Podcasts about shadow it

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere. In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility. In this conversation, we explore:✅ What SSPM actually means (and why the “PM” might be limiting)✅ How Shadow IT evolved into Shadow SaaS and Shadow AI✅ The intersection of identity and cybersecurity in SaaS environments✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift✅ Why continuous monitoring beats periodic audits✅ CASB vs SSPM vs CNAPP — where the lines blur✅ The growing governance challenge in AI-powered SaaS✅ Why SaaS security can’t be ignored anymore If your organization uses SaaS (spoiler: it does), this discussion is not optional.

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere. In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility. In this conversation, we explore:✅ What SSPM actually means (and why the “PM” might be limiting)✅ How Shadow IT evolved into Shadow SaaS and Shadow AI✅ The intersection of identity and cybersecurity in SaaS environments✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift✅ Why continuous monitoring beats periodic audits✅ CASB vs SSPM vs CNAPP — where the lines blur✅ The growing governance challenge in AI-powered SaaS✅ Why SaaS security can’t be ignored anymore If your organization uses SaaS (spoiler: it does), this discussion is not optional.

Podcast: Industrial Cybersecurity InsiderEpisode: Your OT Cybersecurity Strategy Is Failing: Here's WhyPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Kiren Sekar (CPO @ Samsara) joins us to deconstruct the "Innovation Engine" behind Samsara, and how this system drives real-world impact and ROI across their products. We explore Samsara's decade-long compound product strategy and the mechanics of accelerating feedback loops in an era where the primary bottlenecks shift from code generation to customer feedback and absorption of change. Kiren details how their data flywheel expands the aperture of what is possible to build and we dive into the system of customer-driven innovation: advisory boards, “spark sessions” to test hypotheses and gain unfiltered feedback. Plus we talk about the power of embedding engineers in frontline environments (from truckyards to construction sites) to cultivate “taste,” customer empathy and trigger non-linear ideas. ABOUT KIREN SEKARKiren Sekar is the Chief Product Officer at Samsara (NYSE: IOT), where he has helped lead the company from a hardware-hacking startup in a basement to a global leader in Connected Operations with over $1.5B in ARR. An early leader at Meraki (acquired by Cisco for $1.2B) and an Apple veteran with multiple patents, Kiren specializes in the rare intersection of hardware, massive-scale data, and AI. He is the architect of a platform that now processes trillions of data points for the industries that keep the world running—trucking, construction, and logistics. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Real-world ROI The Intersection of Bits and Atoms: How Samsara supported customers through a once-in-a-century snowstorm using real-time AI insights (3:59)The Practicality Filter: Why low-margin, high-utility businesses are the best "BS detectors" for product builders (9:25)Deconstructing the compound product strategy: 10 years of feedback loops, scaling empathy, and technical capabilities (10:53)Accelerating your innovation flywheel, customer and product feedback loops (14:39)The New Bottleneck: Why writing code is no longer the constraint, and how to optimize for customer absorption of change (19:58)The Data Flywheel: Leveraging trillions of proprietary data points to solve new problems and expand your innovation engine into new capabilities (23:36)Embedding engineers in customer problems: Why there is no substitute for engineers seeing the frontline environment firsthand (29:56)How customer empathy and "taste" amplify the benefits of AI coding agents (33:26)Building a system of customer-driven innovation: Utilizing Advisory Boards and "Spark Sessions" to turn 10,000+ customers into co-creators (37:40)Rapid fire questions (47:50)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is your internal developer platform actually improving velocity, or is it a bottleneck? We discuss why platform teams building "cool" abstractions is a red flag, and you should aim to create the best platform for software engineers.In this episode, we cover:Why "Golden Paths" can turn into roadblocks for developers.The danger of Shadow IT and why it's a symptom of a failed platform.How to measure if your platform is saving time.Connect with Adnan Alshar:https://www.linkedin.com/in/adnanmalshar92Connect with Jelmer de Jong:https://www.linkedin.com/in/jelmerdejong-xebia00:00:00 - Intro 00:00:54 - Is DevOps Dead? The Truth About Platform Engineering 00:03:07 - Why Developers Are Drowning in Complexity Today 00:04:37 - Why Having No Platform Is Better Than a Bad Platform 00:07:20 - Treating Software Engineers as Customers of the Platform 00:11:26 - The Exact Moment You Should Start Building a Platform 00:14:18 - Who Should Be on Your First Platform Team? 00:17:33 - Turning Your Angriest Developers Into Platform Evangelists 00:18:57 - Key Metrics: How to Measure Platform Engineering Success 00:21:01 - Why 60% of Companies Don't Measure Platform Success00:23:35 - Why No Metrics Is the Biggest Red Flag00:25:23 - The Disconnect Between Executives and AI Readiness 00:31:34 - Integrating AI Tools and Large Language Models Securely 00:34:22 - Shadow IT: The Symptom of a Broken Platform 00:38:03 - How to Scale Without Becoming a Bottleneck 00:41:45 - Don't Forget the Business Side of Platform Engineering#PlatformEngineering #DevOps #DeveloperProductivity

Founders often delay leadership coaching until a major crisis hits, leading to significant costs in productivity, team churn, and poor decisions. In this episode, James Birchler (Technical Advisor & Executive Leadership Coach) argues that early coaching is a game-changer for a startup's success. We explore the hidden costs of waiting and the benefits of intentionally installing leadership and communication systems before you scale. James shares specific self-awareness mechanisms, like advisory groups and feedback loops, to help founders design their day and create accountability. You'll also learn practical strategies like the "5-Minute Alignment Loop" for spotting communication breakdowns & for reinforcing clarity. Plus insights on how to "install your leadership OS" so it can scale with your company. ABOUT JAMES BIRCHLERJames Birchler is an executive leadership coach and technical advisor who specializes in helping engineering leaders and founders develop greater self-awareness and build high-performing teams. He combines deep technical expertise with practical leadership development, making him particularly valuable for technical leaders scaling their organizations.As both a founder and engineering leader, James has more than 20 years of experience leading teams at companies ranging from early-stage startups to Amazon, where his current role is Technical Advisor to the VP of Amazon Delivery Routing and Planning. Most recently, he founded NICER, a premium natural personal care company, and Actuate Partners, his executive coaching and technical advisory practice. He also held VP of Engineering roles at companies including Caffeine (backed by Greylock and Andreessen Horowitz), SmugMug (where his team acquired Flickr), and IMVU.At IMVU, James implemented the Lean Startup methodologies alongside Eric Ries, author of The Lean Startup and creator of the methodology, literally the first company to apply these principles. His team helped pioneer the DevOps movement by building infrastructure to ship code to production 50 times per day and coining the term "continuous deployment." This experience in systematic experimentation and continuous improvement now informs his coaching approach through frameworks like CAMS (Coaching, Advising, Mentoring, Supporting) and the Think-Do-Learn Loop.James completed his executive coaching certification at UC Berkeley Haas School of Business Executive Coaching Institute. His coaching practice focuses on self-awareness, integrity, accountability, and fostering growth mindsets that support continuous learning and high performance. He writes the Continuous Growth newsletter and offers both individual executive coaching and peer learning circles for technical leaders.Through his advisory work with growth-stage startups in the US and Europe, James helps leaders navigate common scaling challenges including hiring and interviewing, implementing development methodologies, establishing operational cadences, and developing other leaders. His approach treats leadership development like product development—with systematic feedback loops, measurable outcomes, and continuous improvement.You can find James at jamesbirchler.com, LinkedIn, and Substack. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Why founders should seek coaching earlier rather than waiting for a crisis to occur (2:45)The high stakes of ignoring this critical advice & how this leads to communication & scaling problems (4:50)The importance of effective communication channels & leadership mechanisms before pressure increases (6:12)How investing a small amount in coaching early on can prevent hundreds of thousands of dollars in future costs (8:07)Frameworks for cultivating self-awareness / leadership blind spots (11:06)James's practice of "designing your day" around a desired identity, not just a list of tasks (12:30)Why designing your day is about intentionality (15:13)How this practice leads to better relationships & opportunities to reflect (17:44)Reflective listening & its impact on customer relationships (19:32)Strategies for improving self-awareness / uncovering blind spots (22:05)An example of how awareness can lead to better results  (26:03)Day-to-day rituals for improving self-awareness (28:14)Signals that your communication methods are effective & getting through (30:37)Reflect on & define the desired outcome you want to generate (33:26)The five-minute alignment loop for creating clarity & confirming ownership as a leader (35:21)Why creating clarity & finding alignment is key as a founder (37:02)How the same communication & leadership patterns recur as your org scales, from small startup to large enterprise (39:46)The increasing importance of human skills like emotional intelligence and reflective listening in an age of AI (42:03)Rapid fire questions (44:38)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Full Audio at https://podcasts.apple.com/us/podcast/the-hidden-economy-machine-customers-b2a-the-shadow/id1684415169?i=1000748466027

