sa-ar-in-2024-here-s-whyhttps://www.joshuafund.com/give/donate Discover more Christian podcasts at lifeaudio.com and inquire about advertising opportunities at lifeaudio.com/contact-us.

EPISODE DESCRIPTIONJ.R. Sloan, Chief Information Officer for the State of Arizona; Ryan Murray, Deputy Director of Homeland Security and Chief Information Security Officer for the State of Arizona; and Doug Lange, Vice President of IT Strategy at Choice Hotels, share their unique perspectives on transitioning between public and private sectors.These seasoned leaders offer invaluable insights into enterprise-level thinking, cybersecurity strategy, and organizational transformation, while exploring how emerging technologies like AI are reshaping both government services and private industry.In this episode, you'll learn: How to effectively align IT strategy across large, complex organizations with multiple stakeholdersStrategies for building trust and driving innovation in both public and private sectorsApproaches to evaluating and implementing emerging technologies like AI at enterprise scaleThe evolution of CIO, CISO, and Strategy roles in modern organizationsBest practices for cross-functional collaboration and relationship buildingTIMESTAMPS(00:00) Introductions(01:29) Enterprise Strategy at Choice Hotels(03:46) Managing 130 Agencies in Arizona's Federated Model(05:30) Aligning State and Local Government Cybersecurity(06:53) Business Alignment and Strategy in Public Companies(09:19) Building Trust and Relationships Across Organizations(11:03) AI and Emerging Technologies Discussion(14:26) Choice Hotels' AI Task Force and Implementation Strategy(19:44) Evolution of CIO Role and Customer-Centric Approach(22:26) Future of CISO Role and Security Strategy(24:23) Strategy Role Evolution and Leadership Changes(26:04) Book Recommendations and Leadership InsightsWhenever you're ready, there are 3 ways you can connect with TechTables:1. The TechTables Newsletter: Stay Informed with Top Leaders! Join our thriving community of senior technology leaders by subscribing to the TechTables Newsletter. Gain early access to the latest episodes, industry insights, and exclusive event updates.2. The Collaboratory: The Exclusive Peer Network for Senior Technology Leaders in Public Sector, nationwide. The Collaboratory is a 100% Public Sector, Vendor-Free Private Community where you can connect, share strategies, and drive innovation alongside peers through monthly virtual meetings and our annual national event.3. Live Events: Join us at TechTables live events—whether hosted by us or in partnership with industry leaders—where we bring together senior technology leaders. Experience exclusive networking, collaborative sessions, and inspiring discussions that spotlight and elevate public sector leadership.CONNECT

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity.Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately.Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants.A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures.Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives.In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity.Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately.Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants.A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures.Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives.In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Empowering the MSP Community: MSP Seminar for Growth, MSPAA TEBO Event “I always like to say that in order for an MSP to really be successful with regards to cybersecurity or specifically with cybersecurity is it has to be internalized before it can really be evangelized,” says Chris Johnson Sr. Director of Cybersecurity Compliance Programs at CompTIA. Chris is the opening keynote speaker at MSPAA's TEBO conference in Denver, October 9 and 10. “Pick something, start with something. You don't have to do it all at once.” Chris urges a step-by-step process of creating an internal cybersecurity culture, and then utilizing those gains with the clients. “The only way you can take on a whale client is one bite at a time.” Accordingly, the path to building a cybersecurity culture is done in achievable steps, and not all at once. In this podcast, Chris gives us a glimpse of what he will share with the MSPs.  “We're here for those members, for those MSPs that are just coming into the space, or maybe they've been there a long time, but they're suddenly feeling the need to tackle cybersecurity, whether it's through insurance requirements or clients asking for proof or evidence to support what they're doing.” Chris Johnson has a diverse work experience in the field of cybersecurity and technology. Chris currently holds the position of Sr. Director of Cybersecurity Compliance Programs at CompTIA since June 2022. Prior to this, they worked as the Technology Director at Mount Pleasant Community School District from July 2018 to June 2022. Chris also served as a Compliance and Security Advisor at onShore Security from July 2018 to May 2022, and earlier as a Cybersecurity Compliance Strategist from July 2017 to June 2018. In addition, they worked as a Cyber Security Consultant at Pinpoint Solutions LLC from November 2017 to May 2022. Chris also has experience as an Adjunct Professor at Greenville University, where they taught from August 2015 to May 2019. Chris has served as an Advisory Board Member at MyDigitalShield, Inc from December 2016 to August 2018. Chris has held various roles at WheelHouse IT, including Compliance and Security Advisor, Director of Compliance and Security Strategy, and Director of Strategy and Business Development from July 2016 to June 2018. Chris has also worked as a Medical IT Consultant at Progent from February 2012 to April 2018. Chris is the Co-Founder and CEO of Untangled Solutions, a technology workflow provider for SMB medical practices, from March 2003 to July 2016. Lastly, Chris served on the Partner Advisory Committee at LogMeIn from March 2013 to December 2014. Chris Johnson earned a Bachelor of Science degree in Managing Information Systems from Greenville University, where they studied from 1995 to 1999.

