POPULARITY
22 episodes with Siems
3 episodes with Siems
4 episodes with Siems
4 episodes with Siems
2 episodes with Siems
4 episodes with Siems
4 episodes with Siems
4 episodes with Siems
4 episodes with Siems
Cybersecurity is no longer a nice-to-have for government contractors — CMMC compliance is now a pre-award requirement, and if you haven't addressed it, your proposal may be dead before anyone reads it. In this episode, Eric sits down with a 15-year MIT Lincoln Laboratory veteran whose company now trains US Cyber Command to break down exactly what small and mid-size contractors need to know about cyber readiness in a rapidly shifting AI-driven threat landscape. Here's what you'll learn in this episode: Why CMMC and FedRAMP exist — and why meeting the minimum standard is just the floor, not the finish line, for contractors serious about winning DoD business How AI is accelerating cyberattacks on small businesses — attackers are using the same tools you use to run your business, and they're moving faster than ever What a cyber range actually is and how it works — the fire drill analogy that explains why buying tools without training your team is money wasted The right cybersecurity stack for small contractors — endpoint detection and response (EDR), firewalls, and SIEMs explained in plain language with practical starting points How to stop overspending on tools you don't use — why most CISOs only fully utilize a third of their security tools and how to build a lean, effective stack instead What AI adoption inside your company is actually exposing — prompt injection, data leakage, and the governance controls that protect your sensitive contract data EPISODE CHAPTERS: 0:00 - Sponsor message and why cybersecurity just became mandatory 0:53 - Introducing a 15-year MIT Lincoln Lab cyber expert 6:01 - How the guest built cyber infrastructure for national defense 7:25 - What cyber ranges are and how they work for DoD training 9:16 - The fire drill analogy for understanding cyber readiness 11:07 - Why buying tools without training your team is not enough 13:28 - How the threat landscape has evolved from servers to cloud to AI 16:17 - CMMC and FedRAMP explained as a minimum bar for contractors 19:38 - The real-world financial losses that finally force action on cyber 25:21 - Building a practical cyber stack for small business contractors 31:17 - How AI is changing team size, efficiency, and detection capability 33:36 - Where AI adoption inside your business is creating new vulnerabilities 37:00 - How cyber range assessments work and how long they take 42:14 - What the next five years looks like for cybersecurity in govcon If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/ Website: https://govcongiants.org/ Connect with Encore Funding: http://govcongiants.org/funding Connect with Lee Rossey: https://www.linkedin.com/in/lee-rossey-0873881/
Dr. Barbara Schäfer-Siems und Prof. Dr. Peter Schäfer haben ihr wissenschaftliches Leben der Judaistik gewidmet. In der neuen Ausgabe von „Zu Gast bei L.I.S.A.“ blickt das Wissenschaftlerpaar auf die gemeinsamen Stationen: die Studienjahre im Israel der 1960er Jahre, die Professuren Peter Schäfers in Berlin und Princeton und schließlich seine Zeit als Direktor des Jüdischen Museums in Berlin. Ein Gespräch über das aschkenasische Judentum, den Zionismus, glückliche Fügungen und Niederlagen. Den Originalbeitrag und mehr finden Sie bitte hier: https://lisa.gerda-henkel-stiftung.de/zu_gast_bei_lisa_barbara_und_peter_schaefer
In Asia-Pacific, CISOs are navigating a pivotal shift as organisations operationalise AI across complex hybrid and sovereign environments in 2026-2027. AI has evolved from an innovative layer into a source of profound operational and security complexity, where failures in autonomous systems now trigger systemic business risks rather than contained outages, amplified by geopolitical tensions, supply-chain interdependencies, and regulatory volatility.Ultimately, building digital resilience at scale demands robust governance, continuous monitoring, and sovereign-compliant architectures that safeguard trust, uptime, and compliance—enabling sustainable AI-driven growth without exposing enterprises to unacceptable risk. In this PodChats for FutureCISO, John Morgam, SVP & GM of Splunk Security, reveals how machine data and agentic AI help CISOs operationalise real-time observability, bridge talent gaps, and embed sovereign-compliant resilience. From Singapore to Sydney, discover strategies for secure, scalable AI growth through 2027.John, welcome to PodChats for FutureCISO.Here are 10 key questions for CISOs in Asia in 2026, sequenced to align with the narrative flow:1. Why has AI transitioned from a supplementary technology to a core driver of operational and security complexity across Asian enterprises? 2. How are AI-related failures increasingly manifesting as systemic business risks rather than isolated technical incidents? 3. What machine data strategies have organisations in Asia implemented to create a definitive, auditable record of system, user, and autonomous agent behaviour across hybrid environments? 4. Telemetry. How are organisations in Asia embedding real-time observability into security architectures to detect anomalies before AI-driven failures cascade across interconnected systems? a. SIEMs and SOARs have been with us even before AI. What's different today?5. Given the regional investment in security talent consolidation, what expertise gaps remain in organisations' ability to govern where AI and operational decisions converge? 6. How does the convergence of automation, human judgement, and unified data enable agentic AI to transform security operations capabilities? 7. In what specific ways can agentic AI accelerate detection, deepen investigations, and support controlled, proportionate responses to incidents? 8. What practical strategies allow organisations to operationalise AI at enterprise scale across hybrid infrastructures while sustaining resilience? 9. How are regional CISOs adapting to sovereignty requirements across Asia—from Singapore's MAS guidelines to Australia's data locality rules—while maintaining unified security visibility? 10. How can trust, uptime, and regulatory compliance be maintained as AI adoption accelerates in sovereign, multi-cloud Asia-Pacific contexts?11. What should CIOs and CISOs bear in mind as Agentic AI makes its way in the SOC?