Construir software do zero nem sempre é inovação. Muitas vezes, é só mais caro, mais lento e mais arriscado. Quando vale a pena comprar, integrar ou adaptar uma solução pronta? Quando faz sentido desenvolver internamente? E como grandes empresas equilibram autonomia, segurança, inovação e governança sem travar a organização? No episódio do Hipsters.Talks, PAULO SILVEIRA, CVO do Grupo Alura, conversa com JOÃO COSTA, gerente de Inovação Aberta da Petrobras, sobre decisões reais de tecnologia em escala: make or buy, inovação aberta vs fechada, citizen developers, Shadow IT, IA corporativa e como fazer a adoção de novas tecnologias acontecer de verdade — não só no PowerPoint. Uma conversa prática sobre como inovação acontece fora do hype, dentro de uma das maiores empresas do Brasil, onde planilhas, software pronto, IA generativa e desenvolvimento interno convivem todos os dias. Sinta-se à vontade para compartilhar suas perguntas e comentários. Vamos adorar conversar com você!

In our latest ELC episode, we are addressing some of the biggest challenges facing engineers today: identifying your scaling thesis, putting that thesis into practice, and addressing implementation challenges. Jaikumar Ganesh, Head of Engineering @ Anyscale, shares insights from his experience working at top tech companies like Android and Uber, and how to apply those lessons within your own orgs. We also cover strategies for identifying what to build, using data effectively when it comes to understanding AI agents, and keeping your intent (and customer success) top of mind. Additionally, Jaikumar discusses his experience as a GM and why all orgs should adopt cross-functional skillsets as part of their company culture. ABOUT JAIKUMAR GANESHJaikumar Ganesh is an accomplished technology leader and the Head of Engineering at Anyscale. With a deep background in engineering and customer-facing roles, Jaikumar has a proven track record of building and scaling engineering organizations. He is passionate about pushing the boundaries of product and engineering innovation while ensuring customer needs are met, and is committed to building empowering organizations rooted in trust, respect, and growth. Jaikumar is excited about working with companies to harness the power of AI and distributed computing to achieve their goals. He previously co-started and co-led Uber's AI group—the central ML group at Uber—and was also on the early team at Android @ Google. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Reflecting on scaling patterns across the 2000s, 2010s, and the AI era (03:27)Why "copy-pasting" scaling strategies from other companies leads to failure (5:56)How to define a scaling thesis by mapping revenue projections to infrastructure strategy (7:52)Infrastructure shifts: From Android's OS abstractions to Uber's on-prem data centers (9:56)The "Build vs. Buy" dilemma in the age of AI agents and third-party solutions (12:09)Why "Knowing What to Build" is the new long pole in engineering productivity (20:17)Developing "Product Thinking" within engineering and infrastructure teams (23:10)The emergence of Context Graphs and "Source of Truth" platforms for AI agents (24:46)How to avoid data & context graphs becoming bottlenecks (27:05)Lessons from GM leadership: Bridging the gap between engineering, product, and sales (29:06)The "6-20" Initiative: Uniting cross-functional teams around specific customer wins (32:45)Training engineers to empathize with customer pain and translate technical wins into the language of sales (33:48)Utilizing cross-departmental daily standups and leaderboards to drive aggressive "block and tackle" execution (36:18)Tracing execution failures back to early decision-making and judgment gaps (38:42)Rapid fire questions (45:28) This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI isn't a “someday” conversation for nonprofits anymore it's a right-now operational decision with governance, risk, and staff behavior at the center. Joshua Peskay, Co-Founder of Meet the Moment, joined Julia C. Patrick to talk about the practical reality nonprofits are facing: AI adoption is already happening inside your organization whether leadership has planned for it or not.Joshua frames the moment with a clear warning and a workable path forward. Too many nonprofits, he says, are bumping into “governance immaturity” the missing pieces that turn AI from a productivity boost into a liability. Think policies, staff learning, data classification and handling, and vendor risk review. Instead of debating whether AI is allowed, Joshua urges leaders to start by accepting the current state and then managing it with intention. As he puts it, “Artificial intelligence is happening and it is happening incredibly fast… the water is coming down the mountain.”The duo reinforce what many executives have observed: when organizations ban AI, staff still use it they just do it quietly, creating silos and exposure. Joshua connects that to a familiar cybersecurity pattern: shadow IT. People work around constraints to get the job done, especially in a sector that's under-resourced, remote, and mission-urgent.The forward-looking takeaway is refreshingly actionable: start with the AI tools already inside your protected environment. If your nonprofit runs on Microsoft 365 or Google Workspace, use Copilot, Gemini, or NotebookLM as your baseline so staff can work with guardrails. For anything outside that ecosystem, require a business case and a review process. Then, build a learning culture where staff share what's working, what's failing, and what's safe.Joshua also brings urgency from the risk landscape, noting nonprofits are attractive targets because of sensitive data and typically weaker security. 00:00:00 Welcome and why AI is the topic right now 00:01:26 What Meet the Moment does for nonprofits 00:03:20 The real issue governance maturity and policies 00:05:04 When nonprofits ban AI staff use it anyway 00:06:08 The water down the mountain analogy 00:07:53 Why nonprofit community learning matters 00:11:23 The square wheel paradox and making time to learn 00:13:32 Readiness vs reality and starting from current state 00:15:17 Use the AI already in your protected workspace 00:18:39 Shadow IT and work from home risk 00:21:42 Why nonprofits are attractive cyber targets 00:24:52 Donor spreadsheets and why “hope is not a strategy” #TheNonprofitShow #NonprofitManagement #AIgovernanceFind us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

