Podcasts about SOC

Irish Tech News Audio Articles

Play Episode Listen Later Feb 11, 2026 6:00

Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it's surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

spotify hiding mayhem rats detection phishing soc attackers msi evade edr installers

Schellman's Doug Barbin on AI-Driven Compliance and MSP Opportunity, Podcast

Telecom Reseller

Play Episode Listen Later Feb 11, 2026

In a podcast recorded at ITEXPO / MSP EXPO, Doug Green, Publisher of Technology Reseller News, spoke with Doug Barbin, Chief Growth Officer at Schellman, about how rapid AI adoption is reshaping compliance requirements for MSPs, cloud providers, and technology companies. Barbin outlined Schellman's role as one of the largest independent providers of technology, risk, and AI-related compliance assessments, serving organizations across highly regulated industries. Barbin explained that AI adoption is accelerating far faster than previous technology shifts such as cloud computing, leaving many organizations scrambling to keep pace with evolving regulatory expectations. “The adoption of AI has come out four or five times as fast as what we saw with cloud,” Barbin said. “Organizations are now trying to keep up not just from a technology risk perspective, but also from a compliance and governance standpoint.” He pointed to emerging standards such as ISO 42001 as critical frameworks helping companies manage AI governance at scale. The conversation also explored the complexity of audits and how Schellman works to simplify the process. Barbin described a “collect once, use many” approach that allows organizations—particularly MSPs—to streamline compliance across multiple frameworks such as SOC 2, HIPAA, CMMC, and federal requirements. By reducing redundancy and aligning audits to customer needs, MSPs can more efficiently expand into regulated verticals they otherwise could not serve. Barbin concluded by emphasizing the opportunity compliance creates for MSPs as they grow into more regulated markets. By helping MSPs inherit and validate customer controls, Schellman enables service providers to scale responsibly while turning compliance into a business advantage rather than a barrier. Visit https://www.schellman.com/

ai opportunities driven publishers compliance organizations iso hipaa chief growth officer soc msps doug green

AI vs. AI is making security culture the channel's strongest differentiator

Play Episode Listen Later Feb 11, 2026 7:43

AI is transforming cybersecurity for better and for worse, with Irish organisations now operating on the front line of this AI-driven threat landscape. AI technology is now embedded on both sides, enabling threat actors to launch highly sophisticated attacks at the click of a button, while helping defenders to detect and respond at machine speed. From automated phishing campaigns to self-adapted malware, AI is accelerating the speed and the scale of cybercrime across Ireland's digital economy. To keep pace, regional organisations are deploying equally advanced AI-driven security solutions, including Arctic Wolf's Aurora Platform, which delivers AI-powered detection and response at scale. But technology alone isn't enough for full protection. Unlike threat actors, Irish businesses must operate within strict legal, regulatory and ethical constraints. They cannot move as freely or illicitly as their adversaries, leaving even the most advanced AI systems constrained. As this technological warfare continues, it's people, processes and security culture that will determine the outcome of cyber incidents. For channel partners, recognising this shift is critical. Long-term value no longer comes from transactional product resale, but from delivering continuous protection, advisory-led services and measurable security outcomes. Arctic Wolf is driving this change across the Irish channel ecosystem through its AI-enabled managed detection and response (MDR) services, it's 24/7 concierge security model and its stronger-together partner approach which sees it work side-by-side with local resellers to help them build scalable, services-led security practices. Threat landscape escalation and the human factor Ransomware remains the dominant threat across Ireland and the wider UK&I region, with ransomware-as-a-service (RaaS) platforms dramatically lowering the barrier to entry for less-skilled attackers. At the same time, AI-powered phishing, deepfake fraud and self-adapting malware are becoming mainstream tools for cybercriminals. Supply chain vulnerabilities and third-party risk are also rising sharply, exposing organisations across industry. For resellers in the region, the growth in attack sophistication is driving demand for always-on monitoring, rapid incident response and third-party risk management services, accelerating the shift toward managed security offerings. Compounding this is the persistent human threat. Low phishing awareness, the rapid adoption of ungoverned AI tools and simple user error continue to play a role in some of the most damaging breaches. Even in highly regulated and technologically mature environments, the human layer remains the most exploited. Arctic Wolf research shows that nearly two-thirds of IT managers admit to having clicked on a phishing link themselves, proving cyber risk isn't confined to junior staff or non-technical users – it's a universal issue. This is why developing a strong, trust-based security culture is as vital as deploying tools. Employees must feel confident in recognising suspicious activity and empowered to report it quickly, without fear of blame. This openness can be the difference between containing an incident quickly or having an entire operation shut down. While Arctic Wolf's platform analyses over nine trillion security events a week, it is the company's 24/7 human-led SOC and concierge security teams that are transforming insight into action for Irish customers and partners, helping prioritise risk, contain active threats and strengthen their security posture. For resellers, this means they can deliver enterprise-grade security operations without having to build or staff their own SOC. Why this matters to the channel For channel partners in the UK&I, this technological evolution marks a shift away from transactional-based resale towards high-value, recurring managed security and advisory services. Customers want products, but also guidance, visibility and assurance in an increa...