The security operations center is under pressure from every direction -- rising alert volumes, fragmented data environments, and a skills gap that no amount of hiring fully closes. At RSAC Conference 2026, Monzy Merza of Crogl sat down with Sean Martin and Marco Ciappelli to talk about what the AI-enabled SOC actually looks like when it is working at enterprise scale. Crogl recently published the State of the AI SOC report, a survey of more than 600 organizations. The headline finding: nearly 40% of alerts go completely unattended. Not triaged. Not escalated. Just missed. The report also found that a large share of respondents rank the security of an AI system above its raw capability -- trust before performance. Merza says the goal of the report was part data, part demystification, and part empathy building -- giving security leaders permission to recognize that everyone is dealing with the same problems. Crogl's knowledge engine is built on a foundational premise: data is fragmented in the enterprise, and that is not going to change. Rather than requiring data normalization before analysis, Crogl builds an enterprise semantic knowledge graph that maps relationships across data lakes, SIEMs, and SOAR platforms, wherever the data lives. Analysts no longer need to navigate schemas or query languages. Crogl handles the investigation and surfaces what matters. Merza describes two compressor effects his customers experience. A competency compressor allows any analyst to draw on multiple data lakes at once. A domain knowledge compressor lets Crogl work across alert types -- phishing, endpoint, and beyond -- rather than routing each to a specialist. The result is a team that operates well above its apparent headcount. One customer example: a CISA advisory that would take hours to manually parse can be uploaded into Crogl and assessed across the enterprise footprint -- IOC mapping and detection coverage -- in sub-hours. The same logic extends to compliance, where audit data calls that once required manual query-by-query execution can now be executed by Crogl against a full 500-query data call at once. On the jobs question, Merza takes a clear position: AI will create more security jobs, not fewer. Every new AI deployment is a new attack surface. Every new footprint needs to be defended. The repetitive tier-one work is going away -- but the volume of meaningful security work is expanding and the entry level is rising. The organizations getting ahead of this are already standing up AI review boards and putting security capability at the center of how they evaluate new AI tools. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Monzy Merza, Co-Founder and CEO, Crogl LinkedIn: https://www.linkedin.com/in/monzymerza RESOURCES State of the AI SOC Report (free download): https://www.crogl.com Crogl: https://www.crogl.com AI SOC Summit: https://aisocsummit.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Monzy Merza, Crogl, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI SOC, security operations center, SOC automation, AI in cybersecurity, alert fatigue, security data lakes, SIEM integration, enterprise knowledge graph, threat intelligence, CISA advisory, Volt Typhoon, RSAC Conference 2026, RSAC 2026, cybersecurity AI, autonomous investigation, SOC analysts, security workforce, CISO strategy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
At RSAC Conference 2026, the expo floor runs on one word: AI. But Lisa Liu, Corporate Marketing and Communications Manager at Stellar Cyber, has been watching the confusion this creates in real time. Visitors at the Stellar Cyber booth are asking the same question: does AI in cybersecurity mean a tool that fights AI-powered attackers, a tool that is AI-based, or something else entirely? Lisa Liu's take is direct -- if your messaging can't answer that question, the noise is winning. Stellar Cyber has been building toward a human-augmented, autonomous SOC for years -- long before "agentic" became the conference password. The logic driving that mission is not about market positioning. It is about what happens when AI makes a mistake at scale. One error in judgment can echo a thousandfold. Human oversight is not a limitation on the platform -- it is the architecture. The goal is not to put a human on the sidelines as a safety check. The goal is to make every analyst perform at a higher level, so a junior analyst works at the capability of a senior analyst. Lisa Liu draws on the Waymo analogy familiar to anyone walking the streets of San Francisco this week: autonomous vehicles went from having a safety driver present to running solo. But when a power outage knocked out every Waymo unit simultaneously, the city needed humans to step in immediately. The same principle applies to security operations. Agentic