POPULARITY
10 episodes with security teams
4 episodes with security teams
4 episodes with security teams
4 episodes with security teams
7 episodes with security teams
3 episodes with security teams
2 episodes with security teams
2 episodes with security teams
2 episodes with security teams
In Part 3 of our Foundations of Church Security Teams series, we move beyond the initial response and focus on one of the most critical, and often overlooked, parts of a church security incident: what happens after contact is made with the threat. This episode covers the realities of integrating with responding law enforcement, how to conduct effective handoffs during a critical incident, why communication failures create danger, and the importance of tracking personnel and cleared areas inside your facility. Adam McIntyre shares lessons from Special Operations leadership, practical guidance for casualty management, and why realistic, church-specific training matters far more than static range practice. This episode provides practical insight into coordination, communication, room clearing, casualty response, and leadership under pressure. The next episode of this series will focus on radio communications. 1:05 Finishing where we left off: what happens after an incident begins and law enforcement arrives? 1:50 Why the person maneuvering toward the threat should not "sit on the radio" during the response 3:00 How support personnel should direct responders 3:53 Why teams must continue clearing the threat area even after the suspect is neutralized 4:40 The importance of establishing a designated law enforcement handoff point at your church 5:30 Understanding "battle tracking" and maintaining accountability for everyone inside the facility 6:30 Why link-up procedures during an incident can become dangerous without proper tracking 7:20 Every member of a church safety team must know how to conduct the law enforcement handoff 8:12 Near and far recognition signals: visual identifiers, radio communication, and announcing arrivals 10:50 Holding off-duty police officers and experienced personnel accountable to church procedures 13:45 Why training must happen inside your actual church facility, not just on a range or in a shoot house 17:20 Why law enforcement maintains jurisdiction and the importance of avoiding conflict with responders 18:15 Maintaining cleared areas without surrendering ground unnecessarily 20:05 The importance of secondary searches and thoroughly checking any space where a person could hide 21:53 Adam explains why declaring an area "secure" was one of the most stressful leadership decisions in Special Operations 22:45 Why church teams gain an advantage by training in the same environment they protect 23:45 Center-fed vs. corner-fed rooms and how teams should practice both 24:55 Why teams should intentionally allow failure during training to improve adaptability 27:00 Responding to casualties while the event is still unfolding 28:30 The difficult reality of prioritizing stopping the threat before treating victims 29:20 Establishing casualty collection points near exits 30:15 Prioritizing injuries during mass casualty events and why deceased victims should not be placed in casualty collection points 32:00 Plain language vs. coded language during emergencies 35:30 The importance of radio training and why it's one of the most overlooked low-cost skills for teams 40:00 The next episode of the series will focus entirely on communications training
In this second part of Foundations of Church Security Teams, Brink and Tom sit down with Adam McIntyre, Director of Training at Defend Systems, to discuss building and developing an effective safety team through the right mindset, strong leadership, and practical training. We cover communication, de-escalation, realistic preparation, and why consistency and standards matter. The episode also emphasizes medical readiness, proper team structure, and preparing for real-world threats beyond the basics. Stay tuned for Part 3, where we discuss handoffs to law enforcement and post-incident recovery. 1:04 This episode will focus on: training standards, equipment, and mindset 3:15 First responder mindset matters more than security team equipment 3:57 "Act now" mindset - Covenant vs. Uvalde response comparison 7:40 Leadership at the front must be followed, even if others are senior 14:00 Prioritize selecting regular, committed church attendees 17:00 Radio and comms training is often overlooked but critical 18:30 Start with basics before advancing to higher-level tactics. Use a crawl, walk, run progression. 19:22 De-escalation training and Tom's story about improper suspect engagement 28:30 Pushing through difficult training builds real-world readiness 31:40 Real gunfighting is different than range marksmanship 32:24 Firearm standards must be consistent across all team members 33:15 Follow local law enforcement training standards when unsure 37:50 Consider armed guard licensing or meet equivalent standards 39:00 Many church teams are only prepared for single threats, not coordinated attacks 41:00 "Warrior in a garden" mindset 44:30 Always have armed coverage near children's/youth areas 45:35 Trauma medical training is essential for saving lives 48:20 Use of GRG map grids to improve internal building response 50:15 Next episode: law enforcement handoff and aftermath
Our 241st episode with a summary and discussion of last week's big AI news!Recorded on 04/18/2026 Hosted by Andrey Kurenkov and Jeremie HarrisFeel free to email us your questions and feedback at andreyvkurenkov@gmail.com and/or hello@gladstone.aiRead out our text newsletter and comment on the podcast at https://lastweekin.ai/In this episode:Anthropic released Claude Opus 4.7 with improved benchmark performance, new reasoning controls, better vision and memory, and a detailed system card discussing deception risk, evaluation-awareness steering, and a training bug that accidentally supervised chain-of-thought in 7–8% of episodes.Meta unveiled its closed Muse Spark model and “contemplating mode,” highlighting test-time scaling, thought compression, large infrastructure plans like the Hyperion data center, and findings that it shows unusually high evaluation awareness.OpenAI introduced limited-access GPT 5.4 Cyber for defensive security teams and rolled major Codex updates including computer use, browser and plugins, image generation, and long-horizon task