Podcasts about shadow it

What happens when an AI agent inside your company starts behaving like an insider threat? In part two, Steve Moore picks the thread back up with former FBI operative Eric O'Neill to explore how agentic AI is rewriting cybersecurity, the legal traps that follow a breach, and why the modern CISO must think like a spy hunter.Eric opens with a sobering reality: ransomware victims who decline to pay are re-attacked at staggering rates. He explains why criminals treat cybercrime as a business, invest weeks in reconnaissance—mapping SharePoint, harvesting file trees, and studying access patterns—and why a botched recovery hands them the same door twice.The conversation turns to the new insider threat hiding in plain sight: rogue AI agents. Eric shares a real case in which one executive's casual query exposed the next round of layoffs and triggered coordinated lawsuits. They unpack how agents inherit excessive access, how attackers hijack them once inside, and why organizations are now building insider-threat programs to monitor AI behavior.Eric argues AI is an accelerant on every unresolved problem—weak identity management, entitlement drift, missing asset inventories, and absent data classification. They debate whether IT and security should be unified under the CISO, why the CISO needs a direct line to the board, and the legal landmines that follow a breach, from cyber insurance to the “reasonable steps” standard.The episode closes with Eric's advice for any new CISO: put “spy hunter” on your resume. Counterintelligence, not perimeter defense, is the discipline that wins today. Tune in for part two of a story-driven conversation on why preparation, mindset, and threat hunting beat any single technology.Key Topics• Why ransomware victims who decline to pay get re-attacked• How attackers map SharePoint, file trees, and access patterns• The new insider threat: rogue and hijacked AI agents• A real case of an AI agent exposing an HR layoff list• Shadow IT and the cost of banning AI outright• Permission structures and second-level reviews for agent actions• Why AI exposes gaps in identity, asset, and data classification• Unifying IT and security under the CISO• Why the CISO needs a direct line to the board• Legal traps: cyber insurance, reasonable steps, and missed alerts• The CISO as counterintelligence officer and spy hunterGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:

This year's Earth Day (22 April), the conversations pivot from carbon accounting to carbon action. While APAC CIOs have embedded sustainability dashboards, the rise of autonomous agents threatens to undo this progress. In 2026, an uncontrolled "agent sprawl" could exponentially increase compute, data storage, and energy use—directly conflicting with Net Zero pledges. True sustainability isn't just about reporting emissions; it's about embedding green governance into every autonomous decision. As agents become "digital coworkers," CIOs must treat energy efficiency and waste reduction as non-negotiable compliance metrics, ensuring AI acceleration doesn't come at the planet's expense.With us to understand what Earth Day means in the context of the exploding AI agent sprawl is Mr Liher Urbizu, present and MD of SAP Southeast Asia.Questions covered:1.       Give us the agentic sprawl in Southeast Asia in 2026.2.       How do you embed "carbon-aware" policies directly into agent workflows? This should force autonomous agents to defer non-urgent batch processing to times of renewable energy availability. (treat carbon data like financial data)3.       With Earth Day commitments tightening, what technical controls are required to mandate energy consumption caps per agent, treating efficiency as a governance rule rather than a post-execution report?4.       To ensure agents don't inadvertently increase waste, how do you establish trusted data lineage for Scope 3 emissions, enabling an agent to verify a supplier's carbon intensity before autonomously placing an order?5.       Given that poor data quality leads to redundant processing, what data governance rules are necessary to prevent agents from repeatedly querying or transforming the same inefficient datasets, wasting energy?6.       How do you build a "sustainability audit trail" for every autonomous decision, allowing CIOs to trace a specific agent's action back to its energy cost and carbon footprint for regulatory reporting?7.       As we manage agents like digital coworkers, what "retirement criteria" ensure that low-value, high-frequency agents are automatically decommissioned to prevent long-term energy leakage? (leanIX)8.       To avoid "shadow agent" sprawl doubling your infrastructure emissions undetected, what discovery tools can catalog every autonomous agent and calculate its real-time energy consumption against your Net Zero milestones?9.       With stakes higher than Shadow IT, how do you differentiate between essential agents that optimize sustainability (e.g., logistics routing) versus "rogue" agents that create unnecessary digital waste and technical carbon debt?10.   Where is the starting point for my organisation to move towards a more sustainable IT operation?

What your team uses when you aren't looking? What apps and AI tools are people at work using without telling the IT team? In this episode of the Cloud Do You Do podcast, Revolgy's Ashley Saunders talks with Chase Doelling from our partner, JumpCloud, about unapproved software and Shadow AI. People want to get their tasks done faster, so they try out new AI tools without checking first with their IT department. The risk is that they might be putting private company information directly into public systems. Chase explains why unapproved AI is different from older software issues, and why blocking websites doesn't solve the problem. What you'll find in the episode: Data risk: AI learns from whatever information you type into it, which creates security gaps that regular software doesn't. Hidden costs: How companies end up paying for the same software multiple times because different teams might buy their own tools. A better approach than blocking: Why it works better to guide people toward safe options instead of just blocking access. Getting a clear view: How JumpCloud tracks browser use and login paths to show exactly what apps are running. We are Revolgy - a global cloud partner. Our cloud engineers and architects provide professional and managed services for your projects on GCP and AWS. In a nutshell, we help to make life digital-native companies, SMBs and corporates in the cloud easier. Check our website revolgy.com for more information.Make sure to follow Revolgy on Spotify, Linkedin, and X.Thanks a lot for listening, and see you next time!

In #61 schließen Martin & Olli die 6. Staffel ab und starten mit einem Deep Dive zu digitaler Umsetzungs-Intelligenz: Wie wird aus digitaler Neugierde, Ambition und Ungeduld tatsächlich eine Lösung?Es geht nicht um KI-Coding als Hype, es geht um eine neue Führungskompetenz: echte Schmerzen im System erkennen, schnell Prototypen bauen, stabile Kerne schützen – und nur skalieren, was wirkt.Darauf folgt das Recap der Staffel 6. Die Muster aus den Folgen 52 bis 60 verdichtet: von kollektiver Kundenbindung über Marke als Betriebssystem bis zu Umsetzungskompetenz, Community-Strategien und Zuversicht als Handlungsprinzip.LinkedIn:→ Olli Busch→ Martin Boeing-MessingKeywords: Low-Code, No-Code, Shadow-IT, API-Architektur, Internal Tools, Workflow Automation, Regressionstests, Least Privilege, Product Ownership, MVP, RevOps, Martech Stack Hosted on Acast. See acast.com/privacy for more information.

Shadow IT was manageable. Shadow AI was concerning. Shadow agents? That's a whole different problem. 300 episodes already? Time flies when you're having fun! In this 300th Episode of the KuppingerCole Analyst Chat, Matthias sits down with Distinguished Analyst Martin Kuppinger to unpack one of the most urgent, and underestimated, security challenges facing organizations right now: employees building and deploying their own AI agents, with no governance, no oversight, and no accountability. Key topics: ✅ What "shadow agents" are and why they're fundamentally different from shadow IT or shadow AI✅ Why vibe coding means anyone, not just developers, can now deploy autonomous agents inside your systems✅ How AI agents massively expand the attack surface through prompt injection, data exfiltration, and uncontrolled access✅ Why discovery and resource-side controls must happen in parallel and why neither alone is enough✅ What organizations can actually do to gain control without just shutting everything down The bottom line: there's a thin line between agents that help your business and agents that harm it. Right now, most organizations can't tell the difference.

Shadow IT was manageable. Shadow AI was concerning. Shadow agents? That's a whole different problem. 300 episodes already? Time flies when you're having fun! In this 300th Episode of the KuppingerCole Analyst Chat, Matthias sits down with Distinguished Analyst Martin Kuppinger to unpack one of the most urgent, and underestimated, security challenges facing organizations right now: employees building and deploying their own AI agents, with no governance, no oversight, and no accountability. Key topics: ✅ What "shadow agents" are and why they're fundamentally different from shadow IT or shadow AI✅ Why vibe coding means anyone, not just developers, can now deploy autonomous agents inside your systems✅ How AI agents massively expand the attack surface through prompt injection, data exfiltration, and uncontrolled access✅ Why discovery and resource-side controls must happen in parallel and why neither alone is enough✅ What organizations can actually do to gain control without just shutting everything down The bottom line: there's a thin line between agents that help your business and agents that harm it. Right now, most organizations can't tell the difference.

No Braincast 634, Carlos Merigo, Cris Dias, Hiago Vinícius e Luiz Yassuda discutem o vibe coding, a nova febre da IA que promete permitir que qualquer pessoa crie aplicativos, dashboards, automações e protótipos apenas descrevendo o que quer. A conversa passa por Claude, Codex, Lovable, Replit, Bolt, Cursor, Manus, low-code, SaaSpocalipse, token maxing e a fantasia do “unicórnio de uma pessoa só”. Afinal, estamos diante de uma revolução criativa, em que mais gente pode transformar ideias em produtos, ou de uma fábrica de gambiarras em escala industrial? Também entram no papo os riscos de segurança, vazamento de dados, dependência das big techs, código ruim, Shadow IT, empresas tentando substituir times inteiros por IA e a importância de repertório, critério e bom gosto num mundo onde executar ficou mais fácil, mas saber o que pedir continua sendo o grande desafio. No Qual é a Boa, ainda tem Cinemático sobre Obsessão, jogos como Crimson Desert e The Last Caretaker, o Anti-Authoritarian Toolkit, IA em Curso, The Traitors e Momento Faustão. -- CONHEÇA OS CURSOS DA ESCOLA DE IA DA PUCPR https://posdigital.pucpr.br/areas/escola-de-ia?utm_source=podcast&utm_medium=braincast&utm_campaign=pucpr_externo_leads_ativacao-1_escola-ia&utm_content=audio_atributo_26-05-17 -- 04:17 PAUTA 05:37 O que é vibe coding 08:31 Origem e ferramentas 09:52 É programação mesmo 14:50 SaaSpocalipse e limites 19:59 Dilema do monstro 25:30 Token maxing e tralha 27:50 Low code e democratização 30:37 Agentes e checagem 34:10 Programadores e IA 34:52 Autocomplete e Vibe Code 38:52 Hype e corrida da IA 39:56 Segurança e dados 41:45 Automação pessoal útil 43:55 SaaS pequeno vs grande 46:07 Sites leves sem WordPress 49:57 Canva e custos ocultos 57:09 Dependência e mediação 59:45 Legado corporativo e suporte 01:02:57 Habilidades e formação 01:11:40 Bom gosto e repertório 01:12:46 Curiosidade como profissão 01:15:03 Educação e base teórica 01:18:00 A febre dos prompts 01:18:50 QUAL É A BOA 01:28:56 Toolkit anti autoritário 01:34:38 Cupom IA em Curso 01:35:24 Reality The Traitors 01:40:06 Momento Faustão -- ✳️ TORNE-SE MEMBRO DO B9 E GANHE BENEFÍCIOS: Braincast secreto; grupo de assinantes no Telegram; e episódios sem anúncios!

