Podcasts about SOC

Send a textCameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance.Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust.In this episode, we dig into:Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secureThe three stages of compliance maturity — and how to climb themWhat "compliance debt" is and why it's quietly eating your businessHow smart CISOs use their security posture as a revenue driver, not a back-office cost centerThe "$100/month" challenge: what actually moves the needle for startupsHow AI is reshaping compliance programs — for better or worseWhy Girish spent over a year talking to customers before writing a single line of codePlus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question.

Oil and gas companies generate enormous volumes of operational, geological, and production data. Despite this abundance, much of that data remains fragmented, inconsistent, and difficult to trust. Teams often spend a significant portion of their time preparing datasets rather than analyzing them. The result is delayed decision-making, inflated costs, and reduced operational agility. The core complication lies in data quality, data governance, and data readiness. Duplicate records, null values, drift, and structural inconsistencies make it difficult to move quickly from raw data to actionable insight. Asset teams frequently work semi-independently, each rebuilding transformation processes from scratch. Without reliable data foundations, scaling analytics, automation, or advanced modelling becomes difficult and costly.  In this episode, I'm in conversation with Shravan Gunda, CEO of Kaarvi, to discuss how a structured approach to data ingestion, anomaly detection, ETL transformation, and data lineage can reduce time-to-insight from weeks to hours. He outlines how upstream teams can standardize workflows, support governance requirements such as SOC 2, and deploy platforms either on-premises or via SaaS. Clean, trusted data is a prerequisite for accelerating analytics and enabling more advanced digital capabilities.

Got a question or comment? Message us here!This episode of the #SOCBrief goes beyond day-to-day cybersecurity news and dives into what SOC success actually looks like from the leadership side. Andrew and CISO Jonathan Kimmitt discuss how SOC teams can communicate risk, create meaningful deliverables, use metrics effectively, and gain leadership buy-in for security decisions.From risk profiles to reporting and real-world decision making, this episode focuses on turning SOC activity into measurable organizational value.

Got a question or comment? Message us here!AI can categorize images, analyze logs, and surface patterns faster than any human ever could, but it doesn't understand context, legality, or nuance. In this episode, we discuss how AI is transforming criminal forensics and SOC investigations while examining the ethical, legal, and operational guardrails that must stay in place. As organizations adopt more AI-driven tools, the real challenge isn't capability ... it's maintaining responsible human control.

