Podcasts about SOC

In this episode of Defender Fridays, we talk to Alec Fenton, VP Security Operations at Foresite Cybersecurity, practical career advice for defenders, SOC metrics that actually matter and AI in security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Alec is a seasoned Cyber Security professional with over 15 years of extensive experience across many IT domains. With a career spanning more than a decade, Alec has honed his expertise in addressing a broad spectrum of cybersecurity challenges, leveraging his analytical prowess and hands-on approach to leadership.Throughout his career, Alec has navigated the intricate landscape of IT security, working across various sectors including managed service providers and private companies. His tenure as an analyst in the cybersecurity space has not only equipped him with a deep understanding of emerging threats and vulnerabilities but has also shaped his leadership philosophy of "lead from the front."Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Send us a textMeet Rapid7's Deral Heiland—a self-described “visual historian” who balances high-tech research with hands-on artifacts from Roman coins to Civil War relics

In this episode of Great Leaders UK, we are joined by Julia Weimer, Director of Solution Engineering UKI at Wiz, to discuss the critical, often underutilized role of pre-sales in driving elite sales execution. Julia shares her unique journey from Security Analyst in a SOC to leading a high-performing SE team , emphasizing why Sales Engineers must be viewed as equal business partners to Account Executives, not just technical support. She walks us through the importance of symbiotic relationships , leveraging structure like MEDDIC , and the power of empowering SEs to build technical champions.

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Breaking Free from Data Normalization: A Smarter Path for Security TeamsTraditional security models were built on a simple idea: collect data, normalize it, and analyze it. But as Director of Product Marketing Cory Wallace explains in this conversation with Sean Martin, that model no longer fits the reality of modern security operations. Data now lives across systems, clouds, and lakes—making normalization an inefficient, error-prone step that slows teams down and risks critical blind spots.Rethinking How Analysts Work with DataCory describes how schema drift, inconsistent field naming, and vendor-specific query languages have turned the analyst's job into a maze of manual mapping and guesswork. Each product update or schema change introduces a chance to miss something important—something an attacker is counting on. Crogl's new patent eliminates this problem by enabling search and correlation across unnormalized data, creating a unified analytical view without forcing everything into one rigid format.From Data Chaos to Analyst EmpowermentThis shift isn't just technical—it's cultural. Instead of treating SOC analysts as passive alert closers, Crogl's model empowers them with meaningful context from the start. Alerts now come with historical data, cross-referenced fields, and prebuilt queries, giving analysts the information they need to make decisions faster and more confidently.Efficiency with IntelligenceWallace explains how this approach saves time, reduces training burdens, and cuts dependency on multiple query languages. It helps overworked teams move from reactive triage to proactive investigation. By removing unnecessary layers of data transformation, organizations can accelerate incident resolution, minimize risk, and help analysts focus on what matters most—catching what others miss.At its core, the conversation highlights how removing the barriers of data normalization can redefine what's possible in modern security operations.Watch the full interview: https://youtu.be/Kx2JEE_tYq0Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTCory Wallace, Director of Product Marketing at CROGL | On LinkedIn: https://www.linkedin.com/in/corywallacecrogl/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglPress Release: https://www.globenewswire.com/news-release/2025/11/05/3181815/0/en/Crogl-Granted-Patent-for-Analyzing-Non-Normalized-Data-for-Security.htmlForbes Article: https://www.forbes.com/sites/justinwarren/2025/11/05/tackling-cybersecurity-data-sprawl-without-normalizing-everything/LinkedIn Post: https://www.linkedin.com/posts/activity-7391913358817517569-QaCHAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of Resilient Cyber, I sit down with Kamal Shah, Cofounder and CEO at Prophet Security, to discuss the State of AI in SecOps. There continues to be a tremendous amount of excitement and investment in the industry around AI and cybersecurity, with Security Operations (SecOps) arguably seeing the most investment among the various cybersecurity categories.Kamal and I will walk through the actual state of AI in SecOps, how AI is impacting the future of the SOC, what hype vs. reality is, and much more.

-Broadcom and a company called CAMB.AI are teaming up to bring on-device audio translation to a chipset. This would allow devices that use the SoC to complete translation, dubbing and audio description tasks without having to dip into the cloud. -Next year will see the end arrive for two of Facebook's external social plugins. The platform's Like button and Share button for third-party websites will be discontinued on February 10, 2026. -Ford may be on the verge of sunsetting the F-150 Lightning truck. The model is an electric pick-up truck, and the best-selling one in the US, but the publication cited Ford execs who said the company would consider halting production completely on the F-150 Lightning. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Longitudinal studies of how an individual's accent changes over the course of their life are hard to come by. Fortunately, Taylor Swift's decade-plus career-- and the numerous interviews she's given over those years-- has opened a window into our understanding of how and why dialect changes may occur on an individual level. We talk to Miski Mohamed and Matthew Winn (University of Minnesota) about their work analyzing the shifts in Taylor Swift's speech over the years.Associated paper:- Miski Mohamed and Matthew B. Winn. "Acoustic analysis of Taylor Swift's dialect changes across different eras of her career." J. Acoust. Soc. Am. 158, 2278–2289 (2025). https://doi.org/10.1121/10.0039052Read more from The Journal of the Acoustical Society of America (JASA).Learn more about Acoustical Society of America Publications.Music Credit: Min 2019 by minwbu from Pixabay. 

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense—complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

Pour l'épisode #327 je recevais Geoffrey Berard. On en débrief avec Louis.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Podcast: Simply ICS CyberEpisode: S2 E7: ICS/OT Security Operations CentersPub date: 2025-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe growing need for visibility and response in industrial environments is driving more organizations to consider ICS/OT Security Operations Centers — but what does that actually look like for small and medium-sized operations?In this episode of Simply ICS Cyber, Don and Tom sit down with Dan Gunter, CEO and founder of Insane Cyber, to discuss how ICS/OT SOCs function, what data truly matters for monitoring, and how incident response changes when operators have (or don't have) the right information at hand.Drawing on experience from the Air Force CERT to founding an OT-focused security company, Dan shares a practical look at the realities of SOC implementation across industries — from utilities with limited staff to large-scale enterprises managing thousands of assets.Listeners will gain insight into how to start building visibility, selecting the right MSSP partners, and managing SOC fatigue — all while keeping industrial operations safe and resilient.⚙️ Tune in to learn how data, process, and people come together to make ICS/OT SOCs work in the real world.Connect with Dan on LinkedIn: https://www.linkedin.com/in/dan-gunter

Cybersecurity has a long memory—and an even longer list of recurring frustrations. Chief among them: alert fatigue. For as long as security teams have existed, they've been drowning in notifications, dashboards, and blinking red lights. Each new platform promises to […] The post From Alert Fatigue to Cyber Resilience: Rethinking the Future of the SOC with AI appeared first on TechSpective.