The most consequential development discussed is the rapid proliferation of Shadow IT in client environments, with emphasis on the unchecked adoption of cloud SaaS applications and artificial intelligence (AI) tools by end users. Speakers noted that this has led to a substantial loss of MSP control over client IT environments, eroding trusted advisor status and prompting clients to question the ongoing necessity of working with their MSP. The pervasive use of AI and SaaS products without guidance or oversight introduces governance and security risks, particularly relating to sensitive business data being accessible to third-party vendors and potentially incorporated into external data sets. The episode provided details on how Shadow IT emerges, highlighting the ease with which employees can adopt SaaS and AI tools through free trials, personal accounts, or non-business credit cards, often outside of IT's direct visibility. According to Amy and El, clients are increasingly self-serving their technology needs, shifting traditional MSP-client dynamics. The conversation outlined specific governance issues, such as most AI tools ingesting client data into the cloud, with limited assurance as to how it will be used or protected unless higher tiers of service are paid for—an unlikely scenario for most SMBs using free versions. Secondary discussion focused on broader industry fragmentation and the challenges it poses for knowledge-sharing, consensus-building, and vendor feedback. The speakers recalled a time when MSP best practices spread rapidly through tightly-knit peer groups or single platforms but observed current information channels are numerous and scattered, such as Discord, Reddit, LinkedIn, and Facebook. This dispersion hinders both MSPs and vendors from collaborating effectively and reduces the feedback loop necessary for responsive product development and operational improvement. The key implications for MSPs and IT leaders include the pressing need to shift operational models from rigid, tool-centric offerings to relationship- and advisory-focused services. There is heightened risk if MSPs fail to address governance and security concerns, especially as end users continue adopting technology independently. Speakers recommend implementing proactive client education, detailed risk analysis on SaaS and AI integrations, and establishing clear communication strategies to reclaim the advisory role. MSPs are encouraged to align compensation models to advisory activities, as future client value is projected to depend more on strategic guidance than product-resale or ticket-resolution metrics.Title: How are you managing Shadow IT? Topics: How are you managing Shadow IT? Is the MSP industry too fragmented in how we share knowledge? Why do MSPs exist? (blog posts from “Amy's Sayings”: https://www.thirdtier.net/?s=Amy%27s+sayings) What does it mean to be a M365-based MSP in 2026? Upcoming events: Zero Trust Workshop- 3 sessions starting May 28.  Register here: https://www.thirdtier.net/2026/04/27/arriving-in-may-zero-trust-workshop/ Mastermind Event with James (and Amy is a guest speaker!) in Omaha, NE Register here: https://kernanconsulting-mastermind.mykajabi.com/mastermind-event Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Slick interfaces, instant productivity, and AI platforms that look and feel like they were built by software giants. By all logic, one would logically assume they're making us more secure and professional. Yet, far too frequently, the exact opposite is happening, and we are witnessing the death of the professional "safety floor" in software. The reality is rooted in aesthetic deception. This week, I examine the rise of "vibe-coded" tools built by enthusiasts with professional-grade AI but back-ends held together by digital duct tape. While we have just started getting to the point where people are working to guard against basic data leaks, we're entering the era of application intimacy, granting "always-on" access to our most sensitive digital environments in exchange for minor conveniences. Given that, we have to move beyond basic data security and develop surgical discernment while also removing the bureaucratic friction that forces employees to go rogue in the first place.My goal is to get you off cruise control by highlighting the following opportunities to protect yourself and your organization:Developing Your ROI Smell Test: We've been told that if a product is free, we are the product. But vibe-coded startups are now charging for tools that still harvest your data. You must learn to interrogate the math: if an app promises to fully automate your life for $10, but the compute costs don't add up, your data is subsidizing their business. You cannot blindly trust a paid tier; you must evaluate if the provider has the "chops" and finances to actually protect you. Managing API Intimacy: We've moved from sharing email addresses to granting "API Handshakes". I break down why giving "Read/Write" access to your entire Google, Microsoft, or Slack workspace for a simple summarization tool is a catastrophic trade. You need to audit your persistent permissions this week and stop the "always-on" bridges that allow vulnerable apps to become doors into your entire digital identity. Ending the Shadow IT Insurgency: IT leaders often view employees as "bad actors" bucking the system. I share why Shadow IT is actually a symptom of Friction. If vetting a $10 tool takes three months and a decade of IT experience to navigate, you are the security risk. You must move from the "Department of No" to the "Department of How," streamlining your processes to keep high-performers within your safe ecosystem. By the end, I hope you see that being future-focused isn't about slowing down. It's about having the right strategic friction to keep you from going over the cliff. We can't stop when it comes to technology. Instead, it's about building the partnerships that make innovation safe. ⸻If this conversation helps you think more clearly about the future we're building, make sure to like, share, and subscribe. You can also support the show by buying me a coffee at https://buymeacoffee.com/christopherlind And if your organization is wrestling with how to lead responsibly in the AI era, balancing performance, technology, and people, that's the work I do every day through my consulting and coaching. Learn more at https://christopherlind.co ⸻Chapters00:00 – The DSLR Warning: Why Everyone is an "App Founder" Now 03:00 – Reaction Check: Moving Past Panic and Eye-Rolling 06:00 – The Era of API Intimacy 07:30 – The API Handshake: Why Convenience is the New Breach 11:30 – Action 1: Applying the ROI Smell Test 13:30 – The Permission Audit: Read/Write Access Dangers 18:00 – Shadow IT: It's a Friction Problem, Not a People Problem 20:30 – Action 2: Performing a Friction Audit on IT Processes 24:30 – The Department of "How": Turning Rebels into Advocates 27:00 – Conclusion & Identifying Strategic Friction #VibeCoding #CyberSecurity #ShadowIT #DigitalAcumen #Leadership #ChristopherLind #FutureFocused #DataPrivacy #AIStrategy #TechTrends