In this episode, hosts Lois Houston and Nikita Abraham are joined by special guests Samvit Mishra and Rashmi Panda for an in-depth discussion on security and migration with Oracle Database@AWS. Samvit shares essential security best practices, compliance guidance, and data protection mechanisms to safeguard Oracle databases in AWS, while Rashmi walks through Oracle's powerful Zero-Downtime Migration (ZDM) tool, explaining how to achieve seamless, reliable migrations with minimal disruption.   Oracle Database@AWS Architect Professional: https://mylearn.oracle.com/ou/course/oracle-databaseaws-architect-professional/155574 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   -------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead: Editorial Services with Oracle University, and with me is Lois Houston, Director of Communications and Adoption with Customer Success Services. Lois: Hello again! We're continuing our discussion on Oracle Database@AWS and in today's episode, we're going to talk about the aspects of security and migration with two special guests: Samvit Mishra and Rashmi Panda. Samvit is a Senior Manager and Rashmi is a Senior Principal Database Instructor.  00:59 Nikita: Hi Samvit and Rashmi! Samvit, let's begin with you. What are the recommended security best practices and data protection mechanisms for Oracle Database@AWS? Samvit: Instead of everyone using the root account, which has full access, we create individual users with AWS, IAM, Identity Center, or IAM service. And in addition, you must use multi-factor authentication. So basically, as an example, you need a password and a temporary code from virtual MFA app to log in to the console.  Always use SSL or TLS to communicate with AWS services. This ensures data in transit is encrypted. Without TLS, the sensitive information like credentials or database queries can be intercepted. AWS CloudTrail records every action taken in your AWS account-- who did what, when, and from where. This helps with audit, troubleshooting, and detecting suspicious activity. So you must set up API and user activity logging with AWS CloudTrail.  Use AWS encryption solutions along with all default security controls within AWS services. To store and manage keys by using transparent data encryption, which is enabled by default, Oracle Database@AWS uses OCI vaults. Currently, Oracle Database@AWS doesn't support the AWS Key Management Service. You should also use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3.  03:08 Lois: And how does Oracle Database@AWS deliver strong security and compliance? Samvit: Oracle Database@AWS enforces transparent data encryption for all data at REST, ensuring stored information is always protected. Data in transit is secured using SSL and Native Network Encryption, providing end-to-end confidentiality. Oracle Database@AWS also uses OCI Vault for centralized and secure key management. This allows organizations to manage encryption keys with fine-grained control, rotation policies, and audit capabilities to ensure compliance with regulatory standards. At the database level, Oracle Database@AWS supports unified auditing and fine-grained auditing to track user activity and sensitive operations. At the resource level, AWS CloudTrail and OCI audit service provide comprehensive visibility into API calls and configuration changes. At the database level, security is enforced using database access control lists and Database Firewall to restrict unauthorized connections. At the VPC level, network ACLs and security groups provide layered network isolation and access control. Again, at the database level, Oracle Database@AWS enforces access controls to Database Vault, Virtual Private Database, and row-level security to prevent unauthorized access to sensitive data. And at a resource level, AWS IAM policies, groups, and roles manage user permissions with the fine-grained control. 05:27 Lois Samvit, what steps should users be taking to keep their databases secure? Samvit: Security is not a single feature but a layered approach covering user access, permissions, encryption, patching, and monitoring. The first step is controlling who can access your database and how they connect. At the user level, strong password policies ensure only authorized users can login. And at the network level, private subnets and network security group allow you to isolate database traffic and restrict access to trusted applications only. One of the most critical risks is accidental or unauthorized deletion of database resources. To mitigate this, grant delete permissions only to a minimal set of administrators. This reduces the risk of downtime caused by human error or malicious activity. Encryption ensures that even if the data is exposed, it cannot be read. By default, all databases in OCI are encrypted using transparent data encryption. For migrated databases, you must verify encryption is enabled and active. Best practice is to rotate the transparent data encryption master key every 90 days or less to maintain compliance and limit exposure in case of key compromise. Unpatched databases are one of the most common entry points for attackers. Always apply Oracle critical patch updates on schedule. This mitigates known vulnerabilities and ensures your environment remains protected against emerging threats. 07:33 Nikita: Beyond what users can do, are there any built-in features or tools from Oracle that really help with database security? Samvit: Beyond the basics, Oracle provides powerful database security tools. Features like data masking allow you to protect sensitive information in non-production environments. Auditing helps you monitor database activity and detect anomalies or unauthorized access. Oracle Data Safe is a managed service that takes database security to the next level. It can access your database configuration for weaknesses. It can also detect risky user accounts and privileges, identify and classify sensitive data. It can also implement controls such as masking to protect that data. And it can also continuously audit user activity to ensure compliance and accountability. Now, transparent data encryption enables you to encrypt sensitive data that you store in tables and tablespaces. It also enables you to encrypt database backups. After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access that data. You can configure OCI Vault as a part of the transparent data encryption implementation. This enables you to centrally manage keystore in your enterprise. So OCI Vault gives centralized control over encryption keys, including key rotation and customer managed keys. 09:23 Lois: So obviously, lots of companies have to follow strict regulations. How does Oracle Database@AWS help customers with compliance?  Samvit: Oracle Database@AWS has achieved a broad and rigorous set of compliance certifications. The service supports SOC 1, SOC 2, and SOC 3, as well as HIPAA for health care data protection. If we talk about SOC 1, that basically covers internal controls for financial statements and reporting. SOC 2 covers internal controls for security, confidentiality, processing integrity, privacy, and availability. SOC 3 covers SOC 2 results tailored for a general audience. And HIPAA is a federal law that protects patients' health information and ensures its confidentiality, integrity, and availability. It also holds certifications and attestations such as CSA STAR, C5. Now C5 is a German government standard that verifies cloud providers meet strict security and compliance requirements. CSA STAR attestation is an independent third-party audit of cloud security controls. CSA STAR certification also validates a cloud provider's security posture against CSA's cloud controls matrix. And HDS is a French certification that ensures cloud providers meet stringent requirements for hosting and protecting health care data. Oracle Database@AWS also holds ISO and IEC standards. You can also see PCI DSS, which is basically for payment card security and HITRUST, which is for high assurance health care framework. So, these certifications ensure that Oracle Database@AWS not only adheres to best practices in security and privacy, but also provides customers with assurance that their workloads align with globally recognized compliance regimes. 11:47 Nikita: Thank you, Samvit. Now Rashmi, can you walk us through Oracle's migration solution that helps teams move to OCI Database Services? Rashmi: Oracle Zero-Downtime Migration is a robust and flexible end-to-end database migration solution that can completely automate and streamline the migration of Oracle databases. With bare minimum inputs from you, it can orchestrate and execute the entire migration task, virtually needing no manual effort from you. And the best part is you can use this tool for free to migrate your source Oracle databases to OCI Oracle Database Services faster and reliably, eliminating the chances of human errors. You can migrate individual databases or migrate an entire fleet of databases in parallel. 12:34 Nikita: Ok. For someone planning a migration with ZDM, are there any key points they should keep in mind?  Rashmi: When migrating using ZDM, your source databases may require minimal downtime up to 15 minutes or no downtime at all, depending upon the scenario. It is built with the principles of Oracle maximum availability architecture and leverages technologies like Oracle GoldenGate and Oracle Data Guard to achieve high availability and online migration workflow using Oracle migration methods like RMAN, Data Pump, and Database Links. Depending on the migration requirement, ZDM provides different migration method options. It can be logical or physical migration in an online or offline mode. Under the hood, it utilizes the different database migration technologies to perform the migration. 13:23 Lois: Can you give us an example of this? Rashmi: When you are migrating a mission critical production database, you can use the logical online migration method. And when you are migrating a development database, you can simply choose the physical offline migration method. As part of the migration job, you can perform database upgrades or convert your database to multitenant architecture. ZDM offers greater flexibility and automation in performing the database migration. You can customize workflow by adding pre or postrun scripts as part of the workflow. Run prechecks to check for possible failures that may arise during migration and fix them. Audit migration jobs activity and user actions. Control the execution like schedule a job pause, resume, if needed, suspend and resume the job, schedule the job or terminate a running job. You can even rerun a job from failure point and other such capabilities. 14:13 Lois: And what kind of migration scenarios does ZDM support? Rashmi: The minimum version of your source Oracle Database must be 11.2.0.4 and above. For lower versions, you will have to first upgrade to at least 11.2.0.4. You can migrate Oracle databases that may be of the Standard or Enterprise edition. ZDM supports migration of Oracle databases, which may be a single-instance, or RAC One Node, or RAC databases. It can migrate on Unix platforms like Linux, Oracle Solaris, and AIX. For Oracle databases on AIX and Oracle Solaris platform, ZDM uses logical migration method. But if the source platform is Linux, it can use both physical and logical migration method. You can use ZDM to migrate databases that may be on premises, or in third-party cloud, or even within Oracle Cloud Infrastructure. ZDM leverages Oracle technologies like RMAN datacom, Database Links, Data Guard, Oracle GoldenGate when choosing a specific migration workflow. 15:15 Are you ready to revolutionize the way you work? Discover a wide range of Oracle AI Database courses that help you master the latest AI-powered tools and boost your career prospects. Start learning today at mylearn.oracle.com. 15:35 Nikita: Welcome back! Rashmi, before someone starts using ZDM, is there any prep work they should do or things they need to set up first? Rashmi: Working with ZDM needs few simple configuration. Zero-downtime migration provides a command line interface to run your migration job. First, you have to download the ZDM binary, preferably download from my Oracle Support, where you can get the binary with the latest updates. Set up and configure the binary by following the instructions available at the same invoice node. The host in which ZDM is installed and configured is called the zero-downtime migration service host. The host has to be Oracle Linux version 7 or 8, or it can be RCL 8. Next is the orchestration step where connection to the source and target is configured and tested like SSH configuration with source and target, opening the ports in respective destinations, creation of dump destination, granting required database privileges. Prepare the response file with parameter values that define the workflow that ZDM should use during Oracle Database migration. You can also customize the migration workflow using the response file. You can plug in run scripts to be executed before or after a specific phase of the migration job. These customizations are called custom plugins with user actions. Your sources may be hosted on-premises or OCI-managed database services, or even third-party cloud. They may be Oracle Database Standard or Enterprise edition and on accelerator infrastructure or a standard compute. The target can be of the same type as the source. But additionally, ZDM supports migration to multicloud deployments on Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS. You begin with a migration strategy where you list the different databases that can be migrated, classification of the databases, grouping them, performing three migration checks like dependencies, downtime requirement versions, and preparing the order migration, the target migration environment, et cetera. 17:27 Lois: What migration methods and technologies does ZDM rely on to complete the move? Rashmi: There are primarily two types of migration: physical or logical. Physical migration pertains to copy of the database OS blocks to the target database, whereas in logical migration, it involves copying of the logical elements of the database like metadata and data. Each of these migration methods can be executed when the database is online or offline. In online mode, migration is performed simultaneously while the changes are in progress in the source database. While in offline mode, all changes to the source database is frozen. For physical offline migration, it uses backup and restore technique, while with the physical online, it creates a physical standby using backup and restore, and then performing a switchover once the standby is in sync with the source database. For logical offline migration, it exports and imports database metadata and data into the target database, while in logical online migration, it is a combination of export and import operation, followed by apply of incremental updates from the source to the target database. The physical or logical offline migration method is used when the source database of the application can allow some downtime for the migration. The physical or logical online migration approach is ideal for scenarios where any downtime for the source database can badly affect critical applications. The only downtime that can be tolerated by the application is only during the application connection switchover to the migrated database. One other advantage is ZDM can migrate one or a fleet of Oracle databases by executing multiple jobs in parallel, where each job workflow can be customized to a specific database need. It can perform physical or logical migration of your Oracle databases.  And whether it should be performed online or offline depends on the downtime that can be approved by business. 19:13 Nikita: Samvit and Rashmi, thanks for joining us today. Lois: Yeah, it's been great to have you both. If you want to dive deeper into the topics we covered today, go to mylearn.oracle.com and search for the Oracle Database@AWS Architect Professional course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 19:35 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Your biggest threat this year isn't malware. It's your own AI assistant.OpenClaw connects an LLM directly to your terminal, browser, email, and chat. It runs with your permissions. It executes tasks without hesitation.Days after launch, researchers found a One-Click RCE.Cisco called it a security nightmare.Gartner called it an unacceptable risk.OpenClaw (formerly known as Clawdbot and Moltbot) represents a new phase of agentic AI: autonomous assistants operating inside your environment with almost no guardrails.The headlines around OpenClaw have been clear: it's a serious threat. But how should we handle agentic AIs like OpenClaw moving forward?In this Threat Talks episode, Field CTO Rob Maas and SOC analyst Yuri Wit break down what OpenClaw actually does, where AI agent security breaks, and whether or not you should deploy OpenClaw.OpenClaw is powerful. It's useful.It's also proof that many of us are not ready for AI agents with this level of autonomy. Before you let an AI agent into your systems, understand what happens when it runs unchecked.TimestampsKey Topics Covered·         How OpenClaw works and why agentic AI changes the security model·         The One-Click RCE and what it reveals about AI agent security·         Malicious skills, default allow design, and autonomous privilege abuse·         Realistic mitigation strategies including sandboxing and controlled environmentsResources·         Threat Talks: https://threat-talks.com/ ·         ON2IT (Zero Trust as a Service): https://on2it.net/ ·         AMS-IX: https://www.ams-ix.net/ams Subscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.Click here to view the episode transcript.  

