POPULARITY
What's it like to work as a CISO at a security company? This week, 1Password's VP of Security and CISO, Jacob DePriest, reveals all. Jacob also shares his advice for building strong security teams with diverse perspectives, backgrounds, and skillsets.
In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-395
In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-395
Where are security tools failing security teams? What are security teams looking for when they visit a security vendor marketing website? Paul Robinson, security expert and founder of Tempus Network, says, “Over-promising and under-delivering is a major factor in these tools. The tool can look great in a demo—proof of concepts are great, but often the security vendor is just putting their best foot forward. It's not really the reality of the situation.”Paul's advice for how can security vendors do better? Start by admitting security isn't just a switch you flip—it's a journey. Security teams aren't fooled by glitz and glamour on your marketing website. They want to see how you addressed real problems.Incredible customer service can make a small, scrappy cybersecurity product stand out from larger, slower-moving vendors.Cybersecurity vendors need to get onboarding right (it's a make or break aspect of the user experience). There are more variables than you think—not only technology but also getting buy-in from employees, leadership, and other stakeholders.Think about the user experience not only of the person using the security product, but the people at the organization who will be impacted by the product.Looking for a cybersecurity-related movie that is just a tad too plausible? Paul recommends Leave the World Behind on Netflix.
IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Join host Chris Hackett in this insightful discussion on building highly optimized security teams with leading cybersecurity experts. Reza Neshat, Manager of Network Defense Services at Tele2, shares his expertise in safeguarding networks. David Llewellyn, Security Manager - Global at AtNorth, delves into global security management. Torbjörn Andersson, Head Of Cybersecurity Region ACE at HiQ, highlights regional cybersecurity leadership, and Matthias Lysell, IT Security Architect at Telia, discusses cutting-edge security architecture. Gain actionable insights into creating resilient security strategies for evolving threats.
The cybersecurity industry often fixates on “behavior change,” expecting users to take on unrealistic tasks instead of designing safer, smarter systems. Matt Wallaert (founder of BeSci.io and author of Start at the End: How to Build Products that Create Change) explains behavioral science isn't about forcing behavior change. Instead, it's about understanding people so a thoughtfully-designed system can influence more secure outcomes.Whether you're a UX designer, a security engineer, or a CISO, you influence security behaviors. Here's how you can move towards more secure outcomes:Stay Ahead of Threat Actors: Cybercriminals use behavioral science to their advantage. People designing the security user experience must not only catch up but outpace them.Define Clear Outcomes: Don't just say “we want users to be secure.” Know exactly what behaviors you want and why. Vague goals lead to vague results.(as Matt explains, saying things like “I want people to be more secure” isn't helpful. In fact, many people don't know what “more secure” means in the context of their product or organization).Ask Better Questions: Use tools like the “sufficiency test.” For example, sure, it might be nice if users created complex passwords—but users don't necessarily have to be the ones doing it. Why can't the system create a complex password for them (as password managers do)?Understand promoting and inhibiting pressures. These concepts will help you design systems that are more resilient because they are built with people in mind. There are reasons people do and do not do things—when you understand why, you can develop systems that will be more effective in encouraging the behaviors you want. Security practitioners: tired of being perceived as the “department of no”? Matt explains how behavioral science can help you better collaborate with cross-disciplinary teams.Bonus: UX designers, after this episode you may never create another persona.
In this Risky Business News sponsored interview, Tom Uren talks to Mike Wiacek, CEO and founder of Stairwell, about the occasionally dysfunctional relationship between IT and security teams. Mike talks about how security vendors need to reach out to turn IT teams into allies.