Steve Petryschuk, vice president of product and market strategy at Auvik Every year brings a new wave of IT industry reports, but Auvik’s 2026 IT Trends Report – titled “Beyond the Hype: The Real State of IT in 2026” – lands as something of a reality check. The headline finding is striking: while 67% of IT professionals say they are optimistic about AI’s potential, only 5% say it is actually core to their daily operations. That gap between ambition and execution is what Auvik is calling the “Maturity Mirage.” The governance picture is even more telling. Auvik’s research found that 76% of IT leaders believe their organization has an AI policy in place – but only 42% of frontline help desk staff agree. That disconnect isn’t just a communications problem. It’s the open door through which Shadow AI enters the environment, and Auvik’s own platform telemetry counted over 100,000 shadow AI applications discovered in customer networks in 2025 alone. In this episode of In The Channel, Steve Petryschuk, vice president of product and market strategy at Auvik, joins Robert Dutt to dig into what the data actually means for Canadian MSPs. They discuss why documentation is the unglamorous foundation that any real AI readiness strategy has to be built on, what the MSP execution advantage looks like in the numbers, and how the “Maturity Mirage” framing can help partners have more honest – and more productive – conversations with clients about where they actually stand. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Every year we look to the major vendor reports to see where the industry’s head is at, but Auvik’s 2026 IT Trends Report, titled “Beyond the Hype,” feels a little different this time around. It’s a bit of a reality check for the AI era. We’ve been hearing about the AI revolution for some time now, but Auvik’s data shows a massive gap between what leadership thinks is happening and what’s actually hitting the help desk. We’re talking about a world where 76% of executives swear they have an AI policy, while more than half of their frontline staff have never even seen it. That disconnect isn’t just a communications problem. For an MSP, it’s a massive opening for shadow AI to walk in through the front door. To dig into this maturity mirage and what it means for your service desk – and your bottom line – I’m joined today by Steve Petryschuk. Steve is vice president of product and market strategy at Auvik, and he’s been at the center of translating this data into a roadmap for partners. We talk about why documentation is actually the most important AI tool, the rising risk of competency debt in junior techs, and why the Canadian mid-market might actually have an execution advantage over the big enterprise players. Let’s get right into it. My chat with Steve Petryschuk. [MUSIC] Robert Dutt: Steve, thanks for taking the time. I appreciate it. Steve Petryschuk: Thanks so much for having me. Robert Dutt: The report highlights a significant gap in AI policy awareness – something we’re seeing across multiple industry reports. In this case, 76% of leaders believe they have a solid AI policy in place, while only 42% of frontline staff agree that policy even exists. Is that a communication failure, or is the policy just not mapping to how people are actually doing the work? Steve Petryschuk: I think it’s a bit of both. I’d start with communication failure as the primary driver. We don’t always have visibility into when policy violations are occurring, so how do you enforce that policy – or even communicate that enforcement – without that visibility? It starts with just making sure people know the policy exists, and then building some implementation around enforcement. Robert Dutt: Only 5% of respondents say AI is core to their operations today, despite plenty of optimism in the data. What are the specific readiness hurdles keeping AI in the pilot phase for so many MSPs? Steve Petryschuk: This is probably one of the most interesting findings in the report – that disconnect between enthusiasm around AI and how little has actually been operationalized. I think it starts with trust. Most MSPs don’t yet have the trust to let AI operate solo, and that makes sense, because we’re the ones managing the client relationships and the consequences when things go wrong. Until we build that trust, we’ll remain at that pilot stage. So I see it as a phased approach. You start in areas where humans remain in the loop – at least for now – so you can build comfort with the system. But equally important is ensuring you’re giving AI good inputs, because this is still very much a garbage-in, garbage-out situation. If your inputs aren’t clean, your outputs won’t be either, and that’ll hold you back from ever making AI a core part of operations. Robert Dutt: Does the fact that most tools MSPs are using today are either adding AI functionality or on the roadmap to do so – does that help build that trust, or does it require something more fundamental? Steve Petryschuk: There are a lot of vendors adding AI on top of their tools, but I think the more useful question is: how do you embed AI into the existing workflows your team is already using? Rather than treating it as a bolt-on, think about the processes you’re already familiar with – can AI assist you within those workflows and demonstrate value day to day? That’s how you start to build trust incrementally. Once you see it working in familiar territory, you can expand from there. Robert Dutt: And as you build that trust – once you’ve got those first steps working the way you want – how does an MSP move from having an AI policy on paper to implementing the technical controls a client or auditor can actually verify? Steve Petryschuk: It starts with visibility. Before you can enforce a policy, you need to uncover all the AI tools in the environment – both sanctioned and shadow. As shadow IT has evolved into shadow AI, that discovery step is critical. From there, you can move toward real-time policy reminders before committing to more active, automated guardrails. Eventually, you get to a point where you’re blocking non-sanctioned AI tools and allowing sanctioned ones. Most MSPs I talk to are still a long way from that, but they’re at least starting with the visibility angle – and that’s the right starting point. Robert Dutt: On that topic, Auvik’s telemetry found over 100,000 shadow AI applications in customer networks last year. Is shadow AI replacing shadow IT as the primary risk, or is it effectively the same problem in a new form? Steve Petryschuk: It’s a problem that’s evolved. Shadow IT and shadow AI are directly related, but you can’t just do a find-and-replace on the terminology – the risks aren’t identical. A lot of the core concerns are the same: understanding what applications are in use, where data is going, what’s being ingested. But the business impact of shadow AI gone wrong is significantly higher. Think about LLMs being trained on data you didn’t know was out there, or agents with access to multiple systems inadvertently moving sensitive client data – or worse, surfacing Client A’s data in a report for Client B. The risks aren’t entirely new, but the consequences of something going wrong are considerably greater. Robert Dutt: That’s an interesting angle – it’s not just that the data is out there, but that it can be actively executed against you. The accidental cross-contamination between clients is a particularly pointed example for MSPs. The report also found that around 60% of IT teams discover unauthorized SaaS at least monthly. From a visibility standpoint, does this signal that the perimeter approach is effectively dead? And if so, what does a modern visibility strategy look like for an MSP managing, say, 50 clients? Steve Petryschuk: The traditional perimeter has been eroding for a while. Work happens at the endpoint now, and that’s where visibility needs to focus – continuous discovery of the applications end users are running day to day. It doesn’t mean you’re auditing every minute of every day, but it’s not a point-in-time snapshot either. It’s an ongoing picture that gives you something useful whether you’re responding to a support ticket or walking a client through a QBR – “here’s all the shadow AI we’ve uncovered.” That discovery needs to happen as close to where work is actually getting done as possible: within the applications being used, and on the endpoints where people are working. Robert Dutt: Interestingly, despite all the shadow AI conversation, MSPs in the report still ranked shadow IT as the number one underestimated risk. Why do you think business leaders continue to miss the gravity of it, even as sensitive data flows into AI tools? Steve Petryschuk: I think it’s one of those areas where it’s easier to turn a blind eye until there’s a triggering security incident. Until something actually happens to you, it’s always someone else’s problem. You hear about it, you read about it, but “it’s not going to happen here.” The honest version of that is: it hasn’t happened here yet. And until you’ve had that personal experience where shadow IT – or shadow AI – bites you, the tendency is to underestimate the risk. Robert Dutt: There’s an interesting budget paradox in the data – almost half of IT teams said their budgets were growing, but a similar proportion cited lack of time as their biggest blocker. Where’s the money going if it’s not buying back time for staff? Steve Petryschuk: It’s a great question, and the report didn’t specifically dig into the causes of that disconnect. But based on conversations with partners and broader industry trends, I think a lot of those budget increases are simply going to maintain the status quo – salary increases, rising tooling costs, price increases still catching up from the inflation cycle of a couple of years ago. The budgets are growing, but that growth is being absorbed by keeping the lights on: keeping the tools running, keeping the teams intact. The magnitude of the increases isn’t enough to fundamentally change how work gets done, and without changing how you work, you won’t get that time back. Robert Dutt: Here’s one where MSPs can take a bit of a victory lap – corporate IT teams are apparently half as likely to be making new investments compared to MSPs. Does that suggest the managed services model is structurally better at converting budget into operational progress, or is this more of a “you have to automate to survive” story? Steve Petryschuk: Part of it is the MSP’s willingness to adapt and experiment – we tend to be a little ahead of the curve on new technology adoption. But I also think it’s a macroeconomic confidence indicator. Historically, MSPs tend to hold up better – and even do well – in times of broader economic uncertainty. So when there’s turbulence around them, MSPs are more likely to say, “We’ve seen this before, we’ll be okay,” and that confidence translates into a willingness to make new investments even when others are pulling back. Robert Dutt: And there’s something to be said for the maturity of the managed services model at this point – you can look at a rough environment, recognize the pattern, and not panic. Steve Petryschuk: That’s exactly right. Robert Dutt: The report found that just over 50% of IT teams are still spending ten or more hours a week on basic user tickets. What role do you see AI playing in actually moving that needle – going from hyped solution to genuinely freeing up technician time? Steve Petryschuk: Let’s set aside the panacea of fully automated ticket resolution for now – the scenario where a ticket comes in and no one ever touches it. Maybe we get there eventually, and for simple things like password resets, some level of automation is already feasible. But the more realistic near-term win is using AI to gather all the context a technician would normally have to collect manually. Agents can pull together that background information and surface a recommended next action, so that by the time a technician picks up the ticket, their job is less “figure out what to do” and more “confirm this is the right call and execute.” That’s an easier step, it’s probably already happening in some service desks today, and it starts to build trust in AI recommendations over time – which feeds back into that adoption flywheel we talked about earlier. Robert Dutt: And as those recommendations get better, you get more comfortable with the idea that yes, that’s the right answer for this type of issue – and eventually that trust extends further. Steve Petryschuk: Exactly. Robert Dutt: On the workforce side, the report showed a hollowing out of the hybrid model in favour of office-first or remote-first. From a network management perspective, does office-first actually make IT any simpler, or is distributed support just the permanent baseline now? Steve Petryschuk: I think distributed support is the permanent baseline. For MSPs, it doesn’t really matter whether the client is in the office or working from home – we’re still supporting them remotely either way. Network complexity doesn’t change much. And even in a fully return-to-office environment, users are still moving around, travelling to events, going on the road. Looking at the Canadian context specifically – we’re still laggards in the office-first shift compared to some of our global peers, despite what you hear in the media. There’s still a significant amount of distributed work happening here, and I think the problem of managing that distributed environment is a long way from going away. Robert Dutt: You’ve framed AI as a “senior IT associate in your pocket” for junior techs – which is a much more interesting way to look at it than “it’s going to eliminate entry-level jobs.” But even with that framing, is there still a risk of competency debt? Where the next generation of technicians ends up leaning so heavily on AI diagnostics that they lose the ability to evaluate whether the recommended action is actually right? Steve Petryschuk: The risk is absolutely there. But it’s not entirely a new problem – technology has always built on previous technology, and skills evolve accordingly. How many technicians today can troubleshoot at the processor level? Not many. The craft changes. What matters is teaching junior technicians the right fundamentals for the AI era: basic problem-solving skills, the ability to recognize a plausible answer from an implausible one, and how to use AI tooling effectively. The actual knowledge base evolves, but you still need a baseline of IT competency to function well. And that pipeline from junior to senior really matters – if we hollow out the junior tier, we’ll eventually run out of senior technicians too. Robert Dutt: Since we’re both flying the Maple Leaf – did you see anything specifically Canadian in the data? Anything unique or peculiar to the Canadian market? Steve Petryschuk: The survey data doesn’t specifically break out geographies, but based on conversations with MSPs across Canada, the US, and Europe, I don’t think we’re significantly ahead or behind on AI adoption – we’re facing many of the same governance challenges. Policies aren’t always making it to day-to-day operations, and visibility into which AI tools are actually in use remains a challenge for most. Where I do see a Canadian distinction is in the regulatory and legal landscape. I was recently at an event for professional engineers in Ontario where AI regulation came up – and the picture is interesting. The EU is taking an aggressive regulatory stance; the US is moving toward a more relaxed one. Canada, unsurprisingly, is finding its way somewhere in the middle. That’s probably the most Canadian answer I can give. Robert Dutt: Hopefully the middle ground lands well. Last question – looking at all the data, if an MSP owner can only fix one thing in their operations this year, what yields the biggest ROI? Steve Petryschuk: Documentation. You need an up-to-date source of truth, because that’s what AI has to build on to operate effectively in your environment. Visibility actually improves when documentation improves – they’re closely related. But if you don’t have a solid, well-maintained source of truth, you’re going to get that garbage-in, garbage-out scenario no matter how good the AI tools are. So if there’s one thing to focus on, it’s making sure you know what your sources of truth are, and that they’re accurate and up to date. That gives you the foundation everything else builds on. Robert Dutt: I appreciate that bit of advice. Steve, thank you for taking the time and walking us through the numbers. Steve Petryschuk: Thanks so much for having me on. [MUSIC] Robert Dutt: There you have it – Steve Petryschuk from Auvik. I’d like to thank Steve for his time. And honestly, I think “AI as a senior associate in your pocket” is going to be the quote of the month. The big takeaway for me is that we need to stop thinking about AI as a cool project and start treating it as a documentation problem. If your source of truth is a mess, your AI is just going to be a very fast, very confident hallucination machine. For those of you running MSPs in Canada, the maturity mirage is your best sales tool right now. If you can show your client that their budget increase is being swallowed by reactive noise because they don’t have visibility, you’ve moved from being a vendor to being a business advisor. Thanks for spending some time with us today. If you found this conversation useful, you can find more in the full show notes at ChannelBuzz.ca. You can find the podcast on Apple Podcasts, Spotify, YouTube, and pretty much everywhere you get your audio. If you have a moment, leaving a rating or review really does help us reach more of the community. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Today, we're joined by Uri Haramati, CEO and Founder of Torii, the governance platform for SaaS and AI. We talk about:The blurring of lines between AI and SaaSChallenge of gaining enterprise-wide, centralized policies and management of AI and SaaS The amazing opportunities of AI, with many simultaneous new challenges and risksHow users will interact less with UIs and more with AI agentsThe identity management complexity of increasing non-human identitiesRead Torii's SaaS Benchmark Annual Report 2026, which takes a data-backed look at what companies actually use: sanctioned apps, shadow apps, and the AI tools taking over our workspace.

In part two of this episode, KJ Burke and Jodey Hogeland, Global Technologist at Dell Technologies, explores how modern storage platforms are evolving to meet the demands of AI, automation and hybrid IT environments. From the industry's shift away from “cloud‑first” thinking to the rise of autonomous infrastructure, Jodey shares practical insights on how IT leaders can future‑proof their data foundations without adding complexity. To learn more, visit cdw.ca Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SUMMARY: Shadow AI is growing much faster than known AI adoption across businesses. How can IT teams get Shadow AI under control?GUEST: Uri Haramati, CEO at ToriiSHOW: 1020SHOW TRANSCRIPT: The Reasoning Show #1020 TranscriptSHOW VIDEO: https://youtu.be/AUrh_xICPzMSHOW SPONSORS:ShareGate - ShareGate Protect. Microsoft 365 Governance, we got this!Nasuni - Activate your data for AI and request a demoSHOW NOTES:Torii (homepage)Topic 1 - Welcome to the show. Tell us about your background and your focus at Torii. Topic 2 - Is Shadow AI really a security problem—or is it a product-market fit problem inside the enterprise?Topic 3 - Why does Shadow AI spread faster—and become more dangerous—than traditional Shadow IT?Topic 4 - What's the first signal a company should look for to know Shadow AI is already happening?Topic 5 - How do you balance visibility vs. control without killing the productivity gains that drove Shadow AI in the first place?Topic 6 - How should organizations rethink ‘data loss prevention' in a world where the leak is a prompt, not a file?Topic 7 - What does a ‘well-governed' AI environment actually look like in practice—day-to-day for an employee?Topic 8 - “Do you think Shadow AI ever fully goes away—or does it become a permanent operating model that companies need to design around?”FEEDBACK?Email: show @ reasoning dot showBluesky: @reasoningshow.bsky.socialTwitter/X: @ReasoningShowInstagram: @reasoningshowTikTok: @reasoningshow

