Podcasts about shadow it

The hardest thing for any growing company to do is manage the transition from hypergrowth to the dual tracks of growth and stability. AWS is entering their Hybrid phase, or the transition from Day 1 to Day 2. How will it go?SHOW: 946SHOW TRANSCRIPT: The Cloudcast #946 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:[DoIT] Visit doit.com (that's d-o-i-t.com) to unlock intent-aware FinOps at scale with DoiT Cloud Intelligence.[VASION] Vasion Print eliminates the need for print servers by enabling secure, cloud-based printing from any device, anywhere. Get a custom demo to see the difference for yourself.SHOW NOTES:Amazon Q2 (July 2025) ResultsReviewing Amazon/AWS Q2 2025 Results (CNBC)AWS QoQ Earnings Growth Rates (2014-2025)Andy Jassy defends Amazon/AWS AI strategyAmazon Q2 2025 Earnings Call TranscriptUpdate from Andy Jasay Amazon Generative AI (Amazon Internal)HOW WILL AWS HANDLE DAY 1 AND DAY 2?Has AWS missed the Generative AI transformation?Not investing in GPUs at the same rate as their cloud market shareDon't have a Top 5 Frontier LLMDon't have a productivity suite to attach AI to (on-going revenue)Don't have a leading coding-assistant appDon't have an immediate “acquisition” target (e.g. Anthropic valuation near $150B)AWS isn't breaking out their AI revenuesAWS's growth has plateaued over the last 6 quarters (around 17%), while Azure, GCP have been growing at 1.5 to 2x, specifically around AI revenues. AWS is up to 18% of Amazon revenue, and current AWS (CPU-based) is driving the majority of Amazon profits. Jasay is trying to make AI an add-on to the AWS “building block” modelGenAI buying (at this point) looks similar to Shadow IT going to public cloud – it's not centrally controlledIs AWS focused on GenAI, or moving the other 80-85% of on-premises to their cloud? Can they manage both priorities at the same time? Can you achieve the same levels of growth if non-GenAI startups aren't getting funding at the same levels as pre-2022?FEEDBACK?Email: show at the cloudcast dot netTwitter/X: @cloudcastpodBlueSky: @cloudcastpod.bsky.socialInstagram: @cloudcastpodTikTok: @cloudcastpod

“We're not here with a silver bullet. We're here to help teams start with visibility—because you can't manage what you can't see.” — Steve Petracek, Auvik In this special Technology Reseller News podcast recorded live from the inaugural Podcast Row at ChannelCon 2025 in Nashville, Doug Green sits down with Steve Petracek of Auvik to discuss the mounting challenges facing IT teams in an increasingly hybrid and remote working environment. Petracek, a leader at Auvik—an IT operations management platform—delivers fresh insight from the company's latest IT Trends Report. According to Petracek, 87% of MSPs today are managing at least some portion of a remote workforce, but most lack the tools to adequately address the growing risks around visibility, Shadow IT, Shadow AI, and workforce productivity. This mismatch is leading to inefficiencies and, increasingly, burnout among IT professionals. “The traditional tools built for the office don't cut it anymore,” Petracek explains. “IT teams are stitching together a dozen tools just to support a single user working remotely. That's where the stress comes in.” Petracek emphasizes that the first step in solving these challenges is visibility—not just into the network and infrastructure, but into the user's entire digital ecosystem, from sanctioned SaaS apps to unsanctioned AI tools. Auvik's platform aims to bring all of that into focus, giving IT teams one place to manage, secure, and optimize performance across environments. Key trends discussed in the podcast include: The rise of Shadow AI and its unmanaged introduction into IT ecosystems The compounding effect of tool sprawl on stress and burnout The need for automation and tool consolidation to restore efficiency Auvik's visibility-first approach to tackling modern IT operations Petracek's message to MSPs at ChannelCon was clear: hybrid work isn't a passing trend, and managing it effectively means embracing a new toolset, reducing complexity, and automating wherever possible. To dive deeper into Auvik's findings and learn how your team can better manage hybrid infrastructure, download the free IT Trends Report at https://www.auvik.com. This podcast was recorded live at ChannelCon 2025 at the Gaylord Opryland Hotel in Nashville, as part of Technology Reseller News' coverage of emerging technologies and trends shaping the MSP and IT services landscape.  

When we talk about cybersecurity, it's often easy to think in terms of firewalls, passwords, and high-profile breaches. But what happens when the vulnerability isn't within your own systems but somewhere deep in your third or fourth-tier supply chain? In this episode, I spoke with Ben Edwards from Bitsight about the unseen infrastructure propping up much of the global digital economy and the new risks emerging from it. Our conversation begins by challenging the assumption that larger technology providers are automatically safer. Bitsight's research reveals that scale often introduces complexity and a larger attack surface, which can make it even harder to stay secure. In fact, UK supply chains are now around 10 percent larger than the global average, reflecting a more advanced digital economy but also introducing more room for hidden weaknesses. One of the most sobering parts of the discussion focused on geopolitics. Around 30 percent of UK and US supply chains rely on Chinese military-linked companies like Huawei and China Telecom. That's not just a cybersecurity concern. It's a geopolitical time bomb. Ben broke down the ripple effects that potential restrictions or bans could have, including costs, infrastructure overhauls, and widespread operational disruption. Then there are the “hidden pillars,” smaller vendors like Aptiv and Yardi, which may not be household names but play disproportionately influential roles in sectors like aerospace, education, and real estate. Their obscurity makes them dangerous single points of failure, especially when regional dependencies form without anyone noticing. The bottom line? End-to-end supply chain visibility remains elusive. Shadow IT, employee workarounds, and a constantly shifting tech landscape mean organizations must approach cybersecurity as an ongoing process, not a checklist. Ben urges companies to continually assess the criticality of their providers and, just as importantly, understand their own role in others' ecosystems. If you're curious about how internet balkanization, AI, and outsourcing are shaping the next phase of cybersecurity strategy, this episode will give you a lot to think about. Y