Billy Klein went from working 60-80 hour weeks as an EY auditor to helping build FloQast Transform—the fastest-growing product in FloQast history. In this episode, he breaks down how accounting teams are actually implementing AI automation, what makes AI auditable, and why most accountants want to build their own workflows (not outsource to IT).

Guests: Alexander  Pabst, Global Deputy CISO, Allianz SE Michael Sinno, Director of D&R, Google Topics: We've spent decades obsessed with MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond). As AI agents begin to handle the bulk of triage at machine speed, do these metrics become "vanity metrics"? If an AI resolves an alert in seconds, does measuring the "mean" still tell us anything about the health of our security program, or should we be looking at "Time to Context" instead? You mentioned the Maturity Triangle. Can you walk us through that framework? Specifically, how does AI change the balance between the three points of that triangle—is it shifting us from a "People-heavy" model to something more "Engineering-led," and where does the "Measurement" piece sit? Google is famous for its "Engineering-led" approach to D&R. How is Google currently measuring the success of its own internal D&R program? Specifically, how are you quantifying "Toil Reduction"? Are we measuring how many hours we saved, or are we measuring the complexity of the threats our humans are now free to hunt? Toil reduction is a laudable goal for the team members, what are the metrics we track and report up to document the overall improvement in D&R for Google's board? When you talk to your board about the success of AI in your security program, what are the 2 or 3 "Golden Metrics" that actually move the needle for them? How do you prove that an AI-driven SOC is actually better, not just faster? We often talk about AI as an "assistant," but we're moving toward Agentic SOCs. How should organizations measure the "unit economics" of their SOC? Should we be tracking the ratio of AI-handled vs. Human-handled incidents, and at what point does a high AI-handle rate become a risk rather than a success? Resources: Video version EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP91 "Hacking Google", Op Aurora and Insider Threat at Google EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP189 How Google Does Security Programs at Scale: CISO Insights EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil The SOC Metrics that Matter…or Do They? blog An Actual Complete List Of SOC Metrics (And Your Path To DIY) blog Achieving Autonomic Security Operations: Why metrics matter (but not how you think) blog

With the development of automatic speech recognition has come a new type of technology, designed to give the user advice on how to speak better. In this episode, we talk with Nicole Holliday (University of California, Berkeley) about some of the issues that can arise with the use of these technologies, from their nebulous definitions of "good communication" to the impact they could have at businesses that use these technology to evaluate employees.Associated paper: Nicole R. Holliday. "Socially prescriptive speech technologies: Linguistic, technical, and ethical issues." J. Acoust. Soc. Am. 158, 4361–4369 (2025). https://doi.org/10.1121/10.0039685.Read more from The Journal of the Acoustical Society of America (JASA).Learn more about Acoustical Society of America Publications.Music Credit: Min 2019 by minwbu from Pixabay. 

In this episode of Future Fuzz, Vince Quinn sits down with Mike Rotondo, Founder of RITC Cybersecurity, to unpack the growing cybersecurity risks facing modern marketing teams.From phishing scams and business email compromise to AI vulnerabilities and data leakage, Mike explains why marketers are prime targets for cybercriminals—and why being “in the cloud” doesn't automatically mean you're secure.The conversation dives into how cybercriminals operate like full-scale corporations, why user training is the single most important defense, and how simple mistakes—like shared logins or unsecured home routers—can expose entire organizations. Mike also explores emerging threats like “quishing” (QR code phishing), AI exploitation, and the hidden risks of feeding sensitive data into large AI tools.If you're managing customer data, email lists, or AI-powered marketing tools, this episode is a must-listen.Guest BioMike Rotondo is the Founder of RITC Cybersecurity, a consulting firm focused exclusively on cybersecurity strategy, compliance, and risk mitigation.RITC provides services including penetration testing, security framework analysis, SOC 2 audit preparation, HIPAA and PCI compliance consulting, and virtual CISO (vCISO) services. Rather than hands-on IT implementation, Mike and his team specialize in advisory, governance, and security architecture—helping organizations build secure systems from the inside out.With decades of experience in cybersecurity dating back to the 1990s, Mike works with organizations to prevent breaches, reduce liability, and strengthen internal defenses against evolving cyber threats.TakeawaysBeing in the cloud does not mean you're secure.Most breaches start with users—not firewalls.Cybercriminals operate like corporations, with R&D and strategy teams.Phishing and business email compromise (BEC) are still the top threats.Shared logins and admin access for everyday users create major vulnerabilities.Remote work requires secured routers, patched systems, and enforced device standards.“Quishing” (QR code phishing) is an emerging attack vector.AI tools can create data leakage risks if policies aren't in place.Personally identifiable information (PII) exposure can financially destroy small companies.Cybersecurity training is the most effective prevention strategy.Chapters00:00 Introduction to Mike Rotondo 00:28 What RITC Cybersecurity Does 01:31 Why Businesses Are More Vulnerable Than They Think 03:01 How Cybercriminals Actually Operate 04:10 Real-World Impact of Phishing Attacks 06:30 Building Strong Cyber Defenses 07:57 Remote Work Security Risks 09:42 QR Code Phishing (“Quishing”) 10:45 Why Cybersecurity Feels Overwhelming 11:05 The Importance of Employee Training 12:26 AI's Role in Cybersecurity Threats 14:53 AI Server Vulnerabilities 15:15 How Marketers Should Approach AI Security 17:08 Data Leakage and PII Risks 18:31 The Financial Fallout of a Breach 19:08 The Ciphered Reality PodcastLinkedInFollow Mike on LinkedIn Follow Vince on LinkedIn