You know that expensive software system your company bought that everyone... stopped using? Deborah Kaminetzky sees this pattern constantly. Projects delivered on time and on budget that still fail because nobody wants to touch them.Deb brings a unique lens to technology implementation. She's a former attorney turned project management consultant who specializes in what she calls the "messy middle" – the space between buying software and actually getting value from it. Her secret? Translation. Not just between tech teams and business teams, but between what's being sold and what people actually need to do their jobs.In this episode, we dig into why user involvement isn't just a nice-to-have (spoiler: shadow IT is alive and well), the difference between being heard and influencing outcomes, and why your C-suite needs to stop treating technology teams like the organizational stepchild.This Week's Takeaways:Solve the problem before you buy the solution – Understanding what you're actually trying to fix has to come before you start shopping for software. This seems obvious, but most organizations skip this step entirely.Mediation matters more than metrics – When users are involved in gathering information and partially in decision-making, adoption happens. When they're just told what to do, they find workarounds. The question is: how much of that involvement is just making people feel heard versus actually changing what gets built?Outcomes over outputs – On-time, on-budget means nothing if the software gathers dust. Find ways to measure whether you're getting the value you expected, not just whether you hit the deadline.Want to reach out? Email us at feedback@definitelymaybeagile.com or visit definitelymaybeagile.com.

What happens when AI stops talking to us... and starts talking to itself?In this episode of Darnley's Cyber Café, we explore the rise of AI-only social spaces and what they reveal about the direction technology is quietly moving.Inspired by the emergence of Moltbook (OpenClaw), this conversation looks beyond fear and headlines to examine how human absence, automation, and efficiency are reshaping decision-making and trust.Pull up a chair. The conversation's just beginning.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

How do you transform a collection of individual tools into a cohesive, AI-powered symphony? Vineeta Puranik (CPTO @ SmartBear) dissects the strategy behind evolving a product vision from point solutions to a unified multi-product ecosystem. We explore the critical architectural distinction between "AI bolt-on" and "AI native" strategies, frameworks for seamless M&A integration, and how to design for varying levels of customer AI readiness. Vineeta also discusses the shift to test “does it match intent”, using “jobs to be done” to drive solving entire workflows not just tool capabilities, and designing user experiences for both human personas and AI agents. ABOUT VINEETA PURANIKVineeta Puranik serves as Chief Product and Technology Officer (CPTO) at SmartBear, where she leads the company's global technology and product strategy to empower developers and enterprises worldwide. A seasoned technology executive with over two decades of experience, she combines strategic vision with hands-on leadership to drive innovation, growth, and operational excellence.At SmartBear, Vineeta oversees development, cloud engineers, AI, and architecture, and has been instrumental in scaling centers of excellence in India and Poland, launching the Developer Academy, and advancing the company's hub-based product strategy – Swagger suite for API capabilities, Test Hub, and Insight Hub. Recognized for her collaborative, people first leadership and commitment to inclusion, she was named a 2024 Women Worth Watching in STEM by Profiles in Diversity Journal. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:SmartBear's evolution from individual tools to a connected ecosystem (3:34)The cultural shift toward vendor consolidation and avoiding context switching (5:39)Why "Jobs-to-be-Done" must drive the workflow, not just the tool capabilities (9:35)The shift in testing: Moving from "does it crash?" to "does it match intent?" in an AI world (14:26)The architectural difference between "AI Bolt-On" and "AI Native" products (20:44)The levels of autonomy: A framework for moving from manual control to autonomous testing (24:10)Designing for different customer personas: Addressing security, policy, and AI readiness (30:01)Rapid Fire Questions (32:50) LINKS AND RESOURCES Books MentionedOwn the Room: Discover Your Signature Voice to Master Your Leadership Presence by Amy Jen Su and Muriel Maignan Wilkins.The Leader You Want to Be: Five Essential Principles for Bringing Out Your Best Self--Every Day by Amy Jen Su.SmartBear Tools & ProductsSmartBear[**Reflect**](https://reflect.run/?utm_medium=referral&utm_source=smartbear.com&utm_campaign=prodnav&_gl=1*4gpwr4*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Mentioned as their "AI Native" product for autonomous testing.Zephyr Scale – Mentioned regarding the Atlassian ecosystem integration.[**QMetry**](https://www.qmetry.com/?_gl=1*1d5sv56*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Recently acquired test management product.[**Swagger**](https://swagger.io/product/?_gl=1*gtu348*_gcl_au*MTAzOTk0MjM2LjE3Njk0NjU4NTA.) – Mentioned as the suite for API design and compliance. This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tyson Singer (Head of Tech & Platforms @ Spotify) joins us to unpack how Spotify is transforming its product development lifecycle across creation, experimentation and maintenance to shift from "localized speed" to "systematic speed." We explore why the industry's current obsession with the "Build It" phase of development is shortsighted, and how Spotify is aggressively deploying AI in the "Think It" (prototyping/strategy) and "Maintain It" (fleet management) phases. Tyson also details the internal tools driving this shift, including AiKA and Honk, and shares why the future of engineering relies on moving from I-shaped specialists to T-shaped generalists. ABOUT TYSON SINGERTyson Singer is the SVP of Technology & Platforms at Spotify, where he leads technology infrastructure, developer experience, cybersecurity, and finance IT. Tyson is the executive behind Spotify's internal developer portal, Backstage, and Spotify's experimentation system, Confidence, which are now both commercially available. He has a background as an engineer, architect, and product lead, and he holds a Master's in Computer Science from Stanford University. Tyson is also an avid outdoor adventurer. This episode is brought to you by Retool!What happens when your team can't keep up with internal tool requests? Teams start building their own, Shadow IT spreads across the org, and six months later you're untangling the mess…Retool gives teams a better way: governed, secure, and no cleanup required.Retool is the leading enterprise AppGen platform, powering how the world's most innovative companies build the tools that run their business. Over 10,000 organizations including Amazon, Stripe, Adobe, Brex, and Orangetheory Fitness use the platform to safely harness AI and their enterprise data to create governed, production-ready apps.Learn more at Retool.com/elc SHOW NOTES:Tyson's 9-year journey @ Spotify: From the "crucible" of hyper-growth to leading Tech & Platforms (3:46)The pivot from "localized speed" to "systematic speed" (7:27)Core principles of Spotify's Platform org: Partnering with customers & "Taking the pain away" (10:37)The "Think it, Build it, Ship it, Tweak it" lifecycle framework & why the industry obsession with "Build It" (coding agents) is missing the bigger picture (14:57)How Spotify is investing in the "Think It" phase: AI prototyping with deep business context (16:49)AiKA (AI Knowledge Assistant): Context engineering for humans and bots (18:47)"Honk": Spotify's internal framework for large-scale automated code changes (22:17)Addressing the decline of code quality and the bottleneck of human PR reviews (25:50)Probabilistic vs. Deterministic code reviews: A new approach to quality checks (29:43)Identifying bottlenecks to company value outside of R&D (Legal, Licensing, etc.) (32:12)Why systems change is fundamentally about people and identity shifts (35:57)Rapid fire questions (38:49) This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Inovação sem base é risco: a verdade sobre transformação digital em empresas globais como a Bayer. Neste episódio do DoTheMATH, discutimos por que tecnologia sem fundação gera frustração, shadow IT e decisões frágeis e como alinhar TI e negócio para gerar impacto real. 