This episode tackles the real reasons manufacturers and distributors stay stuck: old systems, patchwork processes, and business habits that don't change overnight. Jason Greenwood and Aaron Sheehan dig into what goes wrong in B2B projects, how leaders can spot roadblocks early, and why honest internal conversations matter more than buying the latest software.Key Highlights5:00 Why B2B companies still run on spreadsheets and ancient ERPs9:00 Shadow IT in B2B operations11:03 Field reps aging out, digital-native buyers moving in – how it's reshaping expectations13:05 The real question companies ask: Should we replace the ERP or launch eCommerce first?15:23 Customers force the issue: “We'll switch suppliers if you don't make it easier”17:05 How Jason breaks the customer base into three digital adoption buckets19:16 Manual ordering habits (screenshots, PDFs)23:20 When eCommerce is dismissed as ‘just for small customers' and why that's wrong32:00 How eCommerce automation solves pain points beyond the transactional workflowResources Mentioned Digital Services Layer (DSL): Jason's concept for all the non-transactional digital capabilities customers expect.OroCommerce's AI SmartOrder: An AI-powered tool for processing unstructured purchase orders and enabling digital self-service.Upcoming Movie: A Big Bold Beautiful JourneyTop Gun: MaverickB2B eCommerce World 2025 in Scottsdale, AZ

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Mike Levy and Shontelle Mixon discuss the growing risks tied to fourth-party relationships. They discuss how internal auditors can leverage technology, enhanced contracts, and cross-functional collaboration to pinpoint, track, and reduce those downstream risks. They break down how internal audit's role is evolving in a world shaped by cybersecurity, AI, and shifting regulations. HOST:Mike Levy, CIA, CRMA, CISSPCEO, Cherry Hill Advisory GUEST:Shontelle Mixon, CPADivisional SVP, Internal Audit and Special Investigations, Healthcare Service Corporation KEY POINTS: Introduction [00:00–00:00:38] What Is Fourth-Party Risk? [00:00:38–00:01:52] Evolution of Risk and Offshoring Trends [00:01:52–00:02:32] Mitigating Fourth-Party Risks [00:02:32–00:03:47] Steps for Maturing a Vendor Risk Program [00:03:47–00:04:50] The Challenge of Shadow IT [00:04:50–00:05:54] Data Mining and Continuous Monitoring [00:05:54–00:06:59] Beyond the SOC Report [00:06:59–00:08:27] Getting Started Without Tech [00:08:27–00:09:32] Cybersecurity as a Starting Point [00:09:32–00:10:44] Educating the Audit Committee [00:10:44–00:12:00] Real-Time Monitoring and Vendor Audits [00:12:00–00:13:09] Misconceptions About Outsourcing Risk [00:13:09–00:13:56] Preparing for the Future [00:13:56–00:15:32] Pitfalls in Contracting [00:15:32–00:16:38] First Step for New Audit Functions [00:16:38–00:17:12] Aligning with Organizational Risk Priorities [00:17:12–00:18:36] Getting Executive Buy-In [00:18:36–00:20:06] Supporting Smaller Audit Shops [00:20:06–00:21:14] Final Advice [00:21:14–00:21:58] THE IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: 2025 International Conference Learning Solutions: Navigating Third and Fourth Party Risks Learning Solutions: Auditing Third-Party Risks Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

China's Salt Typhoon claims another victim (or two). State healthcare portals are tracking and leaking. No kidding. Apple adopts FIDO's Passkeys and other credentials transport. Facebook gets Passkey logon. TikTok continues ticking for at least another 90 days. Canadian telco admits they were infiltrated by Salt Typhoon. Microsoft to remove unwanted (and hopefully unneeded) hardware drivers. The Austrian government legislates court-warranted message decryption. I (Steve) finally get full clarity on what today's "AI" means. A deep dive into the Salt Typhoon's operation and how they got in Show Notes - https://www.grc.com/sn/SN-1031-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/securitynow hoxhunt.com/securitynow outsystems.com/twit bigid.com/securitynow zscaler.com/security

TEKDI: Te Enseñamos y Acompañamos en el a usar la IA, la automatización y el marketing ► Programas de acompañamiento y planes de formación a medida con un tutor a tu lado, mentorías de seguimiento, sesiones prácticas de trabajo online y mucho más. ►►►⁠https://tekdi.education/⁠  La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente.