Free Copy of My Book: Building Wealth In the TSP: Your Road Map To Financial Freedom as A Federal Employee: https://app.hawsfederaladvisors.com/free-tsp-e-book FREE WEBINAR: "The 7 Biggest FERS Retirement Mistakes": https://app.hawsfederaladvisors.com/7biggestmistakeswebinar Want to schedule a consultation? Click here: https://hawsfederaladvisors.com/work-with-us/ Submit a question here: https://app.hawsfederaladvisors.com/question-submission I am a practicing financial planner, but I'm not your financial planner. Please consult with your own tax, legal and financial advisors for personalized advice.

"I'm 61 and trying to figure out the right Social Security strategy for me. What should I do to get the most out of it?" We're answering YOUR questions on this week's Get Ready For The Future Show! With mortgage rates coming down, is now the right time to buy a house? Can you help me figure out if I need an annuity? How should we allocate the inheritance we just received from my wife's father? And if you've got a question you want answered on the show, call or text 501.381.5228! Or email your question to show@getreadyforthefuture.com! Originally aired 8/21/2024

With another potentially large data breach of 2.7 billion records that included Social Security numbers, as well as a first half of the year revealing major data breaches, is it time to adjust your security strategy? Brandon Mahne joins the show as guest co-host this week to talk about these issues and other technology news stories from the week, including Elon Musk's new AI image generator that appears to have no guardrails, and why Waymo vehicles in San Francisco are all honking at each other.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

In the current landscape of AI sentiment analysis, there are challenges faced by organizations in justifying the costs of generative AI projects. While executives expect AI to boost productivity, employees report feeling overwhelmed and experiencing burnout due to increased workloads. This discrepancy between leaders and employees underscores the need for organizations to invest in AI implementation, leverage freelance talent, and rethink productivity metrics to address these issues effectively.The episode also delves into the findings of the 2024 Stack Overflow Developer Survey, revealing a widening gap between the increasing use of AI tools by developers and their trust in the accuracy of these tools. Concerns around misinformation, data attribution, and bias contribute to the lack of trust in AI systems. Despite these concerns, developers do not see AI as a job threat, with JavaScript remaining the most popular programming language and AWS leading in cloud platforms.Furthermore, the discussion touches on the evolving landscape of IT and privacy policy, with a focus on the modernization of the Federal Risk and Authorization Management Program (FedRAMP) and recent court rulings on border searches. The modernization of FedRAMP aims to enhance cloud security authorization processes, driving government-wide digital transformation and IT modernization. Additionally, the court ruling emphasizes the importance of warrants for searches, safeguarding privacy rights protected by the First and Fourth Amendments.Lastly, the episode explores Microsoft's response to the CrowdStrike outage, where 8.5 million PCs were affected by a faulty update. Microsoft is considering restricting third-party access to the Windows kernel to enhance system reliability and security. This incident underscores the importance of software quality and system resilience, prompting discussions around kernel access policies. The episode concludes with a call for technology advancements and a reminder of the significance of software quality in ensuring system reliability. Three things to know today00:00 AI Sentiment Analysis: Addressing the Gaps Between Business Leaders and Employees, Product Use and Trust04:17 FedRAMP Modernization and Court Ruling on Border Searches Highlight Major IT and Privacy Policy Shifts06:15 Microsoft's Security Strategy: Lessons from CrowdStrike Outage and Potential Kernel Access Restrictions  Supported by:  https://movebot.io/mspradio/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

Schedule a Meeting at RetireEWO.com and click on "Book a FIT" Episode Transcript available here: sterlingwpartners.com/retire-eyes-wide-open-s3-e6 Welcome to Season 3, Episode 6 of "Retire Eyes Wide Open".In this episode, we dive into top Social Security planning strategies and provide insightful summer money insights. Scot shares his expertise from over 70 Social Security educational events, discussing critical strategies and addressing common questions like the longevity of Social Security.Explore the impact of summer market trends and discover how to navigate all-time highs. In the "Money Monologue," Scot outlines top Social Security strategies, including stress testing your plan and understanding the tax implications of Social Security.Join us for "Five Minutes on the Market," where we cover key market news and trends. Don't miss our "Money Rundown" segment, where we summarize and synthesize recent news stories most important to retirees and investors, and "Money with Murph," where Steven explains Social Security planning for public employees, including the Windfall Elimination Provision (WEP) and Government Pension Offset (GPO). Steven and Scot discuss topics like the impact of the presidential debate on financial markets, the Federal Reserve's stance on interest rates, and the continued rise of the stock market led by AI and technology.We also answer listener questions on spousal benefits, working while receiving Social Security, and more. This is Retire Eyes Wide Open. Host: Scot Landborg Guest: Steven Murphy