scheduling; competing agent products also launched from Anthropic, Canva, and Adobe.Business, policy, and safety news included continued government blacklisting litigation affecting Anthropic, CoreWeave compute deals, Perplexity revenue growth tied to agents, a potential Cohere–Aleph Alpha merger, attacks targeting Sam Altman and OpenAI, AI propaganda trends, and new alignment research on automated weak-to-strong supervision and steering evaluation awareness.Timestamps:(00:00:10) Intro / Banter(00:03:43) News Preview(00:04:14) Response to listener commentsTools & Apps(00:05:30) Anthropic releases Claude Opus 4.7, narrowly retaking lead for most powerful generally available LLM | VentureBeat(00:24:15) Meta debuts the Muse Spark model in a 'ground-up overhaul' of its AI | TechCrunch(00:34:23) OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams(00:39:44) OpenAI's big Codex update is a direct shot at Claude Code | The Verge(00:42:10) Anthropic launches Claude Design, a new product for creating quick visuals(00:42:30) Anthropic's New Product Aims to Handle the Hard Part of Building AI Agents | WIRED(00:42:54) Canva's AI 2.0 update goes all in on prompt-powered design tools | The Verge(00:43:06) Adobe's new AI Assistant marks a ‘fundamental shift' in creative work | The Verge(00:43:38) Gemini can now pull from Google Photos to generate personalized images | The Verge(00:43:52) Google rolls out a native Gemini app for Mac | TechCrunch(00:44:04) Chrome now lets you turn AI prompts into repeatable ‘Skills' | The VergeApplications & Business(00:44:22) Anthropic loses appeals court bid to temporarily block Pentagon blacklisting(00:49:07) Jeff Bezos' AI lab poaches xAI cofounder Kyle Kozic from OpenAI. | The Verge(00:51:39) Perplexity's Shift to AI Agents Boosts Revenue 50%(00:53:53) Anthropic Agrees to Rent CoreWeave AI Capacity to Power Claude(00:57:32) Canada's Cohere, Germany's Aleph Alpha reportedly in merger talks(01:04:23) ChatGPT has a new $100 per month Pro subscription | The Verge(01:05:10) OpenAI has bought AI personal finance startup Hiro | TechCrunch(01:07:03) Allbirds announced a switch from shoes to AI and its stock jumped 600 percent | The VergeProjects & Open Source(01:07:26) HY-World 2.0: A Multi-Modal World Model for Reconstructing, Generating, and Simulating 3D Worlds + Lyra 2.0: Explorable Generative 3D WorldsPolicy & Safety(01:19:12) Daniel Moreno-Gama is facing federal charges for attacking Sam Altman's home and OpenAI's HQ | The Verge(01:20:15) Duo accused of shooting at Sam Altman's house are freed; no charges filed (01:24:50) The Iranian Lego AI video creators credit their virality to ‘heart' | The Verge(01:27:19) Hundreds of Fake Pro-Trump Avatars Emerge on Social Media - The New York Times(01:27:31) The AI images Trump can't get enough of | Donald Trump | The Guardian(01:29:25) Automated Weak-to-Strong Researcher(01:43:51) Reproducing steering against evaluation awareness in a large open-weight model(01:49:53) Iran threatens ‘complete and utter annihilation' of OpenAI's $30B Stargate AI data center in Abu Dhabi — regime posts video with satellite imagery of ChatGPT-maker's premier 1GW data center(01:53:57) Wall Street Banks Try Out Anthropic's Mythos as US UrgesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Are AI agents functioning like adversarial malware inside your network? In this episode of the Cloud Security Podcast, Ashish sits down with Jasson Casey, Co-founder and CEO of Beyond Identity, to speak about the security risks introduced by Shadow AI and code assistants .Jasson explains why an AI agent executing a tool is the perfect opportunity for prompt injection or proprietary data exfiltration comparing unchecked agents to Ron Burgundy reading whatever is on the teleprompter . We discuss the "barbell" reaction of CISOs (either blocking AI entirely or blindly accepting the risk) and why placing device-bound identity at the core of your security stack is the only way to safely enable AI speed .From an $80,000 stolen Anthropic key nightmare on Reddit to a red-team exercise that cloned voices using Hugging Face models in just four hours, this episode highlights the tangible threats and solutions of the AI era .Guest Socials - Jasson's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:50) Who is Jasson Casey? (CEO of Beyond Identity) (03:50) The Reality of Shadow AI: Marketers & Devs Moving Fast (05:10) Why AI Agents Execute Like Adversarial Malware (06:20) Prompt Injection Over Time & Agent "Memory" as Persistence (07:40) The CISO "Barbell": Blocking Everything vs. Accepting All Risk (09:30) Applying the NIST Framework to AI Agents (12:00) The Reddit Horror Story: An $80,000 Stolen Claude Key (13:00) Why Device-Bound Identity is the Ultimate AI Control Plane (15:50) The Death of SaaS IT Products (Replaced by Git + Claude Code) (19:30) Fixing Prompt Injection & Exfil via Attributable Identity (20:50) Moving from UI Dashboards to API Data + AI Skills (26:20) Building "Agentic Playbooks" for Security Teams (27:40) Red Teaming: Cloning Voices in 4 Hours via Hugging Face (30:20) Fun Questions: Kangaroo vs. Crocodile Tasting (31:50) Hobbies: Radar Projects & Northern Mexican Cuisine (Dark Mole) This episode was sponsored by Beyond Identity Resources spoken about during the episode: To get started with Ceros, the AI Trust Layer - Visit beyondidentity.ai
Security leadership has never been just about technology, but in the age of AI, the stakes for getting it right have never been higher. George Gerchow, Chief Security Officer at Bedrock Data, brings a candid and hard-won perspective on what it takes to build high-performing security teams and lead with purpose in a rapidly evolving threat landscape.In conversation with Clarke Rodgers, Senior Principal from the Office of the CISO at AWS, George shares how the security leader's role has shifted from basement-level blocker to boardroom-level business partner, and why approachability, vulnerability, and transparency are now core leadership traits. He explores how AI is transforming both sides of the security equation, from agentic tools that help defenders scale, to AI-powered bots lowering the barrier to entry for threat actors.From DevSecOps to responsible AI frameworks to the case for reviving defense in depth, this episode offers security leaders a grounded and practical perspective on building teams and strategies that can move fast without compromising trust.