Got a question or comment? Message us here!

"L'importance ne réside plus uniquement dans l'écriture de code, mais dans la capacité à exprimer des concepts systèmes et à conceptualiser les solutions." Episode in English // Premier épisode en anglais d'If This Then DevThe D.E.V. of the week is Marcel Weekes, VP of Engineering at Figma.Marcel shares what it means to lead a global engineering team while keeping collaboration, creativity, and quality at the core. We discuss how Figma bridges designers, developers, and AI &mdash and how this unique culture shapes the way software gets built.From managing tech debt at scale to integrating AI-driven code generation, Marcel reflects on how roles are evolving, why feedback is an art form, and what agility really means when your product is collaboration itself.A sincere and grounded conversation on leadership, complexity, and the human side of engineering.Chapters00:00:53 : Introduction: the Figma mindset00:03:17 : Inside Figma's 700-engineer team00:08:33 : Productivity, collaboration, and trust00:11:42 : The VP Engineering's role in keeping teams connected00:16:16 : The art of feedback00:22:02 : Managing tech debt at scale00:27:30 : Code generation tools and developer satisfaction00:34:05 : How AI is changing software development00:41:25 : The evolving role of developers with AI00:45:54 : Final thoughts and cultural recommendationsMarcel's recommandationAtlanta (serie TV) **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Embora o uso de ferramentas para apoiar as inciativas de cibersegurança tenha crescido entre as organizações, estudos apontam que o MTTR aumentou significativamente. Se, hoje, há mais oferta de dados e soluções para monitorar os ambientes, o que está causando essa disparidade no tempo de resposta aos incidentes? Este é o assunto do episódio 101 do nosso RedCast. Nosso CEO, Eduardo Lopes, e nosso gerente de SOC, Marcos Sena, discutem com Lucy Engel, diretora de segurança digital e Evandi Silva, CISO da Raízen, sobre a importância da observabilidade como o próximo passo da maturidade cibernética. ------------------------------------------------------- Siga a Redbelt Security nas redes sociais: Instagram: https://www.instagram.com/redbeltsecurity LinkedIn: https://www.linkedin.com/company/redbeltsecurity/

If your business handles customer data, SOC 2 is not optional.It may not be on your radar today, but it will be soon. And when that time comes, how early you started will make all the difference.In this episode, Marie Joseph, Manager of Compliance Advisory at Trava, explains what it takes to prepare for SOC 2 certification. She shares what early prep should look like, how to make the audit less stressful, and why every company's compliance checklist is unique.Whether you're just starting or already deep in the process, this conversation will help you avoid the most common mistakes and take SOC 2 seriously before you're forced to.Key takeaways:What most startups get wrong about SOC 2 prepWhy starting early sets you up for a smoother SOC 2 journeyHow GRC tools and consultants help you prepare for auditsEpisode highlights:(00:00) SOC 2 preparation: More than just a checklist(02:37) How GRC tools help in SOC 2 prep(03:35) When to bring in consultants or advisors(04:37) The role of an internal champion for SOC 2(06:51) Preparation for Type 1 vs. Type 2(07:46) The biggest mistakes startups makeConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - https://www.linkedin.com/in/marie-joseph-a81394143/ Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Dr. Jeff Schwartzentruber is a Senior Machine Learning Scientist at eSentire, working on anomaly detection pipelines and the use of large language models to enhance cybersecurity operations.The Evolution of AI in Cyber Security // MLOps Podcast #344 with Jeff Schwartzentruber, Staff Machine Learning Scientist at eSentire.Join the Community: https://go.mlops.community/YTJoinInGet the newsletter: https://go.mlops.community/YTNewsletter// AbstractModern cyber operations can feel opaque. This talk explains—step by step—what a security operations center (SOC) actually does, how telemetry flows in from networks, endpoints, and cloud apps, and what an investigation can credibly reveal about attacker behavior, exposure, and control gaps. We then trace how AI has shown up in the SOC: from rules and classic machine learning for detection to natural-language tools that summarize alerts and turn questions like “show failed logins from new countries in the last 24 hours” into fast database queries. The core of the talk is our next step: agentic investigations. These GenAI agents plan their work, run queries across tools, cite evidence, and draft analyst-grade findings—with guardrails and a human in the loop. We close with what's next: risk-aware auto-remediation, verifiable knowledge sources, and a practical checklist for adopting these capabilities safely.// BioDr. Jeff Schwartzentruber holds the position of Sr. Machine Learning Scientist at eSentire – a Canadian cybersecurity company specializing in Managed Detection and Response (MDR). Dr. Schwartzentruber's primary academic and industry research has been concentrated on solving problems at the intersection of cybersecurity and machine learning (ML). Over his +10-year career, Dr. Schwartzentruber has been involved in applying ML for threat detection and security analytics for several large Canadian financial institutions, public sector organizations (federal), and SME's. In addition to his private sector work, Dr. Schwartzentruber is also an Adjunct Faculty at Dalhousie University in the Department of Computer Science, a Special Graduate Faculty member with the School of Computer Science at the University of Guelph, and a Sr. Advisor on AI at the Rogers Cyber Secure Catalysts.// Related LinksWebsite: https://www.esentire.com/~~~~~~~~ ✌️Connect With Us ✌️ ~~~~~~~Catch all episodes, blogs, newsletters, and more: https://go.mlops.community/TYExploreJoin our Slack community [https://go.mlops.community/slack]Follow us on X/Twitter [@mlopscommunity](https://x.com/mlopscommunity) or [LinkedIn](https://go.mlops.community/linkedin)] Sign up for the next meetup: [https://go.mlops.community/register]MLOps Swag/Merch: [https://shop.mlops.community/]Connect with Demetrios on LinkedIn: /dpbrinkmConnect with Jeff on LinkedIn: /jeff-schwartzentruber/