In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.Another significant point is Google's innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.Learn more about HITRUST: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]On LinkedIn | https://www.linkedin.com/in/monicashokrai/ResourcesSimplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.Another significant point is Google's innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.Learn more about HITRUST: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]On LinkedIn | https://www.linkedin.com/in/monicashokrai/ResourcesSimplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
A second Donald Trump administration is taking shape, one new appointee at a time. Tuesday, the president-elect tapped more of his closest allies to fill some of the government's top posts. Among them is Sen. Marco Rubio, putting Trump's one-time foe on track to becoming the first Latino to serve as the nation's top diplomat. Laura Barrón-López reports. PBS News is supported by - https://www.pbs.org/newshour/about/funders
A second Donald Trump administration is taking shape, one new appointee at a time. Tuesday, the president-elect tapped more of his closest allies to fill some of the government's top posts. Among them is Sen. Marco Rubio, putting Trump's one-time foe on track to becoming the first Latino to serve as the nation's top diplomat. Laura Barrón-López reports. PBS News is supported by - https://www.pbs.org/newshour/about/funders
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about some of the hard and uncomfortable truths about the role of security teams inside a company. Show notes Hard Truths your CISO won't tell you
In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode! Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/ Link to the Book: https://a.co/d/aHpXXfr Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP Chapters 00:00 Introduction and Guest Welcome 01:31 Overview of the Security Team Operating System 03:31 Deep Dive into the Five Elements 07:53 Aligning Security with Business Objectives 21:59 Defining Core Values for Security Teams 25:03 Aligning Organizational and Team Values 26:05 Establishing Clear Roles and Responsibilities 30:58 Implementing Effective Rhythms and Goals
In this episode, the hosts discuss the article titled 'Digicert to Delay Cert Revocation for Critical Infrastructure'. They talk about the challenges faced by companies in reissuing certificates within a short timeframe and the need for more time to ensure a seamless transition. They emphasize the importance of having a robust business continuity and disaster recovery plan, as well as the need for cross-team collaboration between security and administrative teams. The hosts also highlight the significance of staying informed and plugged in to the latest cybersecurity news and trends. Please LISTEN
In this episode of the Tactical Empire, Jeff Smith and Shawn Rider discuss the recent assassination attempt on former President Trump. They explore the initial reactions, the implications of the event, and the broader lessons for personal responsibility and leadership. They emphasize the importance of unity, empathy, and preparation in facing unpredictable and challenging times. They also encourage listeners to focus on improving their own lives and communities rather than getting caught up in divisive political discourse.Chapters:00:00 Introduction to Tactical Empire01:10 Discussing the Assassination Attempt on Trump06:18 Social Media's Reaction and Public Perception08:03 Historical Context and Personal Reflections13:42 Call for Unity and Personal Responsibility16:30 Practical Steps for Preparedness and Leadership21:48 Final Thoughts and Call to Action26:01 Outro and Community EngagementYou can connect with Shawn Rider on Facebook and Instagram. If what you heard resonated with you, you can find Jeff on Instagram, Facebook. If you're interested you can visit The Tactical Empire's website https://www.thetacticalempire.com/home-4169. And don't forget to visit us on Apple Podcasts to leave a review and let us know what you think! Your feedback keeps us going. Thanks for helping us spread the word!
What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Management) in creating effective AI security controls. Guest Socials: Dan's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: 00:00 Introduction 02:09 A bit about Dan 02:29 What is AISPM? 03:16 How should CISOs tackle AI Security? 06:16 Right Controls around AI Services 07:32 AISPM vs CSPM 09:52 The role of DSPM 10:25 Tackling data security in world of AI 13:28 Maturity Curve for CISOs to consider 16:36 Security Teams for AI Security 19:51 The Fun Section
The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.Unveiling the ExpertsModerated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.The CISO PerspectiveNick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.Demystifying AI GovernanceAs the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.The LogicGate SolutionMatt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate's platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.Looking Towards the FutureThe conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.In ClosingThis episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.Learn more about LogicGate: https://itspm.ag/logicgate-92d6bcNote: This story contains promotional content. Learn more.Guests: Matt Kunkel, CEO at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/ResourcesLearn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgateView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
How do you help security teams understand what happened and what to do next? Data science can help with that. Serge-Olivier Paquette, CPO at threat intelligence and analytics platform Flare, combines product, cybersecurity, and data science expertise to develop cutting-edge products and experiences that help security teams make informed decisions.In this episode:The best explanation of data science you've ever heard.Why you need to skeptical of data science models.How to leverage data science to be more helpful to security teams.How to build trust—particularly when tools can increasing perform actions on behalf of users.Serge-Olivier Paquette is CPO at Flare, a cybersecurity platform that helps organizations proactively identify security threats. He works at the intersection of product management, data science, cybersecurity, and platform engineering. Serge-Olivier was previously tech lead and senior manager at Secureworks.