Michael Fanning, CISO at Splunk, joins The Tech Trek for a grounded conversation on how the security leader role is changing in the AI era. This episode gets into the real tension facing modern CISOs, balancing risk without slowing the business down, hiring for technical depth over narrow credentials, and defining success in a field where perfection is not a realistic metric.This is a practical conversation for security leaders, engineering leaders, founders, and operators trying to make sense of AI adoption inside the enterprise. Mike breaks down why security has to move from fear based messaging to business enablement, why many teams may be overlooking strong security talent hiding in adjacent technical roles, and where AI can either reduce burnout or make it worse.In this episodeWhy the CISO role is becoming more engineering driven and more tightly tied to business outcomesWhere AI creates real leverage for security teams, and where it introduces new operational riskWhy the security talent gap may be as much a hiring mindset problem as a supply problemWhat actually causes burnout in security teams, beyond the usual talking pointsHow to think about success in security when zero incidents is not a serious metricHighlights1:44, The CISO role is shifting from pure protection to business enablement7:11, AI creates leverage for defenders, but it is also accelerating the attacker playbook9:31, The biggest AI security risks, from developer copilots to agent driven decision making14:15, Why security teams need room to experiment with AI or risk falling behind16:58, Only 1 percent of CISOs surveyed prioritized technology to close the skills gap22:16, AI can reduce burnout, but only if it cuts noise instead of creating more of itSecurity is about assessing risk and finding a way to say yes in a way that is responsible.A practical idea worth taking back to your teamLook beyond candidates with formal security titles. Mike makes the case that strong engineers, SREs, and cloud practitioners often already understand the systems, access models, and infrastructure realities that matter most. Security can be taught on top of that foundation.Link to report: https://www.splunk.com/en_us/form/ciso-report.htmlFollow The Tech Trek for more conversations with leaders shaping how technology actually gets built, secured, and scaled.
What does it actually take to build an effective church security team? In Part 1 of this series, Brink and Tom sit down with Adam McIntyre, Director of Training at Defend Systems, to break down the foundations of church safety, from who should be on your team to why having any team is better than none. Adam shares practical insights on recruitment, roles, communication, and common mistakes churches make when getting started. Whether your church is just beginning to think about safety or looking to strengthen an existing team, this episode offers clear, experience-driven guidance to help you take the next step. Stay tuned for Part 2, where we'll dive into how to train a team effectively. 1:03 – Introduction to the series: developing, recruiting, training, and maintaining a church safety team with Adam McIntyre, Director of Training at Defend Systems 5:50 – Why pastors should not lead safety team development and how it can polarize a congregation 7:44 – A high-level approach: prioritize the right 5 people over a large, uncommitted team 9:36 – The #1 rule: have a team 11:00 – What makes a good team member? 11:55 – The Security Operations Center (SOC): why your camera operator plays a critical role 16:00 – The challenge of multiple entry points: managing doors effectively 20:15 – Why gamers often make excellent SOC operators 21:55 – The importance of radio training and clear communication 23:40 – Key traits to look for: humility, communication, and a willingness to train 26:30 – Identifying and leveraging people who can augment your team 27:00 – Limited training time: why efficiency and clear SOPs are critical 30:47 – Reference: West Freeway Church of Christ shooting and lack of coordination 32:15 – Resource highlight: Faith-Based Security Network 35:20 – Start with private recruiting before making public announcements 38:45 – Small vs. large churches: same principles, different execution 40:00 – Local collaboration and how we can connect you with resources - email info@tipstacticstools.com Coming Next: Part 2 – How to train a church security team
Fig traces data flows in the security stack and then alerts security teams when changes at any point affect detection or response capabilities. Also, the four-year-old startup Cursor saw its revenue run rate double over the past three months, according to one Bloomberg source. Learn more about your ad choices. Visit podcastchoices.com/adchoices
High-risk pregnancies and pro-life laws, church safety and security teams, and how simple kindness can prevent violence. Plus, Albert Mohler on the tone of leadership, the price of picking on a mascot, and the Tuesday morning news Support The World and Everything in It today at wng.org/donateAdditional support comes from The Joshua Program at St. Dunstan's Academy in the Blue Ridge Mountains: work, prayer, and adventure for young men. stdunstansacademy.orgFrom WatersEdge. Competitive rates and supporting churches. 4.55% APY on a 13-month term investment. WatersEdge.com/investAnd from The Master's University, equipping students for lives of faithfulness to The Master, Jesus Christ. masters.edu
Watch Pastor Mike Fabarez from Ask Pastor Mike Live To support this ministry financially, visit: https://www.lightsource.com/donate/865/29
In this powerful and candid discussion, Pastor Mike addresses a difficult and emotional question many believers are wrestling with today: should churches have armed security teams? Responding to concerns about defending the congregation—even if it means using deadly force—Pastor Mike walks through biblical principles of self-defense, the value of human life made in the image of God, and the responsibility to protect the innocent. He explains why loving our neighbors, families, and fellow believers sometimes requires decisive action, especially in an age where churches are increasingly targeted. This teaching brings clarity, biblical grounding, and pastoral conviction to a topic many Christians feel uneasy talking about but can no longer ignore.Text ASK to 90398 to ask Pastor Mike a Bible Question.Text GOLIVE to 90398 to be notified when ASK Pastor Mike is LIVE.Find more ways to learn your Bible at https://focalpointministries.org/Have a Bible Question? Ask Pastor Mike! https://focalpointministries.org/ask-pm/ To support this ministry financially, visit: https://www.lightsource.com/donate/865/29