Donnez-moi votre feedback par SMS (mobile uniquement)!Comme la dette technique en informatique, la "dette organisationnelle" est l'accumulation silencieuse de nos compromis passés. Elle coûte cher en intérêts : absentéisme, baisse de la productivité et fuite des talents (notamment la Gen Z qui refuse de rembourser ce passif). Pour mesurer cette dette, nous vous présentons dans cet épisode un outil de diagnostic en trois axes :Le Test du Temps : Votre rentabilité est-elle subventionnée par l'épuisement des équipes (reporting excessif, débordements horaires) ?Le Test des Hommes : Êtes-vous dépendant de "sauvetages héroïques" et d'experts irremplaçables (Facteur Bus) ?Le Test de la Méthode : Vos processus obligent-ils vos collaborateurs à créer du "Shadow IT" ou à contourner les règles pour satisfaire le client ? Accès gratuit à toutes nos ressources: www.coapta.ch/campusAccès aux archives du podcast: www.coapta.ch/podcast© COAPTA SàrlTous les épisodes disponibles sur www.coapta.ch/podcast ou sur votre plateforme préférée (Spotify, Apple Podcasts, Google Podcasts); cherchez "Leadershift" ou "Vincent Musolino" Faites partie de notre communauté sur le Discord officiel COAPTA!

Möt ”Anna”. Hon är 24 år, nyexad och har noll tolerans för onödigt krångel. När hon möter företagets reseräkningssystem från 2005 ställer hon en fråga som skaver i varje ledningsgrupp: ”Varför hatar ni min generation?”I veckans avsnitt diskuterar vi varför den nya generationen på arbetsmarknaden inte är "gnälliga" eller "otåliga" – utan snarare vår tids kanariefågel i gruvan. De reagerar först på giftig ineffektivitet och dålig UX.Vi dyker ner i varför "intern friktion" är livsfarligt för din organisation och vad som händer om du ignorerar varningssignalerna.I avsnittet får du höra om:

Centenas de pessoas na TIM fazem data analytics fora da área de tecnologia. Advogados criando modelos no Vertex. Profissionais de marketing usando DataProc. Como equilibrar autonomia com governança sem criar Shadow IT? No décimo sétimo episódio do Hipsters.Talks, PAULO SILVEIRA, CVO do Grupo Alun, conversa com JONE VAZ, Diretor de Data e IA da TIM, sobre cultura de dados, citizen developers, IA Academy e como democratizar tecnologia em uma empresa de 60 milhões de clientes. Uma conversa sobre o futuro da TI corporativa. Prepare-se para um episódio cheio de conhecimento e inspiração!

Enjoying the content? Let us know your feedback!Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for security, and are completely invisible to your monitoring systems. Now imagine that one-third of all data breaches last year involved exactly these kinds of hidden applications. This isn't a hypothetical scenario from some dystopian cybersecurity future—this is happening right now in organizations of every size, including yours. Today, we're talking about Shadow IT and SaaS sprawl, the security crisis that's hiding in plain sight, costing companies millions, and creating vulnerabilities that most security teams don't even know exist yet.- https://csrc.nist.gov: NIST Special Publication 800-53 - Security Controls for Shadow IT- https://www.ibm.com: Data-breachBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Many teams have a Notion page full of prompts. Very few have real, repeatable AI workflows. In this episode, host Susan Diaz and product/go-to-market leader Jason Dea dig into how to move from playing with prompts to designing workflows, building tiny specialist agents, and avoiding a new wave of shadow AI inside organizations. Susan is joined by venture studio and SaaS veteran Jason Dea from Coru Ventures in Toronto. They unpack why AI is not a magic wand or a single feature, but an enabling technology that only delivers value when it's wired into actual workflows. Jason shares his "swarm of bumblebees" metaphor for AI, how he builds small specialist agents to clone his own work style, and why enterprises are about to repeat the mistakes of shadow IT if they don't get serious about orchestration and governance. They close by talking about leaders using AI in their own day-to-day work, and Jason's personal experiments with family apps, coding, and even a butterfly-catching game for his daughter. Key takeaways Prompts ≠ workflows. Collecting prompts in a shared doc feels productive. But until you map the 8–10 steps of a job and decide where AI fits, you're just doing experiments, not transformation. AI is not a magic one-shot. It's an enabling technology. The real gains come when you see your work as a chain of small tasks and let AI take over the repetitive, boring, or "toil" links in that chain. Think "swarm of bumblebees." You are the queen bee. AI is a swarm of tiny worker bees, each doing one specific task very well (emails, slides, requirements, research), not one mega-agent doing everything. Documenting workflows doesn't have to be fancy. A workflow is just "tell me the 10 steps." Start with the human sequence. Tools come second. Once it's visible, the friction points where AI can help become obvious. Shadow IT is turning into shadow AI. Cheap, bolt-on AI features and swipe-a-card tools make it easy for every team to spin up their own stack. Without orchestration, you recreate silos, risk, and tool sprawl at AI speed. IT should govern, not own everything. Governance, security, and guardrails matter. But AI also democratises small bits of "coding" and automation, letting non-technical teams build more, faster—if they have guidance. Leaders need hands-on literacy. The fastest way out of the hype is to use AI yourself for your own toil. Drafting emails. Planning. Decomposing big tasks. You get more realistic about what it can and cannot do. AI is an "unstuck" tool in work and life. From relearning to code, to building tiny family apps, to cataloguing knick-knacks and designing games for kids, AI opens up projects that were unrealistic even five years ago. Episode highlights [00:01] Jason's background in startups, SaaS, product, and go-to-market, and his role at Coru Ventures. [02:00] Where we are on the Gartner hype cycle and why the trough of disillusionment is inevitable and useful. [04:40] Why some people can't imagine life before ChatGPT—and why that's not true for everyone inside organisations. [05:50] Mapping work as a sequence of steps instead of hunting for a single "magic" AI prompt. [08:01] The "swarm of bumblebees" metaphor: you as the queen, AI as many small worker-bee agents. [09:59] How to define a workflow in plain language: "tell me the 10 steps," tools aside. [11:00] Paperwork and OCR as a classic example of where generative AI finally unlocks messy, grey-area tasks. [13:50] Using AI first to remove the tasks you hate and identify the links you should outsource to machines. [15:20] Jason's "digital clone" AIs trained on his own content and patterns. [19:00] Building multiple mini-AIs: one for social posts, one for slide decks, one for product requirements. [21:10] Bolt-on AI features everywhere + messy workflows = amplified confusion and risk. [22:10] From shadow IT to shadow AI: why orchestration and shared understanding of workflows is critical. [24:40] Startups' speed vs enterprises' risk aversion, and what each can learn from the other. [27:10] Why IT should set guardrails while letting departments experiment and build more on their own. [30:10] Jason's advice to leaders: use AI yourself to see where it really helps and what it really takes. [36:00] Personal-life AI: relearning to code, family apps, cataloguing home items, and a butterfly game for his daughter. [38:00] Susan's idea: vibe-coding a family recipe app as a way to preserve memories and workflows. If your organization has a folder full of prompts but no clear AI workflows, this episode is your sign to pause and rethink. Share it with: The person who keeps buying new AI tools. The leader who thinks "IT will figure it out". The teammate who's already acting like the queen bee and quietly building their own swarm. Then ask as a team: "Where are our 10-step workflows, and which links should really be done by AI?" Connect with Susan Diaz on LinkedIn to get a conversation started. Agile teams move fast. Grab our 10 AI Deep Research Prompts to see how proven frameworks can unlock clarity in hours, not months. Find the prompt pack here.