ai ireland irish employees threats customers supply strongest compounding soc mdr differentiator raas security culture arctic wolf

Our Solution Provision

THE Sales Japan Series by Dale Carnegie Training Tokyo, Japan

Play Episode Listen Later Feb 11, 2026 11:51

The Five-Phase Sales Solution Cadence: Facts, Benefits, Applications, Evidence, Trial Close When you've done proper discovery—asked loads of questions about where the buyer is now and where they want to be—you earn the right to propose a solution. But here's the kicker: sometimes the right move is to walk away. If you force a partial or wrong-fit solution, you might "grab the dough" short-term, but you'll torch trust and reputation—the two assets that don't come back easily. Below is a search-friendly, buyer-proof cadence you can run in any market—**Japan vs **United States, SME vs enterprise, B2B services vs SaaS—especially post-pandemic when procurement teams want clarity, proof, and outcomes, not fluffy feature parades. How do you know if your solution genuinely fits the buyer (and when should you walk away)? You know it fits when you can map your solution to their stated outcomes—and prove it—without twisting the facts. If the buyer needs an outcome you can't deliver, the ethical (and commercially smart) play is: "We can't help you with that." In 2024–2026, buyers are savvier and more risk-aware. They'll check reviews, ask peers, and sanity-test claims through AI search tools and internal stakeholder scrutiny. In high-trust cultures (including Japan) and high-compliance industries (finance, health, critical infrastructure), a wrong-fit sale becomes a reputational boomerang. The deal closes once; the story travels forever. Do now: Write a one-page "fit test": buyer outcomes → your capability → evidence. If any outcome can't be supported, qualify out fast. What does "facts" mean in a modern B2B sales conversation? Facts are the provable mechanics—features, specs, process steps, constraints—and the proof that they work. Facts aren't the goal; they're the credibility scaffolding. Salespeople often drown here: endless micro-detail, endless Q&A, endless spreadsheets. Yes, analytical buyers (engineering-led firms, CFO-led committees) will pull you into the weeds—but remember: they aren't buying the process. They're buying the outcome from the process. Bring facts that de-risk the decision: implementation timelines, security posture (SOC 2/ISO), uptime/SLA history, integration limits, and measurable performance benchmarks. Then move on before you get stuck. Do now: Prepare a "facts pack" with 5–7 proof points (not 57 features). Use it to earn trust, then pivot to outcomes. How do you turn features into benefits buyers will actually pay for? Benefits are the "so what"—the measurable results the buyer gets because the feature exists. If you can't link a feature to an outcome, it's just trivia. A weight, colour, dimension, workflow, dashboard, or AI model is not valuable by itself. It becomes valuable when it improves a KPI: reduced cycle time, fewer defects, higher conversion, lower churn, faster onboarding, better safety, tighter compliance. This is where classic sales thinking still holds up—think **SPIN Selling and the buyer's implied needs: pain, impact, and value. In a tight 2025 budget environment, "nice-to-have" benefits die quickly; "must-have" outcomes survive. Do now: For every top feature, write one sentence: "This enables ___, which improves ___ by ___ within ___ days." If you can't fill the blanks, drop the feature from your pitch. What is the "application of benefits" and how do you make it real inside their business? Application is where benefits turn into daily operational reality—what changes in workflow, decisions, and results.This is the "rubber meets the road" layer. Don't just say "we improve productivity." Show where it lands: which meetings get shorter, which approvals disappear, which roles stop firefighting, which customers get served faster, which errors are prevented, and what leaders see weekly on dashboards. Compare contexts: a startup may care about speed and cash runway; a multinational may care about governance, change management, and multi-region rollouts. A consumer business might chase conversion and NPS; a B2B industrial firm might chase downtime reduction and safety incidents. Do now: Build a simple "Before → After" map for their week: processes eliminated, expanded, improved—and who owns each change. What counts as credible evidence (and what "proof" actually convinces buyers)? Credible evidence is specific, comparable, and close to the buyer's reality—same industry, similar scale, similar constraints. "Trust me" is not evidence. Bring proof that survives scrutiny: reference customers, quantified case studies, independent reviews, pilot results, and implementation artefacts (plans, timelines, adoption metrics). The closer the comparison company is to the buyer, the more persuasive it becomes. This is also where storytelling matters: not hype—narrative. Who was involved? What went wrong? What changed? What were the numbers before and after? Analysts like **Gartner or **Forrester can help with category credibility, but a near-peer success story usually seals confidence. Do now: Collect 3 "mirror case studies" (similar buyer profiles) and write them as short stories: problem → actions → results → lessons. How do you do a trial close without sounding pushy or sleazy? A trial close is a simple comprehension-and-comfort check that invites objections early—before you ask for the order. Done right, it's calm, not clingy. After you've walked through facts → benefits → application → evidence, ask: "How does that sound so far?" Then shut up. Silence is a tool. If they raise objections, good—interest is alive, and you can add pinpoint proof. If they say nothing (or go vague), start worrying: they may have already mentally deleted you as an option. This is the moment to clarify, re-anchor to outcomes, and confirm next steps in the sales cycle. Do now: Use one trial close per phase. Treat objections as data, not drama, and log them into your CRM as themes to address. Conclusion: the cadence that keeps you credible and gets you paid This five-phase cadence works because it respects how adults buy: they need proof, relevance, and a clear path from "today" to "better." Keep the sequence tight—facts, then benefits, then application, then evidence, then a trial close—and you'll avoid the two killers of modern selling: feature-dumps and wishful thinking. Author credentials Dr. Greg Story, Ph.D. in Japanese Decision-Making, is President of Dale Carnegie Tokyo Training and Adjunct Professor at Griffith University. He is a two-time winner of the Dale Carnegie "One Carnegie Award" (2018, 2021) and recipient of the Griffith University Business School Outstanding Alumnus Award (2012). As a Dale Carnegie Master Trainer, Greg is certified to deliver globally across all leadership, communication, sales, and presentation programs, including Leadership Training for Results. He has written several books, including three best-sellers — Japan Business Mastery, Japan Sales Mastery, and Japan Presentations Mastery — along with Japan Leadership Mastery and How to Stop Wasting Money on Training. His works have been translated into Japanese, including Za Eigyō (ザ営業), Purezen no Tatsujin (プレゼンの達人), Torēningu de Okane o Muda ni Suru no wa Yamemashō (トレーニングでお金を無駄にするのはやめましょう), and Gendaiban "Hito o Ugokasu" Rīdā (現代版「人を動かす」リーダー). Greg also publishes daily business insights on LinkedIn, Facebook, and Twitter, and hosts six weekly podcasts. On YouTube, he produces The Cutting Edge Japan Business Show, Japan Business Mastery, and Japan's Top Business Interviews, which are widely followed by executives seeking success strategies in Japan.