Pour l'épisode #324 je recevais Julien Verlaguet. On en débrief avec Frédéric.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

"L'IA ne remplace pas les médecins, elle leur offre un filet de sécurité. Parfois, elle voit ce que l'&oeligil humain ne peut pas percevoir." Le D.E.V. de la semaine est Alexis Ducarouge, co-fondateur chez Gleamer. Alexis nous partage ses perspectives sur l'impact considérable de l'intelligence artificielle dans le domaine de la radiologie. Il souligne l'évolution spectaculaire de cette technologie, notamment des grands modèles de langage, et l'importance vitale des données labellisées pour garantir des diagnostics précis. Alexis soulève également les défis de confiance entre les médecins et ces systèmes d'IA. Il évoque la nécessité d'une approche collaborative entre radiologues et développeurs et émet enfin des perspectives intéressantes sur l'avenir de l'IA visant à améliorer les performances diagnostiques via des modèles plus holistiques.Chapitrages00:00:53 : Introduction à l'IA médicale00:01:48 : Présentation de Gleamer00:02:34 : Évolution des modèles d'IA00:04:07 : Diagnostic et apprentissage supervisé00:06:43 : Qualité des données et annotation00:09:39 : Corrélations et causalité en IA00:12:09 : Confiance dans les systèmes d'IA00:14:22 : Interactions entre médecins et IA00:16:06 : Adoption des outils d'IA en médecine00:19:00 : Choix de modèles d'IA00:20:54 : Stratégies d'acquisition et alliances00:22:10 : Formation et challenge pour les médecins00:24:22 : Impact sur la pratique médicale00:26:22 : Évolutions réglementaires et défis00:27:57 : Compréhension des enjeux médicaux00:30:26 : Annotation par des experts médicaux00:32:13 : Coûts et défis de l'annotation00:35:00 : Régulations et innovation technologique00:36:51 : Cycles de validation et publication00:38:11 : Adoption des outils en France00:39:38 : Comparaison internationale de l'adoption00:40:51 : Régulations et innovation aux États-Unis00:42:44 : Positionnement de l'IA française00:44:41 : Passage à l'échelle des startups00:47:34 : Recherche sur de nouveaux modèles d'IA00:49:47 : Suggestions de lecture et conclusion Liens évoqués pendant l'émission Le problème à trois corps : Liu, Cixin, Gaffric, Gwennaël **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Is the AI SOC analyst just hype, or is there measurable ROI? We spoke to Edward Wu, founder of Dropzone AI about this and he shared insights from a recent Cloud Security Alliance (CSA) benchmark report that quantified the impact of AI augmentation on SOC teams. The study revealed significant improvements in speed (45-60% faster investigations) and completeness, even for analysts using the tech for the first time.Edward spoke about the "robotic" limitations of traditional SOAR playbooks with the adaptive capabilities of agentic AI systems, which can autonomously investigate alerts end-to-end without pre-defined scripts . He shared that while AI won't entirely replace human analysts ("That's not going to happen"), it will automate much of the manual Tier 1 toil, freeing up humans for higher-value roles like security architecture, transformation, and detection engineering .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠Edward's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:40) Who is Edward Wu?(03:30) The Evolution of AI Agents Since ChatGPT(04:35) Surprising Findings from the CSA AI SOC Benchmark Report(06:40) Why Has Traditional Security Automation (SOAR) Underdelivered?(09:30) How AI SOC Analysts Differ from SOAR Playbooks(11:30) Does Agentic AI Reduce the Need for Security Data Lakes?(13:20) The Evolving ROI for SOC in the AI Era(14:50) ROI Use Case 1: Reducing Alert Investigation Latency(15:15) ROI Use Case 2: Increasing Alert Coverage (Mediums & Lows)(16:20) ROI Use Case 3: Depth of Coverage & Skill Uniformity(18:15) Achieving Both Speed and Thoroughness with AI(19:40) How Far Can AI Go? Detection vs. Investigation vs. Response(21:35) AI SOC Hype vs. Reality: Receptiveness and Trust(24:20) The Future Role of Tier 1 SOC Analysts(27:40) What Scale Benefits Most from AI SOC Analysts? (Enterprise & MSPs)(29:00) The Build vs. Buy Dilemma for AI SOC Technology ($20M R&D Reality)(33:10) Training Budgets: What Skills Should Future SOC Teams Learn?Resources spoken about during the episode:Beyond the Hype: AI Agents in the SOC Benchmark Study

Vi zoomer ind på Finansloven, #ValgAmok2025, direkte fra Frederiksberg Allé, 18. november, vi kredser rundt om Kommunalvalget 2025, i uger, vi kommer til at vide en del, på det KV25, Bækkestien er rykket ind, på Rådhuset i Randers, ÆldreSagen er dybt nede, i Finansloven, en petriskål af børnesygdomme, på daginstitutionerne, et pyramidespil, af kandidattest, minkavler-erstatning, vs. Finanslov, Tage kunne tage regningen selv, totalt-lokale-initiativer, de vildeste vrøvl, på valgplakaterne, rift om lygtepælene, en forfængelig rids, i lakken i København, bymurene faldt, i 2021, på Frederiksberg, Bjarne fra Soc.Dem, på Frederiksberg Allé, Jarlov på valg, i Roskilde Kommune, magtforholdene kan vende, i Ringkøbing-Skjern, færre marker, med solceller, mere knalderi, mere Gud, Randers Byråd har svinget, i 30 år, kulminerede med en fuckfinger, folk er ikke yngre, vi er bare gamle, Viborg har alt, bortset fra en grund, til at besøge byen, den er helt gal, i Kerteminde, vi har holdt meget ud, i årenes løb, og gør det igen, i år, fløjt-til-fløjt krævede tre skatteministre, når det først går dårligt, for manden, går det ad helvedes til, højtryksspul rakkerpakket, ud af forstæderne, alt andet end en stille nat, til Sarkozy, ikke mange smæk i numsen, for Messerschmidts grønne cykel, relax, while you still have the energy to do so, og hold jer væk, fra de vilde fugle.Få 30 dages gratis prøveperiode (kan kun benyttes af nye Podimo-abonnenter)- http://podimo.dk/hgdg (99 kroner herefter)Værter: Esben Bjerre & Peter FalktoftRedigering: PodAmokKlip: PodAmokMusik: Her Går Det GodtInstagram:@hergaardetgodt@Peterfalktoft@Esbenbjerre