Recorded during ITNation Connect Global, the theme of this episode is centered around the importance of leaders leading the conversation—especially when it comes to AI and emerging technologies shaping the MSP ecosystem. Nathanaëlle Denechere, CRO of Mizo and John Harden, Director of Strategy & Technology Evangelism at Auvik, lend their thoughts around embracing those moments as opportunities.   Highlights from Part One with Nathanaëlle: How their agentic service desk solution is redefining support by balancing automation with the irreplaceable human touch.  Mizo's powerful productivity gains—boosting output by 26% through intelligent resolution steps. Reflected on the company's excitement as a PitchIT Finalist.   Highlights from Part Two with John Harden: Diving into his Conference presentation, “If You're Not Leading AI Conversations, You're Being Led Out.”  Urging MSPs to embrace the monetization of AI.  How the "Shadow AI is the new Shadow IT.”   Time Stamps: 00:50 – Part 1: Nathanaëlle Denechere 24:20 – Part 2: John Harden

SHOW: 975Rohan Sathe, CEO and Co-Founder of Nightfall AI, discusses the rise of Shadow AI, where employees unknowingly leak sensitive corporate data through generative AI tools like ChatGPT. We explore how Nightfall's AI-native approach transforms autonomous systems to defend against AI-powered data exfiltration across SaaS apps, endpoints, and browsers. SHOW TRANSCRIPT: The Cloudcast #975 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET NEW TO CLOUD? CHECK OUT OUR OTHER PODCAST - "CLOUDCAST BASICS" SPONSORS:[Mailtrap] Try Mailtrap for free[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Sunday Perspective touches on Shadow AINightfall websiteTopic 1 - Welcome to the show, Rohan. Give everyone a brief introduction, including your time at Uber Eats.Topic 2 - How do you define Shadow AI? We hear Shadow AI compared to Shadow IT back at the start of cloud. However, this looks different because everyone's learning curve is much smaller. For Shadow IT to happen, you had to know IT (servers, storage, etc.). Is this the correct way to think about the problem?Topic 3 - How big is the Shadow AI problem today?Topic 4 - Normally, data leaks would be discovered by traditional DLP (data loss prevention) tools. In my experience, those tools have been cumbersome and clunky, and you often face the classic trade-off between user productivity and security, as well as the need to lock down access. How has this mindset evolved in the era of AI? Topic 5 - What happens when AI-powered attacks meet AI-powered defense?Topic 6 - Let's talk about the technical architecture. How does Nightfall actually work across SaaS apps, endpoints, browsers, and AI tools?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

Heute sprechen wir über eines der wichtigsten Themen unserer Zeit: Künstliche Intelligenz – aber diesmal nicht aus der Tech-Perspektive, sondern da, wo es wirklich weh tun kann und spannend wird: in der Unternehmenstransformation.Unser Gast heute ist Michael Frank, Head of Global Business Excellence & Transformation Consulting bei Nagarro. Michael begleitet Unternehmen weltweit dabei, AI nicht nur zu implementieren, sondern ihre gesamte Organisation darauf auszurichten. Er weiß aus erster Hand, welche Abteilungen durch AI gerade aufblühen – und welche langsam sterben. Er hat gesehen, welche Führungskräfte zu echten AI-Champions werden und welche die Transformation ausbremsen. Und er hat eine klare Meinung dazu, warum sich Unternehmen auf die Mutigen konzentrieren sollten statt auf die Zögerer.Die Themen:

When most leaders think about transformation, they reach for tools and tactics. But real, lasting change doesn't start with new methods—it starts with culture. In this episode, I sit down with Phil Gilbert, the former General Manager of Design at IBM, who led one of the boldest reinventions in corporate history. After selling his third startup to IBM in 2010, Phil was asked to transform how IBM's teams worked using design thinking and agile. That effort reshaped the experience of over 400,000 employees and became the subject of a Harvard Business School case study, the documentary The Loop, and coverage in the New York Times and Fortune.We explore how culture drives outcomes, why the team is the atomic unit of change, and how to design a leadership structure that earns trust and creates momentum. Phil brings sharp insight, rich stories, and practical frameworks drawn from a 45-year career spanning startups, scale-ups, and global enterprises. If you're leading change—or trying to get others to believe in it—this conversation is your blueprint.Phil Gilbert is best known for scaling IBM's global design transformation. He was inducted into the New York Foundation for the Arts Hall of Fame in 2018 and named an Oklahoma Creativity Ambassador in 2019. Since retiring from IBM in 2022, Phil has focused on helping business and military leaders shift culture at scale to improve innovation and team performance.Key TakeawaysCulture is the system: Real transformation means rewiring people, practices, and places—not just teaching new skills.Teams are the atomic unit of change: Change doesn't scale through individual mandates. It scales when cross-functional teams deliver new outcomes.Design scales empathy: Phil shares how design thinking isn't just about aesthetics—it's a tool for scaling understanding and improving systems.Transformation needs protection: Change teams need structural support and a leadership “shell” that shields them while engaging the broader org.Momentum beats mandates: Leaders can't impose change—they must earn it by showing results, listening deeply, and integrating across silos.Additional Insights"Every day is a prototype": Phil's mantra that gives teams permission to change, test, and learn continuously.The virus model of leadership: To spread new ways of working, Phil designed his leadership team like a virus—with spikes into HR, finance, comms, and IT.Designers aren't the barrier—systems are: In companies with weak design reputations, the problem isn't the designers. It's the culture around them.Shadow IT kills transformation: Real progress happens when change leaders partner with CIOs—not work around them.Most AI efforts are missing the point: Phil argues that AI transformation fails when it focuses on individuals instead of improving team-level outcomes.Episode Highlights00:00 - Episode RecapBarry O'Reilly recaps the episode's theme, discussing leadership challenges, reclaiming strategic focus, and leveraging frameworks, executive habits, and AI to drive impactful business outcomes.2:26 - Guest IntroductionBarry introduces Phil Gilbert, renowned for leading a major cultural transformation at IBM through human-centered design. He previews Phil's new book, “Irresistible Change,” and sets expectations for a discussion on leadership, empathy, and executing change at scale.3:21 - Official Start of ConversationPhil Gilbert reflects on pivotal career moments, including his experience founding early startups, the challenge of driving adoption for new technologies,...