united states president trust ai japan training benefits japanese write silence solution treat conclusion b2b cfo saas application results analysts provision applications crm compare collect adjunct professor tor kpi iso sme muda gartner nps salespeople soc forrester credible leadership training sla griffith university o kane suru spin selling before after tatsujin greg story japan sales mastery cutting edge japan business show

CCT 322: From Firewalls To AI: Building A Smarter Defense - CISSP Domain 7.7

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Feb 9, 2026 36:02 Transcription Available

Send us a textThe weakest link is often sitting on the edge, blinking away with expired firmware and no vendor support. We kick off with a blunt reality check on outdated firewalls, load balancers, and IoT gateways, and why waiting two years to retire them is a gift to attackers. From there, we guide you through Domain 7.7 with a practical blueprint for operating and maintaining detective and preventive measures that actually hold up under pressure.We unpack firewall fundamentals with clear, real‑world tradeoffs: when a simple packet filter is enough, when stateful inspection and deep packet inspection earn their keep, and how a WAF stops the web attacks your L3/L4 controls will miss. You'll hear how RTBH can deflect denial‑of‑service floods upstream, and why segmentation is your best friend for reducing blast radius—whether you use internal segmentation firewalls for R&D, Purdue‑style tiers for industrial networks, or controlled air gaps for the most sensitive systems. In the cloud, we separate security groups from true firewalls and show how to stitch policies across hybrid environments without creating blind spots.Detection makes prevention smarter, so we break down IDS versus IPS in plain language. Baseline first, then block with intent to avoid outages. We compare host‑based and network‑based sensors, explain where to place them, and share tactics for cutting alert noise. You'll also get straight talk on allowlists and blacklists, the right way to maintain them, and why stale entries cause the ugliest outages. We explore sandboxing for safe detonation and learning, and give an unvarnished take on honeypots and honeynets—where they help, where they waste time, and what legal lines to respect.Not every team can build a 24x7 SOC, so we outline how MSSPs can extend your coverage with clear SLAs and ownership. Endpoint anti‑malware remains non‑negotiable, but tool sprawl is a trap—choose a strong EDR and manage it well. Finally, we dive into AI and machine learning: how they supercharge detection, triage, and response—and how adversaries use them too. The throughline is simple: shrink attack surface, raise signal quality, and respond faster than threats can pivot. If this helps you secure one more edge box or tune one more control, share it with a teammate, subscribe for more practical walkthroughs, and drop a review so we can keep raising the bar together.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