AI is changing the analyst's role -- replacing alert fatigue and log chasing with higher-order problem solving -- but human involvement in the process is not going away. For SOC teams asking how to get there, Lisa Liu is clear: success is not a rip-and-replace project. Success is minimal personnel disruption and maximum operational efficiency -- repositioning existing tools to work smarter without exposing the organization to weeks of vulnerability during a rebuild. Stellar Cyber's platform integrates with existing SIEMs and tools, adds coverage across network, endpoint, identity, and cloud environments, and offers hundreds of pre-built integrations with more being added continuously. For managed security service providers serving clients across different industries and risk profiles, that kind of unified visibility is what makes the business model scale. The outcomes are specific. One Stellar Cyber customer reported that analysts were 83% more accurate in their threat environment analysis. Lisa Liu frames that number carefully: analysts are not measured by what they catch -- they are measured by what they miss. Any meaningful improvement in accuracy is not just a business metric. It changes how people feel about their work. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Lisa Liu, Corporate Marketing and Communications Manager, Stellar Cyberhttps://www.linkedin.com/in/lisaaliu/ RESOURCES Stellar Cyber: https://stellarcyber.ai Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Lisa Liu, Stellar Cyber, Sean Martin, RSAC Conference 2026, human-augmented SOC, autonomous SOC, AI-native security operations, Multi-Layer AI, MSSP security platform, SOC analyst efficiency, alert triage, agentic AI cybersecurity, brand spotlight, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Monzy Merza, Co-Founder and CEO of Crogl, sat down with Sean Martin and Marco Ciappelli ahead of RSAC Conference 2026 with a position that cuts against the prevailing AI narrative: there will be more security engineers next year than there are today, not fewer. His reasoning draws on how automation has always worked. The phone contact list eliminated the need to memorize numbers -- and people communicated with far more people as a result. AI in security will expand the surface area practitioners must handle, not shrink the need for them. Crogl was founded in 2023 to make every security practitioner as effective as their entire team. What sets Crogl apart is a refusal to require data normalization before the product becomes useful. Instead, Crogl builds a semantic knowledge graph across an organization's existing data lakes, SIEMs, and SOAR platforms -- however many there are -- so analysts can investigate alerts and threat hunt across their real environment, not an idealized version of it. Monzy Merza applies the same logic to language models as to data: if different data stores serve different purposes, why accept a single LLM for every security scenario? Crogl lets organizations choose their model, swap as needs evolve, and deploy on any footprint -- including fully air-gapped environments. For government agencies, energy utilities, and manufacturers, that is not a feature. It is a deployment prerequisite. Financial services leaders across 15 conversations in New York told Merza the same thing unprompted: Crogl's investment in an enterprise semantic knowledge graph is what they see as genuinely correct. Their argument: you cannot solve enterprise security operations with AI without knowing where data lives without transforming it. These were practitioners speaking, not vendors. The week before RSAC Conference, Crogl hosted the first AI SOC Summit near Washington, DC -- no NDAs, no directed demos. Attendees brought their own laptops, got access tokens, and used Crogl on their own problems, completely unattended. The booth at RSAC Conference will work the same way: walk up, run real scenarios, no one driving the demo. The head of AI, UX designer, and chief architect will all be on the floor to listen and be challenged. Organizations building AI security strategy around eliminating people are making a bet history does not support. The smarter path -- and the one Crogl is built around -- is enabling practitioners with tools that meet them where they are, on the data they have, with the models they trust, in the environments they control. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Monzy Merza, Co-Founder and CEO, Crogl On LinkedIn: https://www.linkedin.com/in/monzymerza/ RESOURCES Crogl: https://www.crogl.com AI SOC Summit: https://www.aisocsummit.com/ RSAC Conference 2026 Coverage on ITSPmagazine: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Monzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC, security operations center, autonomous alert investigation, enterprise semantic knowledge graph, AI security tools, SOC automation, security analyst, threat hunting, data normalization, large language models, agentic AI, RSAC 2026, RSAC Conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Guest: Raffael Marty, Operating Advisor, a SIEM legend since 1999 Topics: You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims? You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one? You call the rise of independent security data pipelines the "SIEM Trojan Horse." How quickly is this abstraction layer turning SIEM into a "swappable" component, and what should SIEM vendors have done differently years ago to prevent this market from existing? This "AI SOC" thing, is this even real? Is AI in a SOC a better label? Do you think major SIEM vendors will