The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.Unveiling the ExpertsModerated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.The CISO PerspectiveNick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.Demystifying AI GovernanceAs the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.The LogicGate SolutionMatt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate's platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.Looking Towards the FutureThe conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.In ClosingThis episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.Learn more about LogicGate: https://itspm.ag/logicgate-92d6bcNote: This story contains promotional content. Learn more.Guests: Matt Kunkel, CEO at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/ResourcesLearn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgateView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
When you are only looking for malicious indicators, you will NEVER get security teams in control of the rapidly evolving threats to their organizations. When Brooke Motta's co-founder, Jimmy Mesta, was a security architect, and consulting companies on Kubernetes security at the very start of containerization, he witnessed a paradigm shift to defining your environment in a declarative way, through code. He decided to apply this paradigm shift toward a positive security model.To this end, RAD Security was born. RAD Security creates fingerprints of known good behavior and notifies on drift from that behavior. RAD Security have built fingerprints for cloud native workloads, identities, and infrastructure to detect attacks through meaningful drift that signifies attacker behavior. RAD Security have also built a real-time posture model that can accept the data from our drift engine, so teams can constantly refine their shift-left efforts with the best data possible. By necessity, RAD Security have the first runtime agent that would automate the creation of these behavioral fingerprints.Today, teams use RAD Security's industry-first positive security model for their zero trust initiatives, posture management for cloud native infrastructure, and detection of zero days in runtime. RAD Security's mission is to empower engineering and security teams to push boundaries, build technology and drive innovation so they can focus on growth versus security problems. In today's environment, attackers are more versed in cloud native security than security teams.RAD Security removes the blind spots of legacy tools, closing the gap for prioritization and remediation in cloud native infrastructure. To learn more, meet with Brooke Motta and her RAD Security co-founder Jimmy Mesta at the Innovation Sandbox on Monday, May 6th, where they will be participating in the pitch contest.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO and Co-Founder of RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://twitter.com/brookelynz1ResourcesRAD Security Blog: https://itspm.ag/radsec-477a54Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
When you are only looking for malicious indicators, you will NEVER get security teams in control of the rapidly evolving threats to their organizations. When Brooke Motta's co-founder, Jimmy Mesta, was a security architect, and consulting companies on Kubernetes security at the very start of containerization, he witnessed a paradigm shift to defining your environment in a declarative way, through code. He decided to apply this paradigm shift toward a positive security model.To this end, RAD Security was born. RAD Security creates fingerprints of known good behavior and notifies on drift from that behavior. RAD Security have built fingerprints for cloud native workloads, identities, and infrastructure to detect attacks through meaningful drift that signifies attacker behavior. RAD Security have also built a real-time posture model that can accept the data from our drift engine, so teams can constantly refine their shift-left efforts with the best data possible. By necessity, RAD Security have the first runtime agent that would automate the creation of these behavioral fingerprints.Today, teams use RAD Security's industry-first positive security model for their zero trust initiatives, posture management for cloud native infrastructure, and detection of zero days in runtime. RAD Security's mission is to empower engineering and security teams to push boundaries, build technology and drive innovation so they can focus on growth versus security problems. In today's environment, attackers are more versed in cloud native security than security teams.RAD Security removes the blind spots of legacy tools, closing the gap for prioritization and remediation in cloud native infrastructure. To learn more, meet with Brooke Motta and her RAD Security co-founder Jimmy Mesta at the Innovation Sandbox on Monday, May 6th, where they will be participating in the pitch contest.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO and Co-Founder of RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://twitter.com/brookelynz1ResourcesRAD Security Blog: https://itspm.ag/radsec-477a54Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode, AWS Director of Enterprise Strategy Phil LeBrun speaks with Nicole Eagan, Chief Strategy and AI Officer, and Michael Beck, Global CISO at Darktrace about how artificial intelligence is transforming cybersecurity. They discuss the evolution of cyber threats, the impact of generative AI on security, and best practices for implementing robust defenses including operationalizing AI as part of a holistic people, process, and technology approach.Resources:Learn more about Amazon Bedrock, the easiest way to build and scale gen AI applications, and Amazon Q, a gen AI-powered assistant that can be tailored to your business.
The next BriefingsDirect IT security best practices discussion examines how a leading German home builder has adjusted to a major economic market disruption. Germany's home building demand has recently reversed, putting pressure on builders to reduce IT costs while remaining secure. Subscribe to the podcast on iTunes. Read a full transcript or download a copy. Stay tuned here to learn how a large, distributed workforce can be best supported by IT -- even as business conditions change and budget requirements lead to broad consolidation. Here to share how an efficient security team helps the shift from managing surging growth to optimizing around necessary contraction is Johannes Hammen, Information Security Officer at DFH Gruppe in Simmern, Rheinland-Pfalz, Germany. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. Subscribe to the podcast on iTunes. Read a full transcript or download a copy. Sponsor: Bitdefender.