AI has officially moved from experimentation to execution—and regulation is racing to catch up.In this episode of Reimagining Cyber, Tyler Moffitt is joined by Matt Aldridge to unpack what the rapidly evolving AI regulatory landscape means for security teams, businesses, and managed service providers heading into 2026.From the EU AI Act and GDPR to California's CPRA and emerging rules around automated decision-making, they explore how governments are trying to balance innovation with safety, privacy, and accountability. The conversation dives into the real-world security implications of agentic AI, autonomous decision-making, biased training data, and the growing risks of AI systems operating with minimal oversight.Whether you're an enterprise security leader, an SMB, or an MSP supporting multiple customers, this episode breaks down why AI regulation is no longer a future concern—and what practical steps organizations should be taking now to reduce risk, protect data, and responsibly govern AI adoption.As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
The Pure Report welcomes two key members of Pure's Technical specialist team, Principal Technologist Joey Clark and Field Solution Architect Drew Kessel (who covers Cyber Resilience). Our conversation begins with a look at their backgrounds, including their surprising common start in healthcare IT, and the value of professional development, like Pure's EBC speaker training. We quickly pivot to the successes Pure is seeing in the areas of file, object, and unstructured data, driven by innovative products like FlashBlade and FlashArray. The core of our discussion centers on why Pure is successfully tackling the toughest challenges in unstructured data, noting the significant shift to object storage for backup, which provides benefits like immutability via object lock. Joey and Drew highlight how Pure's unique approach—focusing on simplicity and eliminating "tech debt"—is resonating with customers and leading to major business breakthroughs. This success is made stronger by strategic partnerships with data protection leaders like Rubrik, Commvault, and Veeam, creating a connected ecosystem that delivers layered resilience against modern threats. Finally, we explores the powerful narrative of the Enterprise Data Cloud (EDC), with Fusion acting as the intelligent control plane. We discuss how Fusion is the vehicle for EDC, helping customers mitigate risk and human error through automation. This includes using presets to enforce protection policies (like SafeMode snapshots and replication) and delivering audit and compliance alerts when security settings are changed. Drew shares a powerful, real-life customer success story of an 8-hour recovery from a cyber event using Pure snapshots, emphasizing that cyber resilience is a unified team sport that requires both infrastructure and security teams to collaborate. To learn more, visit https://www.purestorage.com/products/storage-as-code/pure-fusion.html Check out the new Pure Storage digital customer community to join the conversation with peers and Pure experts: https://purecommunity.purestorage.com/ 00:00 Intro and Welcome 09:02 File and Object Momentum 16:45 SLA-Backed Cyber Recovery 20:20 Fusion Presets and Cyber 27:33 Cyber and Enterprise Data Cloud 34:06 Bridging Cyber IT to Security Teams and CISOs 38:11 Pure Tech Summit Events 42:11 Hot Takes Segment
Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7: Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point. The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster
Traditional vulnerability management is simple: find the flaw, patch it, and verify the fix. But what happens when the "asset" is a neural network that has learned something ethically wrong? In this episode, Sapna Paul (Senior Manager at Dayforce) explains why there are no "Patch Tuesdays" for AI models .Sapna breaks down the three critical layers of AI vulnerability management: protecting production models, securing the data layer against poisoning, and monitoring model behavior for technically correct but ethically flawed outcomes . We discuss how to update your risk register to speak the language of business and the essential skills security professionals need to survive in an AI-first world .The conversation also covers practical ways to use AI within your security team to combat alert fatigue , the importance of explainability tools like SHAP and LIME , and how to align with frameworks like the NIST AI RMF and the EU AI Act .Guest Socials - Sapna's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Sapna Paul?(02:40) What is Vulnerability Management in the Age of AI? (05:00) Defining the New Asset: Neural Networks & Models (07:00) The 3 Layers of AI Vulnerability (Production, Data, Behavior) (10:20) Updating the Risk Register for AI Business Risks (13:30) Compliance vs. Innovation: Preventing AI from Going Rogue (18:20) Using AI to Solve Vulnerability Alert Fatigue (23:00) Skills Required for Future VM Professionals (25:40) Measuring AI Adoption in Security Teams (29:20) Key Frameworks: NIST AI RMF & EU AI Act (31:30) Tools for AI Security: Counterfit, SHAP, and LIME (33:30) Where to Start: Learning & Persona-Based Prompts (38:30) Fun Questions: Painting, Mentoring, and Vegan Ramen
Cyberangriffe sind längst keine Ausnahme mehr – besonders nicht für den Mittelstand. In dieser Folge spricht Jonas Rashedi mit Dr. Marc Atkins von Vodafone Business, der das neue Cyber Security Center leitet. Gemeinsam schauen sie auf typische Risiken, reale Fälle und praktikable Schutzmaßnahmen. Marc erklärt, wie Phishing-Angriffe ablaufen, warum Awareness der erste Schritt ist – und was passiert, wenn man gar nichts merkt. Er bringt konkrete Beispiele mit: von Samstags-Attacken, die nachts erkannt und automatisch isoliert werden, bis hin zu alten Betriebssystemen, die im Onboarding entdeckt werden. Was hilft? Endpoint-Schutz, Firewall-Monitoring, Managed Detection & Response – und vor allem: ein Partner, der mitdenkt. Eine Folge, die zeigt, dass Sicherheit machbar ist – wenn man sie ernst nimmt. MY DATA IS BETTER THAN YOURS ist ein Projekt von BETTER THAN YOURS, der Marke für richtig gute Podcasts. Du möchtest gezielt Werbung im Podcast MY DATA IS BETTER THAN YOURS schalten? Zum Kontaktformular: https://2frg6t.share-eu1.hsforms.com/2ugV0DR-wTX-mVZrX6BWtxg Zum LinkedIn-Profil von Marc: https://www.linkedin.com/in/dr-marc-atkins-669108a7/ Zur Homepage von Vodafone: https://www.vodafone.de Zu allen wichtigen Links rund um Jonas und den Podcast: https://linktr.ee/jonas.rashedi 00:00 Vorstellung & Einstieg 08:00 Bedrohungslage & falsche Wahrnehmung 16:00 Phishing & Faktor Mensch 24:00 Stillstand, Schäden & Reputationsrisiken 30:00 MDR, SIEM, SOAR & Notfallroutinen 40:00 NIS2, Meldepflichten & Prozesse 48:00 Fachkräftemangel & Diversity in Security-Teams