Parce que… c'est l'épisode 0x739! Shameless plug 14 au 17 avril 2026 - Botconf 2026 20 au 22 avril 2026 - ITSec Code rabais de 15%: Seqcure15 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Contexte et ton de l'épisode Cet épisode spécial PME du podcast P-Secure réunit trois invités : Dominique Derrier, Nicolas Milot et Cyndie Fletz. L'ambiance est décontractée, avec quelques taquineries adressées à Dominique, qui avait raté le rendez-vous précédent. L'épisode fait suite à une discussion sur le Shadow IT en général, et se concentre cette fois-ci exclusivement sur le Shadow AI — un sujet qui suscite un intérêt croissant, autant chez les utilisateurs que chez les équipes de sécurité informatique. D'emblée, les trois participants rappellent qu'ils ne se présentent pas comme des experts absolus : le domaine est si récent et évolue si vite que les opinions exprimées reflètent l'expérience du moment. Ce qui est vrai aujourd'hui pourrait être caduc dans un an. Qu'est-ce que le Shadow AI ? Pour rappeler les bases, le Shadow IT désigne l'ensemble des outils et logiciels installés ou utilisés par les employés sans que le département informatique en ait connaissance ou contrôle. Le Shadow AI en est la déclinaison moderne : il s'agit de l'utilisation non encadrée d'outils d'intelligence artificielle — comme ChatGPT, Claude (Anthropic), Microsoft Copilot ou d'autres — dans le cadre professionnel, que ce soit via des abonnements personnels, des accès navigateur ou des outils non approuvés par l'entreprise. Pourquoi c'est inévitable L'un des points centraux de la discussion est que le Shadow AI ne peut pas être simplement interdit. Les participants font une analogie parlante : tenter de bloquer l'usage de l'IA dans une entreprise, c'est comme penser qu'un adolescent va vous obéir dès que vous avez le dos tourné. Les employés qui souhaitent utiliser ces outils trouveront toujours un moyen de le faire — via leur téléphone personnel, leur propre abonnement cloud ou leur ordinateur à domicile. La réalité, c'est que l'IA apporte une réelle valeur ajoutée : productivité accrue, autonomie renforcée, gain de temps sur des tâches répétitives. Nier cela ou l'interdire en bloc, c'est passer à côté d'une opportunité et pousser les employés vers des comportements encore moins contrôlés. Les risques concrets pour les PME Si les bénéfices sont réels, les risques le sont tout autant. Les intervenants en dressent une liste : La fuite de données confidentielles : les employés peuvent, parfois involontairement, copier-coller des informations sensibles dans un outil d'IA public. La frontière entre une utilisation prudente et un transfert non voulu d'informations est mince. Les MCP (Model Context Protocol) : ces connecteurs permettent de lier un modèle d'IA à des outils externes. Si leur usage n'est pas encadré, ils représentent une porte d'entrée potentielle pour des logiciels malveillants, même lorsque l'entreprise a approuvé un fournisseur d'IA spécifique. La mauvaise configuration des outils : contrairement à un logiciel d'entreprise classique, beaucoup d'outils d'IA sont accessibles directement via un navigateur, sans passer par le département IT. Le contrôle est donc structurellement plus difficile. Le faux sentiment de toute-puissance : les LLM peuvent donner aux utilisateurs l'impression d'avoir accès à une connaissance infaillible. Or, les modèles hallucinent, se trompent, et peuvent générer des rapports erronés sur lesquels des décisions d'entreprise seront prises. Un exemple évoqué dans l'épisode : une entreprise qui, pendant des mois, a fondé ses décisions sur des rapports générés par une IA sans jamais les vérifier — et qui s'est retrouvée avec des données complètement fausses. Le rôle de l'équipe IT : des garde-fous, pas des gardiens Une question intéressante est soulevée : qui est responsable du Shadow AI dans une entreprise ? La réponse est claire : ce ne peut pas être uniquement le département IT. Celui-ci peut mettre en place des garde-fous techniques, mais les décisions stratégiques — quels outils autoriser, dans quel cadre, avec quelles politiques — doivent venir d'un niveau hiérarchique plus élevé, impliquant la direction et les ressources humaines. L'IT est un exécutant de mesures de sécurité, pas le seul décideur d'une politique d'usage de l'IA. Recommandations pratiques pour les PME Les trois invités convergent vers plusieurs recommandations concrètes : Dialoguez avec vos employés avant d'écrire des politiques. Comprenez pourquoi ils utilisent ou voudraient utiliser l'IA, ce qu'ils espèrent en tirer, et intégrez-les dans la réflexion. Fournissez les outils vous-mêmes. Comme pour les gestionnaires de mots de passe, si vous souhaitez que les employés utilisent des outils sécurisés, donnez-leur accès à des licences approuvées. Sinon, ils se débrouilleront avec des alternatives gratuites ou personnelles. Ne montez pas votre propre LLM. Pour une PME, construire son propre modèle de langage local serait extrêmement coûteux et peu pertinent. Mieux vaut s'appuyer sur des fournisseurs existants, en choisissant ceux dont les pratiques éthiques et de sécurité sont les plus solides. Adaptez la politique au profil de risque. Une entreprise avec des développeurs techniques aura besoin d'une politique plus stricte qu'une PME de services dont les employés n'utilisent que le volet conversationnel de l'IA. Idem pour les secteurs réglementés comme le droit, où l'IA est utile pour la recherche générale mais ne doit jamais recevoir de données personnelles de clients. Éduquez et sensibilisez. Rappelez aux employés que l'IA n'est pas magique : elle se trompe, elle ne remplace pas l'expertise humaine, et elle doit être supervisée. L'image du stagiaire est utilisée : capable de beaucoup de choses, mais qui a besoin d'être bien briefé, encadré et vérifié. Conclusion L'épisode se termine sur un message d'équilibre : ni interdire, ni laisser faire sans garde-fous. L'IA est là, elle est utile, et les employés l'utiliseront de toute façon. Le rôle des entreprises — et notamment des PME — est d'en faire un usage contrôlé, éduqué et raisonné, en transmettant aux employés les bons réflexes pour minimiser les risques. Un peu comme avec des adolescents : on ne peut pas tout contrôler, mais on peut inculquer des comportements responsables. Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Cyndie Feltz Nicholas Milot Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Martin Ulbricht ist Mitgründer von Qlero und erklärt in dieser Folge, warum KI in Unternehmen selten an der Technologie scheitert, sondern an fehlender Struktur, unscharfen Prozessen und unklarer Verantwortung. Im Gespräch geht es um digitale Souveränität, Shadow IT und die Frage, warum Prompting im Unternehmenskontext nur eine Übergangslösung ist. Außerdem zeigt Martin, wie Unternehmen Wissen über Transkripte nutzbar machen und warum KI spätestens dann zur Chefsache wird, wenn sie direkt am Geschäftsmodell arbeitet.Hier geht's zu den Shownotes:⁠https://ventureaibriefing.substack.com To hear more, visit ventureaibriefing.substack.com

What happens when attackers collaborate better than defenders?  Recorded live from RSAC 2026, this solo episode with Ron breaks down the biggest themes shaping cybersecurity right now, from organized threat groups and massive data breaches to the growing tension between productivity and control inside modern organizations. This conversation highlights a hard truth. The threat landscape is evolving through collaboration. From phishing-as-a-service platforms like Tycoon 2FA to supply chain breaches impacting entire ecosystems, attackers are sharing tools and moving faster than ever. But there's another side to the story. As AI becomes embedded in how work gets done, security teams are being pushed to rethink their role. Blocking tools is no longer enough. The real challenge is enabling the business while managing risk, and that requires trust, alignment, and a stronger sense of community across the industry. This episode is a call to rethink how we approach security. Not as isolated teams enforcing policy, but as a connected community working together to adapt, respond, and move forward. Impactful Moments 00:00 - Introduction, live from RSAC 2026 02:50 - Tycoon2FA and the rise of phishing-as-a-service 04:45 - The TELUS breach and what a petabyte-scale attack looks like 06:21 - Why you need strict controls … everywhere 07:30 - Are AI agents the new Shadow IT?  09:00 - The balance between productivity and security controls 09:27 - Boards' demands for their teams to use AI  11:53 - Why leading security teams is more like parenting than policing 12:42 - Community is the foundation for the future of cybersecurity   Links Connect with Ron Eddings on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com    Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