own this very soon, like they did with UEBA and SOAR? If volume-based pricing is flawed because it penalizes good security hygiene, what is a better SIEM pricing model that fairly addresses compute, enrichment, and retention costs without just shifting the volume cost to unpredictable query charges? You question the idea that startups can find a better way to release detection rules than large vendors with significant content teams. What metrics should security leaders use to evaluate the quality of a vendor's detection engineering (DE) output beyond just coverage numbers? Can AI fix DE? Resources: Video version The SIEM Maturity Framework: A Practical Scoring Tool for Security Analytics Platforms and raffy.ch/SIEM/ The Gaps That Created the New Wave of SIEM and AI SOC Vendors How AI Impacts the Cyber Market and The Future of SIEM Why Venture Capital Is Betting Against Traditional SIEMs EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future Decoupled SIEM: Brilliant or Stupid? Decoupled SIEM: Where I Think We Are Now?
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev
Götzke, Manfred www.deutschlandfunk.de, Streitkultur
In this episode, Cliff Crosland, CEO & co-founder of Scanner.dev, shares his candid journey of trying (and initially failing) to build an in-house security data lake to replace an expensive traditional SIEM.Cliff explains the economic breaking point where scaling a SIEM became "more expensive than the entire budget for the engineering team". He details the technical challenges of moving terabytes of logs to S3 and the painful realization that querying them with Amazon Athena was slow and costly for security use cases .This episode is a deep dive into the evolution of logging architecture, from SQL-based legacy tools to the modern "messy" data lake that embraces full-text search on unstructured data. We discuss the "data engineering lift" required to build your own, the promise (and limitations) of Amazon Security Lake, and how AI agents are starting to automate detection engineering and schema management.Guest Socials - Cliff's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:25) Who is Cliff Crosford?(03:00) Why Teams Are Switching from SIEMs to Data Lakes(06:00) The "Black Hole" of S3 Logs: Cliff's First Failed Data Lake(07:30) The Engineering Lift: Do You Need a Data Engineer to Build a Lake?(11:00) Why Amazon Athena Failed for Security Investigations(14:20) The Danger of Dropping Logs to Save Costs(17:00) Misconceptions About Building Your Own Data Lake(19:00) The Evolution of Logging: From SQL to Full-Text Search(21:30) Is Amazon Security Lake the Answer? (OCSF & Custom Logs)(24:40) The Nightmare of Log Normalization & Custom Schemas(28:00) Why Future Tools Must Embrace "Messy" Logs(29:55) How AI Agents Are Automating Detection Engineering(35:45) Using AI to Monitor Schema Changes at Scale(39:45) Build vs. Buy: Does Your Security Team Need Data Engineers?(43:15) Fun Questions: Physics Simulations & Pumpkin Pie
The nature of Security Operations is changing. As cloud environments grow in complexity and data volumes explode, traditional approaches to detection and response are proving insufficient. This episode features an in-depth conversation with Kyle Polley, who leads the AI security team at Perplexity, about a modern blueprint for the Security Operations Center (SOC).The discussion centers on a necessary architectural shift away from traditional SIEMs, which were not built for today's scale, toward a "data lake infrastructure built for detection and response". Kyle explains how this model provides the scalability needed to handle modern data loads and enables a more effective incident response process.A cornerstone of this new model is the use of centralized AI agents. The conversation explores how these agents can be tasked with performing in-depth alert investigations, helping to reduce analyst burnout and allowing security teams to focus on more proactive, high-impact work. This approach moves beyond simple automation to create a system where AI augments and enhances the capabilities of the human team.Guest Socials - Kyle's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction to Kyle Polley & The Future of SOCs(01:03) The Core Argument: Why You Must Build Your SOC Before Compliance(03:34) Beyond the Certificate: The Difference Between Being Compliant vs. Secure(04:20) Today's #1 AI Threat: The Challenge of Prompt Injection(06:00) The Architectural Flaw: Handling Untrusted Data in AI Systems(08:20) The "Security Data Lake": Moving Beyond the Traditional SIEM(15:00) The Future is Now: A Centralized AI Agent for Automated Investigations(20:06) Will AI Take My Job? How AI Elevates, Not Replaces, the Security Analyst(25:20) Redefining "Shifting Left" with Personal AI Security Agents(31:00) Can AI Reason? How Modern AI Agents Intelligently Query Logs(37:05) Rethinking Incident Response Playbooks in the Age of AI(41:00) The MVP SOC: A Practical Roadmap for Small & Medium Companies(46:08) Final Questions: Maintaining Optimism, Woodworking, and Tex-Mex(50:08) Where to Connect with Kyle PolleyResources spoken about during the episode:Easy Agents: an open-source frameworkHow to give every department their own AI Agent