Guest: Monzy Merza, co-founder and CEO at Crogl Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it today? You've also raised a metaphor of AI in the SOC as a "Dr. Jekyll and Mr. Hyde" situation. Could you walk us through what you see as the "Jekyll"—the noble, beneficial promise of AI—and what are the factors that can turn it into the dangerous "Mr. Hyde"? Let's drill down into the heart of the "Mr. Hyde" problem: the data. Many believe that AI can fix a team's messy data, but you've noted that "it's all about the data, duh." What's the story? "AI ready SOC" - What is the foundational work a SOC needs to do to ensure their data is AI-ready, and what happens when they skip this step? And is there anything we can do to use AI to help with this foundational problem? How do we measure progress towards AI SOC? What gets better at what time? How would we know? What SOC metrics will show improvement? Will anything get worse? Resources: EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC EP227 AI-Native MDR: Betting on the Future of Security Operations? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP238 Google Lessons for Using AI Agents for Securing Our Enterprise "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog Nassim Taleb "Antifragile" book "AI Superpowers" book "Attention Is All You Need" paper

Arctic Wolf's Dean Teffer reveals how they transformed security operations by processing one trillion daily alerts with AI, and shares hard-won lessons from operationalizing AI in production SOC environments Topics Include:Arctic Wolf processes one trillion security alerts daily across 10,000 global customersSecurity operations remained stubbornly human-mediated due to constantly evolving threats and infrastructure complexityDean explains why platformizing data creates a virtuous cycle enabling AI automationTraditional ML models couldn't handle SOC's situational complexity, leading to LLM adoptionArctic Wolf's unique advantage: direct access to 1000+ SOC analysts for continuous feedbackAWS partnership began with governance concerns about data privacy and model training"Centaur Chess" approach: AI-human teams consistently outperform either alone in cybersecurityThree-generation AI evolution: from personal use to prompt engineering to expert-tuned modelsThree-day AWS hackathon achieved breakthroughs that would've taken months independentlySOC analysts actively shaped AI responses through iterative feedback during live operationsObservability proved critical: tracking performance, quality metrics, and response times for continuous improvementMeasurable impact achieved: automated alert orientation dramatically increased analyst efficiency and response quality Participants:Dean Teffer - VP of AI/ML, Arctic WolfAswin Vasudevan - Senior ISV Solution Architect, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Il y a 3 ans, dans l'épisode #177 je recevais Cyrille Martraire. 3 ans plus tard, nous faisons une refacto de l'épisode !**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Pour l'épisode #302 je recevais Benjamin Chastanier. On en débrief avec Benoit.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Send us a textWe recorded live at IMAPS with Siemens, ACM Research, Shellback Semiconductor, DECA, Nordson Electronic Solutions, and VIEW Micro Metrology to explore how AI demand, chiplets, and panels are reshaping advanced packaging. We dig into 3D BLOX, thermal and test roadblocks, green chemistries, metrology at scale, and why the back end now leads innovation. Listen to learn about:• The Siemens–ASE collaboration on 3D BLOX models and VIPACK workflows• Interoperable YAML-based packaging definitions moving toward IEEE standard• 3D stacking to cut picojoules per bit amid thermal and test limits• Panel-level packaging economics, sizes, and lack of standards• ACM Research updates in copper plating, bevel clean, frame clean, and compound deplating• Batch spray versus single wafer trade-offs at Shellback Semiconductor• HydrOzone green strip replacing legacy NMP in select flows•The  DECA–SST deal for NVM chiplet package and SoC disaggregation• Nordson Electronic Solutions' panel strategy, IntelliJet 1.1, Vantage platform, and warpage control• VIEW Micro Metrology's high-throughput telecentric metrology across wafers and large panelsLearn more at imaps.orgSupport the showBecome a sustaining member! Like what you hear? Follow us on LinkedIn and TwitterInterested in reaching a qualified audience of microelectronics industry decision-makers? Invest in host-read advertisements, and promote your company in upcoming episodes. Contact Françoise von Trapp to learn more. Interested in becoming a sponsor of the 3D InCites Podcast? Check out our 2024 Media Kit. Learn more about the 3D InCites Community and how you can become more involved.

Monzy Merza (@monzymerza, CEO/Founder @Crogl) talks about build a next-generation Enterprise SOC by leveraging AI to stay ahead of Cybersecurity threats.SHOW: 969SHOW TRANSCRIPT: The Cloudcast #969 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Crogl websiteTechCrunch articleForbes ArticleIntellyx ArticleLast WatchDog ArticleTopic 1 - Welcome to the show, Monzy. Give everyone a brief introduction and tell us about your unique journey from government research to Splunk to Databricks to founding Crogl.Topic 2 - Let's start with the current state of cybersecurity and AI. We're seeing headlines about AI being the top cybersecurity concern for 2025, even overtaking ransomware. From your perspective, what's driving this shift and why should organizations be paying attention to the intersection of cybersecurity and AI?Topic 3 - You've described Crogl as an "Iron Man suit" for security analysts. That's a compelling metaphor. Can you break down what you mean by that and how your approach differs from the traditional "reduce alerts" mentality that most vendors have been pushing?Topic 4 - Let's talk about your "knowledge engine" and what you call an “AI for the Enterprise SOC”. You're using compound AI systems with LLMs, smaller models, and knowledge graphs. This sounds quite different from vendors who are just "bolting on" LLMs to existing tools. Walk us through this architectural decision and why it matters.Topic 5 - The cybersecurity industry is experiencing massive alert fatigue - 4,500 alerts per day, with analysts only able to investigate 8-25 of them. Your philosophy is "every alert should be analyzed" rather than filtering them out. That seems counterintuitive to what the market has been doing. How does your autonomous investigation approach actually work in practice?Topic 6 - Where do you see this evolution heading, and what are the implications for SOC teams and security practitioners? Are we heading toward fully autonomous SOCs?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodI

In episode 158 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Weidner, Product Manager at Nerdio, and Jason Ingalls, Chief Cybersecurity Officer at C3 Integrated Solutions. Together, they explore how organizations can navigate the complexities of Cybersecurity Maturity Model Certification (CMMC) compliance using automation, scalable infrastructure, and hardened cloud environments.The conversation dives into the challenges faced by managed service providers (MSPs) and defense contractors, the importance of baking in security from the start, and how Nerdio's platform acts as a force multiplier for compliance and operational efficiency. Jason shares a compelling anecdote from his time in a security operations center (SOC), illustrating the real-world stakes of cybersecurity and the origins of CMMC.Here are some highlights from our episode:00:44. Introductions to Andy and Jason01:17. How to address common challenges of CMMC compliance03:40. A real-world story of data exfiltration and its national security impact08:34. How Nerdio and CIS Hardened Images® help organizations in their CMMC journey12:15. Understanding the vision to scale configuration management18:14. Strategy and automation as key elements to approaching CMMC Level 225:19. The value of baking scalability in vs. bolting it on26:38. Segregation of duties as a means of pursuing dual-scope CMMC certification29:22. Where to learn more about Nerdio and C3 Integrated SolutionsResourcesNerdioC3 Integrated SolutionsCIS Hardened Images®How to Plan a Cybersecurity Roadmap in 4 StepsCIS Controls v8.1 Mapping to CMMC 2.0CIS Controls v8.1 Mapping to NIST SP 800-53 Rev 5CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

"L'avenir, c'est la complémentarité des IA." Le D.E.V. de la semaine est Charles Cohen, fondateur de Bodyguard. Charles raconte à Bruno son parcours et les défis de modérer les contenus en ligne et contrer le cyberharcèlement. Ayant débuté la programmation à 10 ans, il crée Bodyguard à 21 ans, inspiré par la situation tragique d'une adolescente harcelée sur internet. L'intelligence artificielle de Bodyguard ne se limite pas à identifier les mots-clés insultants : elle analyse le contexte et mesure la gravité des messages. L'approche combinée de modèles symboliques et de deep learning offre une analyse plus fine des contenus. Charles souligne l'effet bénéfique de sa technologie sur le bien-être des utilisateurs les plus vulnérables et rappelle l'importance de suivre les avancées de l'IA. Une discussion qui ouvre la voie vers un futur numérique plus respectueux.Chapitrages00:00:56 : Introduction à la modération en ligne00:02:53 : Parcours de Charles Cohen00:05:23 : Naissance de Bodyguard00:15:43 : Fonctionnement de l'application Bodyguard00:18:48 : Technologies et IA symbolique00:27:49 : Machine learning et ses limitations00:34:30 : Intégration des LLM chez Bodyguard00:42:53 : Évolution des technologies et défis00:57:43 : Santé mentale face à la haine en ligne01:01:56 : Conclusion et conseils pour les auditeurs **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials -⁠ ⁠⁠⁠⁠⁠Ariful's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food

Rapid7's Vice President of Data and AI Laura Ellis shares how they built an AI-first cybersecurity platform by investing in AI platform AND data infrastructure simultaneously.Topics Include:Rapid7 processes massive cybersecurity data across exposure management, threat detection, and managed SOC.84% of security analysts want to quit due to data overload burnout.Challenge: investing in AI platform AND data infrastructure simultaneously, not sequentially.Built security data lake with AWS, unified IDs, and standardized schemas across products.Used traditional machine learning for 10 years before generative AI emerged.Generative AI raised questions about business impact; agentic AI enables full automation.Chose AWS for scale, model marketplace flexibility, and true partnership on capacity.Co-development incubator with SOC team proved critical: equal responsibility, full-time collaboration.Launched alert triage automation, SOC assistant chatbot, and incident report generation tools.Built AI platform with guardrails after pen testers generated cookie recipes costing money.One agentic feature initially cost-estimated at $140 million before optimization and guidance.Future: more AI features, granular customer configuration, and bring-your-own-model capabilities.Participants:Laura Ellis – Vice President, Data & AI, Software Engineering, Rapid7See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Some companies boast about earning their SOC 2 certification in just two months. While technically possible, that speed usually comes with stress, shortcuts, and costly tradeoffs.In this episode, Marie Joseph, Manager of Compliance Advisory at Trava, explains why true SOC 2 compliance takes more than 60 days. She breaks down the difference between Type 1 and Type 2 reports, outlines what a realistic timeline looks like, and highlights the team effort required to build a sustainable program.Whether you're starting from zero or in the process of certification, this is your SOC 2 reality check.Want to know what it really takes to get SOC 2 certified? Check out our blog, How To Prove SOC 2 Compliance, to see what goes into building a strong program and preparing for a successful audit. Read: https://travasecurity.com/proving-SOC2Key takeaways:The difference between SOC 2 Type 1 and Type 2 What a realistic SOC 2 timeline looks likeHow team bandwidth, funding, and tools affect SOC 2 certificationEpisode highlights:(00:00) SOC 2 in two months: Myth or reality?(03:26) The SOC 2 certification process(06:29) Understanding SOC 2 Type 1 vs. Type 2(10:37) Factors affecting SOC 2 certification speed(11:58) Do you need SOC 2 for VC funding?Connect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - https://www.linkedin.com/in/marie-joseph-a81394143/ Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King's College London, all about India's missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn't shown the motivation. This episode is also available on Youtube. Show notes Interpreting India's Cyber Statecraft by Joe Devanny and Arthur Laudrain Dr Joeseph Devanny Sponsor interview: How AI turbocharges SOC analysts h

In this sponsor interview, Edward Wu, CEO and founder of Dropzone AI talks to Tom Uren about a study that measured how AI practically helps SOC analysts triage real-world problems. Analysts were faster, more accurate and got less tired with AI assistance. Edward thinks the technology won't replace human analysts, but will speed their skill development. Show notes The Cloud Security Alliance AI SOC study

Michael chats with Russell Teague, Chief Information Security Officer (CISO) at Fortified Health Security. Together, they discuss how the role of CISO is evolving amid today's cyber threat landscape and regulatory environment, areas in which healthcare needs to improve cyber resilience, why experience is so important in the clinical environment when selecting a vendor or SOC service partner, how CISOs can mitigate massive cyber disruptions and risks, and much more. To learn more about Fortified Health Security, visit FortifiedHealthSecurity.com.