Shadow IT od lat był zmorą działów technologii, ale dziś jego nowa odsłona – Shadow AI – to zupełnie inna liga. Pracownicy korzystają z nieautoryzowanych narzędzi AI, tworzą własne automatyzacje, a dane firmowe trafiają do publicznych modeli językowych. W tym odcinku przyglądam się, jak firmy radzą sobie z tym zjawiskiem, kiedy AI wychodzi spod kontroli, jak zmienia się rola CISO i dlaczego przyszłość to nie zakazy, ale transparentność i współpraca. 

La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente. En 2012 ya hablábamos de este fenómeno cuando herramientas como Dropbox comenzaban a popularizarse fuera del radar del área de sistemas. Hoy, ese patrón se repite con herramientas como ChatGPT, Gemini o Copilot, solo que con implicaciones aún más profundas.

In this episode of SaaS Fuel, Jeff Mains is joined by Warner Moore, founder of Gamma Force and cybersecurity strategist, to dive deep into why early-stage SaaS companies often overbuild security, waste money on compliance, and miss real threats. Warner reveals how to make cybersecurity a strategic advantage—without killing innovation.From delaying HIPAA compliance for smarter growth to leveraging cloud infrastructure securely by default, Warner shares practical frameworks SaaS founders can use to balance risk, market demand, and growth. If you're building a health tech or B2B SaaS company and wondering when and how to invest in cybersecurity.Key Takeaways00:00 – Strategic security starts with executive mindset01:32 – Why security is a business strategy, not just IT03:06 – Risk management vs checkbox compliance06:34 – Mistakes SaaS founders make with security09:53 – Understanding real risk (Asset + Vulnerability + Threat)11:16 – Leveraging cloud providers securely12:12 – Security as a market differentiator14:12 – Delaying HIPAA compliance with intentional design17:11 – When to invest in security maturity20:06 – Security budgeting for startups23:24 – Signs you need a fractional CSO26:57 – Health tech vs general SaaS: when security is mandatory29:22 – Onboarding & deepfake defense tactics32:27 – Process-based security (not just tech)34:22 – Is 2FA enough? Low-cost, high-value protection36:04 – Aligning security with company mission38:27 – Upcoming security shifts (quantum, AI, deepfakes)40:07 – Financial controls > fancy tools41:00 – Access control as a universal security need43:24 – Shadow IT and how to reduce SaaS sprawlTweetable Quotes"If you don't ask the hard questions early, you'll overbuild and overspend on security that doesn't move the business forward." – Warner Moore"Security isn't just a department. It's a culture and a competitive advantage hiding in plain sight." – Jeff Mains"Real risk requires three things: an asset, a vulnerability, and a threat. Miss one and it's just noise." – Warner Moore"Security done right doesn't slow you down—it speeds you up with confidence and alignment." – Warner Moore"The most secure companies don't just install tools—they build resilient business processes." – Warner Moore"Before you throw money at compliance, ask: does this really serve our market or just create overhead?" – Warner MooreSaaS Leadership LessonsDon't Overbuild Early – Avoid unnecessary compliance if you're not yet handling sensitive data. Be intentional.Security Is Strategy – It's not an IT checklist. It's a leadership-level decision and business differentiator.Risk = Asset + Vulnerability + Threat – If one is missing, it's not a real risk. Focus on what matters.Delay Expensive Compliance Smartly – You can structure your tech and market approach to delay heavy regulatory burdens.Train Your Team for Real Threats – Deepfakes, phishing, and social engineering are rising threats; education is critical.Use the Basics Well – MFA, encryption, access control—low-cost, high-value steps most companies still ignore.Guest ResourcesEmail - warner@gammaforce.ioWebsite - https://gammaforce.io/Linkedin -

Send us a textIn this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.TakeawaysDisconnected applications pose significant risks in identity management.Shadow IT is becoming a major part of the IT landscape, not just a side issue.The startup journey involves learning from past experiences and adapting strategies.The human element remains a critical factor in cybersecurity incidents.

During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren't simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.This is where science meets practice. Kate's work isn't about generating abstract theories. It's about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.By inviting companies to participate in research and engage with universities, Kate's message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn't gated behind academic walls. It's open to any team curious enough to ask better questions—and brave enough to challenge assumptions.GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/HOSTS:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESKate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-scienceLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Podcast: Industrial Cybersecurity InsiderEpisode: Bridging the IT-OT Divide with AI-Powered InsightPub date: 2025-05-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig tackle one of the most misunderstood challenges in cybersecurity for industrial environments. The persistent disconnect between IT-led cybersecurity tools and operational technology realities.They explore the concept of "shadow OT," as well as the limits of traditional IDS deployments.They discuss why visibility is key to protecting critical systems. Vulnerability scanning alone isn't enough.Real world case studies reveal how failing to engage OT teams derails cybersecurity strategies. One case involved rogue servers causing daily production failures. Another featured misconfigured modules choking brewery operations. These examples show that even the most advanced strategies fail without OT team involvement.For leaders in manufacturing, utilities, and critical infrastructure, this is a must-listen conversation. It's about redefining risk management through OT-first thinking.Chapters:00:00:00 - When Machines Stop, Money Bleeds: The Downtime Dilemma00:00:47 - Shadow IT or Ingenious OT? Rethinking Rogue Tech00:02:29 - Cybersecurity Isn't Enough: The OT Risk You're Missing00:04:37 - Server Ghosts & Brewery Blunders: Fixing What IT Can't See00:06:41 - Visibility is Power: Using the Tools You Already Own00:09:50 - IT vs. OT: Breaking Silos, Building Alliances00:13:28 - Final Thoughts: Who Really Owns OT Security?Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