In this dynamic episode of The Segment, two of cybersecurity's biggest names reunite with host, Raghu Nandakumara, for a no-holds-barred conversation: John Kindervag, the godfather of Zero Trust, and Dr. Chase Cunningham, aka Dr. Zero Trust. What unfolds is a fast-paced, insight-packed dialogue that spans decades of hard-earned wisdom, unexpected humor, and a shared mission to demystify modern cyber defense.John and Chase reflect on the global evolution of Zero Trust—from its scrappy beginnings to its widespread adoption by Fortune 500s, military leaders, and even elder care facilities. They dive into why context-driven maps are now indispensable, how graph-based security is reshaping the cyber terrain, and where AI and automation can give defenders a real edge. Expect candid takes on the limits of SIEMs, the failure of red teaming without strategy, and why defenders need to start thinking like attackers if they want to win.There's personal reflection too—Chase shares why he was reluctant to pick up the Zero Trust torch, and John opens up about the real heart behind the strategy. With wit, war stories, and straight talk, they make a clear case: cybersecurity isn't about perfection—it's about deterrence, resilience, and knowing what truly matters. Topics Covered:The origin and global adoption of Zero Trust Why “good maps” are critical for cyber resilience Real-world applications of AI in cyber defense Why attackers often outmaneuver defenders—and how to change that The psychology of leadership in cybersecurity strategy From Chick-fil-A to Bletchley Park: the unexpected places Zero Trust shows up Chase's take on stock-picking based on breach trends (yes, really) Resources Mentioned:Think Like an Attacker by Dr. Chase Cunningham John Kindervag's Zero Trust 5-Step Model “Zero Trust Terrain & Holding the High Ground” LinkedIn Live Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com
Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale? Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond? What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol
Guest: Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There's been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all about? What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend? Tell us about the early days of SecOps (nee Chronicle) and why we didn't go with this approach? What are the upsides of a tightly coupled datastore + security experience for a SIEM? Are there more risks or negatives of the decoupled/decentralized approach? Complexity and the need to assemble “at home” are on the list, right? One of the 50 things Google knew to be true back in the day was that product innovation comes from technical innovation, what's the technical innovation driving decoupled SIEMs? So what about those security data lakes? Any insights? Resources: EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP184 One Week SIEM Migration: Fact or Fiction? Hacking Google video series Decoupled SIEM: Brilliant or …. Not :-) UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion So, Why Did I Join Chronicle Security? (2019)
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities. Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path. My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence? Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card. https://www.mycyberpath.com/ https://www.mycyberpath.com/auth/register In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-377
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities. Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path. My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence? Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card. https://www.mycyberpath.com/ https://www.mycyberpath.com/auth/register In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-377
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-377
The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-377
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374
The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: Threat Locker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-374
I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: Threat Locker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-374
Jen has a fascination with perfume and specifically the history of perfume and is the perfumer behind Immortal Perfumes, a micro-perfumery specializing in historically inspired scents. Her creations have been featured in New York Magazine, The Los Angeles Times, and Seattle Met among others.Jen researches and writes about historical figures and their fragrances for her popular TikTok channel. She also writes fiction and has been published in several anthologies.Nelson and Alexandra had a wonderful and insightful conversation with Jen about the Perfumer Adolf Saalfeld, a German-born Jew, who boarded the Titanic with plans to sell his fragrances in New York City. In his rush to leave the ship as it sank, he left samples of his scents behind. In 2001, salvage experts recovered 62 perfume vials from the case, some of which still contained the original scent.Jen's shop IMMORTAL PERFUMES in Seattle ~1752 NW Market Street #4176, Seattle, WA 98107, United StatesWebsite is ~ www.immortalperfumes.comInsta and TikTok @immortalperfumesSeason One of Titanic Talk now available on Patreonbit.ly/TitanicTalkPatreonGo to www.shipofdreamsfilm.com and subscribe to our newsletter and for links and details of 2024 screenings in UK, Australia and New Zealand.TITANIC TALK Official Merchandise now on sale HERET-shirts, hoodies, baseball caps and mugs - the perfect gift for your favourite TitaniacFor more information on where to watchSHIP OF DREAMS: TITANIC MOVIE DIARIES go toshipofdreamsfilm.comShip of Dreams on FacebookShip of Dreams on TikTokWatch TITANIC TALK on YouTube go to ~TITANIC TALK YouTubeInstagram @titanic_talk_podcastFacebookFollow NelsonInstagram @nelsonaspenTwitter @nelsonaspenFollow Alexandra Instagram ...