SummaryIn this episode, Jack Clabby and Kayley Melton discuss the upcoming Sunshine Cyber Conference and their collaboration with Winn Schwartau. They also talk about the importance of diverse cybersecurity talent and their plans for a joint session at the conference. The hosts then interview Lisa Plaggemier, the executive director at the National Cybersecurity Alliance, who shares her career journey and the role of creativity and curiosity in cybersecurity. They also discuss the impact of COVID-19 on the cybersecurity industry and the importance of humor and satire in cybersecurity training. The episode concludes with a lifestyle polygraph segment. In this episode, the conversation covers various topics related to comedy, storytelling, and implementing change in organizations. The power of the internet is discussed, highlighting the potential consequences of online content. The guest shares her favorite comedy movies, emphasizing the comedic element in her expertise. The use of humor in training and awareness programs is explored, along with the challenges of implementing change in organizations. Dealing with roadblocks in security and the passion for security awareness are also discussed. The episode concludes with information on how to get in touch with the guest and a recap of what was learned. TakeawaysThe Sunshine Cyber Conference features keynote speakers from the No Password Required podcast, including Winn Schwartau.The hosts will be doing their first on-site remote recording at the Sunshine Cyber Conference, featuring keynote speaker Tamiko Fletcher.The National Cybersecurity Alliance focuses on training and awareness, using creativity and humor to engage and educate people.Comedy movies, such as Monty Python and the Holy Grail, can be a source of expertise and inspiration.Humor can be effectively used in training and awareness programs to engage and educate participants.Implementing change in organizations can be challenging, but finding allies and overcoming roadblocks is essential. Chapters00:00 Introduction01:28 Fishing for Potential, the RTFM Guide to Diverse Cybersecurity Talent02:25 Live On-Site Remote Recording and Keynote Speakers03:51 Sunshine Cyber Conference and Registration04:46 Interview with Lisa Plaggemier05:15 Background and Role at the National Cybersecurity Alliance05:53 Transition to Security and Marketing Collaboration06:22 Incident Response and Training and Awareness07:20 Leadership and Skills in Cybersecurity08:18 Kubikle Series and Creativity in Security09:17 Curiosity and Creativity in Cybersecurity10:48 Naming and Shaming in Pen Tests and Phishing Testing11:41 DDoS Attack and Incident Response12:38 Neurodiversity and Cybersecurity13:21 Leading a Team During COVID-1914:21 Creating Engaging Training Content15:19 Global Data and Data Privacy Laws16:18 Humor and Satire in Cybersecurity Training18:47 Kubikle Series and Satire in Cybersecurity20:41 Creating Kubikle Series and Future Plans23:03Trust in Password Managers24:22 The Importance of Curiosity in Cybersecurity25:52 The Oh Behave Report and Behavioral Science26:50 Communicating Security Information Effectively28:44 Naming and Shaming in Phishing Testing29:39 Accepting Risk and Escalation Plans30:38 The Role of Security Teams and HR32:35 Building Trust in Password Managers33:32 Global Data and Cybersecurity Awareness36:51 The Importance of Curiosity in Cybersecurity Hiring40:03 The Underground Student-Led Newspaper41:12 The Significance of Curiosity and Creativity in Career50:44 The Power of the Internet51:14 Favorite Comedy Movies52:12 Using Humor in Training and Awareness53:38 Implementing Change in Organizations54:55 Dealing with Roadblocks in Security55:45 Passion for Security Awareness56:06 How to Get in Touch56:37 What Was Learned57:11 Closing Remarks
This week, we recap Matt's experience at KubeCon Chicago, provide some hot takes on OpenAI's impending App Store, and delve into Apple's claim that 8 GB is all you need. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=BK4tldNTIOk) 440 (https://www.youtube.com/watch?v=BK4tldNTIOk) Runner-up Titles Keep on keeping on They're not sandbox projects they're litterbox projects It was USB thing If you spent all week in the OpenCost kiosk, this is the report The platter days Wait a second, I'm a pro Microsoft Benchmark Home Edition Vanity Metrics are for Vanity Rub some A.I. on it Rubbing A.I. on all of it Of course this is the way you're going to do it Rundown Apple insists 8GB unified memory equals 16GB regular RAM (https://appleinsider.com/articles/23/11/08/apple-insists-8gb-unified-memory-equals-16gb-regular-ram) CNCF October 2023: where we are with velocity of CNCF, LF, and top 30 open source projects | Cloud Native Computing Foundation (https://www.cncf.io/blog/2023/10/27/october-2023-where-we-are-with-velocity-of-cncf-lf-and-top-30-open-source-projects/) AKS Cost Analysis: an Azure-native cost visibility experience built on the OpenCost project (https://techcommunity.microsoft.com/t5/apps-on-azure-blog/aks-cost-analysis-an-azure-native-cost-visibility-experience/ba-p/3973401) Buoyant and SUSE Expand Partnership to Provide Secure Edge Computing Deployments (https://www.prweb.com/releases/buoyant-and-suse-expand-partnership-to-provide-secure-edge-computing-deployments-301978286.html) OpenAI OpenAI is letting anyone create their own version of ChatGPT (https://www.theverge.com/2023/11/6/23948957/openai-chatgpt-gpt-custom-developer-platform) All the news from OpenAI's first developer conference (https://www.theverge.com/2023/11/6/23948619/openai-chatgpt-devday-developer-conference-news) ChatCSV (https://x.com/SteveMoraco/status/1721683288576737612?s=20) How OpenAI is building a path toward AI agents (https://www.platformer.news/p/how-openai-is-building-a-path-toward?utm_source=post-email-title&publication_id=7976&post_id=138646378&utm_campaign=email-post-title&isFreemail=true&r=2l9&utm_medium=email) OpenAI debuts GPT-4 Turbo and fine-tuning program for GPT-4 | TechCrunch (https://techcrunch.com/2023/11/06/openai-launches-gpt-4-turbo-and-launches-fine-tuning-program-for-gpt-4/) CIQ, Oracle, and SUSE unite behind OpenELA to take on Red Hat Enterprise Linux (https://www.zdnet.com/article/ciq-oracle-and-suse-unite-behind-openela-to-take-on-red-hat-enterprise-linux/) Matt Ray's Keyboard Quest Andrew says gets switch tester (https://www.thockking.com/collections/switch-tester/products/custom-keyboard-switch-tester-fidget-toy) Relevant to your Interests Despite having just 5.8% sales, over 38% of bug reports come from the Linux community (https://www.reddit.com/r/gamedev/comments/qeqn3b/despite_having_just_58_sales_over_38_of_bug/) IBM to scrap 401(k) matching, offer alternative benefit (https://www.theregister.com/2023/11/02/ibm_401k_changes/) AWS to Azure services comparison - Azure Architecture Center (https://learn.microsoft.com/en-us/azure/architecture/aws-professional/services) PagerDuty To Acquire Jeli, Bolstering its End-to-End, Automated Incident Management Solution for the Enterprise (https://www.pagerduty.com/newsroom/pagerduty-to-acquire-jeli/) Verdict reached in Sam Bankman-Fried fraud trial (https://www.cnn.com/2023/11/02/business/ftx-sbf-fraud-trial-verdict/index.html) Sam Bankman-Fried found guilty of fraud (https://www.theverge.com/policy/2023/11/2/23943236/sam-bankman-fried-trial-sbf-fraud-guilty) The GPU Math", AI's impact on Cloud Rev and Capex (https://x.com/fredaduan/status/1720239195699269903?s=46&t=zgzybiDdIcGuQ_7WuoOX0A) Developer Productivity Engineering at Netflix (https://thenewstack.io/developer-productivity-engineering-at-netflix/) Europe is in Decline: A Concerning Future Ahead (https://x.com/sabben/status/1709105432193650726?s=46&t=zgzybiDdIcGuQ_7WuoOX0A) Data observability platform Kloudfuse launches out of stealth with $23M (https://techcrunch.com/2023/11/06/data-observability-platform-kloudfuse-launches-out-of-stealth-with-23m/) Elon Musk debuts 'Grok' AI bot to rival ChatGPT, others (https://www.cnbc.com/2023/11/05/elon-musk-debuts-grok-ai-bot-to-rival-chatgpt-others-.html) Post Mortem on Cloudflare Control Plane and Analytics Outage (https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/) Datadog stock surges 30% after cloud company beats estimates, revises guidance up (https://www.cnbc.com/2023/11/07/datadog-stock-surges-after-earnings-strong-guidance.html) Elevating Cloud-Native Innovation: Craig Box joins the Solo.io Team! (https://www.solo.io/blog/cloud-native-innovation-craig-box-solo/) Mozilla will move Firefox development from Mercurial to Microsoft's GitHub • DEVCLASS (https://devclass.com/2023/11/07/mozilla-will-move-firefox-development-from-mercurial-to-microsofts-github/?td=rt-3a) Understanding Open Source Adoption: Insights from the 9th State of the Software Supply Chain Report. (https://www.sonatype.com/state-of-the-software-supply-chain/Introduction) New Report Shows Disconnect Between Developers and Security Teams on Software Supply Chain Security Priorities and Responsibilities (https://www.chainguard.dev/unchained/new-report-shows-disconnect-between-developers-and-security-teams-on-software-supply-chain-security-priorities-and-responsibilities) Nvidia announces January event after rumors of an RTX 4080 Super launch (https://www.theverge.com/2023/11/9/23953641/nvidia-ces-2024-event-rtx-4070-4080-super-rumors) Former Apple designers launch $700 Humane AI Pin as smartphone replacement (https://www.cnbc.com/2023/11/09/former-apple-designers-at-humane-launch-hands-free-ai-powered-pin.html) Big Blue Can Still Catch The AI Wave If It Hurries - The Next Platform (https://www.nextplatform.com/2023/11/06/big-blue-can-still-catch-the-ai-wave-if-it-hurries/) Nonsense Mint is shutting down, and it's pushing users toward Credit Karma (https://www.theverge.com/2023/11/2/23943254/mint-intuit-shutting-down-credit-karma) Jeff Bezos Says He Is Leaving Seattle for Miami (https://www.nytimes.com/2023/11/03/business/jeff-bezos-amazon-miami-seattle.html) Listener Feedback Software Defined Talk now available on YouTube Music (https://music.youtube.com/playlist?list=PLk19Plf_pEnSdwXf_fSSBSZ2gH9v8Hg0l) Conferences Jan 29, 2024 to Feb 1, 2024 That Conference Texas (https://that.us/events/tx/2024/schedule/) If you want your conference mentioned, let's talk media sponsorships. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Same as Ever (https://www.audible.com/pd/Same-as-Ever-Audiobook/B0C1HS5WG1#:~:text=Same%20as%20Ever%20reverses%20the,and%20living%20your%20best%20life.) Morgan Housel | Acquired Podcast (https://www.acquired.fm/episodes/morgan-housel) The Morgan Housel Podcast: My New Book, Same As Ever: A Guide to What Never Changes (https://podcasts.apple.com/us/podcast/my-new-book-same-as-ever-a-guide-to-what-never-changes/id1675310669?i=1000633970682) Matt: DisplayLink (https://www.synaptics.com/products/displaylink-graphics) for multiple external monitors on M1 Macs (Asahi Linux discussion (https://forums.macrumors.com/threads/asahi-creator-1-monitor-support-is-because-of-hardware-limitation.2351766/)) Photo Credits Header (https://unsplash.com/photos/a-close-up-of-a-computer-motherboard-y4_xZ3cs96w)