What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What does it take to turn the dream of an autonomous SOC into something organizations can actually deploy? Subo Guha, Senior Vice President of Product Management at Stellar Cyber, joins Sean Martin to share how the company's AI-driven security operations platform is making that vision a reality. Stellar Cyber serves SOC teams across more than 50 countries, with a primary focus on MSPs and MSSPs supporting the underserved mid-market, though marquee enterprise customers like Canon are also part of the portfolio.How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTSubo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedInRESOURCESLearn more about Stellar Cyber: https://stellarcyber.aiAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSSubo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Battery storage is scaling fast.But scaling portfolios exposes weaknesses most owners never see coming.As projects move from single sites to gigawatt-hour fleets, many IPPs discover something uncomfortable: they have dashboards - but not decision-grade visibility.In this Episode, Lennart Hinrichs, EVP and General Manager of the Americas at TWAICE, explains what actually changes once batteries begin operating at scale.We discuss:Why state of charge (SOC) is foundational — but insufficientHow LFP chemistry complicates measurement more than most assumeWhat derating really does to revenue and dispatch confidenceWhy overbuild can mask deeper performance issuesWhat actually causes most battery fires (and what doesn't)How data transparency reshapes warranty disputes and financial riskThis isn't a founder story.It's a practical conversation for asset owners, operators, and performance engineers who want fewer surprises over the life of their storage assets.If you operate or finance battery projects, this episode will sharpen how you think about KPIs, safety, and operational confidence.Listen in.Are there other technologies you've scouted on the frontlines of the Clean Energy Revolution that you think we should be covering here on SunCast?Hit us up - team@suncast.me with your feedback & recommendations.Check out OpenSolar OS 3.0 at: https://suncast.media/opensolarIf you want to connect with today's guest, you'll find links to their contact info in the show notes on the blog at https://suncast.media/episodes/.Our Platinum Presenting Sponsor for SunCast is CPS America!SunCast is also sponsored by Nextpower!You can learn more about all the sponsors who help make this show free for you at www.suncast.media/sponsors.Remember, you can always find resources, learn more about today's guest and explore recommendations, book links, and more than 875 other founder stories and startup advice at www.suncast.media.Subscribe to Valence, our weekly LinkedIn Newsletter, and learn the elements of compelling storytelling: https://www.linkedin.com/newsletters/valence-content-that-connects-7145928995363049472/You can connect with me, Nico Johnson, on:Twitter - https://www.twitter.com/nicomeoLinkedIn -...

Adiel Sheik Mohammed's Journey: From Networking to Cybersecurity ExpertiseIn this episode of Breaking into Cybersecurity, Adiel Sheik Mohammed shares his journey from his early exposure to computers through his father's training institute to becoming a cybersecurity expert. Adiel describes his academic background in telecommunication and networking, the pivotal decision to specialize in cybersecurity, and the certifications and hands-on experience that facilitated his transition. He discusses his roles, including his first cybersecurity job as a solution architect with WatchGuard, and elaborates on his continued learning through certifications. Adiel also talks about his contributions to the field, including authoring books on AI's impact on SOC and cybersecurity and his ongoing doctorate focused on AI and cybersecurity. The episode concludes with advice for aspiring cybersecurity professionals on networking, certifications, and staying current with industry developments.https://www.linkedin.com/in/shadeel/https://speakerhub.com/speaker/adeel-shaikh-muhammadhttps://adeel.solutionshttps://www.amazon.com/dp/B0DG66357Nhttps://www.amazon.com/dp/B0F3DCKYQ9https://www.amazon.com/dp/B0DVC5Z3XZ00:00 Introduction and Guest Introduction00:53 Early Life and Initial Interest in Cybersecurity02:09 Transition to Cybersecurity04:35 First Cybersecurity Role05:43 Certifications and Continuous Learning07:31 Writing Books and Doctorate Journey10:19 Current Work and Future Plans18:44 Advice for Aspiring Cybersecurity Professionals21:35 Conclusion and Final ThoughtsSponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why they pivoted into cyber, what the process was they went through, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership, as well as tips/tricks/advice from cybersecurity leaders.Check out our books:The Cybersecurity Advantage - https://leanpub.com/the-cybersecurity-advantageDevelop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence, from Entry-level to Expert roleshttps://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Careerhttps://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/---About the host:Christophe Foulon focuses on helping secure people and processes, drawing on a solid understanding of the technologies involved. He has over ten years of experience as an Information Security Manager and Cybersecurity Strategist. He is passionate about customer service, process improvement, and information security. He has significant expertise in optimizing technology use while balancing its implications for people, processes, and information security, through a consultative approach.https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching at https://www.cpf-coaching.com- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity- Podcast: https://podcasters.spotify.com/pod/show/breaking-into-cybersecuri- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/

CISA orders urgent patch of Dell flaw Android malware uses Gemini to navigate infected devices Half of all cyberattacks start in the browser, says Palo Alto Networks Get the full show notes here: https://cisoseries.com/cybersecurity-news-cisas-dell-order-android-ai-malware-browsers-as-weak-link/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like really boring. Security questionnaires. Customer requests for things like your SOC 2. All of their follow-up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small 4 person team. All they did was set up an AI trust center and use Conveyor's AI agent to complete questionnaires. Learn more at conveyor.com.  

In a world of "Decision Paralysis," which SIM should you choose? In this episode, we dive deep into why Wazuh has become the go-to solution for SOC analysts in 2026. Moving beyond the "injection-based licensing crisis" of traditional tools like Splunk and QRadar, Wazuh offers a unified, open-source platform that combines the "brain" of a SIM with the "guard" of an XDR.We provide a step-by-step practical look at Wazuh's architecture, its XML-based detection engine, and a live demonstration of Active Response, where the tool doesn't just detect a brute-force attack but automatically blocks the attacker in real-time.

In this episode of The New CISO, host Steve Moore speaks with Dean Sapp, CISO and Data Protection Officer at Filevine, about one of security's most critical yet overlooked skills—written communication. Drawing from a brutal college English class that failed students for a single typo and over 20 years building security programs in the legal tech industry, Dean reveals why the ability to articulate security findings clearly separates average professionals from exceptional leaders who drive real business impact.After abandoning architecture when he learned it would take six years to become licensed, Dean leveraged his dual skills in computer-aided drafting and IT to launch a career at Novell, eventually earning nine certifications in two years and a master's degree from SANS Institute. His background in design thinking shapes how he approaches security program development—viewing it like building a structure that requires solid foundations, functional systems, and even window dressing like SOC 2 compliance.After interviewing over 100 candidates for SOC positions, Dean identifies the biggest missing skill as the inability to translate security findings into business language executives understand and act upon. He introduces the BLUF (Bottom Line Up Front) principle from military communications, explaining why security professionals have roughly eight seconds to capture executive attention. Dean champions radical transparency through simple frameworks—using stoplight systems or report card grades to communicate security posture, deliberately giving his own program failing marks in areas needing improvement to build trust.Dean tackles operational communication breakdowns that create real security risk, emphasizing mandatory peer review before escalating incidents. This two-person rule dramatically improves report quality while reducing false positives that waste senior leadership time. He shares how this high-standards approach helped Filevine achieve best-in-class cyber insurance rates, with underwriters calling their security program superior to any SaaS provider they'd evaluated. Drawing on Erik Durschmied's "The Hinge Factor," he illustrates how small communication failures doom missions—just as cavalry troops charging cannons failed because not one rider carried the nails and hammer needed to disable them.Throughout the discussion, Dean emphasizes holding yourself to impossibly high standards so that external auditors find you excellent. He advocates for brutal honesty about program gaps, documenting accepted risks clearly, and using tools like Grammarly Premium to improve writing quality. His philosophy combines military precision, architectural thinking, and pedagogical discipline—all in service of making security programs that actually work rather than just looking good on paper.Key Topics Discussed:* Why written communication is security's most critical missing skill* BLUF (Bottom Line Up Front): Capturing executive attention in 8 seconds* Using stoplight or report card systems for transparent board reporting* Giving your security program honest grades to build executive trust* Mandatory peer review before escalation to reduce false positives* How Filevine achieved best-in-class cyber insurance rates* The two-person rule for improving incident report quality* Lessons from "The Hinge Factor" about preparation and tools* Holding impossibly high standards so external auditors find you excellent* Translating technical findings into business impact languageLEARN MORE:

L'Europe veut reprendre la main sur l'un des nerfs de la guerre technologique moderne : les semi-conducteurs. Ces composants minuscules, gravés sur des puces électroniques, sont le cerveau de tous nos appareils, des smartphones aux satellites, en passant par les voitures et les centres de données. Et le 9 février 2026, l'Union européenne a franchi une étape importante avec l'inauguration de NanoIC, une nouvelle infrastructure de prototypage installée à Louvain, en Belgique, au sein du centre de recherche imec.Ce projet s'inscrit dans le cadre du European Chips Act, un vaste plan destiné à renforcer la souveraineté technologique du continent. NanoIC a bénéficié d'un financement de 700 millions d'euros. Son objectif est clair : permettre aux entreprises, aux laboratoires et aux startups de concevoir et tester leurs propres puces avant de les produire à grande échelle. Autrement dit, NanoIC agit comme un laboratoire industriel où l'on peut transformer une idée en prototype fonctionnel.Contrairement aux fonderies classiques — ces usines spécialisées dans la fabrication de puces et souvent fermées aux acteurs extérieurs — NanoIC fonctionne comme une plateforme ouverte. Les ingénieurs pourront y travailler sur des technologies de pointe, notamment des systèmes appelés « system-on-chip », ou SoC. Ce terme désigne des puces capables d'intégrer plusieurs fonctions dans un seul composant : processeur, mémoire, circuits de communication. Le tout à des échelles inférieures à 2 nanomètres. Pour donner un ordre de grandeur, un nanomètre représente un milliardième de mètre. À cette échelle, les composants sont plus petits que certains virus.NanoIC met aussi à disposition des outils avancés de conception et de prototypage, afin de combler le fossé entre la recherche scientifique et la production industrielle. C'est un point crucial, car de nombreuses innovations restent bloquées au stade expérimental faute d'infrastructures adaptées. Ce projet s'inscrit dans un programme plus large, doté de 2,5 milliards d'euros, soutenu à la fois par l'Union européenne, les États membres et des partenaires industriels, dont le groupe néerlandais ASML, leader mondial des machines de lithographie utilisées pour graver les puces. Avec NanoIC, l'Europe tente de réduire sa dépendance envers l'Asie et les États-Unis, qui dominent aujourd'hui la production mondiale de semi-conducteurs. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

Got a question or comment? Message us here!No phishing. No user interaction. Just exposed services and a missing authentication check. In this episode of the #SOCBrief, we dive into the SmarterMail RCE flaw already being exploited in the wild and why mail servers continue to be prime ransomware targets. We cover indicators to hunt for, detection tips, and practical steps SOC teams can take to reduce risk fast.

Hackers target anti-government protestors UK launches "lock the door" cybersecurity campaign Cellebrite linked to phone hack on Kenyan politician Get the full show notes here: https://cisoseries.com/cybersecurity-news-hacking-protestors-uk-locks-the-door-kenyan-politician-phone-cracked/ Huge thanks to our sponsor, Conveyor Most of what Conveyor automates is boring. Like really boring. Security questionnaires. Customer requests for things like your SOC 2. All of their follow-up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small 4 person team. All they did was set up an AI trust center and use Conveyor's AI agent to complete questionnaires. Learn more at conveyor.com.  

Eurail stolen traveler data now up for sale EU Parliament blocks AI features Japan's Washington Hotel discloses ransomware hit Get the full show notes here:  Huge thanks to our sponsor, Conveyor Here's a fun question. Would you rather support more enterprise deals… or answer fewer security questionnaires? Moving upmarket usually means more scrutiny and more security questions. Instead of hiring more people or slowing sales, Alteryx used Conveyor's AI to automate customer security reviews like questionnaires, SOC 2 requests, and all the back-and-forth. They supported 200% growth and over half a billion dollars in pipeline with a 4 person team. If you're tired of choosing between growth and sanity, check out Conveyor at conveyor.com.  

Google has confirmed that state-backed threat actors are operationally using Gemini across the intrusion lifecycle — not experimentally, but strategically. In this episode of Security Squawk, we break down how AI is being integrated into reconnaissance, phishing refinement, vulnerability research, and even dynamic malware generation. According to Google's Threat Intelligence Group, multiple clusters — including DPRK-linked actors — are using Gemini to synthesize OSINT, map organizational structures, refine recruiter impersonation campaigns, and research exploit paths. In one case, malware known as HONESTCUE leveraged Gemini's API to dynamically generate C# code for stage-two payload behavior, compile it in memory using legitimate .NET tooling, and execute filelessly. This isn't a zero-day story. It's a friction story. At the same time, two individuals in Connecticut were charged for allegedly using thousands of stolen identities to exploit FanDuel's onboarding and promotional systems. No exotic exploit. No advanced intrusion chain. Just automated workflow abuse at scale. The pattern is clear: AI is compressing attacker timelines, and identity-driven fraud is industrializing predictable processes. We examine: How AI-enhanced phishing eliminates traditional grammar-based red flags Why trusted SaaS domains (Gemini share links, Discord CDNs, Cloudflare fronting, Supabase backends) are weakening reputation-based defenses What model distillation attempts (100,000+ structured prompts) signal about API abuse and intellectual property risk How fileless malware compiled with legitimate developer tooling challenges signature-based detection Why onboarding workflows and recruiting processes are now primary attack surfaces For CEOs, this is about erosion of trust anchors and shifting insurability expectations. For IT Directors and SOC leaders, this means reevaluating fileless execution visibility, API anomaly detection, and the reliability of reputation filtering models. For MSPs and risk managers, breaches will increasingly originate from workflow exploitation rather than perimeter misconfiguration. AI didn't invent new attack types. It removed friction from existing ones. And when friction disappears, scale compounds. If your recruiting, onboarding, verification, or AI product interfaces can be scripted — they can be weaponized. This episode is about operational clarity in a rapidly compressing threat landscape. Keywords: Google Gemini, HONESTCUE malware, AI phishing, state-backed threat actors, DPRK cyber operations, model distillation attacks, API abuse detection, fileless malware, .NET in-memory compilation, identity fraud, FanDuel fraud case, workflow exploitation, SaaS infrastructure abuse, Cloudflare phishing, Discord CDN payloads, Supabase backend abuse. Support the show https://buymeacoffee.com/securitysquawk

Guest: Daniel Lyman, VP of Threat Detection and Response, Fiserv Topics: What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground? How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact? What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice? Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt? How do you expect AI to change the calculus around data centralization versus data federation? What is your favorite example of telemetry that is useful, but usually excluded from a SIEM? What are the Detection and Response organizational metrics that you think are most valuable? Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database? Resources: Video version "In My Time of Dying" book EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog

En esta entrevista de #VidaDigital, Martín Henao, Country Manager de IFX Networks en Panamá, analiza los desafíos de continuidad operativa en el sector bancario panameño y regional, marcado por interrupciones en apps móviles y cajeros automáticos, con pérdidas estimadas en $5,600 por minuto según Gartner.Henao destaca las estrategias multinube como solución clave para mitigar ciberataques como ransomware (uno cada 20 segundos globalmente), phishing y malware, enfatizando balanceo entre nubes privadas (como el data center Tier 3 de IFX en Panamá, SOC 2 Type 2) y públicas, con garantías de costos absorbidos por IFX en fallos.Se abordan temas como inmutabilidad de datos para backups seguros, control de costos (storage caliente/frío, 15-20% más económico que nubes públicas), cumplimiento regulatorio local y el "síndrome del backup de Schrödinger" (respaldo que existe y no existe hasta ser probado), promoviendo simulacros y educación a usuarios para evitar impactos en transacciones diarias. IFX ofrece "seguro de vida" para continuidad, replicación automática y storage como servicio, posicionando la multinube como tendencia dominante para resiliencia financiera en Latinoamérica reactiva ante amenazas cibernéticas.