RSA week may be over, but the Canadian channel news cycle kept moving. Four stories this week that deserve your attention heading into April. Sherweb goes global Sherbrooke-based cloud distributor Sherweb secured a $125 million minority equity investment from Investissement Quebec — the company’s first outside investment in 28 years of bootstrapped operation. The investment follows Sherweb’s expansion into the UK market, targeting over 11,000 MSPs, built on the acquisition of Irish distributor MicroWarehouse. CRN’s interview with Sherweb’s co-CEO confirms AI marketplace expansion and M&A ambitions. Broadcom’s VMware reckoning March 31 marks the VCSP program termination deadline in Europe. CISPE filed a formal antitrust complaint with the European Commission (Reuters). Broadcom “strongly disagrees”. VMware’s Krish Prasad told CRN there’s a “huge VCF tailwind” from memory shortages, pitching VCF 9.0 as a software solution to the hardware crisis. Independent analyst firm Virtified found roughly half of VMware users plan to reduce usage by 2028. The silicon squeeze Intel’s David Feng says Panther Lake will help regain commercial PC market share while also confirming ~10% OEM CPU price increases. AMD is signaling GPU price increases of at least 10%, driven by the same DRAM supply crisis. The AI governance gap Auvik’s 2026 IT Trends Report: 67% of IT pros are optimistic about AI, but only 5% say it’s core to operations. 76% of IT leaders believe an AI policy exists — only 42% of help desk staff agree. OpenText and the Ponemon Institute: 52% of enterprises have deployed GenAI, but 79% lack full AI maturity in cybersecurity. Two independent studies, same week, same conclusion: AI adoption is outrunning governance. Read Full Transcript Hello and welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca, and this is your weekly look at the stories that matter for the Canadian IT channel community. March 30th, 2026. Four stories this week. A Sherbrooke cloud distributor goes global after 28 years of bootstrapping. Broadcom’s VMware reckoning arrives just in time for a March 31st deadline. Intel and AMD both signal price increases that will squeeze your clients’ hardware refreshes. And two independent reports paint the same uncomfortable picture about where enterprise AI adoption actually stands. Let’s get into it. We’re starting this week with a feel-good Canadian story, and it’s a big one. Sherweb, the Sherbrooke, Quebec-based cloud marketplace distributor, has secured a $125 million minority equity investment from Investissement Quebec. And here’s the detail that makes this significant: this is Sherweb’s first outside investment ever. The company has been bootstrapped and founder-owned since 1998. Twenty-eight years without a dollar of outside capital. This comes on the heels of Sherweb’s expansion into the UK market, where they’re targeting over 11,000 MSPs. That move was built on their acquisition last year of Irish cloud distributor MicroWarehouse, so they’re not just parachuting in — they’ve got a beachhead. Put those two announcements together and the picture is clear. This isn’t a company raising money because it needs to. This is a company that’s been profitable for nearly three decades, deciding it’s time to go global, and bringing in a strategic partner to fund the expansion and, notably, M&A. CRN’s interview with Sherweb’s co-CEO made the ambitions explicit: AI marketplace expansion and acquisitions are on the table. For Canadian partners, this is worth watching. Sherweb has been a reliable, partner-first distributor for a long time. The question now is whether they can scale that model internationally without losing what made it work. Now for a very different kind of story. The Broadcom VMware saga has been building for months, and this week several threads converge at once. March 31st is the deadline for Broadcom’s termination of the VMware Cloud Service Provider program in Europe. CISPE, the European cloud infrastructure providers group, filed a formal antitrust complaint with the European Commission on March 19th, calling Broadcom’s actions — and I’m quoting here — a “death sentence” for smaller cloud providers. They’re asking for interim measures to block the shutdown while the complaint is investigated. Broadcom’s response, per CRN, was that they “strongly disagree” and that the complaint “misrepresents the realities of the market.” Meanwhile, Broadcom is making a very specific pitch to customers. Krish Prasad, who heads the VMware Cloud Foundation division, told CRN — and again, direct quote — “We have essentially solved the hardware shortage and the hardware cost issues with a software solution.” The argument is that VCF 9.0’s advanced memory tiering lets you offload expensive DRAM to cheaper NVMe storage, so the memory super-cycle becomes a reason to buy more VMware, not less. Prasad called it a “huge VCF tailwind.” Here’s the irony, and it’s hard to miss. Broadcom is simultaneously telling customers they need VMware more than ever to survive the hardware crunch, while pushing licensing and program changes that are driving those same customers to look for alternatives. And the data on customer sentiment is now documented. Independent analyst firm Virtified, founded by former Gartner VP Michael Warrilow, surveyed 450 VMware users across 14 countries and found roughly half plan to reduce their VMware usage by 2028. That’s not channel chatter. That’s documented customer intent. Whether the EU complaint gains traction or not, the market is speaking. Speaking of hardware getting more expensive — let’s talk silicon. Intel had an interesting week. Their VP David Feng told CRN that the new Core Ultra Series 3 “Panther Lake” chips will help Intel regain market share in commercial PCs. The pitch: Panther Lake brings meaningful AI processing capabilities to the commercial fleet. This is Intel’s play to win back ground they’ve lost to AMD and Apple Silicon in the enterprise. On the other hand — and this is from the same executive, same week — Intel confirmed it’s raising CPU prices for OEMs by roughly ten percent. Supply crunch, rising component costs, tariff pressure. The usual 2026 cocktail. So Intel is counting on a commercial PC refresh cycle to reclaim market share, while simultaneously making that refresh more expensive for everyone involved. And lest you think this is Intel-specific — AMD is also signaling GPU price increases of at least ten percent in 2026, driven by the same DRAM supply crisis. For partners helping clients plan hardware refreshes right now, the message is straightforward: budget accordingly, and budget up. The cost pressure is structural, not temporary. We’ll close this week with some data, and it tells a story every MSP needs to hear. Auvik released their 2026 IT Trends Report this week. The headline finding: sixty-seven percent of IT professionals are optimistic about AI. But only five percent say AI is actually core to their operations today. Five percent. That is an enormous gap between enthusiasm and reality. The governance picture is even more striking. Seventy-six percent of IT leaders believe their organization has an AI policy. Only forty-two percent of help desk staff agree. That’s not a gap, that’s leadership and the front line living in completely different realities about whether the rules even exist. Auvik also found that 61 percent of organizations discover unauthorized SaaS applications at least monthly. Shadow IT is not a hypothetical — it’s a standing Tuesday meeting. And these findings aren’t isolated. The same week, Waterloo-based OpenText released a Ponemon Institute study of nearly 1,900 IT and security practitioners. Fifty-two percent of enterprises have deployed GenAI. But seventy-nine percent haven’t reached full AI maturity in cybersecurity. Only 41 percent have AI-specific data privacy policies. Two independent studies, same week, same conclusion: AI is being deployed faster than organizations can govern it, secure it, or even agree on whether governance exists. For MSPs, this is the opportunity in neon lights. Your clients are adopting AI. They think they have policies. Their front-line staff disagrees. Someone needs to fill that gap. That’s your In Case You Missed It for March 30th, 2026. Sherweb going global, Broadcom’s VMware reckoning, the silicon squeeze, and the AI governance gap — confirmed from two independent angles. Links to everything we talked about today are in the show notes at ChannelBuzz.ca. If you’re finding this useful, subscribe wherever you get your podcasts — Apple Podcasts, Spotify, YouTube, most directories. Ratings and reviews always help us out. I’m Robert Dutt for ChannelBuzz.ca. I’ll see you in the channel.

The Institute of Internal Auditors Presents: All Things Internal Audit Tech  In this episode, Daniel McCarville speaks with Bill Bensing about shadow IT and why it continues to emerge inside organizations. They explore how shadow IT often signals innovation rather than just risk, and how internal auditors can help organizations balance experimentation, governance, and operational control. The conversation also introduces a practical framework for understanding how ideas move from exploration to validation and ultimately into formal operations.   HOST: Daniel McCarville Associate Vice President of Internal Audit Arch Capital   GUEST: Bill Bensing Chief Technologist and Co-Founder Attestify   KEY POINTS: Introduction [00:00:02-00:00:39] What Is Shadow IT? [00:00:39-00:01:56] Why Shadow IT Exists in Organizations [00:02:13-00:05:08] Shadow IT as a Source of Innovation [00:05:33-00:08:03] Why Small Internal Solutions Can Deliver Big Value [00:06:10-00:07:33] The Role of Shadow IT in Validating Ideas [00:09:14-00:10:56] Why Innovation Often Fails to Take Hold [00:12:41-00:14:00] How Leaders Can Enable Innovation Safely [00:14:00-00:16:54] Building Communities and Internal Flywheels of Innovation [00:17:00-00:18:55] Developing Internal Innovation Teams [00:19:08-00:21:24] Why Experimentation and Imperfection Are Necessary for Innovation [00:21:59-00:22:59] How Auditors Should Rethink Shadow IT Risk [00:23:02-00:24:17] The Exploration-Validation-Operation Model [00:24:17-00:28:07] Internal Audit's Role Across the Innovation Lifecycle [00:28:07-00:31:11] Addressing Shadow IT Risks Without Stifling Innovation [00:32:29-00:35:32] Why Building Tools Strengthens Career Growth [00:37:11-00:39:04] Learning Principles vs. Learning Tools [00:39:21-00:41:51] How Auditors Can Encourage Innovation While Maintaining Controls [00:41:59-00:46:30] Final Thoughts: Enabling Coordination Across the Three Lines [00:47:39-00:50:14] Visit The IIA's website or YouTube channel for related topics and more.   IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: Global Internal Audit Standards IIA Certificates: IT General Controls Certificate Knowledge Centers: Artificial Intelligence Vison 2035 Become a Certified Internal Auditor (CIA) IIA Courses: Fundamentals of IT Auditing Combined Assurance 2026 Analytics, Automation and AI Virtual Conference  The Big Idea: Shadow AI Isn't Just a Sign of Control Gaps   Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer

Shadow IT är en trogen följeslagare i IT-braschen och har gäckat nitiska IT-avdelningar i alla år. Mattias Jadesköld och Erik Zalitis granskar fenomenet från dess första början till idag. Hur har det förändrats? Hur såg det ut förr och hur ser det ut idag? Då med inkopplade DHCP-servrar och idag med AI och SaaS-lösningar. Men varför uppstår egentligen Shadow-IT och är det verkligen ett it-säkerhetsproblem ... bara? Givetvis har Mattias en lista på tekniska grejer som Erik tvingas fundera på ifall de löser Shadow-IT eller inte. Läs mer här: https://www.itsakerhetspodden.se/323-evolutionen-av-shadow-it/

This week's full broadcast of Computer Talk Radio includes - 00:00 - Nerd news for the normal world - AI trust, Moltbook, Meta, social media, surveillance pricing - 11:00 - Listener Q&A - CPU speeds - Patrick asks Benjamin how CPUs improve without higher speeds - 22:00 - Keeping up with updates - Keith says that keeping up with the latest updates can backfire - 31:00 - Mark Brownstein's approach - Mark Brownstein looks at the TT Nature Smart Bird Feeder - 39:00 - Scam Series - Phantom Subscription - The Phantom Subscription Trap that you never signed up for - 44:00 - Keske on largest impacting people - Steve Keske reflects on famous impacting people on tech - 56:00 - Dr Doreen Galli - HIMSS Expo - Health Information and Management Systems Society Expo - 1:07:00 - Touchscreens no longer big need - Benjamin reflects that Apple is now right about touchscreens - 1:16:00 - IT Professional Series - 370 - Benjamin advises Shadow IT is not good, better to make friends - 1:24:00 - Marty Winston's Wisdom - Marty Winston shares different levels of Asus business laptops

Key Takeaways Session overview: AI is a transformative technology where security is lagging dangerously behind. Polino's session, "A Guide to Security Roles in AI Transformation (Implementation)," will explore why it's critical for organizations to reassess current roles, controls, and systems and proactively design security strategies specifically for an AI-driven environment. Guardrails: AI systems can be easily manipulated through indirect prompts or parameter framing, making it essential to enforce extremely strict guidelines and access controls to prevent unintended exposure of sensitive data. Exploring security with leaders: Organizations must proactively define security policies and controls for AI now to prevent users from going rogue or turning to shadow IT, because inaction will only amplify risk as sensitive data inevitably leaks into unsecured public AI tools. Event takeaways: Polino notes the importance of events like this because they bridge the knowledge gap between AI leaders and everyday business users by equipping them to understand AI early and effectively transfer that knowledge across their organizations. "AI is coming, whether you want it or not. The goal here is to figure out how to use it appropriately, how to make it as safe as you possibly can, and mitigate those risks inside your organization." Visit Cloud Wars for more.

In this episode of Cloud Wars Live, Bob Evans speaks with Bonnie Tinder, founder and CEO of Raven Intelligence, about the surge of hype, confusion, and opportunity surrounding AI in enterprise technology. As headlines claim AI could replace traditional software and “vibe coding” threatens SaaS vendors, Tinder brings a grounded perspective from years of advising organizations on enterprise systems like Salesforce, Workday, and SAP. Their conversation explores what AI can realistically do today, why enterprise software remains critical, and how companies can move forward without falling for hype. Episode 58: AI Hype vs. Reality The Big Themes: Why “Vibe Coding” Won't Replace ERP: The idea that AI-powered “vibe coding” could replace enterprise applications is a popular narrative, but both Evans and Tinder challenge its practicality. Even companies developing cutting-edge AI models are still relying on traditional enterprise systems. For example, Tinder notes that AI companies themselves are hiring administrators for established software platforms rather than replacing them. Leadership Must Guide AI Adoption: The discussion also emphasizes that AI adoption cannot be left solely to technology teams. According to Evans, the entire executive leadership team, especially the CEO, needs to be actively involved in defining how AI will shape the organization. AI initiatives affect workflows, job roles, data governance, and competitive strategy. Without clear leadership alignment, different departments may pursue conflicting approaches, slowing progress or introducing risk. Fear and FUD Are Slowing Progress: Ironically, the greatest threat from AI hype may be paralysis. Tinder argues that fear, uncertainty, and doubt in the market are causing many companies to delay decisions altogether. Organizations worry about choosing the wrong tools, implementing technology too early, or missing the next wave of innovation. This hesitation can prevent companies from making meaningful progress. Instead of waiting for perfect clarity, organizations should take practical steps. The Big Quote: “You can vibe code your way around [a] notion or a content system, that's way different though, than having an in-house solution for an enterprise software." More from Bonnie Tinder: Connect with Bonnie on LinkedIn. Visit Cloud Wars for more.