With multiple crises happening around the globe, it's impossible for organizations to ignore the threat of geopolitics to their business. Security teams are forced to think beyond what's happening now and consider what's around the corner. Many understand the duty of care to keep employees safe; however not all realize that this extends to the geopolitical landscape. It is the duty of security leaders to help their organization make sense of what's happening and be a calm voice in the midst of permacrisis.Ross Hill, Founder of Insight Forward, is that calm voice for many as he helps businesses understand risk. He applies his background leading intelligence analysis for prominent risk management organizations such as AT-RISK International and Pinkerton, and has acquired an in-depth knowledge of core processes, programme design and management, fulfilling senior management positions in global security and risk consultancies, and gaining exposure to renowned multinationals and driving their intelligence needs. He began his career as a Forensic DNA Analyst and as an Intelligence Analyst for the Metropolitan Police.Check out Insight Forward's latest report: Top 10 Geopolitical Risks for Businesses in 2024 and the latest geopolitical news by subscribing to Pestle & Mortar.Key topics of Hill's discussion with hosts Chuck Randolph and Fred Burton include:Why global and national companies alike cannot escape the impact of geopolitics on their business, and why it's critical to look beyond the threats you face today.Why security leaders have a responsibility to help the people they protect make sense of the crises abroad and how misinformation (most notably with the Hamas War) has the ability to cause unwarranted concern and mistrust.The top three things corporate security teams can do right now in light of multiple crises happening around the globe.
Key topics of Lake's discussion with host Chuck Randolph include:Lessons in risk management Lake has learned that translate between his government and private sector experience.The importance of knowing your business and where security can add value to better support strategy and decision-making.Decision-making in times of crisis and the importance of knowing who has the authority to make certain decisions before an event occurs.Key takeaways:06:57: Chuck Randolph: How did you translate or how would you recommend people translating the ability to say ‘hey, here's some tenets that we have from say being in the military into the private with corporate world.'07:45: Dick Lake: I would push back just a little on you Chuck when you said you kind of have it handed to you in the military. That's not always the case. What I had to do in the military is similar to what I had to do in the corporate world which is sell my product. Convince people that I had a product that was worth using and why it was in their interest and to their benefit to use that product.12:45: Dick Lake: Part of it is what's my value proposition to the organization and one of the key ways you establish your value is you have an in-depth understanding of the business of the business and look for it look to identify ways that you can contribute.21:50: Dick Lake: It's critical to understand what the organization's crisis management, crisis response, and business continuity policies and procedures are. Most organizations will have somebody that has been identified that will have that role. The second thing is understanding who has the decision authority for certain things and who can make a decision to close an office.That's something you need to decide before there's a crisis because a crisis is business that is not normal. So as as a chief security officer, I may not have that authority to close the office but I might be able to make a recommendation to the chief operating officer. People need to understand that — not just the chief operating officer and the chief security officer, but the chief financial officer, the CEO — everyone needs to underst
In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988DevOps Research and Assessment (DORA): https://dora.dev2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg47.4% of internet traffic wasn't human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelPart 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamPart 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windhamCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988DevOps Research and Assessment (DORA): https://dora.dev2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg47.4% of internet traffic wasn't human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelPart 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamPart 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windhamCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest: Rosemary Wang, Developer Advocate at HashiCorp Topics: Could you give us a 2 minute picture on what Terraform is, what stages of the cloud lifecycle it is relevant for, and how it intersects with security teams? How can Terraform be used for security automation? How should security teams work with DevOps teams to use it? What are some of the obvious and not so obvious security challenges of using Terraform? How can security best practices be applied to infrastructure instantiated via Terraform? What is the relationship between Terraform and policy as code (PaC)? How do you get started with all this? What do you tell the security teams who want to do cloud security the “old way” and not the cloud-native way? Resources: Video (LinkedIn, YouTube) “EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?” Policy as Code with HashiCorp Sentinel or Open Policy Agent (OPA) for Terraform “Terraform Cloud adds Vault-backed dynamic credentials” blog Google Cloud Provider for Terraform Security & Authentication Providers for Terraform “Sloth's Guide to Mindfulness” book