Nonprofits lean on outside platforms to save time and stretch budgets—but those relationships can quietly expose sensitive donor, client, and payment data. In this episode, Senior Cybersecurity Advisor Parker Brissette of Richey May explains how to recognize and manage third-party software risk before it becomes tomorrow's headline. He starts with a simple lens: follow the data. Where is it stored? Who can touch it—directly or indirectly? Many teams only think about contracted vendors, but Parker widens the aperture to “shadow IT” and consumer tools staff use without formal approval. As he puts it, “Third parties is really anybody that can touch the data at any point in your business, whether you have an agreement with them or maybe not.”From privacy regulations (GDPR, CCPA) to sector-specific rules (HIPAA, PCI), nonprofits carry legal and reputational exposure the moment personal information enters their systems. Parker offers practical steps: inventory paid tools via your accounting system; ask, “If this vendor vanished tomorrow, what would break?”; and press vendors for proof—SOC 2 reports, ISO 27001, or completed security questionnaires. For organizations without a CIO, he recommends clear contracts and one non-negotiable safeguard: “The biggest thing that I recommend in any third-party engagement is setting an expectation of having cyber insurance, because that's a big protection for you financially.”AI enters the picture with both promise and peril. Consumer AI tools can learn from and retain your uploads, potentially exposing proprietary or personal information. Enterprise agreements (e.g., Microsoft Copilot) can offer stronger data protections, but only if configured and used correctly. Parker's guidance is pragmatic: don't ban AI; set guardrails, choose vetted tools, and train teams.Finally, he urges preparation and transparency. Incidents can happen—even with good controls. Donors and corporate funders expect frank communication about what protections exist and what happens if data is exposed. Build trust now by documenting safeguards, validating vendors, and rehearsing your response.You don't have to be a security expert to make smart choices—but you do need a map: know your systems, test your assumptions, ask vendors for evidence, and write risk into your contracts and budgets. That approach turns anxiety into action—and preserves the trust your mission depends on.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Andy Ellis, Legendary CISO [https://howtociso.com] | On LinkedIn: https://www.linkedin.com/in/csoandy/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin speaks with Andy Ellis, former CSO at Akamai and current independent advisor, about the shifting expectations of security leadership in today's SaaS-powered, AI-enabled business environment.Andy highlights that many organizations—especially mid-sized startups—struggle not because they lack resources, but because they don't know how to contextualize what security means to their business goals. Often, security professionals aren't equipped to communicate with executives or boards in a way that builds shared understanding. That's where advisors like Andy step in: not to provide a playbook, but to help translate and align.One of the core ideas discussed is the reframing of security as an enabler rather than a gatekeeper. With businesses built almost entirely on SaaS platforms and outsourced operations, IT and security should no longer be siloed. Andy encourages security teams to “own the stack”—not just protect it—by integrating IT management, vendor oversight, and security into a single discipline.The conversation also explores how AI and automation empower employees at every level to “vibe code” their own solutions, shifting innovation away from centralized control. This democratization of tech raises new opportunities—and risks—that security teams must support, not resist. Success comes from guiding, not gatekeeping.Andy shares practical ways CISOs can build influence, including a deceptively simple yet powerful technique: ask every stakeholder what security practice they hate the most and what critical practice is missing. These questions uncover quick wins that earn political capital—critical fuel for driving long-term transformation.From his “First 91 Days” guide for CISOs to his book 1% Leadership, Andy offers not just theory but actionable frameworks for influencing culture, improving retention, and measuring success in ways that matter.Whether you're a CISO, a founder, or an aspiring security leader, this episode will challenge how you think about the role security plays in business—and what it means to lead from the middle.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/csoandy_how-to-ciso-the-first-91-days-ugcPost-7330619155353632768-BXQT/Book: “How to CISO: The First 91-Day Guide” by Andy Ellis — https://howtociso.com/library/first-91-days-guide/Book: “1% Leadership: Master the Small Daily Habits that Build Exceptional Teams” — https://www.amazon.com/1-Leadership-Daily-Habits-Exceptional/dp/B0BSV7T2KZ⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Datacenter oder Besenkammer? Die IT im deutschen MittelstandViele Entwickler:innen und Techies leben in der Cloud-Native-Bubble – doch sieht die Realität des deutschen Mittelstands wirklich so modern aus? Die Antwort: eher selten. In dieser Episode sprechen wir mit Patrick Terlisten, Technik-Geschäftsführer eines klassischen IT-Systemhauses aus Köln. Es geht direkt in die Besenkammer des Mittelstands – dorthin, wo das Rechenzentrum oftmals noch ein Abstellraum und Cloud nur ein Modewort ist.Gemeinsam mit Patrick werfen wir einen ehrlichen Blick auf IT-Infrastruktur abseits von Start-ups: Wie sieht der Alltag zwischen Virtualisierung, Lizenzmodellen und Patchmanagement aus? Welche Rolle spielen „Shadow IT" und Software, für die es längst kein Dev-Team mehr gibt? Und wie kommt der Mittelstand, vom Sozialträger bis zum Maschinenbauer, eigentlich mit Themen wie Cloud, Open Source oder Security klar?Wir diskutieren, warum die Realität oft ganz anders ist als das Hochglanz-Image auf Tech-Konferenzen: Von Kabelsalat über Lizenzen im Abo-Wahnsinn bis hin zu der Frage, wie viel Handwerk tatsächlich noch in IT steckt – und warum klassische Systemhäuser heute genauso mit Entwickler:innen & DevOps zu tun bekommen wie die hippe Startup-Welt. Patrick gibt dabei nicht nur Einblicke in seinen Systemhaus-Alltag, sondern erzählt auch wie sich das IT-Handwerk in Zeiten von Cloud und Hyperscalern verändert.Bonus: IT-Handwerk ist Kabelziehen und Zunft – und Cable Porn bleibt eine Kunst für sich.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

The hardest thing for any growing company to do is manage the transition from hypergrowth to the dual tracks of growth and stability. AWS is entering their Hybrid phase, or the transition from Day 1 to Day 2. How will it go?SHOW: 946SHOW TRANSCRIPT: The Cloudcast #946 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:[DoIT] Visit doit.com (that's d-o-i-t.com) to unlock intent-aware FinOps at scale with DoiT Cloud Intelligence.[VASION] Vasion Print eliminates the need for print servers by enabling secure, cloud-based printing from any device, anywhere. Get a custom demo to see the difference for yourself.SHOW NOTES:Amazon Q2 (July 2025) ResultsReviewing Amazon/AWS Q2 2025 Results (CNBC)AWS QoQ Earnings Growth Rates (2014-2025)Andy Jassy defends Amazon/AWS AI strategyAmazon Q2 2025 Earnings Call TranscriptUpdate from Andy Jasay Amazon Generative AI (Amazon Internal)HOW WILL AWS HANDLE DAY 1 AND DAY 2?Has AWS missed the Generative AI transformation?Not investing in GPUs at the same rate as their cloud market shareDon't have a Top 5 Frontier LLMDon't have a productivity suite to attach AI to (on-going revenue)Don't have a leading coding-assistant appDon't have an immediate “acquisition” target (e.g. Anthropic valuation near $150B)AWS isn't breaking out their AI revenuesAWS's growth has plateaued over the last 6 quarters (around 17%), while Azure, GCP have been growing at 1.5 to 2x, specifically around AI revenues. AWS is up to 18% of Amazon revenue, and current AWS (CPU-based) is driving the majority of Amazon profits. Jasay is trying to make AI an add-on to the AWS “building block” modelGenAI buying (at this point) looks similar to Shadow IT going to public cloud – it's not centrally controlledIs AWS focused on GenAI, or moving the other 80-85% of on-premises to their cloud? Can they manage both priorities at the same time? Can you achieve the same levels of growth if non-GenAI startups aren't getting funding at the same levels as pre-2022?FEEDBACK?Email: show at the cloudcast dot netTwitter/X: @cloudcastpodBlueSky: @cloudcastpod.bsky.socialInstagram: @cloudcastpodTikTok: @cloudcastpod