Pour l'épisode #320 je recevais Benoit Gantaume. On en débrief avec Alexis.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Tema del dia L' 1 de novembre torna el Club de Lectura d'Easy Catalan, i en aquesta ocasió serà amb l'acompanyament d'una booktuber catalana, l'Anna Rosich. No la coneixes encara? Doncs escolta aquest episodi, en què ens explica quin tipus de contingut fa a les xarxes i com són els seus hàbits lectors. Som-hi! Tots els detalls sobre el nou Club de Lectura els sentiràs a partir del minut 23:00 d'aquest episodi i també a: http://easycatalan.org/bookclub Perfils de l'Anna Rosich (@traduintdesdecalella) Instagram (https://www.instagram.com/traduintdesdecalella/) YouTube (https://www.youtube.com/@TraduintdesdeCalella) Blog (https://traduint.wordpress.com/) Vídeo sobre els llibres en català més traduïts a altres idiomes (https://youtu.be/kS66XHiSFR4?si=pzPMHDiMBDwDjDfr) Bonus L'Anna ens explica l'origen i el significat de l'expressió fer safareig. Transcripció Andreu: [0:15] Bon dia a tothom! Aquest no és l'últim episodi del mes, però hem decidit avançar l'entrevista perquè és molt important el que us hem de comunicar, i per tant, com més aviat ho sapigueu, millor. Ja vam dir a l'episodi anterior que al novembre farem una nova edició del Club de Lectura. La primera va ser al març, i tot i que el llibre va ser una mica difícil, tots vam coincidir que l'experiència de llegir un llibre conjuntament i comentar-lo setmana rere setmana va ser molt enriquidora. Aquest cop tornarem a llegir un llibre durant un mes i farem una videotrucada setmanal per comentar els capítols. La novetat és que comptarem amb una persona que ens acompanyarà durant tot el mes. Ella és l'Anna Rosich, traductora, correctora i creadora de continguts. El seu perfil a les xarxes es diu Traduint des de Calella (@traduintdesdecalella, tot junt). Jo fa temps que la segueixo, m'agrada molt el contingut que fa i la manera que té tan propera de comunicar, i per això l'hem convidada a formar part d'aquesta nova edició del Club de Lectura. En aquest episodi, l'Anna ens parlarà de com va començar a crear continguts sobre llibres, li preguntarem pels seus hàbits lectors i ens desvelarà quin és el llibre que llegirem al novembre. Som-hi! Tema del dia Andreu: [1:30] Anna Rosich, bon dia! Anna: [1:32] Hola, bon dia! Andreu: [1:33] Com va? Anna: [1:34] Molt bé, molt bé. Estic molt nerviosa, però també molt contenta. Andreu: [1:37] Re, re, fora nervis. Aquí et pots sentir com a casa. Si et sembla bé, començarem parlant del teu perfil com a creadora de continguts, per a qui no et conegui. Ja he dit que el teu nom a xarxes, el teu perfil és @traduintdesdecalella. Això vol dir que ets de Calella. Anna: [1:54] Soc de Calella, soc de la Calella del Maresme, perquè també hi ha una Calella més cap al nord de Catalunya, Calella de Palafrugell, i de vegades la gent es confon. Jo soc de la Calella del Maresme, que està a 40 quilòmetres, per si algú no ho sap, 40 quilòmetres de Barcelona i també 40 quilòmetres de Girona. Estem al mig, al mig. Andreu: [2:14] Molt bé. Anna: [2:15] Sí. I mira, quan em vaig haver de posar el nom de xarxes, vaig pensar: "Soc traductora, soc de Calella"… doncs mira, no ho sé. Andreu: [2:22] Ja ho tenim. Anna: [2:23] Sí. Andreu: [2:24] Molt bé. Aleshores, ja fa temps que jo sé que existeixes com a creadora de continguts, que et segueixo. Com va ser? Com vas començar? Com va sorgir la idea de fer continguts a les xarxes sobre llibres? Fes-te membre de la subscripció de pòdcast per accedir a les transcripcions completes, a la reproducció interactiva amb Transcript Player i a l'ajuda de vocabulari. (http://easycatalan.org/membership)

Podcast: Industrial Cybersecurity InsiderEpisode: Industrial Cybersecurity: The Gap Between Investment and Cyber Event PreventionPub date: 2025-10-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino address why manufacturers still suffer incidents after spending millions on OT security tools. They discuss how to convert those investments into measurable risk reduction. You'll learn why buying tools isn't a strategy. Get insights into how to validate asset visibility on the floor (not just the network map), practical ways to reduce alert fatigue and assign ownership, how to close the OT incident response gap by connecting SOC to operators, the realities of flat Layer 2 networks and undocumented zones, how to handle technical debt at scale (EOL firmware, unpatched HMIs, safe upgrade paths), and why "everyone is responsible" often means no one is. Expect candid discussion on alert fatigue, flat networks, and the human constraints driving today's gaps, plus a concrete checklist for building a coalition that actually works to protect production environments.Chapters00:00:00 – Why incidents still happen after major OT cyber spend00:02:30 – Tools vs. outcomes: underusing capabilities and alert fatigue00:05:50 – Who owns plant‑floor cyber? Why CISOs, CIOs, OEMs, and SIs talk past each other00:08:10 – Define the use case before tuning sensors and policies00:10:00 – OT IR is missing: operators are the first responders00:11:20 – Network reality check: flat L2, VLAN gaps, and unmanaged switches00:13:30 – Change management and patching in OT: risk, downtime, and technical debt00:15:20 – Skills and staffing: the silver tsunami and "jack of all trades" constraints00:18:00 – What outside partners can and cannot do in plants00:21:00 – Visibility blind spots: validating coverage with floor‑level walkthroughs00:24:00 – It won't stick without a coalition: getting plant managers, engineering, OEMs, and SOC alignedLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least it's not ransomware … we guess? The US still can't decide who's gonna be in charge of NSA & Cybercom Cambodian scam compounds get sanctioned and $15b in crypto is seized NSO gets sold for pocket-lint-grade money Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!? This week's episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow. This episode is also available on Youtube. Show notes FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop Well, Well, Well. It's Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) Clop is a Big Fish, But Not Worth Hunting - Risky Business Media ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security The company Discord blamed for its recent breach says it wasn't hacked Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News Red Hat confirms breach of GitLab instance, which stored company's consulting data | CyberScoop Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News Acting US Cyber Command, NSA chief won't be nominated for the job, sources say | The Record from Recorded Future News Layoffs, reassignments further deplete CISA | Cybersecurity Dive Trump's scandalous directive to AG Pam Bondi reached the public by accident Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data | WIRED Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News Spyware maker NSO Group confirms acquisition by US investors | TechCrunch Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive Issues Affecting CrowdStrike Falcon Sensor for Windows ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian Windows 10 support ends today — here's who's affected and what you need to do