For this week's episode, we brought back a fan favorite Security Teams Can't Do It All. This episode features guest Rob Wood, CISO at CMS, who discusses the challenges of data silos in the workplace and the importance of supportive leadership. Links: Connect with our guest Rob Wood on LinkedIn Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord
We're handing the mic over to our friends at Talking Threat Intelligence, a podcast by LifeRaft today. On the show, they had our very own Daniel Ben-Chitrit on to discuss the security implications of ChatGPT, how it could be used by phishing scammers to up their skills and the safest way for OSINT researchers to prompt AI.Key takeawaysSecurity implications of ChatGPT“A force multiplier” for phishing scammersThe safest way for OSINT researchers to prompt AIAbout Talking Threat IntelligenceTalking Threat Intelligence explores the intersection of OSINT and risk management. Each episode breaks down emerging threats that could impact an organization, insights into the latest technologies that can enhance security operations and tips for exploiting threat intelligence to keep your staff, assets and customers safe.References from the showListen to Talking Threat IntelligenceLifeRaftFind Dan on LinkedIn
Live on-location from Infosecurity Europe 2023, Sean Martin connects with Steve Smith from Pentera to discuss the challenges and opportunities to help organizations protect against the broader scope of security risk.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Steve Smith, VP, UKI & CEE at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/stevesmithesq/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:
Guests: Sarah Freeman, Principal Cyber Engagement Operations Engineer, MITRE [@MITREcorp]On LinkedIn | https://www.linkedin.com/in/sarah-freeman-7817b121/At RSAC | https://www.rsaconference.com/experts/sarah-freemanMegha Kalsi, Director - Digital, Cybersecurity, AlixPartners [@AlixPartnersLLP]On LinkedIn | https://www.linkedin.com/in/meghakalsi/At RSAC | https://www.rsaconference.com/experts/megha-kalsiKristy Westphal, Director, Information Security and Operations, HealthEquity [@HealthEquity]On LinkedIn | https://www.linkedin.com/in/kmwestphal/At RSAC | https://www.rsaconference.com/experts/kristy-westphal____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesGiven recent changes in the financial posture in nearly every economy, many organizations are faced with challenges from rising interest rates, bank failures, and dissipating venture capital. With this, and other fiscal issues that may be surfacing, how do security leaders look at budgets differently? In this session, we'll explore:How, where — and on which technologies — are organizations spending their money earmarked for cybersecurity?How do they know they are spending the right amount of money in the right places at the right times?How do security teams organize their thoughts, plans, and budget requests — and how do they present them to executive staff — to ensure they are speaking to these fiscal challenges they face in the context of the rest of the business?____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
JR Robinson, Head of Platform at generative AI startup Writer, joins VP of Endpoint Security Product Management Chris Goettl and Ashley Stryker to discuss current generative AI use cases for security teams that go beyond just chat bots.(Please. For everyone's sanity… go beyond chat bots.)They'll also preview a deeper webinar discussion with Chief Security Officer Daniel Spicer on the risks and rewards generative AI offers security teams at every organization, airing on April 26 — save your spot and bring your questions to "Generative AI for Infosec and Hackers: What Security Teams Need to Know!" Next episode going live April 11, 2023!New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Gisela Hinojosa is a Senior Security Consultant at Cobalt, executing IoT penetration tests and red teaming exercises with a wide variety of security teams. With over 13 years of experience in the tech world, Gisela has held roles in admin, software engineering, QA, consulting, and penetration testing. In this episode, she shares what vulnerabilities she discovers and how security teams can extract as much value as possible from each pentest engagement. For more on this topic, make sure to check out the industry report "The State of Pentesting 2023": https://resource.cobalt.io/state-of-pentesting-2023
Guest: Dr. Rebecca Wynn, Global Chief Security Strategist & CISO at Click Solutions GroupOn LinkedIn | https://linkedin.com/in/rebeccawynncisspHost: Chloé MessdaghiOn ITSPmagazine
Paul Valente, co-founder and CEO of VISO Trust discussed the growing importance of knowing your third parties, their control posture, and the data shared with them, as well as the challenges faced by security teams in assessing third parties at scale.
About David Gottesman and Epic Machines: Epic Machines provides, hands-on managed services and products to help customers migrate to a ZeroTrust Security posture. We not only understand the new technologies but we also understand the journey from the legacy, incumbent systems that must be maintained along the way. I'd love to share a presentation and have a prescriptive discussion with the IT and Security teams leading these initiatives. Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets. Digital Transformation has already occurred and is being further accelerated by a primarily remote worker norm. To secure this newly transformed worker, Cloud-native technologies in identity, endpoint security, and enforcement Cloud are the building blocks. This builds a foundation to address the wide range of DLP (Data Loss Prevention) use-cases faced by Operations and Security Teams. In addition, Epic Machines sells technology products and SaaS services for over 300 manufacturers and software developers.