John Britton, CEO of WorkBrew, joins Jamf After Dark to discuss how organizations can solve the security, compliance, and management challenges of using the open-source package manager Homebrew on macOS at scale. This episode is a must-listen for any IT or Security leader managing a fleet of Mac devices used by software engineers. Learn how WorkBrew provides visibility, governance, and automated security workflows for developer tools, all while integrating seamlessly with Jamf Pro. What You'll Learn: The security and compliance risks of unmanaged Homebrew in the enterprise. How WorkBrew provides visibility, remote management, and security for Homebrew. The seamless integration between Jamf Pro and WorkBrew for deployment and device group management. How to enable developers to use Homebrew as standard (non-admin) users on macOS. Strategies for distributing and managing private, internal company tools via Homebrew taps. The end-user experience for a developer when a company adopts WorkBrew. Featured Guest: John Britton: Co-founder and CEO of WorkBrew, a platform for securing and managing Homebrew in the enterprise. John is a software engineer with deep expertise in developer tools and experience. He is a contributor to the open-source Homebrew project and is passionate about enhancing developer productivity while meeting enterprise security standards. 0:00:00 - Introduction: Managing Your Digital Tools 0:04:01 - What is Homebrew? The "App Store for Developers" on Mac 0:05:24 - The Challenge: Why Homebrew Creates Risk for IT & Security Teams 0:08:12 - The Solution: What is WorkBrew and How Does it Help? 0:12:19 - Core Features: Deployment, Visibility, Management & Security 0:14:45 - How WorkBrew Benefits Engineers, IT Admins, and Security Teams 0:17:35 - How WorkBrew Integrates with Jamf for Deployment & Policy Management 0:22:55 - Advanced Use Case: Managing Private & Internal Company Packages 0:25:41 - The Developer Experience: Migrating from Homebrew to WorkBrew 0:28:58 - A Major Win: Enabling Homebrew for Standard (Non-Admin) Users 0:32:33 - The Rise of Mac in the Enterprise & Employee Choice 0:36:39 - How to Get Started with WorkBrew (Including the Free Plan) 0:38:58 - Final Thoughts & Key Takeaways Read more: Get started with WorkBrew's free and paid plans: https://workbrew.com/ Join the Mac Admins Foundation Slack Community: https://www.macadmins.org/ Learn more about Jamf Pro: https://www.jamf.com/products/jamf-pro/ #Jamf #WorkBrew #Homebrew #MacAdmins #EndpointSecurity
Thinking of building your own AI security tool? In this episode, Santiago Castiñeira, CTO of Maze, breaks down the realities of the "Build vs. Buy" debate for AI-first vulnerability management.While building a prototype script is easy, scaling it into a maintainable, audit-proof system is a massive undertaking requiring specialized skills often missing in security teams. The "RAG drug" relies too heavily on Retrieval-Augmented Generation for precise technical data like version numbers, which often fails .The conversation gets into the architecture required for a true AI-first system, moving beyond simple chatbots to complex multi-agent workflows that can reason about context and risk . We also cover the critical importance of rigorous "evals" over "vibe checks" to ensure AI reliability, the hidden costs of LLM inference at scale, and why well-crafted agents might soon be indistinguishable from super-intelligence .Guest Socials - Santiago's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Santiago Castiñeira?(02:40) What is "AI-First" Vulnerability Management? (Rules vs. Reasoning)(04:55) The "Build vs. Buy" Debate: Can I Just Use ChatGPT?(07:30) The "Bus Factor" Risk of Internal Tools(08:30) Why MCP (Model Context Protocol) Struggles at Scale(10:15) The Architecture of an AI-First Security System(13:45) The Problem with "Vibe Checks": Why You Need Proper Evals(17:20) Where to Start if You Must Build Internally(19:00) The Hidden Need for Data & Software Engineers in Security Teams(21:50) Managing Prompt Drift and Consistency(27:30) The Challenge of Changing LLM Models (Claude vs. Gemini)(30:20) Rethinking Vulnerability Management Metrics in the AI Era(33:30) Surprises in AI Agent Behavior: "Let's Get Back on Topic"(35:30) The Hidden Cost of AI: Token Usage at Scale(37:15) Multi-Agent Governance: Preventing Rogue Agents(41:15) The Future: Semi-Autonomous Security Fleets(45:30) Why RAG Fails for Precise Technical Data (The "RAG Drug")(47:30) How to Evaluate AI Vendors: Is it AI-First or AI-Sprinkled?(50:20) Common Architectural Mistakes: Vibe Evals & Cost Ignorance(56:00) Unpopular Opinion: Well-Crafted Agents vs. Super Intelligence(58:15) Final Questions: Kids, Argentine Steak, and Closing
The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Mike Simmons. Mike is a consultant, leadership coach, speaker, and podcaster. He combines systems thinking with a people focused approach to help his clients achieve results through clear communication. You can find his videos about business and leadership on his YouTube channel, and you can contact him via his website, Find My Catalyst. Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now! Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP. In this episode: Turning visibility into actionable intelligence Pure visibility still provides an essential security foundation Finding strategic value The risk of gaps in identity management Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Threatlocker.com/CISO
In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.
In what is (sadly) becoming a weekly segment, this episode starts with talk of the latest installment of npm package takeovers, dubbed Shai Halud as discussed in Slack and analyzed by Paul McCarty and team. Strategies discussed for monitoring packages and preventing malware from entering into organization's products. This is followed by an article referencing security via intentional redundancy when designing sensitive application functionality. Finally, analysis of a recent article from Frankly Speaking that lists a series of new commandments for security teams, which are mostly agreed to by both Seth and Ken, with some caveats.