2025. május 15., szerda 6:30-8 óra NÉVNAPOK, ESEMÉNYEK, SZÜLETÉSNAPOSOK, LAPSZEMLE, TŐZSDEI HELYZETKÉP BUDAPEST, TE CSODÁS: Hírek a fővárosból és környékéről Nagy felújítást jelentett be Lázár János – 200 milliárdba fog kerülni - Infostart.hu Tarr Béla mond beszédet a 30. Budapest Pride megnyitóján Figyelem! Medvét láttak Budapesttől 40 km-re: mindenki legyen óvatos - Pénzcentrum Új campus expresszvonat Debrecen és Budapest között Több tízezer turistát és forintmilliárdokat hozhat a budapesti e-sport-bajnokság - Világgazdaság Dühös tüntetés szerveződik az átláthatósági törvény miatt - Propeller Ingyen adják a gyerekeknek a Városligetet ÉBRESZTŐ TÉMA: Benyújtották a törvényjavaslatot: az önkormányzatok korlátozhatják, kik költözhetnek be egy településre A tervezethez képest a törvényjavaslat enyhébbnek tekinthető: kikerült belőle ugyanis az a pont, amely értelmében az önkormányzat közvetlenül megtilthatná a nem helyben élők ingatlanvásárlását. Az önkormányzatok azonban így is fontos jogköröket kapnak. Benyújtották a törvényjavaslatot: az önkormányzatok korlátozhatják, kik költözhetnek be egy településre | 24.hu Balla Ákos, a Balla Ingatlan tulajdonos-ügyvezetője NULLADIK FAKTOR: Shadow AI A múlt héten a Shadow IT volt a téma. Most egy hasonló, de picit specifikusabb témakörrel foglalkozunk. A csapból is az AI folyik, az egész IT szakma ettől pezseg, miközben számos IT biztonsági kérdést vet fel. Köztük az egyik ilyen az újonnan megjelenő “Shadow AI” kifejezés. De mi is az a Shadow AI? - Egyet hátrébb lepve rövid összefoglaló általánosan a felhő használatról és a Shadow IT-ról. Kifejtve, hogy a Shadow AI az a Shadow IT egy szelete, csak az AI terjedese es relevanciaja miatt említjük meg külön fogalomként. Vállalati környezetben mik a főbb biztonsági aggályok, ha Shadow AI-ról van szó? - Láthatóság hiánya, rendkívül gyors terjedés felhasználok között. Feltöltött és kezelt adatok Hogyan lehet ezt kezelni? - A legfontosabb a láthatóság biztosítása. Emellett a felhasznalok folyamatos oktatasa. Vállalati “AI Policy” kialakitasa, megfékezni nem lehet és lehet nem is erdemes. Tudunk példát AI/Shadow AI-hoz köthető jelentős biztonsági incidensre? - Néhány nemzetközi példa + Utolsó kérdés: Hol lehet többet megtudni? - biztonsagosfelho.hu, leirasok, webinar regisztráció Angyal Dániel, a Scirge társalapítója HETI ALAPOZÓ: Mi történt a tőkepiacokon Trump elnökké választása óta? Czachesz Gábor, a VIG Befektetési Alapkezelő Multi-Asset desk vezetője

2025. május 8., csütörtök 6:30-8 óra Drukkolunk az érettségizőknek, de nem marad el a név- és születésnaposok köszöntése, a lapszemle és a tőzsdei összefoglaló sem. BUDAPEST, TE CSODÁS! - fővárosi rovat. Az Óbudai Gázgyár ügye, a legújabb fővárosi útfelújítások és a terézvárosi kukakommandó kerül terítékre. ÉBRESZTŐ TÉMA: Semmis devizahitelek? Mit mond az Európai Bíróság? Az elmúlt évtized talán legnagyobb „devizahiteles” bírósági győzelmét hozta egy svájci frank alapú lízingszerződés ügyében az Európai Bíróság ítélete közvetlenül a hosszú hétvége előtt.  A döntés szerint úgy kell helyreállítani az eredeti állapotot, mintha a tisztességtelen árfolyamkockázati kikötés nem is létezett volna, ez a teljes szerződés semmissé tételét jelentheti, amennyiben erre vonatkozó szándékát az adós kifejezetten kinyilvánítja. dr. Marczingós László, az adósok védőügyvédje. NULLADIK FAKTOR:  Shadow IT. Egyre inkább minden informatikai rendszer a felhőben egy böngészőn keresztül érhető el. Ez nagyban segíti a munkavállalók produktivitását, mert könnyedén hozzáférhetnek a munkájukat segítő rendszerekhez. Azonban van ennek egy árnyoldala is, ugyanis ez számos IT biztonsági kérdést felvet. Ezt a problémakört nevezzük magyarul arnyékinformatikának, szakzsargon szerint “Shadow IT”-nak. Húsvéti Zsolt, a Scirge alapítója.