In this episode of the Church Security Made Simple Podcast, we'll explore the significance of leadership in church safety and security. Today i'm joined by Dan Kopp the author of the book "The Power of Me Leadership: 9 Leadership Tenets for EVERY Leader" going through 4 of his tenents. If you missed the first part of our conversation go check out ep. 20 of the podcast. Buy the book here: https://amzn.to/3zwdxXp
Guest: Phillip Wylie, Host of ITSPmagazine's The Hacker Factory PodcastOn ITSPmagazine
In this episode, Tom Hollingsworth, Zoë Rose, and Dominik Pickhardt discuss XDR and how it can be leveraged by the entire organization to help secure your assets and users. © Gestalt IT, LLC for Gestalt IT: Is XDR Only for Security Teams?
In this episode, Tom Hollingsworth, Zoë Rose, and Dominik Pickhardt discuss XDR and how it can be leveraged by the entire organization to help secure your assets and users. © Gestalt IT, LLC for Gestalt IT: Is XDR Only for Security Teams?
In this episode of Hacker Valley Studio, Rob Wood, Chief Information Security Officer (CISO) at CMS, discusses the challenges of data silos within organizations. Rob explains that security teams often operate in silos, with different departments focusing on various aspects of security, such as incident management, compliance, and penetration testing. One way to improve this is by flattening the organizational structure and finding ways to work together in the same data environments, using the same data tools. This would allow teams to collaborate better and share information, improving overall security. In the episode, Rob also highlights the importance of supportive leadership and culture in driving change and the impact of the mission in his work. Ron picks up on two key elements - people and communication - as important in cybersecurity and business, as breakdowns often happen due to lack of communication. Chris mentions how he is hard on leaders who create toxic environments or use fear and intimidation to lead their teams. He also notes that he is starting to see a different kind of leader in the technical space, one that knows a lot, and is intelligent but also knows how to talk to people and make them feel seen. The conversation then shifts to where this change in leadership is coming from. Rob Wood suggests that it is the next wave of leaders coming in, as there are more leadership opportunities available. He also notes that there are many people moving into security from diverse fields, creating a polymath effect of blended disciplines. This helps humble people and allows them to be more human. He also mentions that his own career path was not traditional, as he studied sports management in college and transitioned into an internship in cybersecurity. -------------- Links: Stay up to date with Rob Wood on LinkedIn Join our Patreon monthly creative mastermind Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued to take place in the IT industry since the pandemic. This has created a huge challenge for CISOs and other security leaders in their efforts to recruit and retain skilled security teams.In this episode, Megan McCann—CEO & Founder of the IT recruitment firm McCann Partners—presents creative approaches CISOs and hiring managers can apply to go beyond scanning resumes to finding prospects who can offer true value. McCann also discusses what CISOs can do to nurture their own careers._______________________Community Member Contributor: Megan McCannCEO & Founder at McCann Partners [@McCannPartners]On Twitter | https://twitter.com/meganpmccannOn LinkedIn | https://www.linkedin.com/in/meganpmccann/Hosts: Sean Martin and Marco CiappelliOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?
Today we're talking to Andrew Wright, Director of Strategic Content at Snyk; and we discuss how security teams can become the hero; the nature and causes of sophisticated cloud attacks; and how to go about solving culture issues in the workplace. All of this right here, right now, on the Modern CTO Podcast! Check out more of Andrew and Snyk at https://snyk.io/!
On this episode of CyberWire-X, we dive into the essential role of open-source intelligence in identifying cyber and physical threats and reducing risk across your organization. The CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table members Dr. Georgianna Shea, CCTI and TCIL Chief Technologist at the Foundation for Defense of Democracies, and Bob Turner, Field CISO – Education at Fortinet. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor risk intelligence firm Flashpoint's Chief Intelligence Officer Tom Hofmann. They explore the foundational importance of open source intelligence, which includes social media platforms and geospatial data and insights. Plus, they explore real-life examples of how organizations, from governments to commercial enterprises, are leveraging open source intelligence and technology every day to protect their people, places, assets, and critical infrastructure.
Bots are the threat of the internet - even defectors use them. Skyrocketing IoT bug disclosures put pressure on security teams. Japan declares war on floppy disks for government use. FCC has approved $6 billion in broadband grants despite rejecting Starlink. Closing the security gap opened by the rise of no-code tools. Alex Iceman, Founder and CEO of Genium, on market trends for businesses & the type of talent needed to meet the demands of a secure world. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Alex Iceman Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: newrelic.com/enterprise UserWay.org/twit Compiler - TWIET