In this episode of Out of the Woods, we explored how AI is reshaping security operations beyond threat hunting. We highlighted real progress in insider threat detection, faster triage, and incident response while underscoring the ongoing need for human judgment. We also addressed integration challenges, tool sprawl, skill gaps, and risks such as hallucinations, bias, and deepfakes, before closing with what to expect as regulations tighten and attackers continue to weaponize AI. ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/
Erez Liebermann, partner at Debevoise & Plimpton and a leading voice in cybersecurity and data privacy joins Ann on this week's episode of Afternoon Cyber Tea. Together, they unpack how legal and security teams can act as strategic partners, aligning regulatory compliance with business priorities while preparing for and responding to incidents. Ezez offers actionable insights from real-world experience on breaking down silos, building trust, and balancing transparency with legal prudence during breaches. Listeners gain practical strategies for fostering cross-functional collaboration, improving incident response, and strengthening organizational resilience in today's evolving threat landscape. Resources: View Erez Liebermann on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
Microsoft is facing backlash from managed service providers (MSPs) for not adequately protecting them against aggressive pricing strategies employed by larger licensing solution providers. These larger entities are reportedly undercutting smaller MSPs by as much as 20%, leading to significant margin erosion and increased competition. The Cloud Solution Provider Program, which was designed to create a more equitable environment for smaller providers, has not been effectively enforced by Microsoft, leaving many MSPs feeling abandoned. Analysts warn that this trend may result in consolidation among partners, as smaller providers struggle to compete in a landscape increasingly favoring larger firms.In the realm of cybersecurity, MSPs are grappling with severe alert fatigue, with a recent survey indicating that over 75% of providers experience this issue monthly. The report highlights that larger firms are particularly affected, with nearly half of those employing over 500 staff facing daily fatigue due to excessive tools and poor integration, which leads to a high volume of false positives. Alarmingly, one in four alerts is a false positive, and many providers are hesitant to consolidate their security tools due to concerns about migration complexity and potential feature loss. Despite the clear advantages of integrating platforms and enhancing automation, only 31% of MSPs have adopted AI or security orchestration tools to alleviate their burdens.In product news, several companies have made significant announcements. SuperOps has launched an AI marketplace for MSPs in collaboration with Amazon Web Services, aiming to streamline the adoption of AI agents for various tasks. Kaseya introduced customer responsibility matrices to help MSPs comply with Department of Defense cybersecurity requirements, while ConnectWise expanded its remote monitoring and management platform to include third-party patching for over 7,000 applications. Synchro reported impressive operational efficiency improvements for a client, and Ignite unveiled a no-code framework for creating customized AI agents.Lastly, the podcast discusses the ongoing challenges faced by Intel and the vulnerabilities in Enable's remote monitoring and management solution. Intel is receiving substantial investments from SoftBank and potential support from the U.S. government, indicating a lack of market confidence in the company's performance. Meanwhile, Enable is dealing with two critical vulnerabilities that are being actively exploited, with nearly 900 servers still unpatched. The urgency for MSPs to apply updates and validate their security measures is emphasized, as these vulnerabilities pose significant risks to their operations. Four things to know today 00:00 Microsoft Faces Backlash as MSPs Accuse CSP Program of Favoring Larger Licensing Providers04:53 From SuperOps to Egnyte, Vendors Announce AI and Security Features—Syncro Stands Out With Measurable Results07:50 Chip Market Split: Intel Relies on Bailouts, Foxconn Rides Explosive AI Demand10:24 Shadowserver: Nearly 900 N-able N-central Servers Remain Unpatched Against Critical Vulnerabilities This is the Business of Tech. Supported by: https://www.moovila.com/ https://scalepad.com/dave/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Can you spot the difference between real cybersecurity talent and someone using ChatGPT to fake their way through interviews? In this episode of The Audit, Thomas Rogers from Meta CTF reveals how Capture the Flag competitions are becoming the ultimate litmus test for authentic cyber skills—and why traditional hiring methods are failing in the AI era. Whether you're a CISO looking to revolutionize your hiring process, a security professional wanting to level up your skills, or just curious about what happens when cybersecurity meets escape room logic, this episode delivers actionable insights you can implement immediately. Key Topics Covered: How Meta CTF's Jeopardy-style competitions work and why they're addictive Real examples of CTF challenges that test critical thinking over pure technical knowledge The shocking rise of AI-assisted interview cheating (and how to spot it) Why "CTF culture" is becoming the new hiring differentiator for top security teams Practical tips for using competitions to build team camaraderie and retention How smaller companies can compete with Big Tech for cybersecurity talent Don't let your next hire fool you with AI-generated answers. Learn how CTF competitions reveal the real problem-solvers from the pretenders. Like, share, and subscribe for more cybersecurity hiring secrets that actually work! #MetaCTF #CybersecurityHiring #CTF #InfoSec #CyberSecurity #AIInterviews #TechRecruiting
The full Anarchy Day Weekend transmission on the P.A.Z.NIA Radio Network, originally live July 5th; featuring Cloak & Dagger with Thane Riddle, an LUA Radio classic episode on Committees of Safety and Security Teams with Gary Hunt, and much, much more. Enjoy this very Anarchy Day transmission — and join… The post P.A.Z.NIA Radio Network, Anarchy Day Weekend Transmission: Cloak & Dagger w/ Guest Gabriel Custodiet, Committees of Safety & Security Teams, & More! appeared first on The Vonu Podcast.
Danielle Weddepohl, Director of Public Safety and Emergency Management at George Brown College, discusses how to promote wellness among security teams.