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere. In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility. In this conversation, we explore:✅ What SSPM actually means (and why the “PM” might be limiting)✅ How Shadow IT evolved into Shadow SaaS and Shadow AI✅ The intersection of identity and cybersecurity in SaaS environments✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift✅ Why continuous monitoring beats periodic audits✅ CASB vs SSPM vs CNAPP — where the lines blur✅ The growing governance challenge in AI-powered SaaS✅ Why SaaS security can’t be ignored anymore If your organization uses SaaS (spoiler: it does), this discussion is not optional.

Podcast: Industrial Cybersecurity InsiderEpisode: Your OT Cybersecurity Strategy Is Failing: Here's WhyPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Kiren Sekar (CPO @ Samsara) joins us to deconstruct the "Innovation Engine" behind Samsara, and how this system drives real-world impact and ROI across their products. We explore Samsara's decade-long compound product strategy and the mechanics of accelerating feedback loops in an era where the primary bottlenecks shift from code generation to customer feedback and absorption of change. Kiren details how their data flywheel expands the aperture of what is possible to build and we dive into the system of customer-driven innovation: advisory boards, “spark sessions” to test hypotheses and gain unfiltered feedback. Plus we talk about the power of embedding engineers in frontline environments (from truckyards to construction sites) to cultivate “taste,” customer empathy and trigger non-linear ideas. ABOUT KIREN SEKARKiren Sekar is the Chief Product Officer at Samsara (NYSE: IOT), where he has helped lead the company from a hardware-hacking startup in a basement to a global leader in Connected Operations with over $1.5B in ARR. An early leader at Meraki (acquired by Cisco for $1.2B) and an Apple veteran with multiple patents, Kiren specializes in the rare intersection of hardware, massive-scale data, and AI. He is the architect of a platform that now processes trillions of data points for the industries that keep the world running—trucking, construction, and logistics. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Real-world ROI The Intersection of Bits and Atoms: How Samsara supported customers through a once-in-a-century snowstorm using real-time AI insights (3:59)The Practicality Filter: Why low-margin, high-utility businesses are the best "BS detectors" for product builders (9:25)Deconstructing the compound product strategy: 10 years of feedback loops, scaling empathy, and technical capabilities (10:53)Accelerating your innovation flywheel, customer and product feedback loops (14:39)The New Bottleneck: Why writing code is no longer the constraint, and how to optimize for customer absorption of change (19:58)The Data Flywheel: Leveraging trillions of proprietary data points to solve new problems and expand your innovation engine into new capabilities (23:36)Embedding engineers in customer problems: Why there is no substitute for engineers seeing the frontline environment firsthand (29:56)How customer empathy and "taste" amplify the benefits of AI coding agents (33:26)Building a system of customer-driven innovation: Utilizing Advisory Boards and "Spark Sessions" to turn 10,000+ customers into co-creators (37:40)Rapid fire questions (47:50)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is your internal developer platform actually improving velocity, or is it a bottleneck? We discuss why platform teams building "cool" abstractions is a red flag, and you should aim to create the best platform for software engineers.In this episode, we cover:Why "Golden Paths" can turn into roadblocks for developers.The danger of Shadow IT and why it's a symptom of a failed platform.How to measure if your platform is saving time.Connect with Adnan Alshar:https://www.linkedin.com/in/adnanmalshar92Connect with Jelmer de Jong:https://www.linkedin.com/in/jelmerdejong-xebia00:00:00 - Intro 00:00:54 - Is DevOps Dead? The Truth About Platform Engineering 00:03:07 - Why Developers Are Drowning in Complexity Today 00:04:37 - Why Having No Platform Is Better Than a Bad Platform 00:07:20 - Treating Software Engineers as Customers of the Platform 00:11:26 - The Exact Moment You Should Start Building a Platform 00:14:18 - Who Should Be on Your First Platform Team? 00:17:33 - Turning Your Angriest Developers Into Platform Evangelists 00:18:57 - Key Metrics: How to Measure Platform Engineering Success 00:21:01 - Why 60% of Companies Don't Measure Platform Success00:23:35 - Why No Metrics Is the Biggest Red Flag00:25:23 - The Disconnect Between Executives and AI Readiness 00:31:34 - Integrating AI Tools and Large Language Models Securely 00:34:22 - Shadow IT: The Symptom of a Broken Platform 00:38:03 - How to Scale Without Becoming a Bottleneck 00:41:45 - Don't Forget the Business Side of Platform Engineering#PlatformEngineering #DevOps #DeveloperProductivity

Founders often delay leadership coaching until a major crisis hits, leading to significant costs in productivity, team churn, and poor decisions. In this episode, James Birchler (Technical Advisor & Executive Leadership Coach) argues that early coaching is a game-changer for a startup's success. We explore the hidden costs of waiting and the benefits of intentionally installing leadership and communication systems before you scale. James shares specific self-awareness mechanisms, like advisory groups and feedback loops, to help founders design their day and create accountability. You'll also learn practical strategies like the "5-Minute Alignment Loop" for spotting communication breakdowns & for reinforcing clarity. Plus insights on how to "install your leadership OS" so it can scale with your company. ABOUT JAMES BIRCHLERJames Birchler is an executive leadership coach and technical advisor who specializes in helping engineering leaders and founders develop greater self-awareness and build high-performing teams. He combines deep technical expertise with practical leadership development, making him particularly valuable for technical leaders scaling their organizations.As both a founder and engineering leader, James has more than 20 years of experience leading teams at companies ranging from early-stage startups to Amazon, where his current role is Technical Advisor to the VP of Amazon Delivery Routing and Planning. Most recently, he founded NICER, a premium natural personal care company, and Actuate Partners, his executive coaching and technical advisory practice. He also held VP of Engineering roles at companies including Caffeine (backed by Greylock and Andreessen Horowitz), SmugMug (where his team acquired Flickr), and IMVU.At IMVU, James implemented the Lean Startup methodologies alongside Eric Ries, author of The Lean Startup and creator of the methodology, literally the first company to apply these principles. His team helped pioneer the DevOps movement by building infrastructure to ship code to production 50 times per day and coining the term "continuous deployment." This experience in systematic experimentation and continuous improvement now informs his coaching approach through frameworks like CAMS (Coaching, Advising, Mentoring, Supporting) and the Think-Do-Learn Loop.James completed his executive coaching certification at UC Berkeley Haas School of Business Executive Coaching Institute. His coaching practice focuses on self-awareness, integrity, accountability, and fostering growth mindsets that support continuous learning and high performance. He writes the Continuous Growth newsletter and offers both individual executive coaching and peer learning circles for technical leaders.Through his advisory work with growth-stage startups in the US and Europe, James helps leaders navigate common scaling challenges including hiring and interviewing, implementing development methodologies, establishing operational cadences, and developing other leaders. His approach treats leadership development like product development—with systematic feedback loops, measurable outcomes, and continuous improvement.You can find James at jamesbirchler.com, LinkedIn, and Substack. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Why founders should seek coaching earlier rather than waiting for a crisis to occur (2:45)The high stakes of ignoring this critical advice & how this leads to communication & scaling problems (4:50)The importance of effective communication channels & leadership mechanisms before pressure increases (6:12)How investing a small amount in coaching early on can prevent hundreds of thousands of dollars in future costs (8:07)Frameworks for cultivating self-awareness / leadership blind spots (11:06)James's practice of "designing your day" around a desired identity, not just a list of tasks (12:30)Why designing your day is about intentionality (15:13)How this practice leads to better relationships & opportunities to reflect (17:44)Reflective listening & its impact on customer relationships (19:32)Strategies for improving self-awareness / uncovering blind spots (22:05)An example of how awareness can lead to better results  (26:03)Day-to-day rituals for improving self-awareness (28:14)Signals that your communication methods are effective & getting through (30:37)Reflect on & define the desired outcome you want to generate (33:26)The five-minute alignment loop for creating clarity & confirming ownership as a leader (35:21)Why creating clarity & finding alignment is key as a founder (37:02)How the same communication & leadership patterns recur as your org scales, from small startup to large enterprise (39:46)The increasing importance of human skills like emotional intelligence and reflective listening in an age of AI (42:03)Rapid fire questions (44:38)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Full Audio at https://podcasts.apple.com/us/podcast/the-hidden-economy-machine-customers-b2a-the-shadow/id1684415169?i=1000748466027

Construir software do zero nem sempre é inovação. Muitas vezes, é só mais caro, mais lento e mais arriscado. Quando vale a pena comprar, integrar ou adaptar uma solução pronta? Quando faz sentido desenvolver internamente? E como grandes empresas equilibram autonomia, segurança, inovação e governança sem travar a organização? No episódio do Hipsters.Talks, PAULO SILVEIRA, CVO do Grupo Alura, conversa com JOÃO COSTA, gerente de Inovação Aberta da Petrobras, sobre decisões reais de tecnologia em escala: make or buy, inovação aberta vs fechada, citizen developers, Shadow IT, IA corporativa e como fazer a adoção de novas tecnologias acontecer de verdade — não só no PowerPoint. Uma conversa prática sobre como inovação acontece fora do hype, dentro de uma das maiores empresas do Brasil, onde planilhas, software pronto, IA generativa e desenvolvimento interno convivem todos os dias. Sinta-se à vontade para compartilhar suas perguntas e comentários. Vamos adorar conversar com você!