Vibe Coding 2025H1 wkracza na scenę! Łukasz i Szymon analizują koncepcję vibe codingu stworzoną przez Andreja Karpathy'ego. Czy AI faktycznie może pisać kod za nas? Nasi Patoarchitekci konfrontują entuzjazm z technologicznym sceptycyzmem. Odcinek zagłębia się w praktyczne aspekty GitHub Copilot, Cursor i innych narzędzi AI. Prowadzący omawiają zagrożenia Shadow IT, znaczenie promptów systemowych i ograniczenia LLM-ów w dużych bazach kodu. Brownfield czy greenfield - gdzie AI sprawdzi się najlepiej? Sprawdź, czy twój projekt nadaje się do vibe codingu czy lepiej trzymać się tradycyjnego podejścia. Nie przegap dyskusji o tym, jak AI może pomóc w projektach osobistych, ale niekoniecznie w tworzeniu profesjonalnych aplikacji SaaS. Keep It Simple, Stupid!   A teraz nie ma co się obijać!

Stay in control with Microsoft Defender. You can identify which AI apps and cloud services are in use across your environment, evaluate their risk levels, and allow or block them as needed—all from one place. Whether it's a sanctioned tool or a shadow AI app, you're equipped to set the right policies and respond fast to emerging threats. Defender XDR gives you the visibility to track complex attack paths—linking signals across endpoints, identities, and cloud apps. Investigate real-time alerts, protect sensitive data from misuse in AI tools like Copilot, and enforce controls even for in-house developed apps using system prompts and Azure AI Foundry. Rob Lefferts, Microsoft Security CVP, joins Jeremy Chapman to share how you can safeguard your AI-powered environment with a unified security approach. ► QUICK LINKS: 00:00 - Stay in control with Microsoft Defender 00:39 - Identify and protect AI apps 02:04 - View cloud apps and website in use 04:14 - Allow or block cloud apps 07:14 - Address security risks of internally developed apps 08:44 - Example in-house developed app 09:40 - System prompt 10:39 - Controls in Azure AI Foundry 12:28 - Defender XDR 14:19 - Wrap up ► Link References Get started at https://aka.ms/ProtectAIapps ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics   

Dans cet épisode de Dans la Tech, après une (petite) pause prolongée, l'équipe se retrouve au complet pour aborder un sujet essentiel : la sécurité dans le cloud. Pour l'occasion, nous accueillons Victor, consultant indépendant spécialisé AWS, infrastructures et sécurité, pour un échange riche et sans filtre ! Au programme : • Nos parcours personnels avec la sécurité dans le cloud (AWS, Société Générale, startup, grand groupe, etc.) • Premiers réflexes à avoir pour sécuriser une nouvelle infrastructure sur cloud public (AWS, Scaleway, OVH…) • Bonnes pratiques autour de l'Infra as Code, IAM, CI/CD, backup, SSO, isolation réseau, gestion des permissions, et plateformes self-service sécurisées. • Incidents de sécurité vécus : phishing, crypto-mining, erreurs humaines, Shadow IT, supply chain… • Débat ouvert sur le SSH, la compromission humaine, les risques de l'attaque interne, et les limites du MFA. • Focus sur la protection des données sensibles, le rôle des outils comme Riot ou AWS Control Tower, et l'importance de l'audit et de la sensibilisation continue.

Rüdiger Trost und Tobias Schrödel tauchen tief ein in das Thema KI im Alltag, konkret: im Teams-Meeting. Was passiert, wenn Microsoft Copilot mitprotokolliert, analysiert – und vielleicht sogar widerspricht? Wie verändert das unsere Arbeit, unser Verhalten – ja vielleicht sogar Bewerbungsverfahren?

This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity

Customers installing unapproved software? IT departments bypassing your security or just plain ol' "doing whatever the hell they want?" That's Shadow IT, and it's a huge headache for MSPs. It creates hidden risks and liabilities, not just for your customers, but for you. Want to learn how to fight it? Listen up! Links for events, articles, and products mentioned in the podcast: Link to Register for Taste of Success - Texas: https://overview.ascii.com/tasteofsuccesstexas/ (Use VIP CODE: BRADGROSSVIP) Link to EverythingMSP Article: https://www.everythingmsp.com/blog/navigating-the-shadows-proactive-it-engagement-for-your-clients.html MSPTerms:  https://www,mspterms.com 