Got a question or comment? Message us here!In this week's #SOCBrief, Hickman and Peters break down Obscura ... a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover what's known so far, the risks it poses to businesses, and the key defenses every SOC should prioritize.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

"Accumuler de la dette, ce n'est pas une fatalité." Le D.E.V. de la semaine est Quentin de Metz, co-fondateur et CTO @ PennyLane. Quentin y évoque le défi du scale d'un monolithe logiciel en période de forte croissance. Il insiste sur l'importance d'une architecture cohérente grâce à Ruby on Rails et React, capable de soutenir les besoins de 500 000 entreprises avec une équipe de 250 développeurs. Les sujets abordés comprennent la maintenance de la qualité du code, le rôle des déploiements fréquents dans un contexte monolithique, et l'organisation des responsabilités en équipe. Les nouvelles technologies comme l'IA générative, bien que prometteuses, ont un impact limité sur leur activité. Quentin rappelle enfin l'importance de bien maîtriser la documentation de PostgreSQL pour l'évolutivité du projet.Chapitrages00:00:53 : Introduction au Monolithe00:26:54 : La Dette Technique et sa gestion00:49:29 : Équilibre entre Innovation et Stabilité00:52:18 : La Puissance de PostgreSQL00:53:44 : Conclusion et Remerciements Liens évoqués pendant l'émission PostgreSQL: DocumentationLaetitia Avrot sur IFTTD D'ailleurs, Pennylane recrute ! N'hésitez pas à jeter un coup d'oeil aux offres. **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

In this episode, Austin chats with Michael Repetny, a core contributor to Marinade. They discuss the history and technical details of Marinade, its role in the Solana ecosystem, and its approach to staking. Michael covers Marinade's origins in a 2021 hackathon, the development of its custom stake pool contract, and its early competition with Lido. The conversation addresses the evolution of validator economics on Solana, the impact of MEV and priority fees, and Marinade's response to sandwich attacks. They also discuss the protocol's products, including its liquid staking token (mSOL) and Marinade Native, a non-custodial delegation service. The episode concludes with a discussion on preparing for institutional adoption, the role of LSTs in ETFs, and the process of getting SOC 2 compliance. 00:00 – Marinade's Origins and Early Days03:11 – Building on Solana07:09 – Competing with Lido and the Importance of Community10:59 – The Changing Economics of Staking14:45 – Stake Pools, Yield, and Market Transparency19:17 – The Marinade Marketplace23:21 – Protected Staking Rewards & Validator Bonds27:19 – Marinade Native32:18 – ETFs, Institutions, and the Future of Staking38:34 – Security, Compliance, and SOC 2 in Crypto43:59 – The Future of Marinade and Solana Staking46:59 – How to Get Involved with Marinade & Closing Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of This Week in NoCode + AI, JJ sits down with Allen Yang, CEO and co-founder of Liminary — an AI-first startup redefining how we collect, organize, and recall knowledge.Before founding Liminary, Allen led product at Google Docs, Better Mortgage, and Bubble — giving him a rare perspective on how productivity tools have evolved (and where they've fallen short). Together, we unpack how GenAI is reshaping the way we work, why knowledge management remains unsolved, and how Liminary's “automatic recall” feature could change everything for researchers, founders, and teams drowning in data.We also dive into what it takes to build an AI-powered startup today — from product-market fit and go-to-market strategy to standing out in an increasingly crowded space.

Today's show:*Zach Dell of Base Power joins us at the top of today's show to talk about building batteries in Austin, that $1 billion investment, and why an “all of the above” energy strategy is the only way forward.PLUS Jason and Alex's thoughts on that Tesla non-upside down car announcement, growing resentments toward AI datacenters, Chinese robots actually going on sale, Tim Cook's potential Apple exit, xAI's Nvidia agreement and MUCH MORE.Timestamps:(00:02:10) A MAJOR GUEST! Zach Dell of Base Power joins us from the top of the show.(00:03:31) The basics of Base Power's business model: the best electron is the cheapest electron(00:08:38) Zach teases Base's new, time-saving approach to battery installation(00:10:32) Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twist(00:18:12) How Base's grid can help drive down overall energy prices(00:21:17) Squarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWIST(00:30:12) Sentry - New users get 3 months free of the Business plan (covers 150k errors). Go to http://sentry.io/twist and use code TWIST(00:36:20) Tesla did not announce an upside fan car… Oh well…(00:44:27) Buy your Chinese robot TODAY on Walmart dot com? Or not!(00:48:12) Is Tim Apple EXITING Apple? Who's next?(00:59:22) ANOTHER mega-deal? Now xAI is circling a Nvidia investment…Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.comCheck out the TWIST500: https://www.twist500.comSubscribe to This Week in Startups on Apple: https://rb.gy/v19fcpFollow Lon:X: https://x.com/lonsFollow Alex:X: https://x.com/alexLinkedIn: ⁠https://www.linkedin.com/in/alexwilhelmFollow Jason:X: https://twitter.com/JasonLinkedIn: https://www.linkedin.com/in/jasoncalacanisThank you to our partners:Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twistSquarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWISTSentry - New users get 3 months free of the Business plan (covers 150k errors). Go to http://sentry.io/twist and use code TWISTGreat TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarlandCheck out Jason's suite of newsletters: https://substack.com/@calacanisFollow TWiST:Twitter: https://twitter.com/TWiStartupsYouTube: https://www.youtube.com/thisweekinInstagram: https://www.instagram.com/thisweekinstartupsTikTok: https://www.tiktok.com/@thisweekinstartupsSubstack: https://twistartups.substack.comSubscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916

Welcome to Episode 412 of the Microsoft Cloud IT Pro Podcast. In this episode, we explore three announcements from Microsoft that are reshaping how security teams work with Sentinel. From a reimagined data architecture to AI integration and new visualization capabilities, Microsoft is doubling down on making security operations more intelligent, efficient, and accessible. Whether you're a seasoned SOC analyst or just getting started with cloud security, these updates offer powerful new ways to detect threats, investigate incidents, and understand your security posture. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Logitech MX Master 4, Ergonomic Wireless Mouse with Advanced Performance Haptic Feedback, Ultra-Fast Scrolling, USB-C Charging, Bluetooth, Windows, MacOS - Graphite Microsoft Sentinel data lake is now generally available Announcing Microsoft Sentinel Model Context Protocol (MCP) server – Public Preview What is Microsoft Sentinel's support for Model Context Protocol (MCP)? Add Microsoft Sentinel's collection of MCP tools Introducing Microsoft Sentinel graph (Public Preview) Graph models overview (preview) About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