In our latest ELC episode, we are addressing some of the biggest challenges facing engineers today: identifying your scaling thesis, putting that thesis into practice, and addressing implementation challenges. Jaikumar Ganesh, Head of Engineering @ Anyscale, shares insights from his experience working at top tech companies like Android and Uber, and how to apply those lessons within your own orgs. We also cover strategies for identifying what to build, using data effectively when it comes to understanding AI agents, and keeping your intent (and customer success) top of mind. Additionally, Jaikumar discusses his experience as a GM and why all orgs should adopt cross-functional skillsets as part of their company culture. ABOUT JAIKUMAR GANESHJaikumar Ganesh is an accomplished technology leader and the Head of Engineering at Anyscale. With a deep background in engineering and customer-facing roles, Jaikumar has a proven track record of building and scaling engineering organizations. He is passionate about pushing the boundaries of product and engineering innovation while ensuring customer needs are met, and is committed to building empowering organizations rooted in trust, respect, and growth. Jaikumar is excited about working with companies to harness the power of AI and distributed computing to achieve their goals. He previously co-started and co-led Uber's AI group—the central ML group at Uber—and was also on the early team at Android @ Google. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Reflecting on scaling patterns across the 2000s, 2010s, and the AI era (03:27)Why "copy-pasting" scaling strategies from other companies leads to failure (5:56)How to define a scaling thesis by mapping revenue projections to infrastructure strategy (7:52)Infrastructure shifts: From Android's OS abstractions to Uber's on-prem data centers (9:56)The "Build vs. Buy" dilemma in the age of AI agents and third-party solutions (12:09)Why "Knowing What to Build" is the new long pole in engineering productivity (20:17)Developing "Product Thinking" within engineering and infrastructure teams (23:10)The emergence of Context Graphs and "Source of Truth" platforms for AI agents (24:46)How to avoid data & context graphs becoming bottlenecks (27:05)Lessons from GM leadership: Bridging the gap between engineering, product, and sales (29:06)The "6-20" Initiative: Uniting cross-functional teams around specific customer wins (32:45)Training engineers to empathize with customer pain and translate technical wins into the language of sales (33:48)Utilizing cross-departmental daily standups and leaderboards to drive aggressive "block and tackle" execution (36:18)Tracing execution failures back to early decision-making and judgment gaps (38:42)Rapid fire questions (45:28) This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI isn't a “someday” conversation for nonprofits anymore it's a right-now operational decision with governance, risk, and staff behavior at the center. Joshua Peskay, Co-Founder of Meet the Moment, joined Julia C. Patrick to talk about the practical reality nonprofits are facing: AI adoption is already happening inside your organization whether leadership has planned for it or not.Joshua frames the moment with a clear warning and a workable path forward. Too many nonprofits, he says, are bumping into “governance immaturity” the missing pieces that turn AI from a productivity boost into a liability. Think policies, staff learning, data classification and handling, and vendor risk review. Instead of debating whether AI is allowed, Joshua urges leaders to start by accepting the current state and then managing it with intention. As he puts it, “Artificial intelligence is happening and it is happening incredibly fast… the water is coming down the mountain.”The duo reinforce what many executives have observed: when organizations ban AI, staff still use it they just do it quietly, creating silos and exposure. Joshua connects that to a familiar cybersecurity pattern: shadow IT. People work around constraints to get the job done, especially in a sector that's under-resourced, remote, and mission-urgent.The forward-looking takeaway is refreshingly actionable: start with the AI tools already inside your protected environment. If your nonprofit runs on Microsoft 365 or Google Workspace, use Copilot, Gemini, or NotebookLM as your baseline so staff can work with guardrails. For anything outside that ecosystem, require a business case and a review process. Then, build a learning culture where staff share what's working, what's failing, and what's safe.Joshua also brings urgency from the risk landscape, noting nonprofits are attractive targets because of sensitive data and typically weaker security. 00:00:00 Welcome and why AI is the topic right now 00:01:26 What Meet the Moment does for nonprofits 00:03:20 The real issue governance maturity and policies 00:05:04 When nonprofits ban AI staff use it anyway 00:06:08 The water down the mountain analogy 00:07:53 Why nonprofit community learning matters 00:11:23 The square wheel paradox and making time to learn 00:13:32 Readiness vs reality and starting from current state 00:15:17 Use the AI already in your protected workspace 00:18:39 Shadow IT and work from home risk 00:21:42 Why nonprofits are attractive cyber targets 00:24:52 Donor spreadsheets and why “hope is not a strategy” #TheNonprofitShow #NonprofitManagement #AIgovernanceFind us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

How do you transform a collection of individual tools into a cohesive, AI-powered symphony? Vineeta Puranik (CPTO @ SmartBear) dissects the strategy behind evolving a product vision from point solutions to a unified multi-product ecosystem. We explore the critical architectural distinction between "AI bolt-on" and "AI native" strategies, frameworks for seamless M&A integration, and how to design for varying levels of customer AI readiness. Vineeta also discusses the shift to test “does it match intent”, using “jobs to be done” to drive solving entire workflows not just tool capabilities, and designing user experiences for both human personas and AI agents. ABOUT VINEETA PURANIKVineeta Puranik serves as Chief Product and Technology Officer (CPTO) at SmartBear, where she leads the company's global technology and product strategy to empower developers and enterprises worldwide. A seasoned technology executive with over two decades of experience, she combines strategic vision with hands-on leadership to drive innovation, growth, and operational excellence.At SmartBear, Vineeta oversees development, cloud engineers, AI, and architecture, and has been instrumental in scaling centers of excellence in India and Poland, launching the Developer Academy, and advancing the company's hub-based product strategy – Swagger suite for API capabilities, Test Hub, and Insight Hub. Recognized for her collaborative, people first leadership and commitment to inclusion, she was named a 2024 Women Worth Watching in STEM by Profiles in Diversity Journal. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:SmartBear's evolution from individual tools to a connected ecosystem (3:34)The cultural shift toward vendor consolidation and avoiding context switching (5:39)Why "Jobs-to-be-Done" must drive the workflow, not just the tool capabilities (9:35)The shift in testing: Moving from "does it crash?" to "does it match intent?" in an AI world (14:26)The architectural difference between "AI Bolt-On" and "AI Native" products (20:44)The levels of autonomy: A framework for moving from manual control to autonomous testing (24:10)Designing for different customer personas: Addressing security, policy, and AI readiness (30:01)Rapid Fire Questions (32:50) LINKS AND RESOURCES Books MentionedOwn the Room: Discover Your Signature Voice to Master Your Leadership Presence by Amy Jen Su and Muriel Maignan Wilkins.The Leader You Want to Be: Five Essential Principles for Bringing Out Your Best Self--Every Day by Amy Jen Su.SmartBear Tools & ProductsSmartBear[**Reflect**](https://reflect.run/?utm_medium=referral&utm_source=smartbear.com&utm_campaign=prodnav&_gl=1*4gpwr4*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Mentioned as their "AI Native" product for autonomous testing.Zephyr Scale – Mentioned regarding the Atlassian ecosystem integration.[**QMetry**](https://www.qmetry.com/?_gl=1*1d5sv56*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Recently acquired test management product.[**Swagger**](https://swagger.io/product/?_gl=1*gtu348*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Mentioned as the suite for API design and compliance. This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tyson Singer (Head of Tech & Platforms @ Spotify) joins us to unpack how Spotify is transforming its product development lifecycle across creation, experimentation and maintenance to shift from "localized speed" to "systematic speed." We explore why the industry's current obsession with the "Build It" phase of development is shortsighted, and how Spotify is aggressively deploying AI in the "Think It" (prototyping/strategy) and "Maintain It" (fleet management) phases. Tyson also details the internal tools driving this shift, including AiKA and Honk, and shares why the future of engineering relies on moving from I-shaped specialists to T-shaped generalists. ABOUT TYSON SINGERTyson Singer is the SVP of Technology & Platforms at Spotify, where he leads technology infrastructure, developer experience, cybersecurity, and finance IT. Tyson is the executive behind Spotify's internal developer portal, Backstage, and Spotify's experimentation system, Confidence, which are now both commercially available. He has a background as an engineer, architect, and product lead, and he holds a Master's in Computer Science from Stanford University. Tyson is also an avid outdoor adventurer. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Tyson's 9-year journey @ Spotify: From the "crucible" of hyper-growth to leading Tech & Platforms (3:46)The pivot from "localized speed" to "systematic speed" (7:27)Core principles of Spotify's Platform org: Partnering with customers & "Taking the pain away" (10:37)The "Think it, Build it, Ship it, Tweak it" lifecycle framework & why the industry obsession with "Build It" (coding agents) is missing the bigger picture (14:57)How Spotify is investing in the "Think It" phase: AI prototyping with deep business context (16:49)AiKA (AI Knowledge Assistant): Context engineering for humans and bots (18:47)"Honk": Spotify's internal framework for large-scale automated code changes (22:17)Addressing the decline of code quality and the bottleneck of human PR reviews (25:50)Probabilistic vs. Deterministic code reviews: A new approach to quality checks (29:43)Identifying bottlenecks to company value outside of R&D (Legal, Licensing, etc.) (32:12)Why systems change is fundamentally about people and identity shifts (35:57)Rapid fire questions (38:49) This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Neste episódio fazemos uma retrospectiva dos assuntos mais importantes tratados em 2025 no Segurança Legal. Você irá descobrirá os principais temas que dominaram o ano em inteligência artificial, segurança da informação e direito digital. O episódio traz uma análise sobre o aparecimento do Deepseek, explorando como a inteligência artificial transformou o cenário de segurança cibernética. Você irá descobrir os riscos de atrofia cognitiva causados pelo uso excessivo de IA, a importância da proteção de dados pessoais com a LGPD, e como os backdoors em modelos de linguagem ameaçaram a supply chain. O podcast também aborda questões de vigilância digital, as novas regras do Banco Central após fraudes bancárias, a inconstitucionalidade do artigo 19 do Marco Civil, a aprovação do ECA Digital, vulnerabilidades no gov.br e a questão crítica do analfabetismo funcional digital. Esta retrospectiva cobre ainda aspectos geopolíticos da IA, regulação de inteligência artificial, conformidade com políticas de proteção de dados, e o papel das bigtechs em 2025.  Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana.  Visite nossa campanha de financiamento coletivo e nos apoie!  Conheça o Blog da BrownPipe Consultoria e se inscreva no nosso mailing Imagem do Episódio – Por trás do tempo – Guilherme Goulart

Centenas de pessoas na TIM fazem data analytics fora da área de tecnologia. Advogados criando modelos no Vertex. Profissionais de marketing usando DataProc. Como equilibrar autonomia com governança sem criar Shadow IT? No décimo sétimo episódio do Hipsters.Talks, PAULO SILVEIRA, CVO do Grupo Alun, conversa com JONE VAZ, Diretor de Data e IA da TIM, sobre cultura de dados, citizen developers, IA Academy e como democratizar tecnologia em uma empresa de 60 milhões de clientes. Uma conversa sobre o futuro da TI corporativa. Prepare-se para um episódio cheio de conhecimento e inspiração!

Recorded during ITNation Connect Global, the theme of this episode is centered around the importance of leaders leading the conversation—especially when it comes to AI and emerging technologies shaping the MSP ecosystem. Nathanaëlle Denechere, CRO of Mizo and John Harden, Director of Strategy & Technology Evangelism at Auvik, lend their thoughts around embracing those moments as opportunities.   Highlights from Part One with Nathanaëlle: How their agentic service desk solution is redefining support by balancing automation with the irreplaceable human touch.  Mizo's powerful productivity gains—boosting output by 26% through intelligent resolution steps. Reflected on the company's excitement as a PitchIT Finalist.   Highlights from Part Two with John Harden: Diving into his Conference presentation, “If You're Not Leading AI Conversations, You're Being Led Out.”  Urging MSPs to embrace the monetization of AI.  How the "Shadow AI is the new Shadow IT.”   Time Stamps: 00:50 – Part 1: Nathanaëlle Denechere 24:20 – Part 2: John Harden

SHOW: 975Rohan Sathe, CEO and Co-Founder of Nightfall AI, discusses the rise of Shadow AI, where employees unknowingly leak sensitive corporate data through generative AI tools like ChatGPT. We explore how Nightfall's AI-native approach transforms autonomous systems to defend against AI-powered data exfiltration across SaaS apps, endpoints, and browsers. SHOW TRANSCRIPT: The Cloudcast #975 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET NEW TO CLOUD? CHECK OUT OUR OTHER PODCAST - "CLOUDCAST BASICS" SPONSORS:[Mailtrap] Try Mailtrap for free[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Sunday Perspective touches on Shadow AINightfall websiteTopic 1 - Welcome to the show, Rohan. Give everyone a brief introduction, including your time at Uber Eats.Topic 2 - How do you define Shadow AI? We hear Shadow AI compared to Shadow IT back at the start of cloud. However, this looks different because everyone's learning curve is much smaller. For Shadow IT to happen, you had to know IT (servers, storage, etc.). Is this the correct way to think about the problem?Topic 3 - How big is the Shadow AI problem today?Topic 4 - Normally, data leaks would be discovered by traditional DLP (data loss prevention) tools. In my experience, those tools have been cumbersome and clunky, and you often face the classic trade-off between user productivity and security, as well as the need to lock down access. How has this mindset evolved in the era of AI? Topic 5 - What happens when AI-powered attacks meet AI-powered defense?Topic 6 - Let's talk about the technical architecture. How does Nightfall actually work across SaaS apps, endpoints, browsers, and AI tools?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