A significant security breach has emerged involving senior members of the Trump administration, including Vice President J.D. Vance and Defense Secretary Pete Hedgeseth, who shared top-secret military plans regarding U.S. attacks on the Houthi group in Yemen via the encrypted messaging app Signal. This breach was uncovered by journalist Jeffrey Goldberg, who found himself in a group chat with key cabinet members discussing sensitive information. The National Security Council has confirmed the authenticity of the message chain, leading to calls for an immediate investigation. The incident raises serious concerns about cybersecurity practices within the federal government, particularly regarding the use of unauthorized communication tools for classified discussions.The growing popularity of Signal among federal employees and military planners during the Trump administration highlights a troubling trend of shadow IT at the executive level. This situation poses a challenge for IT leaders, as it undermines established security protocols and sends a dangerous message to lower-level staff and contractors about the importance of adhering to internal policies. If top officials can bypass security measures without facing consequences, it diminishes the perceived value of compliance and accountability across the organization.In response to this breach, experts emphasize the need for stronger cybersecurity measures and accountability for federal leaders. The incident illustrates that policy violations can extend beyond corporate rules into federal law, with potential implications for national security. The lack of consequences for high-ranking officials could lead to a culture of complacency regarding cybersecurity, where employees may view policies as mere compliance theater rather than essential guidelines for protecting sensitive information.The podcast also discusses recent advancements in cybersecurity tools and services, including Microsoft's expansion of its AI-powered security co-pilot and Verizon's launch of a generative AI-powered text messaging solution for small businesses. These developments reflect a broader trend toward operationalizing AI in cybersecurity workflows and enhancing security measures for organizations. As managed service providers (MSPs) seek to streamline operations and improve compliance, the integration of new tools and partnerships is becoming increasingly important in navigating the evolving landscape of cybersecurity and data protection. Four things to know today 00:00 Shadow IT at the Top: War Plans on Signal Show Why Cyber Rules Without Consequences Don't Work05:54 Smarter Security, Faster Replies: Microsoft and Verizon Put AI on the Job for Everyone08:51 Fewer Tools, More Power: MSP Upgrades from Syncro, Cohesity, and MSPTerms Aim to Do It All11:53 One-Stop MSP? New Integrations Aim to Save Time, Boost Profits, and Lock You In  Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://www.huntress.com/mspradio/  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Whether you appreciate it, tolerate it, or want to stamp it out, Shadow IT is not going anywhere. Is this necessarily a bad thing? Directions analysts Barry Briggs, Greg DeMichillie and Rob Sanfilippo share with Mary Jo Foley their ideas for managing and channeling Shadow IT in this roundtable discussion.

Whether you appreciate it, tolerate it, or want to stamp it out, Shadow IT is not going anywhere. Is this necessarily a bad thing? Directions analysts Barry Briggs, Greg DeMichillie and Rob Sanfilippo share with Mary Jo Foley their ideas for managing and channeling Shadow IT in this roundtable discussion. 

Join Michael Krigsman on CXOTalk as leading CIO advisors Tim Crawford and Isaac Sacolick unpack actionable strategies for Chief Information Officers to thrive in the AI era. This episode dives into critical challenges and opportunities, offering insights on:Governance & Data Strategy: Prioritize robust AI governance frameworks and invest in clean, scalable data to drive reliable innovation. Sacolick stresses early integration of compliance and ethics, while Crawford underscores the need for a holistic data strategy to avoid “garbage in, garbage out” pitfalls.Change Management: Proactively educate teams and collaborate with HR (CHRO) to secure training budgets, empowering employees to adapt as AI reshapes workflows in IT, sales, and customer support.Innovation vs. Efficiency: Focus on AI initiatives that transform business models and customer experiences—not just productivity gains. Align pilots with clear OKRs, balancing agility with measurable outcomes to escape “pilot purgatory.”Collaboration & Risk Mitigation: Engage legal and audit teams early, building cross-functional councils to navigate regulatory demands and ethical AI use.Cultural Shifts: Embrace automation and upskilling, balancing Shadow IT's creativity with security guardrails to fast-track innovation responsibly.This discussion is perfect for IT leaders navigating digital transformation and equips CIOs to harness AI's disruptive potential. Like, subscribe, and share your questions in the comments to join the conversation shaping the future of enterprise AI!

IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Some CISOs might see industry regulators as an obstacle to their objectives, but not Jorges Fernandez, CISO & DPO for the Portuguese Securities & Exchange Commission, CMVM, and active participant on multiple regulatory bodies. In this episode of Brass Tacks - Talking Cybersecurity, Jorge shares his unique experience and perspective as both regulator and regulated entity, explaining how open collaboration and transparency are key to reducing the impact of cybersecurity incidents, not just within an organization, but across the entire sector. He and host, Joe Robertson, also discuss shaping perceptions of the security team, limiting the emergence of Shadow IT, the business impact of regulations such as the EU's Digital Operational Resilience Act, DORA, and the responsibility of vendors to ensure "Security by Design" in the products they provide. Don't miss this insightful discussion. More about Fortinet: ftnt.net/60595CcyH Read our blog: ftnt.net/60505Ccyj Follow us on LinkedIn: ftnt.net/60515Ccyd

In this special Halloween episode of CISO Tradecraft, host G Mark Hardy delves into the lurking dangers of Shadow IT and Zombie IT within organizations. Learn about the origins, risks, and impacts of these hidden threats, and discover proactive measures that CISOs can implement to safeguard their IT ecosystems. Strategies discussed include rigorous asset management, automation, and comprehensive compliance reviews. Tune in for insights to foster a secure, compliant, and efficient IT environment, and don't miss out on an exclusive opportunity to join a cybersecurity conference aboard a luxury cruise.   CruiseCon Discount Code: CISOTRADECRAFT10 CruiseCon Link: https://cruisecon.com/   Transcripts: https://docs.google.com/document/d/1lh-TQhaSOIA2rITaXgTaqugl7FRGevnn   Chapters  00:00 Introduction to Shadow IT and Zombie IT 02:14 Defining Shadow IT 04:58 Risks of Shadow IT 07:29 Introduction to Zombie IT 09:35 Risks of Zombie IT 11:25 Shadows vs Zombies 11:25 Comparing Shadow IT and Zombie IT 19:11 Lifecycle Management Strategies 19:56 Summarizing the Threats and Solutions 22:32 Final Thoughts and Call to Action

The summer lull has us reflecting on how the evolution of cloud computing has shaped the existing era that's trying to figure out AI. With a special guest introduction. SHOW: 848SHOW TRANSCRIPT: The Cloudcast #848 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST:  "CLOUDCAST BASICS"SHOW NOTES:WE HAVE A SPECIAL GUEST LEADING OFF THE SHOW - AFTER 13 YEARSWHAT PARTS OF THE CLOUD EVOLUTION HAVE LAID THE FOUNDATION FOR TODAY?[BAD] Shadow IT set Enterprise IT back 5-10 years, with the same responsibilities[GOOD] Technology experimentation has become the norm, from technologists to business leaders. [BAD] We still don't really know how to measure the cost or return (ROI) of technology spending.[GOOD] We have a new appreciation for the power of software and software development to change businesses and markets.[BAD] But we still haven't figured how to normalize great software development[GOOD] Open source communities (e.g. CNCF, etc.) provided a blueprint for bringing new innovation to the marketplace[BAD] We saw how long it took for Cloud to be disruptive, but now that valuations are so high, we haven't learned patience for new disruptions.[GOOD] The “cloud” way of doing things has laid the foundation for what might/will come next. FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

In this episode of SaaS Fuel, we sit down with Sethu Meenakshisundaram, co-founder of Zluri - a SaaS management and identity governance company born out of the need to tackle hidden SaaS costs that surfaced during the COVID-19 pandemic.Sethu recounts the inception of Zluri during the COVID-19 pandemic, revealing how the founders identified a critical need for better visibility and control over hidden SaaS costs even for small businesses. Sethu highlights Zluri's evolution from a cost optimization tool to a proactive platform, addressing the diverse needs of both enterprises and smaller companies. Explore the value of integration, automation, and maintaining up-to-date to ensure scalable and adaptable IT management solutions. Additionally, Sethu shares insights on Managed IT, Shadow IT, and the emerging Shadow AI.Key Takeaways00:00 Ensure meaningful customer engagement with authentic SaaS.03:17 Utilize analytics tools for detailed user insights.07:06 Embracing problem led to $50,000 saving.12:16 Different service delivery models for varying sizes.13:37 Zulary needs integrations, highlights importance of security.19:46 Complexity of integration improved, faster value delivery.23:26 Questioning the purpose and value of work.24:50 Champion Leadership Group scales revenue and outwits competitors.29:02 Zluri offers exhaustive IT discovery engine.31:53 Admin roles crucial, over-permissioning poses security risk.36:52 Expand discovery, control and technology for visibility.38:27 Architecture supports user access reviews for scaling.42:16 Be prepared, but do it anyway.45:39 Investing is complex, understand it thoroughly.Tweetable Quotes"Without integration, the platform doesn't work, which means integration is a core story of Slurry." — Sethu 00:17:54Shadow AI: "People are using a lot of AI application that they don't want their IT to know of. And to use those apps, they are exchanging the company's data as a bottom." — Sethu 00:28:12"Importance of Access Control in Safeguarding Organizations": "People find it very hard to get access to a job, and sometimes they do not get the right level of access, which means they get over permissioned in an application. And that becomes a critical issue during times when bad actors pop up because they can do a lot of things." — Sethu 00:32:12But as our vision expands, do we have the technology today to expand along with that? And the answer is yes." — Sethu 00:37:19"Engagement is one of the most important metrics SaaS leaders can track. Why is that? Well, it's a forward-looking measure of revenue and an early warning system of churn." — Jeff Mains 00:01:01The importance of tracking authentic SaaS customer engagement: "You've got to go beyond vanity metrics and focus on actions that indicate genuine involvement and significant outcomes." — Jeff Mains 00:02:36Quote: "Got to implement customer feedback loops. And to do that, we wanna actively seek feedback from users through surveys, through interviews, through in-app prompts." — Jeff Mains 00:04:30 Quote: "Tracking authentic SaaS customer engagement requires focusing on the right metrics, using advanced tools, and incorporating continuous customer feedback." — Jeff Mains 00:05:08SaaS Leadership LessonsEmbrace the Problem You Love: Sethu's journey with Zluri began with a genuine passion for solving a significant problem they encountered during the COVID-19 pandemic– hidden SaaS costs. His deep connection to the issue drove the successful pivot from gamifying corporate learning to addressing...