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when the security community stops debating whether AI belongs in the SOC and starts figuring out how to make it work? Monzy Merza, Co-Founder and CEO of Crogl, is helping answer that question, both through the autonomous AI SOC agent his company builds and through the inaugural AI SOC Summit, a community event designed to bring practitioners together for honest, no-nonsense conversation about what is real and what is hype in AI-driven security operations.Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlightGUESTMonzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]https://www.linkedin.com/in/monzymerzaRESOURCESCrogl: https://www.crogl.comAI SOC Summit: https://www.aisocsummit.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSMonzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it's surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In a podcast recorded at ITEXPO / MSP EXPO, Doug Green, Publisher of Technology Reseller News, spoke with Doug Barbin, Chief Growth Officer at Schellman, about how rapid AI adoption is reshaping compliance requirements for MSPs, cloud providers, and technology companies. Barbin outlined Schellman's role as one of the largest independent providers of technology, risk, and AI-related compliance assessments, serving organizations across highly regulated industries. Barbin explained that AI adoption is accelerating far faster than previous technology shifts such as cloud computing, leaving many organizations scrambling to keep pace with evolving regulatory expectations. “The adoption of AI has come out four or five times as fast as what we saw with cloud,” Barbin said. “Organizations are now trying to keep up not just from a technology risk perspective, but also from a compliance and governance standpoint.” He pointed to emerging standards such as ISO 42001 as critical frameworks helping companies manage AI governance at scale. The conversation also explored the complexity of audits and how Schellman works to simplify the process. Barbin described a “collect once, use many” approach that allows organizations—particularly MSPs—to streamline compliance across multiple frameworks such as SOC 2, HIPAA, CMMC, and federal requirements. By reducing redundancy and aligning audits to customer needs, MSPs can more efficiently expand into regulated verticals they otherwise could not serve. Barbin concluded by emphasizing the opportunity compliance creates for MSPs as they grow into more regulated markets. By helping MSPs inherit and validate customer controls, Schellman enables service providers to scale responsibly while turning compliance into a business advantage rather than a barrier. Visit https://www.schellman.com/

AI is transforming cybersecurity for better and for worse, with Irish organisations now operating on the front line of this AI-driven threat landscape. AI technology is now embedded on both sides, enabling threat actors to launch highly sophisticated attacks at the click of a button, while helping defenders to detect and respond at machine speed. From automated phishing campaigns to self-adapted malware, AI is accelerating the speed and the scale of cybercrime across Ireland's digital economy. To keep pace, regional organisations are deploying equally advanced AI-driven security solutions, including Arctic Wolf's Aurora Platform, which delivers AI-powered detection and response at scale. But technology alone isn't enough for full protection. Unlike threat actors, Irish businesses must operate within strict legal, regulatory and ethical constraints. They cannot move as freely or illicitly as their adversaries, leaving even the most advanced AI systems constrained. As this technological warfare continues, it's people, processes and security culture that will determine the outcome of cyber incidents. For channel partners, recognising this shift is critical. Long-term value no longer comes from transactional product resale, but from delivering continuous protection, advisory-led services and measurable security outcomes. Arctic Wolf is driving this change across the Irish channel ecosystem through its AI-enabled managed detection and response (MDR) services, it's 24/7 concierge security model and its stronger-together partner approach which sees it work side-by-side with local resellers to help them build scalable, services-led security practices. Threat landscape escalation and the human factor Ransomware remains the dominant threat across Ireland and the wider UK&I region, with ransomware-as-a-service (RaaS) platforms dramatically lowering the barrier to entry for less-skilled attackers. At the same time, AI-powered phishing, deepfake fraud and self-adapting malware are becoming mainstream tools for cybercriminals. Supply chain vulnerabilities and third-party risk are also rising sharply, exposing organisations across industry. For resellers in the region, the growth in attack sophistication is driving demand for always-on monitoring, rapid incident response and third-party risk management services, accelerating the shift toward managed security offerings. Compounding this is the persistent human threat. Low phishing awareness, the rapid adoption of ungoverned AI tools and simple user error continue to play a role in some of the most damaging breaches. Even in highly regulated and technologically mature environments, the human layer remains the most exploited. Arctic Wolf research shows that nearly two-thirds of IT managers admit to having clicked on a phishing link themselves, proving cyber risk isn't confined to junior staff or non-technical users – it's a universal issue. This is why developing a strong, trust-based security culture is as vital as deploying tools. Employees must feel confident in recognising suspicious activity and empowered to report it quickly, without fear of blame. This openness can be the difference between containing an incident quickly or having an entire operation shut down. While Arctic Wolf's platform analyses over nine trillion security events a week, it is the company's 24/7 human-led SOC and concierge security teams that are transforming insight into action for Irish customers and partners, helping prioritise risk, contain active threats and strengthen their security posture. For resellers, this means they can deliver enterprise-grade security operations without having to build or staff their own SOC. Why this matters to the channel For channel partners in the UK&I, this technological evolution marks a shift away from transactional-based resale towards high-value, recurring managed security and advisory services. Customers want products, but also guidance, visibility and assurance in an increa...