“We're not here with a silver bullet. We're here to help teams start with visibility—because you can't manage what you can't see.” — Steve Petracek, Auvik In this special Technology Reseller News podcast recorded live from the inaugural Podcast Row at ChannelCon 2025 in Nashville, Doug Green sits down with Steve Petracek of Auvik to discuss the mounting challenges facing IT teams in an increasingly hybrid and remote working environment. Petracek, a leader at Auvik—an IT operations management platform—delivers fresh insight from the company's latest IT Trends Report. According to Petracek, 87% of MSPs today are managing at least some portion of a remote workforce, but most lack the tools to adequately address the growing risks around visibility, Shadow IT, Shadow AI, and workforce productivity. This mismatch is leading to inefficiencies and, increasingly, burnout among IT professionals. “The traditional tools built for the office don't cut it anymore,” Petracek explains. “IT teams are stitching together a dozen tools just to support a single user working remotely. That's where the stress comes in.” Petracek emphasizes that the first step in solving these challenges is visibility—not just into the network and infrastructure, but into the user's entire digital ecosystem, from sanctioned SaaS apps to unsanctioned AI tools. Auvik's platform aims to bring all of that into focus, giving IT teams one place to manage, secure, and optimize performance across environments. Key trends discussed in the podcast include: The rise of Shadow AI and its unmanaged introduction into IT ecosystems The compounding effect of tool sprawl on stress and burnout The need for automation and tool consolidation to restore efficiency Auvik's visibility-first approach to tackling modern IT operations Petracek's message to MSPs at ChannelCon was clear: hybrid work isn't a passing trend, and managing it effectively means embracing a new toolset, reducing complexity, and automating wherever possible. To dive deeper into Auvik's findings and learn how your team can better manage hybrid infrastructure, download the free IT Trends Report at https://www.auvik.com. This podcast was recorded live at ChannelCon 2025 at the Gaylord Opryland Hotel in Nashville, as part of Technology Reseller News' coverage of emerging technologies and trends shaping the MSP and IT services landscape.  

When we talk about cybersecurity, it's often easy to think in terms of firewalls, passwords, and high-profile breaches. But what happens when the vulnerability isn't within your own systems but somewhere deep in your third or fourth-tier supply chain? In this episode, I spoke with Ben Edwards from Bitsight about the unseen infrastructure propping up much of the global digital economy and the new risks emerging from it. Our conversation begins by challenging the assumption that larger technology providers are automatically safer. Bitsight's research reveals that scale often introduces complexity and a larger attack surface, which can make it even harder to stay secure. In fact, UK supply chains are now around 10 percent larger than the global average, reflecting a more advanced digital economy but also introducing more room for hidden weaknesses. One of the most sobering parts of the discussion focused on geopolitics. Around 30 percent of UK and US supply chains rely on Chinese military-linked companies like Huawei and China Telecom. That's not just a cybersecurity concern. It's a geopolitical time bomb. Ben broke down the ripple effects that potential restrictions or bans could have, including costs, infrastructure overhauls, and widespread operational disruption. Then there are the “hidden pillars,” smaller vendors like Aptiv and Yardi, which may not be household names but play disproportionately influential roles in sectors like aerospace, education, and real estate. Their obscurity makes them dangerous single points of failure, especially when regional dependencies form without anyone noticing. The bottom line? End-to-end supply chain visibility remains elusive. Shadow IT, employee workarounds, and a constantly shifting tech landscape mean organizations must approach cybersecurity as an ongoing process, not a checklist. Ben urges companies to continually assess the criticality of their providers and, just as importantly, understand their own role in others' ecosystems. If you're curious about how internet balkanization, AI, and outsourcing are shaping the next phase of cybersecurity strategy, this episode will give you a lot to think about. Y

This episode tackles the real reasons manufacturers and distributors stay stuck: old systems, patchwork processes, and business habits that don't change overnight. Jason Greenwood and Aaron Sheehan dig into what goes wrong in B2B projects, how leaders can spot roadblocks early, and why honest internal conversations matter more than buying the latest software.Key Highlights5:00 Why B2B companies still run on spreadsheets and ancient ERPs9:00 Shadow IT in B2B operations11:03 Field reps aging out, digital-native buyers moving in – how it's reshaping expectations13:05 The real question companies ask: Should we replace the ERP or launch eCommerce first?15:23 Customers force the issue: “We'll switch suppliers if you don't make it easier”17:05 How Jason breaks the customer base into three digital adoption buckets19:16 Manual ordering habits (screenshots, PDFs)23:20 When eCommerce is dismissed as ‘just for small customers' and why that's wrong32:00 How eCommerce automation solves pain points beyond the transactional workflowResources Mentioned Digital Services Layer (DSL): Jason's concept for all the non-transactional digital capabilities customers expect.OroCommerce's AI SmartOrder: An AI-powered tool for processing unstructured purchase orders and enabling digital self-service.Upcoming Movie: A Big Bold Beautiful JourneyTop Gun: MaverickB2B eCommerce World 2025 in Scottsdale, AZ

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Mike Levy and Shontelle Mixon discuss the growing risks tied to fourth-party relationships. They discuss how internal auditors can leverage technology, enhanced contracts, and cross-functional collaboration to pinpoint, track, and reduce those downstream risks. They break down how internal audit's role is evolving in a world shaped by cybersecurity, AI, and shifting regulations. HOST:Mike Levy, CIA, CRMA, CISSPCEO, Cherry Hill Advisory GUEST:Shontelle Mixon, CPADivisional SVP, Internal Audit and Special Investigations, Healthcare Service Corporation KEY POINTS: Introduction [00:00–00:00:38] What Is Fourth-Party Risk? [00:00:38–00:01:52] Evolution of Risk and Offshoring Trends [00:01:52–00:02:32] Mitigating Fourth-Party Risks [00:02:32–00:03:47] Steps for Maturing a Vendor Risk Program [00:03:47–00:04:50] The Challenge of Shadow IT [00:04:50–00:05:54] Data Mining and Continuous Monitoring [00:05:54–00:06:59] Beyond the SOC Report [00:06:59–00:08:27] Getting Started Without Tech [00:08:27–00:09:32] Cybersecurity as a Starting Point [00:09:32–00:10:44] Educating the Audit Committee [00:10:44–00:12:00] Real-Time Monitoring and Vendor Audits [00:12:00–00:13:09] Misconceptions About Outsourcing Risk [00:13:09–00:13:56] Preparing for the Future [00:13:56–00:15:32] Pitfalls in Contracting [00:15:32–00:16:38] First Step for New Audit Functions [00:16:38–00:17:12] Aligning with Organizational Risk Priorities [00:17:12–00:18:36] Getting Executive Buy-In [00:18:36–00:20:06] Supporting Smaller Audit Shops [00:20:06–00:21:14] Final Advice [00:21:14–00:21:58] THE IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: 2025 International Conference Learning Solutions: Navigating Third and Fourth Party Risks Learning Solutions: Auditing Third-Party Risks Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

TEKDI: Te Enseñamos y Acompañamos en el a usar la IA, la automatización y el marketing ► Programas de acompañamiento y planes de formación a medida con un tutor a tu lado, mentorías de seguimiento, sesiones prácticas de trabajo online y mucho más. ►►►⁠https://tekdi.education/⁠  La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente.

La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente. En 2012 ya hablábamos de este fenómeno cuando herramientas como Dropbox comenzaban a popularizarse fuera del radar del área de sistemas. Hoy, ese patrón se repite con herramientas como ChatGPT, Gemini o Copilot, solo que con implicaciones aún más profundas.

In this episode of SaaS Fuel, Jeff Mains is joined by Warner Moore, founder of Gamma Force and cybersecurity strategist, to dive deep into why early-stage SaaS companies often overbuild security, waste money on compliance, and miss real threats. Warner reveals how to make cybersecurity a strategic advantage—without killing innovation.From delaying HIPAA compliance for smarter growth to leveraging cloud infrastructure securely by default, Warner shares practical frameworks SaaS founders can use to balance risk, market demand, and growth. If you're building a health tech or B2B SaaS company and wondering when and how to invest in cybersecurity.Key Takeaways00:00 – Strategic security starts with executive mindset01:32 – Why security is a business strategy, not just IT03:06 – Risk management vs checkbox compliance06:34 – Mistakes SaaS founders make with security09:53 – Understanding real risk (Asset + Vulnerability + Threat)11:16 – Leveraging cloud providers securely12:12 – Security as a market differentiator14:12 – Delaying HIPAA compliance with intentional design17:11 – When to invest in security maturity20:06 – Security budgeting for startups23:24 – Signs you need a fractional CSO26:57 – Health tech vs general SaaS: when security is mandatory29:22 – Onboarding & deepfake defense tactics32:27 – Process-based security (not just tech)34:22 – Is 2FA enough? Low-cost, high-value protection36:04 – Aligning security with company mission38:27 – Upcoming security shifts (quantum, AI, deepfakes)40:07 – Financial controls > fancy tools41:00 – Access control as a universal security need43:24 – Shadow IT and how to reduce SaaS sprawlTweetable Quotes"If you don't ask the hard questions early, you'll overbuild and overspend on security that doesn't move the business forward." – Warner Moore"Security isn't just a department. It's a culture and a competitive advantage hiding in plain sight." – Jeff Mains"Real risk requires three things: an asset, a vulnerability, and a threat. Miss one and it's just noise." – Warner Moore"Security done right doesn't slow you down—it speeds you up with confidence and alignment." – Warner Moore"The most secure companies don't just install tools—they build resilient business processes." – Warner Moore"Before you throw money at compliance, ask: does this really serve our market or just create overhead?" – Warner MooreSaaS Leadership LessonsDon't Overbuild Early – Avoid unnecessary compliance if you're not yet handling sensitive data. Be intentional.Security Is Strategy – It's not an IT checklist. It's a leadership-level decision and business differentiator.Risk = Asset + Vulnerability + Threat – If one is missing, it's not a real risk. Focus on what matters.Delay Expensive Compliance Smartly – You can structure your tech and market approach to delay heavy regulatory burdens.Train Your Team for Real Threats – Deepfakes, phishing, and social engineering are rising threats; education is critical.Use the Basics Well – MFA, encryption, access control—low-cost, high-value steps most companies still ignore.Guest ResourcesEmail - warner@gammaforce.ioWebsite - https://gammaforce.io/Linkedin -

Send us a textIn this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.TakeawaysDisconnected applications pose significant risks in identity management.Shadow IT is becoming a major part of the IT landscape, not just a side issue.The startup journey involves learning from past experiences and adapting strategies.The human element remains a critical factor in cybersecurity incidents.

During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren't simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.This is where science meets practice. Kate's work isn't about generating abstract theories. It's about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.By inviting companies to participate in research and engage with universities, Kate's message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn't gated behind academic walls. It's open to any team curious enough to ask better questions—and brave enough to challenge assumptions.GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/HOSTS:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESKate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-scienceLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Podcast: Industrial Cybersecurity InsiderEpisode: Bridging the IT-OT Divide with AI-Powered InsightPub date: 2025-05-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig tackle one of the most misunderstood challenges in cybersecurity for industrial environments. The persistent disconnect between IT-led cybersecurity tools and operational technology realities.They explore the concept of "shadow OT," as well as the limits of traditional IDS deployments.They discuss why visibility is key to protecting critical systems. Vulnerability scanning alone isn't enough.Real world case studies reveal how failing to engage OT teams derails cybersecurity strategies. One case involved rogue servers causing daily production failures. Another featured misconfigured modules choking brewery operations. These examples show that even the most advanced strategies fail without OT team involvement.For leaders in manufacturing, utilities, and critical infrastructure, this is a must-listen conversation. It's about redefining risk management through OT-first thinking.Chapters:00:00:00 - When Machines Stop, Money Bleeds: The Downtime Dilemma00:00:47 - Shadow IT or Ingenious OT? Rethinking Rogue Tech00:02:29 - Cybersecurity Isn't Enough: The OT Risk You're Missing00:04:37 - Server Ghosts & Brewery Blunders: Fixing What IT Can't See00:06:41 - Visibility is Power: Using the Tools You Already Own00:09:50 - IT vs. OT: Breaking Silos, Building Alliances00:13:28 - Final Thoughts: Who Really Owns OT Security?Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity

A significant security breach has emerged involving senior members of the Trump administration, including Vice President J.D. Vance and Defense Secretary Pete Hedgeseth, who shared top-secret military plans regarding U.S. attacks on the Houthi group in Yemen via the encrypted messaging app Signal. This breach was uncovered by journalist Jeffrey Goldberg, who found himself in a group chat with key cabinet members discussing sensitive information. The National Security Council has confirmed the authenticity of the message chain, leading to calls for an immediate investigation. The incident raises serious concerns about cybersecurity practices within the federal government, particularly regarding the use of unauthorized communication tools for classified discussions.The growing popularity of Signal among federal employees and military planners during the Trump administration highlights a troubling trend of shadow IT at the executive level. This situation poses a challenge for IT leaders, as it undermines established security protocols and sends a dangerous message to lower-level staff and contractors about the importance of adhering to internal policies. If top officials can bypass security measures without facing consequences, it diminishes the perceived value of compliance and accountability across the organization.In response to this breach, experts emphasize the need for stronger cybersecurity measures and accountability for federal leaders. The incident illustrates that policy violations can extend beyond corporate rules into federal law, with potential implications for national security. The lack of consequences for high-ranking officials could lead to a culture of complacency regarding cybersecurity, where employees may view policies as mere compliance theater rather than essential guidelines for protecting sensitive information.The podcast also discusses recent advancements in cybersecurity tools and services, including Microsoft's expansion of its AI-powered security co-pilot and Verizon's launch of a generative AI-powered text messaging solution for small businesses. These developments reflect a broader trend toward operationalizing AI in cybersecurity workflows and enhancing security measures for organizations. As managed service providers (MSPs) seek to streamline operations and improve compliance, the integration of new tools and partnerships is becoming increasingly important in navigating the evolving landscape of cybersecurity and data protection. Four things to know today 00:00 Shadow IT at the Top: War Plans on Signal Show Why Cyber Rules Without Consequences Don't Work05:54 Smarter Security, Faster Replies: Microsoft and Verizon Put AI on the Job for Everyone08:51 Fewer Tools, More Power: MSP Upgrades from Syncro, Cohesity, and MSPTerms Aim to Do It All11:53 One-Stop MSP? New Integrations Aim to Save Time, Boost Profits, and Lock You In  Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://www.huntress.com/mspradio/  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story