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denial of service robots All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-370
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denial of service robots All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-370
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". Show Notes: https://securityweekly.com/esw-370
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". Show Notes: https://securityweekly.com/esw-370
In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up.Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks. SIEM systems can log events and information across an entire organization and its networks. When properly set up, SIEMs can collect activity data from work-issued devices, vital servers, and even the software that an organization rolls out to its workforce. The purpose of all this collection is to catch what might easily be missed.For instance, SIEMs can collect information about repeated login attempts occurring at 2:00 am from a set of login credentials that belong to an employee who doesn't typically start their day until 8:00 am. SIEMs can also collect whether the login credentials of an employee with typically low access privileges are being used to attempt to log into security systems far beyond their job scope. SIEMs must also take in the data from an Endpoint Detection and Response (EDR) tool, and they can hoover up nearly anything that a security team wants—from printer logs, to firewall logs, to individual uses of PowerShell.But just because a SIEM can collect something, doesn't necessarily mean that it should.Log activity for an organization of 1,000 employees is tremendous, and the collection of frequent activity could bog down a SIEM with noise, slow down a security team with useless data, and rack up serious expenses for a company.Today, on the Lock and Code podcast with host David Ruiz, we speak with Microsoft cloud solution architect Jess Dodson about how companies and organizations can set up, manage, and maintain their SIEMs, along with what advertising pitfalls to avoid when doing their shopping. Plus, Dodson warns about one of the simplest mistakes in trying to save budget—setting up arbitrary data caps on collection that could leave an organization blind.“A small SMB organization … were trying to save costs, so they went and looked at what they were collecting and they found their biggest ingestion point,” Dodson said. “And what their biggest ingestion point was was their Windows security events, and then they looked further and looked for the event IDs that were costing them the most, and so they got rid of those.”Dodson continued:“Problem was the ones they got rid of were their Log On/Log Off events, which I think most people would agree is kind of important from a security perspective.”Tune in today to listen to the full conversation.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: “Good...