Industrial Talk is chatting with Hartmut Hahn, CEO at Userlane about “Extracting greater value and user adoption out of your technology stack”. Scott MacKenzie and Hartmut Hahn discussed challenges in extracting value from technology stacks, optimizing software use, and reducing software spend. They emphasized the importance of data-driven insights and user engagement to identify areas of improvement. Hartmut highlighted their platform's ability to track user interactions and provide a framework for evaluating software use. Scott MacKenzie questioned how their approach could accommodate different organizational processes. Later, Hartmut discussed the role of predictive analytics in technology adoption, emphasizing the need for a comprehensive understanding of business processes and constant monitoring. The speakers also highlighted the importance of predicting user adoption and efficiency, reaching out to Hardware Lane company for collaboration, and leveraging technology to solve problems. Action Items [ ] Reach out to Userlane directly through their website or contact Hartmut Hahn on LinkedIn for a demo or trial of their software. [ ] Promote industrial podcasts or technologies on the Industrial Talk platform by contacting Scott MacKenzie. (Podcast owners, technology companies) [ ] Map out key business processes to track within Userlane's software once onboarding. Outline Using technology to extract value from digital transformation solutions. Scott MacKenzie interviews Hartmut Hahn about Userlane platform insights. Industrial talk provides a platform for podcasts and technology solutions to reach a wider audience. Scott MacKenzie interviews Heartburn about technology solutions. Software usage and efficiency in large organizations. Hartmut: Companies buy many software solutions, often without proper implementation. Hartmut: Companies struggle with paying consultancies for software implementation. Hartmut: Executives have gut feelings about software usage, but no data to back it up. Hartmut: Userlane analyzes software stack to identify usage patterns, struggles, and areas for improvement. Process mapping and monitoring in software development. Hartmut explains how their software tracks employee interactions across five dimensions to provide a score for each software, highlighting differences in implementation across organizations. Hartmut emphasizes the importance of process mapping and its value in identifying areas for improvement. Hartmut: Monitor processes constantly, adjust yellow/green indicators based on business needs. Hartmut: Executives like constant monitoring, but may not know extent of Salesforce licenses or usage. Optimizing software spend and improving user experience. Hartmut mentions realizing unnecessary software costs and Shadow IT usage. Scott MacKenzie agrees, highlighting the importance of technology stack optimization. Hartmut suggests optimizing software spend by identifying unused licenses and improving usage of business-critical software. Hartmut offers solutions to increase employee engagement and motivation, such as creating interactive guides and content within the application. Technology efficiency and predictive analytics for business success. Scott MacKenzie: Predicting user adoption, efficiency, and inefficiencies in technology. Hartmut: Predicting new releases' impact on productivity, addressing inefficiencies. Hartmut encourages listeners to reach out for collaboration on technology solutions. If interested in

The introduction of cloud computing brought about a significant change on how we use technology with our businesses. Let's look at the historical parallels to today's AI for the Enterprise. (Part 2 of 3)SHOW: 828SHOW TRANSCRIPT: The Cloudcast #828SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSOR:Panoptica, Cisco's Cloud Application Security solutionSHOW NOTES:Part 1: How Today's AI is like the Early 2000s (Cloudcast Eps:828)WHAT SHAPED THE EARLY 2010s?2008 financial crash and less money available for technology (uncertainty)Increased frustration with corporate IT organizations (too much “no”)The possibilities of mobile computing and socially connected societies (abundance)EARLY CLOUD WAS ALL ABOUT BREAKING AWAY FROM CORPORATE ITIt's a new generation of computing, so the future winner is unknown.Many companies are trying to have centralized IT policies - one size fits allData governance and legal liability is driving corporate policies (education needed)Consumer AI is widely available and applicable to some job functionsExecutives are starting to talk about “AI First” policiesCloud-native and Cloud-migrated were very different things, with different resultsFEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

Let's put today's AI era into some historic context by looking at the similarities and parallels to the explosion of the 1st wave of the consumer Internet. SHOW: 826SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSOR:Panoptica, Cisco's Cloud Application Security solutionSHOW NOTES:Building the Information Super Highway (pre-2000)Executives discuss the Information Super Highway2001 - A DotCom Bubble Odyssey (Cloudcast Eps.772)WE'RE FASCINATED BY THE IDEA OF TECHNOLOGY CHANGING EVERYTHING2000s era Internet was going to change everythingGenAI is predicted to change everythingMOST TECHNOLOGY'S SHIFT HAPPEN WITH CONSUMERS FIRSTGenAI still can't validate accuracy (e.g. hallucinations)GenAI is still extremely expensive to create, maintainGenAI still doesn't have a widely-adopted business modelShadow GenAI groups will emerge in the EnterprisePeople are still mostly thinking about GenAI as a way to offload things they don't want to do vs. improving their existing skillsFEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024:  https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist   This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024:  https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist   This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024:  https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10

Whether or not you're familiar with shadow IT, know this: it's everywhere. Our guest this week, Charlie Livingstone, shines a light on the growing problem of shadow IT and how Wagestream are managing the risks it poses. Sit down with Roo and Charlie, as they unpack what shadow IT actually is, the growing challenges associated with it, and what we can do to safeguard ourselves and our organizations.

What will be the adoption patterns for AI within the Enterprise? Will it follow the early days of Cloud Computing, or will new and different patterns emerge? SHOW: 810SHOW TRANSCRIPT: Cloudcast #810 SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW NOTES:WHAT WERE THE PATTERNS FOR ENTERPRISE IT AND CLOUD?Shadow ITHigh-scalability or Short-term Projects (and experimentation)Migration via “Cloud First” initiativesDifficult stuff came lastWHAT'S DIFFERENT ABOUT AI vs. CLOUD?CPU to CPU was easier to calculate vs. CPU + GPUHave we learned any lessons about how to value people's productivity?Does Enterprise AI need a Crawl, Walk, Run scenario? Do they need to be sequential and linked? Are Enterprise AI use-cases well defined? How long is the Enterprise willing to fail at experiments? What's the Enterprise tolerance for GenAI “flaws” (e.g. hallucinations, lack of citations, etc.)Will GenAI rejuvenate Predictive AI projects in the Enterprise? FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-343