A round-up of the main headlines in Sweden on July 8th 2024. You can hear more reports on our homepage www.radiosweden.se, or in the app Sveriges Radio Play Presenter: Mitchell CordnerProducer: Kris Boswell

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/bsw-354

This is part two of our conversation with Dr. David Walton. Dr. David “Wally” Walton is a retired Army Special Forces officer with 25 years of experience in the SF community. His career spans service with the 7th Special Forces Group, Joint Special Operations Command (JSOC), and the Special Warfare Center and School.Dr. Walton's extensive operational experience includes deployments to Iraq, Afghanistan, and much of Latin America. Since retiring in 2013, he has transitioned into academia, teaching National Security Studies and Executive Leadership. His extensive research portfolio covers Security Strategy, Organizational Culture and Dynamics, and Human Performance. His deep understanding of security studies encompasses everything from tactical operations to high-level strategic policy discussions.Currently an instructor at JSOC, Dr. Walton is a subject matter expert in Special Forces Assessment and Selection. He specializes in land navigation and runs a prep program for SFAS candidates. This is how we came across one another. We had a BTE client attend one of his land nav courses, and he returned from the experience with great things to say. So, we contacted Dr. Walton and have been recommending his course to all of our SFAS prep clients.As we'll discuss in this episode, land nav is becoming an increasing issue at SFAS, with failure rates due to land nav shortfalls increasing dramatically over the past several years. If you're on your way to Special Forces Assessment and Selection, Dr. Walton's advice and in-person courses should absolutely be included in your preparation training.Contact Info:You can learn more about Dr. Walton, his courses, and his books at tfvoodoo.comHe's also on Instagram at tf_voo_doo.Timestamps:00:00:22 Leaderless Environment: How Different Personalities Stand Up00:04:11 Significance of Peer Evaluation in SFAS 00:06:38 What is "The Sandman"?00:12:43 Importance of Toughening Your Feet in SFAS Prep00:16:23 One Thing You Should Know About SFAS00:20:42 Learning Land Navigation00:27:27 In-Person Land Navigation Training for SFAS 00:29:19 Worst Advice Received00:32:52 Best Advice Received00:34:50 Outro

Dr. David “Wally” Walton is a retired Army Special Forces officer with 25 years of experience in the SF community. His career spans service with the 7th Special Forces Group, Joint Special Operations Command (JSOC), and the Special Warfare Center and School.Dr. Walton's extensive operational experience includes deployments to Iraq, Afghanistan, and much of Latin America. Since retiring in 2013, he has transitioned into academia, teaching National Security Studies and Executive Leadership. His extensive research portfolio covers Security Strategy, Organizational Culture and Dynamics, and Human Performance. His deep understanding of security studies encompasses everything from tactical operations to high-level strategic policy discussions.Currently an instructor at JSOC, Dr. Walton is a subject matter expert in Special Forces Assessment and Selection. He specializes in land navigation and runs a prep program for SFAS candidates. This is how we came across one another. We had a BTE client attend one of his land nav courses, and he returned from the experience with great things to say. So, we contacted Dr. Walton and have been recommending his course to all of our SFAS prep clients. As we'll discuss in this episode, land nav is becoming an increasing issue at SFAS, with failure rates due to land nav shortfalls increasing dramatically over the past several years. If you're on your way to Special Forces Assessment and Selection, Dr. Walton's advice and in-person courses should absolutely be included in your preparation training.Contact Info: You can learn more about Dr. Walton, his courses, and his books at tfvoodoo.comHe's also on Instagram at tf_voo_doo.Timestamps:00:00:22 Intro to Dr. David Walton00:02:01 Dr. Walton's Books: “Ruck Up or Shut Up” & “Shut Up and Ruck”00:14:38 Where to Find Dr. Walton's Books00:15:02 What Dr. Walton Studied for His Doctorate 00:23:27 How did you Improve the Special Warfare Center?00:31:05 Ratio of Injuries to Voluntarily Withdrawal From SFAS00:37:05 Telling the Story of What Selection Actually Is 00:41:50 The Power of Journaling00:45:55 Important Factors & Failure Points in Prep for SFAS00:52:22 Obesity in America & Standard American Diet00:53:43 No Shortcuts in the SFAS00:58:41 Outro 