The Five-Phase Sales Solution Cadence: Facts, Benefits, Applications, Evidence, Trial Close When you've done proper discovery—asked loads of questions about where the buyer is now and where they want to be—you earn the right to propose a solution. But here's the kicker: sometimes the right move is to walk away. If you force a partial or wrong-fit solution, you might "grab the dough" short-term, but you'll torch trust and reputation—the two assets that don't come back easily.  Below is a search-friendly, buyer-proof cadence you can run in any market—**Japan vs **United States, SME vs enterprise, B2B services vs SaaS—especially post-pandemic when procurement teams want clarity, proof, and outcomes, not fluffy feature parades. How do you know if your solution genuinely fits the buyer (and when should you walk away)? You know it fits when you can map your solution to their stated outcomes—and prove it—without twisting the facts. If the buyer needs an outcome you can't deliver, the ethical (and commercially smart) play is: "We can't help you with that." In 2024–2026, buyers are savvier and more risk-aware. They'll check reviews, ask peers, and sanity-test claims through AI search tools and internal stakeholder scrutiny. In high-trust cultures (including Japan) and high-compliance industries (finance, health, critical infrastructure), a wrong-fit sale becomes a reputational boomerang. The deal closes once; the story travels forever. Do now: Write a one-page "fit test": buyer outcomes → your capability → evidence. If any outcome can't be supported, qualify out fast.  What does "facts" mean in a modern B2B sales conversation? Facts are the provable mechanics—features, specs, process steps, constraints—and the proof that they work. Facts aren't the goal; they're the credibility scaffolding. Salespeople often drown here: endless micro-detail, endless Q&A, endless spreadsheets. Yes, analytical buyers (engineering-led firms, CFO-led committees) will pull you into the weeds—but remember: they aren't buying the process. They're buying the outcome from the process. Bring facts that de-risk the decision: implementation timelines, security posture (SOC 2/ISO), uptime/SLA history, integration limits, and measurable performance benchmarks. Then move on before you get stuck. Do now: Prepare a "facts pack" with 5–7 proof points (not 57 features). Use it to earn trust, then pivot to outcomes.  How do you turn features into benefits buyers will actually pay for? Benefits are the "so what"—the measurable results the buyer gets because the feature exists. If you can't link a feature to an outcome, it's just trivia. A weight, colour, dimension, workflow, dashboard, or AI model is not valuable by itself. It becomes valuable when it improves a KPI: reduced cycle time, fewer defects, higher conversion, lower churn, faster onboarding, better safety, tighter compliance. This is where classic sales thinking still holds up—think **SPIN Selling and the buyer's implied needs: pain, impact, and value. In a tight 2025 budget environment, "nice-to-have" benefits die quickly; "must-have" outcomes survive. Do now: For every top feature, write one sentence: "This enables ___, which improves ___ by ___ within ___ days." If you can't fill the blanks, drop the feature from your pitch.  What is the "application of benefits" and how do you make it real inside their business? Application is where benefits turn into daily operational reality—what changes in workflow, decisions, and results.This is the "rubber meets the road" layer. Don't just say "we improve productivity." Show where it lands: which meetings get shorter, which approvals disappear, which roles stop firefighting, which customers get served faster, which errors are prevented, and what leaders see weekly on dashboards. Compare contexts: a startup may care about speed and cash runway; a multinational may care about governance, change management, and multi-region rollouts. A consumer business might chase conversion and NPS; a B2B industrial firm might chase downtime reduction and safety incidents. Do now: Build a simple "Before → After" map for their week: processes eliminated, expanded, improved—and who owns each change.  What counts as credible evidence (and what "proof" actually convinces buyers)? Credible evidence is specific, comparable, and close to the buyer's reality—same industry, similar scale, similar constraints. "Trust me" is not evidence. Bring proof that survives scrutiny: reference customers, quantified case studies, independent reviews, pilot results, and implementation artefacts (plans, timelines, adoption metrics). The closer the comparison company is to the buyer, the more persuasive it becomes. This is also where storytelling matters: not hype—narrative. Who was involved? What went wrong? What changed? What were the numbers before and after? Analysts like **Gartner or **Forrester can help with category credibility, but a near-peer success story usually seals confidence. Do now: Collect 3 "mirror case studies" (similar buyer profiles) and write them as short stories: problem → actions → results → lessons.  How do you do a trial close without sounding pushy or sleazy? A trial close is a simple comprehension-and-comfort check that invites objections early—before you ask for the order. Done right, it's calm, not clingy. After you've walked through facts → benefits → application → evidence, ask: "How does that sound so far?" Then shut up. Silence is a tool. If they raise objections, good—interest is alive, and you can add pinpoint proof. If they say nothing (or go vague), start worrying: they may have already mentally deleted you as an option. This is the moment to clarify, re-anchor to outcomes, and confirm next steps in the sales cycle. Do now: Use one trial close per phase. Treat objections as data, not drama, and log them into your CRM as themes to address.  Conclusion: the cadence that keeps you credible and gets you paid This five-phase cadence works because it respects how adults buy: they need proof, relevance, and a clear path from "today" to "better." Keep the sequence tight—facts, then benefits, then application, then evidence, then a trial close—and you'll avoid the two killers of modern selling: feature-dumps and wishful thinking.  Author credentials Dr. Greg Story, Ph.D. in Japanese Decision-Making, is President of Dale Carnegie Tokyo Training and Adjunct Professor at Griffith University. He is a two-time winner of the Dale Carnegie "One Carnegie Award" (2018, 2021) and recipient of the Griffith University Business School Outstanding Alumnus Award (2012). As a Dale Carnegie Master Trainer, Greg is certified to deliver globally across all leadership, communication, sales, and presentation programs, including Leadership Training for Results.  He has written several books, including three best-sellers — Japan Business Mastery, Japan Sales Mastery, and Japan Presentations Mastery — along with Japan Leadership Mastery and How to Stop Wasting Money on Training. His works have been translated into Japanese, including Za Eigyō (ザ営業), Purezen no Tatsujin (プレゼンの達人), Torēningu de Okane o Muda ni Suru no wa Yamemashō (トレーニングでお金を無駄にするのはやめましょう), and Gendaiban "Hito o Ugokasu" Rīdā (現代版「人を動かす」リーダー).  Greg also publishes daily business insights on LinkedIn, Facebook, and Twitter, and hosts six weekly podcasts. On YouTube, he produces The Cutting Edge Japan Business Show, Japan Business Mastery, and Japan's Top Business Interviews, which are widely followed by executives seeking success strategies in Japan. 

Send us a textThe weakest link is often sitting on the edge, blinking away with expired firmware and no vendor support. We kick off with a blunt reality check on outdated firewalls, load balancers, and IoT gateways, and why waiting two years to retire them is a gift to attackers. From there, we guide you through Domain 7.7 with a practical blueprint for operating and maintaining detective and preventive measures that actually hold up under pressure.We unpack firewall fundamentals with clear, real‑world tradeoffs: when a simple packet filter is enough, when stateful inspection and deep packet inspection earn their keep, and how a WAF stops the web attacks your L3/L4 controls will miss. You'll hear how RTBH can deflect denial‑of‑service floods upstream, and why segmentation is your best friend for reducing blast radius—whether you use internal segmentation firewalls for R&D, Purdue‑style tiers for industrial networks, or controlled air gaps for the most sensitive systems. In the cloud, we separate security groups from true firewalls and show how to stitch policies across hybrid environments without creating blind spots.Detection makes prevention smarter, so we break down IDS versus IPS in plain language. Baseline first, then block with intent to avoid outages. We compare host‑based and network‑based sensors, explain where to place them, and share tactics for cutting alert noise. You'll also get straight talk on allowlists and blacklists, the right way to maintain them, and why stale entries cause the ugliest outages. We explore sandboxing for safe detonation and learning, and give an unvarnished take on honeypots and honeynets—where they help, where they waste time, and what legal lines to respect.Not every team can build a 24x7 SOC, so we outline how MSSPs can extend your coverage with clear SLAs and ownership. Endpoint anti‑malware remains non‑negotiable, but tool sprawl is a trap—choose a strong EDR and manage it well. Finally, we dive into AI and machine learning: how they supercharge detection, triage, and response—and how adversaries use them too. The throughline is simple: shrink attack surface, raise signal quality, and respond faster than threats can pivot. If this helps you secure one more edge box or tune one more control, share it with a teammate, subscribe for more practical walkthroughs, and drop a review so we can keep raising the bar together.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios AcademyPub date: 2026-02-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring, SOC operations, and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

South Carolina got a taste of snow... but Southeast Texas turned it into a full wonderland meltdown!

- Ford Talks with Geely To Fill Excess Factory Capacity in Spain - NADA CEO Mike Stanton Calls Chinese Car Imports "Bad for Consumers” - Analyst Predicts Chinese OEMs Will Launch U.S. Joint Ventures In 2026 - Tesla Mass Produces Dry Electrodes to Slash Costs By $1 Billion - Uber's Margin Squeeze: Lower Profits Today, More Robotaxis Tomorrow - Renault To Build EV Motors in France Using Chinese Components - $4 A Day for A New Car: China's 8-Year Loan War Begins - Honda And Mythic Co-Develop Energy-Efficient Ai Chips for SDVs - Singing Fish and Grizzly Bears: Jeep's "Cruel" New Cherokee Ad

- Ford Talks with Geely To Fill Excess Factory Capacity in Spain - NADA CEO Mike Stanton Calls Chinese Car Imports "Bad for Consumers” - Analyst Predicts Chinese OEMs Will Launch U.S. Joint Ventures In 2026 - Tesla Mass Produces Dry Electrodes to Slash Costs By $1 Billion - Uber's Margin Squeeze: Lower Profits Today, More Robotaxis Tomorrow - Renault To Build EV Motors in France Using Chinese Components - $4 A Day for A New Car: China's 8-Year Loan War Begins - Honda And Mythic Co-Develop Energy-Efficient Ai Chips for SDVs - Singing Fish and Grizzly Bears: Jeep's "Cruel" New Cherokee Ad

Got a question or comment? Message us here!This week's #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

React Native Metro bug impacts thousands of servers Greece and Spain set to ban social media for kids Moltbook shows the dangers of vibe coding Get the show notes here: https://cisoseries.com/cybersecurity-news-metro-bug-more-social-bans-leaky-moltbook/  Huge thanks to our sponsor, Strike48 Security teams are stretched. Attack surfaces and threat volumes keep growing, meanwhile SOC budgets stay flat and glorified chatbots with hallucination problems aren't helping. Strike48 is different. Agents scale independently, running investigations across your logs while your team can concentrate on the highest priority tasks that require human judgment and decision making. Try it today at Strike48.com/security.  