Multi-cloud security isn't just a technology challenge—it's an organizational mindset problem. Security teams are juggling AWS, Azure, and GCP, each with different security models, policies, and rules. The result? Silos, misconfigurations, and security gaps big enough to drive an exploit through. In this episode, I sat down with Gal Yosef from AlgoSec to break down: Why multi-cloud security is so complex (and what security teams are getting wrong) How to bridge the gap between network security and cloud security teams How large enterprises manage cloud security policy enforcement across business units The shift from one-size-fits-all security policies to flexible, risk-based guardrails Why automation and visibility are critical for securing multi-cloud environments If you want to secure application connectivity across your hybrid environment, visit algosec.com.
Ryan Field, Executive Vice President & Chief Information Security Officer at Bank of Hawaii joins Ann on this week's episode of Afternoon Cyber Tea. With over two decades of experience in IT and cybersecurity, Ryan shares his approach to security leadership; and the importance of fostering collaboration and diverse perspectives. He discusses the unique challenges of cybersecurity in banking and financial services, how organizations across Hawaii are coming together to build a more resilient security workforce, and how shifting from enforcers to influencers is transforming security culture. Resources: View Ryan Field on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
What's it like to work as a CISO at a security company? This week, 1Password's VP of Security and CISO, Jacob DePriest, reveals all. Jacob also shares his advice for building strong security teams with diverse perspectives, backgrounds, and skillsets.
In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-395
In the enterprise security news, Change Healthcare's HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-395
Where are security tools failing security teams? What are security teams looking for when they visit a security vendor marketing website? Paul Robinson, security expert and founder of Tempus Network, says, “Over-promising and under-delivering is a major factor in these tools. The tool can look great in a demo—proof of concepts are great, but often the security vendor is just putting their best foot forward. It's not really the reality of the situation.”Paul's advice for how can security vendors do better? Start by admitting security isn't just a switch you flip—it's a journey. Security teams aren't fooled by glitz and glamour on your marketing website. They want to see how you addressed real problems.Incredible customer service can make a small, scrappy cybersecurity product stand out from larger, slower-moving vendors.Cybersecurity vendors need to get onboarding right (it's a make or break aspect of the user experience). There are more variables than you think—not only technology but also getting buy-in from employees, leadership, and other stakeholders.Think about the user experience not only of the person using the security product, but the people at the organization who will be impacted by the product.Looking for a cybersecurity-related movie that is just a tad too plausible? Paul recommends Leave the World Behind on Netflix.
IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The cybersecurity industry often fixates on “behavior change,” expecting users to take on unrealistic tasks instead of designing safer, smarter systems. Matt Wallaert (founder of BeSci.io and author of Start at the End: How to Build Products that Create Change) explains behavioral science isn't about forcing behavior change. Instead, it's about understanding people so a thoughtfully-designed system can influence more secure outcomes.Whether you're a UX designer, a security engineer, or a CISO, you influence security behaviors. Here's how you can move towards more secure outcomes:Stay Ahead of Threat Actors: Cybercriminals use behavioral science to their advantage. People designing the security user experience must not only catch up but outpace them.Define Clear Outcomes: Don't just say “we want users to be secure.” Know exactly what behaviors you want and why. Vague goals lead to vague results.(as Matt explains, saying things like “I want people to be more secure” isn't helpful. In fact, many people don't know what “more secure” means in the context of their product or organization).Ask Better Questions: Use tools like the “sufficiency test.” For example, sure, it might be nice if users created complex passwords—but users don't necessarily have to be the ones doing it. Why can't the system create a complex password for them (as password managers do)?Understand promoting and inhibiting pressures. These concepts will help you design systems that are more resilient because they are built with people in mind. There are reasons people do and do not do things—when you understand why, you can develop systems that will be more effective in encouraging the behaviors you want. Security practitioners: tired of being perceived as the “department of no”? Matt explains how behavioral science can help you better collaborate with cross-disciplinary teams.Bonus: UX designers, after this episode you may never create another persona.
In this Risky Business News sponsored interview, Tom Uren talks to Mike Wiacek, CEO and founder of Stairwell, about the occasionally dysfunctional relationship between IT and security teams. Mike talks about how security vendors need to reach out to turn IT teams into allies.
In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.Another significant point is Google's innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.Learn more about HITRUST: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]On LinkedIn | https://www.linkedin.com/in/monicashokrai/ResourcesSimplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.Another significant point is Google's innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.Learn more about HITRUST: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]On LinkedIn | https://www.linkedin.com/in/monicashokrai/ResourcesSimplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
A second Donald Trump administration is taking shape, one new appointee at a time. Tuesday, the president-elect tapped more of his closest allies to fill some of the government's top posts. Among them is Sen. Marco Rubio, putting Trump's one-time foe on track to becoming the first Latino to serve as the nation's top diplomat. Laura Barrón-López reports. PBS News is supported by - https://www.pbs.org/newshour/about/funders
A second Donald Trump administration is taking shape, one new appointee at a time. Tuesday, the president-elect tapped more of his closest allies to fill some of the government's top posts. Among them is Sen. Marco Rubio, putting Trump's one-time foe on track to becoming the first Latino to serve as the nation's top diplomat. Laura Barrón-López reports. PBS News is supported by - https://www.pbs.org/newshour/about/funders
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about some of the hard and uncomfortable truths about the role of security teams inside a company. Show notes Hard Truths your CISO won't tell you
In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode! Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/ Link to the Book: https://a.co/d/aHpXXfr Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP Chapters 00:00 Introduction and Guest Welcome 01:31 Overview of the Security Team Operating System 03:31 Deep Dive into the Five Elements 07:53 Aligning Security with Business Objectives 21:59 Defining Core Values for Security Teams 25:03 Aligning Organizational and Team Values 26:05 Establishing Clear Roles and Responsibilities 30:58 Implementing Effective Rhythms and Goals
In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode! Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/ Link to the Book: https://a.co/d/aHpXXfr Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP Chapters 00:00 Introduction and Guest Welcome 01:31 Overview of the Security Team Operating System 03:31 Deep Dive into the Five Elements 07:53 Aligning Security with Business Objectives 21:59 Defining Core Values for Security Teams 25:03 Aligning Organizational and Team Values 26:05 Establishing Clear Roles and Responsibilities 30:58 Implementing Effective Rhythms and Goals
In this episode, the hosts discuss the article titled 'Digicert to Delay Cert Revocation for Critical Infrastructure'. They talk about the challenges faced by companies in reissuing certificates within a short timeframe and the need for more time to ensure a seamless transition. They emphasize the importance of having a robust business continuity and disaster recovery plan, as well as the need for cross-team collaboration between security and administrative teams. The hosts also highlight the significance of staying informed and plugged in to the latest cybersecurity news and trends. Please LISTEN
In this episode of the Tactical Empire, Jeff Smith and Shawn Rider discuss the recent assassination attempt on former President Trump. They explore the initial reactions, the implications of the event, and the broader lessons for personal responsibility and leadership. They emphasize the importance of unity, empathy, and preparation in facing unpredictable and challenging times. They also encourage listeners to focus on improving their own lives and communities rather than getting caught up in divisive political discourse.Chapters:00:00 Introduction to Tactical Empire01:10 Discussing the Assassination Attempt on Trump06:18 Social Media's Reaction and Public Perception08:03 Historical Context and Personal Reflections13:42 Call for Unity and Personal Responsibility16:30 Practical Steps for Preparedness and Leadership21:48 Final Thoughts and Call to Action26:01 Outro and Community EngagementYou can connect with Shawn Rider on Facebook and Instagram. If what you heard resonated with you, you can find Jeff on Instagram, Facebook. If you're interested you can visit The Tactical Empire's website https://www.thetacticalempire.com/home-4169. And don't forget to visit us on Apple Podcasts to leave a review and let us know what you think! Your feedback keeps us going. Thanks for helping us spread the word!
What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Management) in creating effective AI security controls. Guest Socials: Dan's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: 00:00 Introduction 02:09 A bit about Dan 02:29 What is AISPM? 03:16 How should CISOs tackle AI Security? 06:16 Right Controls around AI Services 07:32 AISPM vs CSPM 09:52 The role of DSPM 10:25 Tackling data security in world of AI 13:28 Maturity Curve for CISOs to consider 16:36 Security Teams for AI Security 19:51 The Fun Section
The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.Unveiling the ExpertsModerated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.The CISO PerspectiveNick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.Demystifying AI GovernanceAs the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.The LogicGate SolutionMatt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate's platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.Looking Towards the FutureThe conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.In ClosingThis episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.Learn more about LogicGate: https://itspm.ag/logicgate-92d6bcNote: This story contains promotional content. Learn more.Guests: Matt Kunkel, CEO at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/ResourcesLearn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgateView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
When you are only looking for malicious indicators, you will NEVER get security teams in control of the rapidly evolving threats to their organizations. When Brooke Motta's co-founder, Jimmy Mesta, was a security architect, and consulting companies on Kubernetes security at the very start of containerization, he witnessed a paradigm shift to defining your environment in a declarative way, through code. He decided to apply this paradigm shift toward a positive security model.To this end, RAD Security was born. RAD Security creates fingerprints of known good behavior and notifies on drift from that behavior. RAD Security have built fingerprints for cloud native workloads, identities, and infrastructure to detect attacks through meaningful drift that signifies attacker behavior. RAD Security have also built a real-time posture model that can accept the data from our drift engine, so teams can constantly refine their shift-left efforts with the best data possible. By necessity, RAD Security have the first runtime agent that would automate the creation of these behavioral fingerprints.Today, teams use RAD Security's industry-first positive security model for their zero trust initiatives, posture management for cloud native infrastructure, and detection of zero days in runtime. RAD Security's mission is to empower engineering and security teams to push boundaries, build technology and drive innovation so they can focus on growth versus security problems. In today's environment, attackers are more versed in cloud native security than security teams.RAD Security removes the blind spots of legacy tools, closing the gap for prioritization and remediation in cloud native infrastructure. To learn more, meet with Brooke Motta and her RAD Security co-founder Jimmy Mesta at the Innovation Sandbox on Monday, May 6th, where they will be participating in the pitch contest.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO and Co-Founder of RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://twitter.com/brookelynz1ResourcesRAD Security Blog: https://itspm.ag/radsec-477a54Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
With multiple crises happening around the globe, it's impossible for organizations to ignore the threat of geopolitics to their business. Security teams are forced to think beyond what's happening now and consider what's around the corner. Many understand the duty of care to keep employees safe; however not all realize that this extends to the geopolitical landscape. It is the duty of security leaders to help their organization make sense of what's happening and be a calm voice in the midst of permacrisis.Ross Hill, Founder of Insight Forward, is that calm voice for many as he helps businesses understand risk. He applies his background leading intelligence analysis for prominent risk management organizations such as AT-RISK International and Pinkerton, and has acquired an in-depth knowledge of core processes, programme design and management, fulfilling senior management positions in global security and risk consultancies, and gaining exposure to renowned multinationals and driving their intelligence needs. He began his career as a Forensic DNA Analyst and as an Intelligence Analyst for the Metropolitan Police.Check out Insight Forward's latest report: Top 10 Geopolitical Risks for Businesses in 2024 and the latest geopolitical news by subscribing to Pestle & Mortar.Key topics of Hill's discussion with hosts Chuck Randolph and Fred Burton include:Why global and national companies alike cannot escape the impact of geopolitics on their business, and why it's critical to look beyond the threats you face today.Why security leaders have a responsibility to help the people they protect make sense of the crises abroad and how misinformation (most notably with the Hamas War) has the ability to cause unwarranted concern and mistrust.The top three things corporate security teams can do right now in light of multiple crises happening around the globe.
© 2020-2026 Ivy Podcast Discovery LLC