In this episode of The Beacon Way podcast, host Adrienne Wilkerson sits down with Scott and Brian Seideman to discuss their innovative new app, Theo, which leverages AI to support teens struggling with mental health issues.Brian, a licensed therapist, shares his extensive background working with a variety of populations, while Scott explains the personal experiences that led to the development of Theo. They dive into the creation process, the urgent need for teen mental health resources, and how Theo provides real-time support between therapy sessions.You'll also hear how Theo is being built with HIPAA and SOC 2 compliance, clinician-approved scripts, and guardrails to ensure teens get emotionally safe, appropriate support. Plus, Theo is fully customizable to meet the unique needs of each user.The app is fully developed and currently in pre-launch mode.Beta testing begins at the end of September with broader testing through October.If you're a clinician, parent, school, or organization interested in participating in the beta or learning more, reach out directly to the founders:Brian: brian@pathwaywellnessinc.comScott: scott@pathwaywellnessinc.com

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements.The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode:01:12. Why CIS “drinks its own champagne” when it comes to cybersecurity02:56. Three ways the CIS Controls help modern enterprises defend against threat actors04:02. The importance of pulling together security lessons learned in a way that's translatable10:03. Our use of the CIS Controls to align to SOC 2, ISO 27001, and other frameworks12:01. How governance, risk, and compliance (GRC) engineering works with automation to help build repeatable processes22:43. The role of collaboration and communication in building a cybersecurity program27:17. Privacy regulations as a catalyst for security innovation30:24. The CIS Community Defense Model and evidence-based practices32:40. How CIS leverages lessons learned to improve our security best practicesResourcesEpisode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

這一集我們討論了定居埃及的文化衝擊、國際援助的真實面貌，及成為世界公民需要的五種素養。 ﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏ 本集影片由 PLAUD AI 贊助播出 ﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋﹋ 都快2026年了，誰做筆記還在土法煉鋼？ PLAUD AI NotePin 智慧錄音膠囊 幫你聰明搞定工作流程 ✨錄音後，一鍵轉換逐字稿、摘要、time code ✨Ask AI 可快速查詢音檔中所有關鍵資訊 ✨支援中英文等112種語言，2000種以上摘要模板 ✨SOC 2 Type II、HIPAA、GDPR、EN18031多項資安認證 訪談、會議、演出，都交給它提升工作效率 把專注力放在更有意義的事情上 PLAUD NotePin：https://bit.ly/brianptseng 實體通路 / 全國電子、昇恆昌、法雅客 電商平台 / MOMO、PChome、yahoo ▹ ▹ 追蹤看更多 訂閱最新消息 » https://str.network/rnbrian Instagram » https://www.instagram.com/brianptseng/ Facebook » https://www.facebook.com/brianstandup YouTube » ｜曾博恩：https://www.youtube.com/@brianptseng ｜博恩站起來：https://www.youtube.com/@StandupBrian ⠀ 本節目由【月城南廣告】業務代理及製作

"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials -⁠ ⁠⁠⁠Allie's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here

Today's show:What is “workslop”? And is it already slowing you down at the office?On a new This Week in Startups, we've got full co-host quorum with JCal, Alex, AND Lon tackling a meaty docket of news at the cross-section of tech, startups, and pop culture.For starters: A new Harvard/Stanford study suggests that AI isn't massively improving workplace efficiency because SOME workers aren't using it properly. Are low-quality, lazily-assembled AI outputs costing US enterprises millions in lost productivity? It's certainly possible based on these results.PLUS, why YouTube invited back all those banned creators… a deep-dive into CA's new social media law that's dividing tech and civil rights advocacy groups… what we can learn from Stripe's mega-share buyback… a look at what Polymarket's sharps think will happen with the US TikTok deal… and much more.Timestamps:(0:00) Intro. What will South Park have to say about prediction markets?(06:06) Alibaba's new AI model will turn you into any celebrity… can you still believe what you see?(09:49) Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twist(11:03) Show Continues…(19:42) AWS Activate - AWS Activate helps startups bring their ideas to life. Apply to AWS Activate today to learn more. Visit https://www.aws.amazon.com/startups/credits(21:02) Is CA's new proposed law a boon for civil rights, or a weapon against free speech?(29:47) Northwest Registered Agent - Form your entire business identity in just 10 clicks and 10 minutes. Get more privacy, more options, and more done—visit https://www.northwestregisteredagent.com/twist today!(32:21) Why YouTube invited banned creators back(41:24) What is Workslop? And is it costing companies MILLIONS?(48:42) PolyMarket asks… when will the US TikTok deal go down?(52:27) Would Jason invest in Tether?(01:01:29) Why Stripe is buying back so many shares… and what the future may hold.(01:12:16) Another Reddit Rapid Response: should startups do pilot programs?Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.comCheck out the TWIST500: https://www.twist500.comSubscribe to This Week in Startups on Apple: https://rb.gy/v19fcpFollow Lon:X: https://x.com/lonsFollow Alex:X: https://x.com/alexLinkedIn: ⁠https://www.linkedin.com/in/alexwilhelmFollow Jason:X: https://twitter.com/JasonLinkedIn: https://www.linkedin.com/in/jasoncalacanisThank you to our partners:Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twistAWS Activate - AWS Activate helps startups bring their ideas to life. Apply to AWS Activate today to learn more. Visit https://www.aws.amazon.com/startups/creditsNorthwest Registered Agent - Form your entire business identity in just 10 clicks and 10 minutes. Get more privacy, more options, and more done—visit https://www.northwestregisteredagent.com/twist today!Great TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarlandCheck out Jason's suite of newsletters: https://substack.com/@calacanisFollow TWiST:Twitter: https://twitter.com/TWiStartupsYouTube: https://www.youtube.com/thisweekinInstagram: https://www.instagram.com/thisweekinstartupsTikTok: https://www.tiktok.com/@thisweekinstartupsSubstack: https://twistartups.substack.comSubscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916