Jason Beal, President, Americas, and Danielle Skipper, HR Business Partner at Exclusive Networks, joined Doug Green, Publisher of Technology Reseller News, to discuss one of the most pressing challenges facing MSPs and VARs today: the shortage of qualified cybersecurity talent and the need for practical, scalable solutions. Beal opened the conversation by describing Exclusive Networks as a global go-to-market specialist and value-added distributor focused on cybersecurity and security-adjacent technologies. As the company worked closely with vendors and channel partners worldwide, a consistent theme emerged—partners were struggling not only to attract skilled cybersecurity professionals but also to retain them. “We heard over and over from our partners and vendors that they were really struggling with attracting the right talent and retaining that talent,” Beal said, noting that this feedback prompted Exclusive Networks to develop a structured response. That response is CyberFarm, a university-based workforce development program launched at Cal Poly that combines hands-on experience with real-world channel exposure. Skipper explained that the program began four years ago with just three students and has since grown to support more than two dozen at a time, with over 100 students having passed through the initiative overall. “Imagine having someone who's spent two years learning the channel, working with vendors, earning certifications, and supporting real partners—by the time they graduate, they're ready to hit the ground running,” Skipper said. Unlike traditional internships, CyberFarm students work for at least 12 months—often two years or more—supporting both Exclusive Networks and its ecosystem of partners and vendors. Participants gain experience across a wide range of functions, including SOC analysis, business development, marketing, content creation, and sales operations. For MSPs and VARs, this creates access to a proven talent pool with significantly reduced ramp-up time and risk compared to traditional hiring. The discussion also highlighted how CyberFarm enables partner growth. Skipper shared examples of MSPs using CyberFarm talent to scale operations rapidly, adding capacity in engineering, marketing, and renewal management at critical growth stages. “For some partners, CyberFarm has been the difference between staying flat and scaling their business two, three, or four times,” she said. Beyond talent development, Beal outlined Exclusive Networks' broader enablement strategy for the channel. This includes pre- and post-sales technical services, go-to-market support, authorized training and certification programs, and CloudRise, a security services organization acquired by Exclusive Networks to act as a virtual engineering bench for partners. “Enablement isn't just a buzzword for us,” Beal said. “It's about putting MSPs in a position to succeed—technically, operationally, and now from a talent perspective as well.” As the conversation wrapped up, both guests emphasized that while AI and automation are reshaping cybersecurity, human expertise remains essential. Exclusive Networks' approach blends “AI and AIR”—artificial intelligence alongside authentic human relationships—to help partners grow sustainably. More information about Exclusive Networks and its channel programs is available at https://www.exclusive-networks.com/.

In this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring & SOC and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Guest: Dennis Chow, Director of Detection Engineering at UKG  Topics: We ended our season talking about the AI apocalypse. In your opinion, are we living in the world that the guests describe in their apocalypse paper?  Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether?  Your team has a hybrid agent workflow: could you tell us what that means?  Also, define "AI agent" please. What are your production use cases for AI and AI agents in your SOC? What are your overall SOC metrics and how does the agentic AI part play into that? It's one thing to ask a team "hey what did y'all do last week" and get a good report - how are you measuring the agentic parts of your SOC? How are you thinking about what comes next once AI is automatically writing good (!) rules for your team out of research blog posts and TI papers?  Resources: Video version Agentic AI in the SOC: Build vs Buy Lessons EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP242 The AI SOC: Is This The Automation We've Been Waiting For? Google Cloud Skill Boost  

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-444

Phishing didn't get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Got a question or comment? Message us here!Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how they're getting in, what infrastructure they're targeting, and the key indicators your SOC should be watching to stay ahead.

Skype of Cthulhu presents a Call of Cthulhu scenario. This is Our Home by Jim Phillips. October 18, 1976 Staten Island, New York City, New York Kevin mets a man with a terrible story while two other residents find an unusual tree. Dramatis Persone: Jim as the Keeper of Arcane Lore Randall as Frank Romero, Electrical Engineer Meredith as Marsha Janelle, Waitress Steve as Trae Grier, Gas Station Attendant Edwin as Kevin Mazer, Chemistry Teacher Gary as Peter Michale, Ex Pro Quarterback Sean as Kirk Griffin, Actor Download Subcription Options Podcast statistics

Skype of Cthulhu presents a Call of Cthulhu scenario. Curse of Nineveh by Mike Mason, Mark Latham, Scott Dorward, Paul Fricker, and Andrew Kenrick Switchboard. October, 1925 London A rough man threatens the investigators but one investigator choses to face the peril. Dramatis Persone: Sean as the Keeper Edwin as Dame Agatha, Authoress Jonathan as Katherine "Kitty" Hall, Dilettante Steve as Connor Shaw, Archivist Max as Oswald Nickels, Big Game Hunter Gary as Heathcliff Hamilton, Military Officer Randall as Montgomery Helmsworth, Librarian Jim as Roger Schindler, Alienist Rachael as Maude Throckmorton, Adventuress Download Subcription Options Podcast statistics

Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Zoom Vulnerability A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access. https://www.zoom.com/en/trust/security-bulletin/zsb-26001/ Possible new SSO Exploit (CVE-2025-59718) on 7.4.9 https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ SANS SOC Survey The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches. https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter

Skype of Cthulhu presents a Call of Cthulhu scenario. This is Our Home by Jim Phillips. October 18, 1976 Staten Island, New York City, New York A burst of work distracts the residents but when they have a respite they jump back into the investigation. Dramatis Persone: Jim as the Keeper of Arcane Lore Randall as Frank Romero, Electrical Engineer Meredith as Marsha Janelle, Waitress Steve as Trae Grier, Gas Station Attendant Edwin as Kevin Mazer, Chemistry Teacher Gary as Peter Michale, Ex Pro Quarterback Sean as Kirk Griffin, Actor Download Subcription Options Podcast statistics

Send us a textIn this high-energy and entertaining episode, Joey Pinz sits down with cybersecurity founder and unabashed Italian-American storyteller Tony Pietrocola. From stomping grapes as a child to running an AI-driven security operations platform, Tony brings a rare blend of toughness, humor, and entrepreneurial clarity.They jump from wine, cooking, and massive NFL bodies to college football, concussions, and how elite athletes are built differently. Tony shares what makes college football the real American spectacle—and why private equity is about to reshape the sport.On the cybersecurity front, Tony breaks down the challenges MSPs face, why most still struggle with security, and how AgileBlue helps them build profitable, white-label practices without the overhead of running a SOC. He explains the three questions every MSP should ask a vendor, the rise of AI-assisted attacks, and why consolidation and greenfield opportunities are the biggest missed revenue streams.The conversation ends with health, habit, and personal transformation—discussing Joey's 130-lb weight loss, Tony's daily 5 a.m. workouts, and the childhood structure that forged their work ethic.