In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.   Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management. Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats. In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices. As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets. Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-828

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacenteBetsy Bevilacqua, Co-Founder and Business Strategy Lead, Tabiri Analytics [@tabirianalytics]On LinkedIn | https://www.linkedin.com/in/betsybevilacqua/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesThe latest episode of the CISO Circuit Series, part of the Redefining CyberSecurity Podcast on ITSPmagazine, brought together prominent figures in the cybersecurity industry, Michael Piacente, co-founder of Hitch Partners, and special guest Betsy Bevilacqua, a seasoned security professional with a rich background in both operational and information security realms. The discussion, led by Sean Martin, took a drive through the evolving world of cybersecurity within businesses and the intricate relationship between the CIO and CSO/CISO roles.The episode kicked off with Michael Piacente sharing insights into the convergence of the CIO and CISO functions, emphasizing the unique challenges and opportunities this blend presents. The evolution of these roles reflects broader changes within companies, influenced by industry, size, and the maturity of their cybersecurity journey. Following, Betsy Bevilacqua offered a deeply personal account of her career trajectory, which traversed diverse sectors—from her early days in the data center and help desk roles to leadership positions at eBay, Facebook, and her entrepreneurial ventures. Bevilacqua's narrative underscored the multifaceted nature of cybersecurity work, highlighting its essential role in enabling businesses to expand safely and successfully.The conversation also touched on the crucial, yet often overlooked, partnership between CIOs and CISOs/CSOs. Betsy illustrated this with examples from her career, explaining how strategic alignment and collaboration between these roles are pivotal in safeguarding a company's digital assets while supporting its growth objectives. Whether in a startup or a large corporation, the synergy between IT operations and security strategy paves the way for innovation and efficient risk management.Lastly, the dialogue also turned towards future directions in cybersecurity. Both guests agreed on the importance of listening, adaptability, and the human element in navigating the complexities of today's digital landscape. As businesses continue to grapple with emerging threats and the integration of new technologies, the role of cybersecurity leadership is ever more critical.This episode of the Redefining CyberSecurity Podcast not only highlights the professional journeys and insights of Michael Piacente and Betsy Bevilacqua but also sheds light on the broader implications of cybersecurity in business strategy and operations. Furthermore, it underscores the need for open dialogue, cross-functional collaboration, and forward-thinking leadership in tackling the cybersecurity challenges of tomorrow.Key Questions AddressedHow does the convergence of CIO and CISO roles affect business strategy and cybersecurity practices?What operational and cultural challenges do cybersecurity leaders face in their organizations?How can businesses effectively scale cybersecurity practices in response to rapid growth and technological advancements?____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Nitin Raina, Global CISO, Thoughtworks [@thoughtworks]On LinkedIn | https://www.linkedin.com/in/nnraina/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, host Sean Martin connects with Nitin Raina, the global Chief Information Security Officer (CISO) for ThoughtWorks. The discussion centers around Nitin's innovative approaches to transforming and elevating cybersecurity, drawing from his rich experience and strategic mindset. Nitin shares his journey in cybersecurity, emphasizing the evolution of the security program under his leadership. He discusses the significance of adapting a business-centric approach to cybersecurity, breaking away from conventional, technology-focused strategies. This includes the development and successful implementation of a business security maturity model designed to align with the organization's diverse, global operations.A notable aspect of Nitin's strategy is the emphasis on leadership activation and the importance of governance in driving cybersecurity initiatives. By fostering a culture of security ownership across all levels of leadership and the broader organization, Nitin underscores the transformational shift in how cybersecurity is perceived and managed within ThoughtWorks. He highlights the collaborative efforts with different departments, such as IT operations and legal compliance, to ensure a cohesive approach to protecting the organization's 'crown jewels.' Through anecdotes and examples, Nitin illustrates the impact of these strategies on enhancing security awareness, decision-making, and operational effectiveness across the company.The conversation also touches on the technical side, discussing the role of developers within the cybersecurity landscape and the utilization of contemporary technologies and frameworks to bolster the security posture. The episode concludes with insights into the future of cybersecurity, advocating for a more integrated and business-aligned approach. Nitin's reflections on the journey and achievements of his company's cybersecurity initiatives provide valuable lessons for organizations aiming to redefine their security strategies in a rapidly evolving digital world.Key Questions AddressedHow did Nitin Raina's leadership and strategies transform the cybersecurity posture at his company?What role does leadership activation play in redefining cybersecurity across an organization?How can cybersecurity be aligned with business strategies to foster growth and innovation?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: