POPULARITY
19 episodes with semperis
10 episodes with semperis
10 episodes with semperis
9 episodes with semperis
11 episodes with semperis
6 episodes with semperis
5 episodes with semperis
4 episodes with semperis
6 episodes with semperis
This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic. With over two decades of experience building resilience programs at leading healthcare institutions, Heather has redefined what it means to prepare for and thrive through disruption. From Cleveland Clinic to Mayo Clinic, she's led enterprise-wide recovery strategies that balance people, process, and technology. In this episode, Heather explains why true resilience starts with leadership, not technology, how to set clear priorities when everything feels critical, and how to design organizations that adapt and recover faster. This is a powerful look at the mindset and methods behind building resilience that lasts in healthcare and beyond. Guest Bio Heather M. Costa is a leading authority in cyber and technology resilience, currently serving as Director of Technology Resilience at Mayo Clinic. With over twenty years of experience, she has shaped resilience programs at premier healthcare institutions, notably pioneering business resilience at Cleveland Clinic before architecting Mayo Clinic's enterprise-wide recovery and continuity initiatives. Heather is a dynamic leader, keynote speaker, and mentor, frequently invited to share her insights at organizations and conferences such as Harvard NPLI, HIMSS, and the HIPAA Summit. She is recognized for building high-performing teams and fostering the next generation of cybersecurity leaders. Heather holds a Master's in Homeland Security – Information Security and Forensics from Penn State, a summa cum laude Bachelor's in Emergency Management from the University of Akron, and multiple esteemed certifications including Certified Business Continuity Professional (CBCP), Certified Cyber Resilience Professional (CCRP). She is Vice President for the WiCyS Healthcare Affiliate and a member of several distinguished honor societies. Outside of work, Heather is a dedicated solo mom to five children, inspiring her family and community with her resilience and leadership. Guest Quote "[Resilience] means not just recovering, but being better. Adapting, where we're wired in our DNA organizationally, to thrive in disruption, not just survive.” Time stamps 01:08 Meet Heather Costa: Cyber Resilience Expert 04:49 Understanding Resilience in Healthcare 22:36 Starting with Minimal Viable Recovery 25:56 Worst Case Scenario Planning 28:30 Building a Resilient Environment 29:33 Heather's Blue Sky Strategy Planning 35:26 What's Missed When Building Resilience 37:43 Final Advice on Resilience Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Heather on LinkedIn Learn more about Mayo Clinic Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis
Hoy nos acompaña JOSÉ CARLOS MOLINA, responsable de Desarrollo de Negocio de Ciberseguridad en V-VALLEY.Además vemos como puede ayudar la IA a personas que viven en soledad no deseada.Con: Rubén Carrasco, Alfonso Calvo.Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix
A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp's missing million-dollar exploit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room" presented by Semperis. Learn more and check out the trailer. Selected Reading Hacking Lab Boss Charged with Seeking to Sell Secrets (Bloomberg) Dark Covenant 3.0: Controlled Impunity and Russia's Cybercriminals (Recorded Future) New TP-Link Router Vulnerabilities: A Primer on Rooting Routers (Forescout) Windows Server emergency patches fix WSUS bug with PoC exploit (Bleeping Computer) CISA Releases Eight Industrial Control Systems Advisories (CISA) Cyberattack on Russia's food safety agency reportedly disrupts product shipments (The Record) Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (Hackread) Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds (Bitdefender) Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
El corte del hiperescalar AWS ha marcado notablemente los últimos días de esta semana de octubre. ¿Sabes qué es un Cybermentalista? Escúchanos y te lo contará Antonio Martínez. Como invitado hemos tenido a Javier Sánchez, CISO de Engie España. Equipo: Rubén Carrasco, Pedro Montes, Carlos Lillo (D). Sponsor: Cyber Guru, Cato Networks, Semperis, V-Valley, Kaspersky, Cybertix. Producción: ClickRadioTV.
El corte del hiperescalar AWS ha marcado notablemente los últimos días de esta semana de octubre. ¿Sabes qué es un Cybermentalista? Escúchanos y te lo contará Antonio Martínez. Como invitado hemos tenido a Javier Sánchez, CISO de Engie España. Equipo: Rubén Carrasco, Pedro Montes, Carlos Lillo (D). Sponsor: Cyber Guru, Cato Networks, Semperis, V-Valley, Kaspersky, Cybertix. Producción: ClickRadioTV.
This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis
ETRMS El Valle de Arán y Ciberseguridad. Un robot domótico barato. Noticias. Concurso. Gracias a SEMPERIS, V-VALLEY, CYBER GURU, CYBERTIX, CATO NETWORKS, KASPERSKY.
This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity.A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team, Jonathon has more than 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. He's guided Fortune 500 and Global 1000 organizations through high-stakes incident response and recovery.In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to distinguish between mission critical operations and mission critical response, and why resilience depends as much on people and process as on technology. He shares candid lessons from the field on avoiding endless “what if” scenarios, preparing for the human toll of prolonged incidents, and building flexibility into every plan.This is a practical look at cyber resilience and the critical skills every leader needs to have before the next 2 a.m. incident call. Guest Bio Jonathon Mayor is Principal Security Consultant for the Americas at Cohesity, where he has helped many Fortune 500 and Global 1000 organizations strengthen cyber resilience through threat intelligence, incident response, and recovery strategy. A founding member of Cohesity's Security Center of Excellence and the Cyber Event Response Team (CERT), his current focus is proactively collaborating with security partners and customers to strengthen security posture and readiness by drawing from the experiences and lessons learned through CERT.With more than 20 years in security operations, forensics, and business continuity, Jonathon has held leadership roles at EMC, Dell, and Verizon, where he oversaw global NOC operations and major incident mitigation.Guest Quote " The thing that's most important that's lost first and hardest to regain is trust. Everything else is secondary. If the very tools that I'm relying on to respond have been compromised, and therefore I can't trust them, where does my plan go from there?”Time stamps 01:10 Meet Jonathan Mayor 03:37 Rethinking What's Mission Critical 12:25 Avoiding Endless What If's 15:50 Paranoia Has a Budget: Prioritizing Risks 21:27 The Human Element in Cyber Defense 25:01 Importance of Mindset Flexibility 27:11 Post-Incident AdviceSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Jonathon on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis
This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22 Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis
Author Nikolas Victorson joins the program to discuss his writing career and newest publication, "Semperis", which is the first release in a trilogy of novels.
This episode features Jake Hildreth, Principal Security Consultant at Semperis.With nearly 25 years of IT experience, Jake has seen how Active Directory Certificate Services (AD CS) can quietly become the most fragile, and most dangerous, part of an enterprise's identity infrastructure. Misunderstood, neglected, and often misconfigured, AD CS can hand attackers the ability to impersonate anyone in the organization.In this episode, Jake demystifies why certificates feel like “cult knowledge,” explains how simple missteps in AD CS cascade into critical risks, and shares real-world lessons from the front lines. He also introduces tools designed to help overworked admins find and fix issues before adversaries exploit them.This is a candid look at one of the least understood but most critical components of identity security, and the steps every security team should take now to avoid becoming the slowest gazelle in the herd.Guest BioJake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services.He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.Guest Quote" The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps05:00 Why Are People Afraid of Certificates?07:52 Basics of Public Key Infrastructure (PKI)17:36 How AD CS Integrates with Active Directory20:20 Setting Up and Configuring AD CS23:19 Active Directory and Certificate Services Integration23:54 Consequences of a Compromised AD25:55 Primary Use Cases for AD CS28:39 Recommendations for Managing AD CS30:46 Locksmith: A Tool for AD CS Issues34:06 Common Security Issues in AD CS38:28 Steps to Improve AD CS SecuritySponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jake on LinkedIn Learn about Locksmith Learn about Purple Knight Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis
Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423
Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-423
Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423
Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity's most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue's global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis' recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today's most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at https://securityweekly.com/runzerobh Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware's new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh. Show Notes: https://securityweekly.com/esw-423
This episode features Ed Amoroso, CEO of TAG Infosphere and former AT&T Chief Security Officer.With decades of experience securing complex infrastructures, Ed joins during a period of unprecedented change in the U.S. federal government, a moment he warns is ripe for cyberattacks. In this episode, Ed explains why rapid organizational shifts create prime openings for adversaries, and why Active Directory, often poorly understood and “orphaned” in ownership, is the first place attackers look for the keys to the kingdom. He shares practical steps for reducing complexity, shoring up identity infrastructure, and spotting risks before they're exploited. This is a timely look at how change fuels cyber risk, and the urgent actions every security leader should take now. Guest BioDr. Ed Amoroso is CEO of TAG Infosphere. An NYU professor and former AT&T executive, Ed started TAG Cyber in 2016 to democratize research and advisory services and unleash his inner entrepreneur. Business Insider tapped him as one of the country's 50 leaders “who helped lead the cyber security industry." Guest Quote"The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.” Time stamps02:25 Cybersecurity in Times of Change 14:34 Active Directory: The Heart of Cybersecurity 17:35 Recommendations for Organizations 27:04 The Role of Government and Private Sector 30:01 Final Thoughts and Advice Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Ed on LinkedIn Learn more about TAG InfosphereConnect with Sean on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis
Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the world's largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. Researchers jailbreak ChatGPT-5. A cyber incident takes the Pennsylvania Attorney General's Office entirely offline. A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. On our Industry Voices segment, we are joined by Sean Deuby, Semperis' Principal Technologist, with insights on the global state of ransomware. Hackers take smart buses for a virtual joyride. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Sean Deuby, Semperis' Principal Technologist, who is sharing insights and observations on the state of ransomware around the globe. If you want to hear the full conversation, check it out here. Selected Reading Kimsuky APT Hackers Exposed in Alleged Breach Revealing Phishing Tools and Operational Data (TechNadu) Ransomware attack on dutch medical lab exposes cancer screening data of almost 500K women (Beyond Machines) Manpower discloses data breach affecting nearly 145,000 people (Bleeping Computer) Saint Paul cyberattack linked to Interlock ransomware gang (Bleeping Computer) Tenable Jailbreaks GPT-5, Gets It To Generate Dangerous Info Despite OpenAI's New Safety Tech (Tenable) Pennsylvania Attorney General's Office hit by cybersecurity incident, shuts down digital infrastructure (Beyond Machines) New Dragos Report Estimates Over $300 Billion in Potential Global OT Cyber Risk Exposure (Business Wire) The 2025 OT Security Financial Risk Report (Dragos) Finland charges captain of suspected Russian ‘shadow fleet' tanker for subsea cable damage (The Record) Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking (SecurityWeek) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios & Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD. Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter. Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y
Cisco reveals a phishing related data breach. SonicWall warns users to disable SSLVPN services after reports of ransomware gangs exploiting a likely zero-day. Researchers uncover a stealthy Linux backdoor and new vulnerabilities in Nvidia's Triton Inference Server. A new malware campaign targets Microsoft 365 users with fake OneDrive emails. The U.S. Treasury warns of rising criminal activity involving cryptocurrency ATMs. Cloudflare accuses an AI startup of using stealthy methods to bypass restrictions on web scraping. A global infostealer campaign compromises over 4,000 victims across 62 countries. Marty Momdjian, General Manager of Ready1 by Semperis, tells us about Operation Blindspot, a tabletop exercise taking place this week at Black Hat. On this week's Threat Vector segment, host David Moulton speaks with Nigel Hedges from Sigma Healthcare about how CISOs can shift cybersecurity from a technical problem to a business priority. One hospital's data ends up in the snack aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Marty Momdjian, General Manager of Ready1 by Semperis, who is talking about Operation Blindspot, a tabletop exercise simulating a cyberattack against a rural water utility based in Nevada taking place this week at Black Hat USA 2025. Threat Vector Segment On this week's Threat Vector segment, host David Moulton speaks with Nigel Hedges, Executive General Manager of Cyber & Risk at Chemist Warehouse and Sigma Healthcare. Nigel shares how CISOs can shift cybersecurity from a technical problem to a business priority. You can listen to the full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Cisco discloses data breach impacting Cisco.com user accounts (Bleeping Computer) SonicWall urges admins to disable SSLVPN amid rising attacks (Bleeping Computer) Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor (The Register) Nvidia Triton Vulnerabilities Pose Big Risk to AI Models (SecurityWeek) Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File (Hackread) Crypto ATMs fueling criminal activity, Treasury warns (The Record) AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges (CyberScoop) Python-powered malware grabs 200K passwords, credit cards (The Register) Thai hospital fined 1.2 million baht for data breach via snack bags (DataBreaches.Net) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID. This low-complexity but severe vulnerability allows attackers with just a user's email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications. Complete our annual audience survey before August 31. The research can be found here: nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID. This low-complexity but severe vulnerability allows attackers with just a user's email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications. Complete our annual audience survey before August 31. The research can be found here: nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications Learn more about your ad choices. Visit megaphone.fm/adchoices
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-410
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-410
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Show Notes: https://securityweekly.com/esw-410
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn't store credentials anymore? We explore Badge's innovative approach—which enables users to generate a private key on the fly instead of storing credentials—to enhance security, solve key use cases such as shared devices, and deliver measurable ROI. Additionally, we'll uncover the unavoidable recovery flow challenges, where users must rely on a pre-enrolled recovery device or fallback passwords, and discuss what this means for enterprise security and cost savings. By shifting the paradigm toward ephemeral key generation, Badge eliminates stored credentials, optimizes enterprise cost savings, and future-proofs authentication. Segment Resources: Mission-Driven Identity Innovation with Dr. Tina Srivastava Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava Lecture 2: Airplane Aerodynamics CyberArk/Badge Joint Solution Brief Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience Passwordless Authentication without Secrets! Segment 3 - Interviews from RSAC 2025 Executive Interview with Saviynt Evolving compliance needs, overflowing tech stacks, and the ever-increasing number of types of enterprise identities — not to mention the complications resulting from business use of AI — means traditional identity platforms can't keep up with the needs of today's enterprises. Organizations need something smarter: converged, cloud-native and future-ready identity security that scales with enterprises as they grow, addressing their cybersecurity challenges today and in the future. Join us in this episode as we break down the shortcomings of legacy IAM and uncover how an intelligent, identity-centric approach sets enterprises on the path to success. Segment Resources: Learn more about The Saviynt Identity Cloud Identity Cloud solution brief This segment is sponsored by Saviynt! To learn more or get a free demo, please visit https://securityweekly.com/saviyntrsac Executive Interview with Ready1 Semperis has launched Ready1, a first-of-its-kind enterprise resilience platform designed to bring structure, speed, and coordination to cyber crisis management. The release of Ready1 coincides with Semperis' new global study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities. This segment is sponsored by Ready1, powered by Semperis. Visit https://securityweekly.com/ready1rsac to learn more about them! Show Notes: https://securityweekly.com/esw-410
Identity management attracts significant investment as startups secure over $300 million, and a major eyeball-scanning service launches in the U.S. Persona leads a Series D funding round with $200 million to enhance identity verification tools amid rising AI trends. Veza follows with $108 million in Series D funding, focusing on identity security tailored for an AI-dominant environment. The U.S. launches World, co-founded by Sam Altman, offering iris scan-based identity verification across five locations, raising $244 million to develop tech that distinguishes humans from AI. Numerous identity security startups garner substantial investments, with Aura raising over $660 million and Semperis close to $500 million. Public interest grows, evident in Okta's $20 billion market cap and CyberArk's $17 billion valuation. The identity management market projects to exceed $24 billion this year, driven by remote work and cloud reliance. Anticipated growth in biometric authentication takes shape as AI bot traffic is expected to represent around 90% of online activity by the decade's end, creating challenges for businesses to identify genuine users versus malicious bots.Learn more on this news visit us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.
This episode is sponsored by Semperis: semperis.com In this sponsored episode of the Identity at the Center podcast, hosts Jeff and Jim discuss the changing landscape of ransomware attacks and the importance of identity security with Gil Kirkpatrick, Chief Architect at Semperis. They explore how ransomware strategies have evolved from merely encrypting data to exfiltrating sensitive information for ransom. The conversation also delves into the necessity of having robust identity recovery plans, the role of Active Directory in cybersecurity, and the importance of regular security posture assessments with tools like Purple Knight. Additionally, Gil shares insights from the Semperis Ransomware Risk Report and recounts his experiences as a pilot, offering a fascinating look at both cybersecurity and the world of aviation. 00:00 Introduction to Ransomware Evolution 01:25 Welcome to the Identity at the Center Podcast 01:53 Guest Introduction: Gil Kirkpatrick from Semperis 02:25 Journey into the Identity Space 06:09 Semperis: Enhancing Security and Resilience 21:08 The Importance of Active Directory Security 28:09 Ransomware Risk Report Insights 32:15 The Trustworthiness of Decryption Keys 34:18 Business Disruption from Ransomware 36:14 Should Companies Pay the Ransom? 38:47 The Importance of Cyber Resilience 41:14 Active Directory and Disaster Recovery 43:17 The Decline in Ransomware News 47:36 The Basics of Cybersecurity 50:31 Adventures in Piloting 58:35 Conclusion and Final Thoughts Connect with Gil: https://www.linkedin.com/in/gil-kirkpatrick/ Learn more about Semperis: https://www.semperis.com/ 2024 Ransomware Risk Report: Embracing the Assume Breach Mindset: ttps://www.semperis.com/ransomware-risk-report/ Download Purple Knight: https://www.semperis.com/purple-knight/ Hybrid Identity Protection Conference (HIP Conf) - Use code IDACpod for 20% off: https://register.hipconf.com/W7eVML Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com
Let's talk about how regardless of your organizations data footprint being in the cloud or on prem, or if you're a billion dollar organization or smaller, if the adversaries want in, they will find a way. Don't fall victim because of bad cyber hygiene but instead work your experiences, your leadership, and train your people to limit exposure. Hear from Incident Response expert, Levone Campbell, on the lessons he learned in being proactive and reactive to some of the largest incidents in history. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-193
Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems.Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3wLearn more about Semperis: https://itspm.ag/semperis-1rooNote: This story contains promotional content. Learn more.Guest: Simon Hodgkinson, Strategic Advisor, Semperis [@SemperisTech]On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623ResourcesLearn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperisLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Let's talk about the vCISO's approach to Incident Response advisory with clients; particularly small and medium sized businesses (SMB). How can your cyber liability insurance support your organization outside of when an incident occurs? We will discuss strategies SMBs can take to strengthen their IR plans while keeping in mind their business needs and contingency plans. Segment Resources: https://www.linkedin.com/in/wilklu/ This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-192
Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems.Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3wLearn more about Semperis: https://itspm.ag/semperis-1rooNote: This story contains promotional content. Learn more.Guest: Simon Hodgkinson, Strategic Advisor, Semperis [@SemperisTech]On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623ResourcesLearn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperisLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Listen to the importance of legal relationships and interaction with the CISO and security program. Jess and Joe talk about the need for legal to understand the security team's day to day and also what incident response means to your organization. Bringing your legal reps into the folds when a breach happens is too late! Work as a team early to make sure all parties are knowledgeable and ready to act without time wasted. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-191
Todd Fitzgerald will be moving on from the CISO STORIES podcast after 185+ episodes, which was initiated almost 4 years ago following the publication of the #1 Best-Selling CISO COMPASS book, which has guided 1000's of emerging, current, experienced, and new CISOs and their teams in their journey to protect our organizations' and nation's information assets through a structured, business-oriented roadmap. Over 75 CISO and industry leader contributors to the book had their ‘grey boxes' come to life in their own voice through this podcast. Since then, many esteemed CISOs have been on the invitation-only podcast to share practical, pragmatic experiences on timely, relevant issues. We learn from each other, and it is an honor to interview such top-notch CISOs. Join us as Todd shares his view of the evolution of the CISO role and where it is going. Todd will also share some of the memorable moments and messages from producing the podcast. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-190
In this sponsored episode, Jim McDonald hosts Eric Woodruff, Senior Security Researcher at Semperis, to discuss the company's approach to identity security. They delve into Semperis' tools like Purple Knight and Forest Druid, focusing on their capabilities in detecting and mitigating Active Directory and Entra ID vulnerabilities. The conversation covers the critical role of prevention and response in ITDR, the impact of ransomware on Enterprise ID infrastructures, and the importance of ensuring a trusted state in Active Directory. They also touch on the upcoming Hybrid Identity Protection Conference and its significance for industry professionals. 00:00 Introduction and Sponsor Spotlight 02:15 Eric Woodruff's Background and Role at Semperis 05:22 Importance of Active Directory in Enterprises 06:45 Threats and Vulnerabilities in Active Directory 17:21 Tools and Solutions for Active Directory Security 22:41 Hybrid Identity Protection and Upcoming Conference 40:13 Closing Thoughts and Personal Anecdotes Learn more about Semperis: https://www.semperis.com/ Connect with Eric: https://www.linkedin.com/in/ericonidentity/ Meet Silver SAML: Golden SAML in the Cloud: https://www.semperis.com/blog/meet-silver-saml/ Hybrid Identity Protection Conference (HIP Conf) - Use code IDACpod for 20% off: https://register.hipconf.com/W7eVML Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! Show Notes: https://securityweekly.com/esw-372
In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions. Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they're also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes. Segment Resources: https://www.devo.com/defend-everything/ This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations. As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages. This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them! Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-372
In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and code quality over rushing products to market. Overall, the hosts express concerns about the frequency of security vulnerabilities and the potential impact on customer trust. Other topics of discussion include the Innovators and Investors Summit at Black Hat, the potential sale of Trend Micro, layoffs in the industry, and the controversy surrounding room searches at DEF CON. They also touch on the concept of time on the moon and its implications for future lunar missions. Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they're also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes. Segment Resources: https://www.devo.com/defend-everything/ This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations. As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages. This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them! Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-372
We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366
In this show, Allan interviews seven guests and asks them questions from a list of 21: Omkhar Arasaratnam “How do we leverage LLMs for our own use in cybersecurity?” "How do you challenge your own precepts and assumptions to stay current in your role?" Ofer Klein “How do you describe what you do in cybersecurity to someone at a cocktail party who knows nothing about cyber?" "How do you explain to the business the value you bring and the risks you solve?" Rick Doten "What message do you have for your fellow CISOs?" "In this cybersecurity community there is hostility between vendors and practitioners. What is your best moment with a vendor?" Sahil Agarwal “How do you measure and articulate the risk that AI represents to the business?" "Governance, Risk Management and Compliance - Where should the priority be?" Roger Brotz "What would you like your fellows CISOs to know?" "What are we still getting wrong in cybersecurity?" Tyson Martin "How do we take on more accountability as business leaders?" "How do we overcome our defaults, precepts and assumptions? How do you get past your own biases and blind spots?" Sponsored by our good friends at Semperis. It's a great series of a guests, and a great series of answers. Y'all be good now!
In this show, Allan interviews seven guests and asks them questions from a list of 21: Chris "Cpat" Patteson “Why do so many CISOs think cybersecurity insurance is snake oil?” Johann Balaguer “People, process, technology - Which is the most important and why?” "What do you want your fellow community of CISOs to know?" Lee Krause “What are we still doing wrong in cybersecurity?" Ken Foster “What are we still doing wrong in cybersecurity?" "How do we articulate risk to the business?" Marty Momdjian "Walk me through how to solvie the nightmare of repeat incidents?" Michael Calderin “IA&M: Who should own it, and why? CIO? CISO?” "What is the definition of progress in cybersecurity? Is there an end state?" Mike Britton "People, Process, Technology: Which is the most important?" "I&AM: Who should own it? CISO or CIO?" "What's your favorite part of the RSA conference?" Sponsored by our good friends at Semperis. It's a great series of a guests, and a great series of answers. Y'all be good now!
Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company's most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization's infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners. Segment Resources: Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/ Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/ This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! With new industry regulations, like the SEC's Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals. Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them! Show Notes: https://securityweekly.com/bsw-352
Since the 1995 publication of Daniel Goleman's international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity? In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including: Self Awareness Self Regulation Motivation Empathy Social Skills and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode. Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company's most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization's infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners. Segment Resources: Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/ Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/ This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! With new industry regulations, like the SEC's Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals. Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-352
Since the 1995 publication of Daniel Goleman's international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity? In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including: Self Awareness Self Regulation Motivation Empathy Social Skills and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode. Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company's most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization's infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners. Segment Resources: Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/ Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/ This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them! With new industry regulations, like the SEC's Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals. Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-352
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce. Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them! In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-348
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce. Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them! Show Notes: https://securityweekly.com/bsw-348
Jeff Bray long ago learned the power of focus—a lesson he gleaned early in his career while transitioning from an analyst to a portfolio manager. He recalls a strategic moment when he realized that narrowing his investments to three to five key stocks greatly amplified his success. This principle of concentrated effort not only transformed his approach to investment management but has also been a guiding principle throughout his career, including his latest chapter as CFO of Semperis, a leading cybersecurity firm. At Semperis, Bray is today applying this bit of wisdom to navigate the company through a period of hyper-growth and complex challenges. Semperis has not only been expanding rapidly but is doing so with a focus on strategic areas that promise the highest returns—an approach Bray appears to be uniquely prepared to execute, given his understanding of the financial markets, honed over decades, allowing him to discern where to allocate resources to fuel growth and where to cut back to maintain efficiency. Top of mind for Bray is a careful analysis of sales productivity and pricing integrity. Semperis' CFO insists on a robust framework where sales efforts align precisely with company goals and resources are invested in segments that drive the most value. This approach is evident in Bray's resolve to restructure the company's pricing model, to ensure transparency and consistency across Semperis's quickly expanding number of products. Here again, Bray once more lets us know that his determined focus on pricing has been buttressed by that early career moment that continues to influence his decisions and the broader trajectory of Semperis's success.
How can Chief Information Security Officers (CISOs) transcend traditional boundaries to become enablers of business success and innovation? Join me on Tech Talks Daily as I sit down with Jim Doggett, CISO of Semperis and a veteran in the field of cybersecurity, to delve into this pressing question. With over three decades of experience in leading cybersecurity and risk programs across global organizations, Jim brings a wealth of knowledge and a unique perspective on the evolving role of CISOs in today's business environment. In our conversation, we will explore the transformation of the CISO role from a technical doer to a visionary leader who not only protects the digital assets of a company but also drives business growth by leveraging digital infrastructure. Jim will share his insights on the importance of balancing security measures with business enablement, emphasizing the concept of "rarely saying no" but rather offering alternative solutions that align with the company's objectives. We'll also discuss the critical role of resiliency in the face of threats like ransomware, the significance of maintaining a focus on security basics amidst the allure of new technologies, and the growing importance of identity and behavioral analysis as the digital perimeter continues to dissolve. Furthermore, Jim will offer practical advice on gaining leadership buy-in by framing security in terms of business risk and impact, thereby fostering a culture of security that supports business continuity and profitability. Underpinning our discussion will be Jim's perspective on leadership versus management, the necessity for CISOs to redefine what's believed to be possible, and the strategic approach to deploying digital infrastructure in a way that not only secures the business but also drives revenue and sustainable growth. How can CISOs navigate the complex interplay between security, innovation, and business strategy to redefine their role and contribute to the overall success of their organizations? Tune in to this enlightening episode of Tech Talks Daily, and let's unravel the future of cybersecurity leadership together. Share your thoughts with us on social media or drop us an email—what do you believe is the key to transforming the role of the CISO in today's business world?
This one was recorded LIVE! in Podcast Alley at the CyberMarketingCon 2023 put on by the Cybersecurity Marketing Society in Austin, Texas. Marketing!?!!? Say what!?!? Yup! Allan went down to Austin to catch up with industry players and to participate in the conference as a "creator", i.e., podcaster. While there Allan ran into his friend Tom LeDuc, CMO at Semperis, and he got Tom to hop on the mic with him to discuss leadership challenges such as conflict, territorialism, jurisdictional disputes, startup mindset vs. bigger mindset... The two of them cover quite a lot of territory. Some of Tom's story is obviously CMO-specific, but Allan and Tom both universalize the topics and get to the heart of what matters for all leaders. This show is not sponsored by Semperis, but Allan wants to clarify and be transparent about the fact that he is an advisor to Semperis. Allan says: "Tom is just a great guy and is fun on the mic!" Y'all be good now!
© 2020-2025 Ivy Podcast Discovery LLC