When most leaders think about transformation, they reach for tools and tactics. But real, lasting change doesn't start with new methods—it starts with culture. In this episode, I sit down with Phil Gilbert, the former General Manager of Design at IBM, who led one of the boldest reinventions in corporate history. After selling his third startup to IBM in 2010, Phil was asked to transform how IBM's teams worked using design thinking and agile. That effort reshaped the experience of over 400,000 employees and became the subject of a Harvard Business School case study, the documentary The Loop, and coverage in the New York Times and Fortune.We explore how culture drives outcomes, why the team is the atomic unit of change, and how to design a leadership structure that earns trust and creates momentum. Phil brings sharp insight, rich stories, and practical frameworks drawn from a 45-year career spanning startups, scale-ups, and global enterprises. If you're leading change—or trying to get others to believe in it—this conversation is your blueprint.Phil Gilbert is best known for scaling IBM's global design transformation. He was inducted into the New York Foundation for the Arts Hall of Fame in 2018 and named an Oklahoma Creativity Ambassador in 2019. Since retiring from IBM in 2022, Phil has focused on helping business and military leaders shift culture at scale to improve innovation and team performance.Key TakeawaysCulture is the system: Real transformation means rewiring people, practices, and places—not just teaching new skills.Teams are the atomic unit of change: Change doesn't scale through individual mandates. It scales when cross-functional teams deliver new outcomes.Design scales empathy: Phil shares how design thinking isn't just about aesthetics—it's a tool for scaling understanding and improving systems.Transformation needs protection: Change teams need structural support and a leadership “shell” that shields them while engaging the broader org.Momentum beats mandates: Leaders can't impose change—they must earn it by showing results, listening deeply, and integrating across silos.Additional Insights"Every day is a prototype": Phil's mantra that gives teams permission to change, test, and learn continuously.The virus model of leadership: To spread new ways of working, Phil designed his leadership team like a virus—with spikes into HR, finance, comms, and IT.Designers aren't the barrier—systems are: In companies with weak design reputations, the problem isn't the designers. It's the culture around them.Shadow IT kills transformation: Real progress happens when change leaders partner with CIOs—not work around them.Most AI efforts are missing the point: Phil argues that AI transformation fails when it focuses on individuals instead of improving team-level outcomes.Episode Highlights00:00 - Episode RecapBarry O'Reilly recaps the episode's theme, discussing leadership challenges, reclaiming strategic focus, and leveraging frameworks, executive habits, and AI to drive impactful business outcomes.2:26 - Guest IntroductionBarry introduces Phil Gilbert, renowned for leading a major cultural transformation at IBM through human-centered design. He previews Phil's new book, “Irresistible Change,” and sets expectations for a discussion on leadership, empathy, and executing change at scale.3:21 - Official Start of ConversationPhil Gilbert reflects on pivotal career moments, including his experience founding early startups, the challenge of driving adoption for new technologies,...

Nonprofits lean on outside platforms to save time and stretch budgets—but those relationships can quietly expose sensitive donor, client, and payment data. In this episode, Senior Cybersecurity Advisor Parker Brissette of Richey May explains how to recognize and manage third-party software risk before it becomes tomorrow's headline. He starts with a simple lens: follow the data. Where is it stored? Who can touch it—directly or indirectly? Many teams only think about contracted vendors, but Parker widens the aperture to “shadow IT” and consumer tools staff use without formal approval. As he puts it, “Third parties is really anybody that can touch the data at any point in your business, whether you have an agreement with them or maybe not.”From privacy regulations (GDPR, CCPA) to sector-specific rules (HIPAA, PCI), nonprofits carry legal and reputational exposure the moment personal information enters their systems. Parker offers practical steps: inventory paid tools via your accounting system; ask, “If this vendor vanished tomorrow, what would break?”; and press vendors for proof—SOC 2 reports, ISO 27001, or completed security questionnaires. For organizations without a CIO, he recommends clear contracts and one non-negotiable safeguard: “The biggest thing that I recommend in any third-party engagement is setting an expectation of having cyber insurance, because that's a big protection for you financially.”AI enters the picture with both promise and peril. Consumer AI tools can learn from and retain your uploads, potentially exposing proprietary or personal information. Enterprise agreements (e.g., Microsoft Copilot) can offer stronger data protections, but only if configured and used correctly. Parker's guidance is pragmatic: don't ban AI; set guardrails, choose vetted tools, and train teams.Finally, he urges preparation and transparency. Incidents can happen—even with good controls. Donors and corporate funders expect frank communication about what protections exist and what happens if data is exposed. Build trust now by documenting safeguards, validating vendors, and rehearsing your response.You don't have to be a security expert to make smart choices—but you do need a map: know your systems, test your assumptions, ask vendors for evidence, and write risk into your contracts and budgets. That approach turns anxiety into action—and preserves the trust your mission depends on.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

The hardest thing for any growing company to do is manage the transition from hypergrowth to the dual tracks of growth and stability. AWS is entering their Hybrid phase, or the transition from Day 1 to Day 2. How will it go?SHOW: 946SHOW TRANSCRIPT: The Cloudcast #946 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:[DoIT] Visit doit.com (that's d-o-i-t.com) to unlock intent-aware FinOps at scale with DoiT Cloud Intelligence.[VASION] Vasion Print eliminates the need for print servers by enabling secure, cloud-based printing from any device, anywhere. Get a custom demo to see the difference for yourself.SHOW NOTES:Amazon Q2 (July 2025) ResultsReviewing Amazon/AWS Q2 2025 Results (CNBC)AWS QoQ Earnings Growth Rates (2014-2025)Andy Jassy defends Amazon/AWS AI strategyAmazon Q2 2025 Earnings Call TranscriptUpdate from Andy Jasay Amazon Generative AI (Amazon Internal)HOW WILL AWS HANDLE DAY 1 AND DAY 2?Has AWS missed the Generative AI transformation?Not investing in GPUs at the same rate as their cloud market shareDon't have a Top 5 Frontier LLMDon't have a productivity suite to attach AI to (on-going revenue)Don't have a leading coding-assistant appDon't have an immediate “acquisition” target (e.g. Anthropic valuation near $150B)AWS isn't breaking out their AI revenuesAWS's growth has plateaued over the last 6 quarters (around 17%), while Azure, GCP have been growing at 1.5 to 2x, specifically around AI revenues. AWS is up to 18% of Amazon revenue, and current AWS (CPU-based) is driving the majority of Amazon profits. Jasay is trying to make AI an add-on to the AWS “building block” modelGenAI buying (at this point) looks similar to Shadow IT going to public cloud – it's not centrally controlledIs AWS focused on GenAI, or moving the other 80-85% of on-premises to their cloud? Can they manage both priorities at the same time? Can you achieve the same levels of growth if non-GenAI startups aren't getting funding at the same levels as pre-2022?FEEDBACK?Email: show at the cloudcast dot netTwitter/X: @cloudcastpodBlueSky: @cloudcastpod.bsky.socialInstagram: @cloudcastpodTikTok: @cloudcastpod

“We're not here with a silver bullet. We're here to help teams start with visibility—because you can't manage what you can't see.” — Steve Petracek, Auvik In this special Technology Reseller News podcast recorded live from the inaugural Podcast Row at ChannelCon 2025 in Nashville, Doug Green sits down with Steve Petracek of Auvik to discuss the mounting challenges facing IT teams in an increasingly hybrid and remote working environment. Petracek, a leader at Auvik—an IT operations management platform—delivers fresh insight from the company's latest IT Trends Report. According to Petracek, 87% of MSPs today are managing at least some portion of a remote workforce, but most lack the tools to adequately address the growing risks around visibility, Shadow IT, Shadow AI, and workforce productivity. This mismatch is leading to inefficiencies and, increasingly, burnout among IT professionals. “The traditional tools built for the office don't cut it anymore,” Petracek explains. “IT teams are stitching together a dozen tools just to support a single user working remotely. That's where the stress comes in.” Petracek emphasizes that the first step in solving these challenges is visibility—not just into the network and infrastructure, but into the user's entire digital ecosystem, from sanctioned SaaS apps to unsanctioned AI tools. Auvik's platform aims to bring all of that into focus, giving IT teams one place to manage, secure, and optimize performance across environments. Key trends discussed in the podcast include: The rise of Shadow AI and its unmanaged introduction into IT ecosystems The compounding effect of tool sprawl on stress and burnout The need for automation and tool consolidation to restore efficiency Auvik's visibility-first approach to tackling modern IT operations Petracek's message to MSPs at ChannelCon was clear: hybrid work isn't a passing trend, and managing it effectively means embracing a new toolset, reducing complexity, and automating wherever possible. To dive deeper into Auvik's findings and learn how your team can better manage hybrid infrastructure, download the free IT Trends Report at https://www.auvik.com. This podcast was recorded live at ChannelCon 2025 at the Gaylord Opryland Hotel in Nashville, as part of Technology Reseller News' coverage of emerging technologies and trends shaping the MSP and IT services landscape.  

When we talk about cybersecurity, it's often easy to think in terms of firewalls, passwords, and high-profile breaches. But what happens when the vulnerability isn't within your own systems but somewhere deep in your third or fourth-tier supply chain? In this episode, I spoke with Ben Edwards from Bitsight about the unseen infrastructure propping up much of the global digital economy and the new risks emerging from it. Our conversation begins by challenging the assumption that larger technology providers are automatically safer. Bitsight's research reveals that scale often introduces complexity and a larger attack surface, which can make it even harder to stay secure. In fact, UK supply chains are now around 10 percent larger than the global average, reflecting a more advanced digital economy but also introducing more room for hidden weaknesses. One of the most sobering parts of the discussion focused on geopolitics. Around 30 percent of UK and US supply chains rely on Chinese military-linked companies like Huawei and China Telecom. That's not just a cybersecurity concern. It's a geopolitical time bomb. Ben broke down the ripple effects that potential restrictions or bans could have, including costs, infrastructure overhauls, and widespread operational disruption. Then there are the “hidden pillars,” smaller vendors like Aptiv and Yardi, which may not be household names but play disproportionately influential roles in sectors like aerospace, education, and real estate. Their obscurity makes them dangerous single points of failure, especially when regional dependencies form without anyone noticing. The bottom line? End-to-end supply chain visibility remains elusive. Shadow IT, employee workarounds, and a constantly shifting tech landscape mean organizations must approach cybersecurity as an ongoing process, not a checklist. Ben urges companies to continually assess the criticality of their providers and, just as importantly, understand their own role in others' ecosystems. If you're curious about how internet balkanization, AI, and outsourcing are shaping the next phase of cybersecurity strategy, this episode will give you a lot to think about. Y

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security