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What's broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo replaces traditional SIEMs with a real-time security data platform. Devo's integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time. Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark. NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn't blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
Guests:Mick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]On LinkedIn | https://linkedin.com/in/mick-douglasOn Twitter | https://twitter.com/bettersafetynetDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruz____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining Cybersecurity podcast, Sean Martin is joined by Mick Douglas and Dinis Cruz to delve into a debatable topic: The role and effectiveness of Language Model (LLM) AI in Security Incident and Event Management (SIEM) systems.Mick, with a rich history in cybersecurity, contends that while AI has its place, he doesn't believe it belongs in the SIEM itself. In contrast, Dinis cites the potential of AI to make SIEMs more productive by cleaning up data, reducing noise, and improving signal value. They discuss the issues of handling vast data sets, the potential for AI to help identify and manage anomalies, and how to create learning environments within SIEM. However, concerns were also raised regarding false positives, trust issues with AI and the significant computational costs to implement and maintain these AI systems.Key Questions Explored:Does AI belong in SIEM systems?What potential does AI bring to SIEM?What are the potential issues with implementing and maintaining AI in SIEM?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
On this week's episode of the Detection at Scale podcast, Jack talks with Dr. Anton Chuvakin, Senior Security Staff at the Office of the CISO at Google Cloud. They dig deeper into the conversation taking place online around decoupled SIEMs, which both Jack and Anton wrote about. They discuss what a decoupled SIEM is, the evolution of data platforms and security capabilities, if decoupled SIEMs will work broadly with current customer demands, and if having backend data lakes is the best solution for fast, real-time querying. Topics discussed: What is a decoupled SIEM, and why the broader discussion around whether security data lakes will replace SIEMs prompted Anton's Medium post. How this conversation is being driven by the fact that we're coming to the "end of the runway" on previous storage choices. The arguments around why decoupling may not work broadly, simply because customers want integrated SIEMs. The evolution of data storage platforms and how successful past attempts at integrating security capabilities were. Why there's not a straightforward solution to storage — and why it's a challenge that's taking years to solve. Why having a data lake on the backend is the best solution to fast querying and real-time detection. A discussion around OCSF and the benefits of log normalization. Resources Mention: “Decoupled SIEM: Brilliant or Stupid?” by Anton Chuvakin “The Transition from Monolithic SIEMs to Data Lakes for Security Monitoring” by Jack Naglieri
This week we talk about the Siems family getting ready for Thanksgiving. The family believe they caught the flu as they are getting ill one by one, but once they make it to the hospital they are surprised at the diagnosis. We also talk about the failure and success of the Apollo 13. Three astronauts have a mission to get to the moon, but their oxygen gets compromised. Listen to how they survived now! Drink of the Week: Fall Blush
Guest: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbella____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn the fast-paced world of cybersecurity, market dynamics constantly evolve, driven by technological advancements, strategic partnerships, and acquisitions. One recent development that has captured the industry's attention is Cisco's intended acquisition of Splunk. This move promises to reshape the cybersecurity landscape and prompts us to explore the implications it holds for market competitiveness and security program effectiveness. In this conversation, Sean Martin and Allie Mellen take a journey into the intricacies of this acquisition, examining its impact on the dynamics of the cybersecurity space overall.Sean and Allie discuss some of the key drivers behind the acquisition, touching on the challenges Splunk has faced and the industry's need for more innovation in security operations. They dive into the challenges faced by security teams, particularly regarding SIEM cost management and a lack of innovation. They also touch on the importance of talent management, training beyond the tools, and improving the analyst experience to drive transformation efforts.The conversation expands to consider the broader market impact of the acquisition. They discuss the opportunities for other security analytics and SIEM vendors to position themselves as alternatives to Splunk. The emergence of the XDR market expanding deeper into the security response space is also explored, focusing on its potential to provide bundled offerings that replace some of the traditional SIEMs on the market.Sean and Allie also discuss the potential vision for SIEM and whether the shift towards XDR and endpoint-focused solutions limits the potential for a broader security operations scope. While XDR vendors aim to expand beyond endpoints, the discussion acknowledges the need for more comprehensive solutions like Splunk that remain ready to handle events and incidents that occur beyond the endpoint.They also have a discussion on potential future trends, such as federated search and access of data, and the interest in building a more comprehensive, sustainable IT operations platform.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
We delve deep into the heart of the opioid crisis, focusing on the devastating impact of fentanyl. Our special guest, Melanie Yates, LMSW, a May 2023 graduate from the University of Maryland School of Social Work, shares her personal journey of loss and her relentless pursuit to make a difference. Melanie's efforts led to the passing of the Josh Siems Act, a groundbreaking legislation that mandates Maryland hospitals to test for fentanyl. October is National Substance Abuse Prevention Month, so please join us as we discuss the importance of substance abuse awareness, the challenges of navigating the political system, and the hope for a safer future. Warning: This episode discusses topics of addiction, overdose, and family loss.Listen to The UMB Pulse on Apple, Spotify, Amazon Music, and wherever you like to listen. The UMB Pulse is also now on YouTube.Visit our website at umaryland.edu/pulse or email us at umbpulse@umaryland.edu.
In today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords to give you a no-nonsense look at how these tools fit together, complement each other, or might even replace one another in specific use-cases. Selecting the right tool can be overwhelming, and we're here to guide you through the when, where, and how of leveraging these technologies effectively. Whether you're encountering overlapping features or unique challenges, we'll help you make a savvy, informed choice for your workloads. Tune in for a practical guide to navigating the complex landscape of cybersecurity tools.
This episode of the ADCG Privacy and Cybersecurity Podcast features Ken Westin, Field CISO for Panther Labs. Ken has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. We discuss how the lack of good application and data inventories impact incident response. When data is spread across data centers, clouds, and SaaS providers, it becomes difficult to track and trace an incident and understand its impact, but it becomes especially hard if the data involves confidential or proprietary business data that is not tracked by privacy officers or if it includes sensitive data that may involve regulators. The recent MOVEit breach, which involved software used to transfer sensitive data between servers, systems, and applications, provided rich lessons in the need for data asset inventories and SIEMs that can correlate data across providers and platforms.
In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328
In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them! This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328
As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328
On this week's episode of the Detection at Scale podcast, Jack talks with Anton Chuvakin, Security Advisor at the Office of the CISO at Google Cloud, and Timothy Peacock, Senior Product Manager at Google. Together, they discuss some of the needs and trends in cybersecurity today, including how to know what level of D&R your organization needs, the use cases for AI today, and how LLMs and SIEMs will handle data at scale. They also talk about the need for more creative solutions to misconfiguration management, three things security practitioners can do to improve cloud security, and why cybersecurity is the "most intellectually stimulating profession on the planet." Topics discussed: What attracted Anton and Timothy to cybersecurity, what makes them stay, and why the intersection of humans and technology make it the “most intellectually stimulating profession on the planet.” How organizations can evaluate the level of security they need, why it's crucial to know whether you need to go from zero to one, or five, or a hundred, and how organizations with no detection and response strategies can get started. What use cases there will be for AI in cybersecurity, and while it may be good at summarizing, explaining complexity, and classifying, it may not be ready to create usable code. Why security practitioners need to think more about whether SIEMs can support planetary scale, and whether decentralization is the solution. The role LLMs will play in helping to manage large data sets, and how it may change the way organizations use MDRs. Why the industry needs new, creative ways to solve the ongoing problem of cloud misconfigurations in order to break vicious cycles through shared faith. Three pieces of advice to improve cloud security, including knowing your security needs, practicing, and making friends so you know you're note alone.
This episode features a discussion on the Suncor cyber attack, the costs of the Indigo ransomware attack and the value of SIEMs
After 2 decades of trying to make SIEMs work, security data lakes are a hot topic as they present an increasingly attractive alternative. The only hotter topic is ChatGPT and the game changing potential of AI. So in episode 52 of Security Voices, we mash the two together as Dave, Pathik Patel (Informatica), and Omer Singer (Snowflake) explore the many angles of security data lakes with an AI-assist from ChatGPT.From a functional definition to dishing on whether security data lakes signal the death of the SIEM, ChatGPT weighs in impressively early in the episode. Its later performance is much more suspect, seemingly gassing out under the pressure of harder (more poorly formed?) questions and likely a knee-buckling workload from millions of others testing the service simultaneously. The humans go on to discuss the real-time expectations for SIEMs vs. the “single source of truth” nature of security data lakes which lead to an exploration of product “suites” vs. specialized services and promise of the data lake to potentially unify them all.The week prior to the recording was the announcement of both the Open Cybersecurity Schema Framework (OCSF) standard alongside AWS' new Security Data Lake offering built on top of S3. We discuss the implications of AWS entering the space and what it means for already entrenched companies like Snowflake and Splunk. Pathik explains the significance of OCSF for security leaders and his projection of how important it will be for alleviating vendor lock-in and ultimately boosting our ability to provide strong security analytics.The practical realities of building and running a security data lake are clearly described from Pathik's experience at Informatica focusing on harmonizing and reporting on vulnerability data. He makes plain the amount of work involved– and the clear benefits of piggybacking off the company's existing data lake.The episode wraps with ChatGPT refusing to say anything further while Omer and Pathik take turns doing some end of year crystal ball gazing.
All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Should certifications be a requirement on your job listings? Are the SIEMs failing or do the users not know how to configure them? Or is it both? Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?
Snake Oilers isn't our regular weekly podcast, it's a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We'll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company's cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud's Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google's Cloud-Native SIEM Platform
Avination, what is going on and welcome back to episode 213 of the Pilot to Pilot podcast. Todays episode is with my wife DOCTOR Christina Siems! If you enjoy this podcast make sure to let us know and make sure you leave a review and check out Pilot's Coffee!
© 2020-2026 Ivy Podcast Discovery LLC