ai defense smarter iot purdue domain ids detection ips baseline soc firewalls endpoint edr cissp slas waf mssps

#318 - Övervakningens resa - Från signaturer till beteenden

IT-säkerhetspodden

Play Episode Listen Later Feb 9, 2026 34:03

Erik Zalitis och Mattias Jadesköld tar sig en titt på hur övervakningen utvecklats. Det började med att säkerställa att systemet var tillgängligt och har numera kommit till deep-learning-AI-säkerhetsincidentdetektering. Oavsett om det är ett ord eller inte har övervakningen blivit mer komplext. Vad är nödvändigt att övervaka? Var ska man börja? Hur började det hela på 90-talet och hur ser det ut idag? Och kan AI idag ta över människans arbete (som en SOC och en NOC gör)? Läs mer här: https://www.itsakerhetspodden.se/318-overvakningens-resa-fran-signaturer-till-beteenden/

ai var soc resa noc oavsett beteenden

TQ294: Valve verschiebt Steam Machine, arbeitet an VRR über HDMI und besserem Upscaler; SoC für nächste Xbox sei 2027 bereit laut AMD; Ryzen X3D-CPUs verlieren mit Single-Channel-RAM kaum Leistung

Technikquatsch

Play Episode Listen Later Feb 9, 2026 73:23

Man hat schon damit gerechnet: Valve verschiebt die Steam Machine, natürlich wegen der anhaltenden Speicherkrise. Spätestens jetzt wäre ein konkreter Termin und ein Preis zu verkünden gewesen, stattdessen heißt es jetzt erste Jahreshälfte. Als kleiner Trost bestätigt Valve, weiter an VRR über HDMI zu arbeiten und daneben auch an einem verbesserten Upscaler. Damit kann eigentlich nur FSR 4 gemeint sein. Inoffizielle Implementierungen von FSR 4 (oder FSR AI wie es inzwischen heißt) für RDNA 2 und RDNA 3 gibt es auf Linux schon länger über Forks von Proton oder auf Windows über Optiscaler. Eine offizielle Version für die älteren Architekturen, oder zumindest für RDNA 3, wäre aber sehr begrüßenswert. Und überfällig. AMDs CEO Dr. Lisa Su hat im Conference Call zu den letzten Geschäftszahlen wohl Microsoft überrumpelt und verkündet, dass der SoC für die nächste Xbox 2027 bereit sei. Grundsätzlich sind bisher auch alle (bis auf André Peschke) davon ausgegangen, dass die nächsten Konsolen 2027 erscheinen würden. Aber dann kam die ganze Sache mit dem Speicher. Und jetzt ist vermutlich auch Microsoft nicht mehr sicher, ob die nächste Xbox 2027 erscheinen wird. Viel Spaß mit Folge 294! Sprecher:innen: Meep, Michael Kister, Mohammed Ali DadAudioproduktion: Michael KisterVideoproduktion: Mohammed Ali Dad, Michael KisterTitelbild: Mohammed Ali DadBildquellen: Valve/Bild von katermikesch auf PixabayAufnahmedatum: 07.02.2026 Besucht unsim Discord https://discord.gg/SneNarVCBMauf Bluesky https://bsky.app/profile/technikquatsch.deauf Youtube https://www.youtube.com/@technikquatsch https://www.youtube.com/@technikquatschgamingauf TikTok https://www.tiktok.com/@technikquatschauf Instagram https://www.instagram.com/technikquatschauf Twitch https://www.twitch.tv/technikquatsch RSS-Feed https://technikquatsch.de/feed/podcast/Spotify https://open.spotify.com/show/62ZVb7ZvmdtXqqNmnZLF5uApple Podcasts https://podcasts.apple.com/de/podcast/technikquatsch/id1510030975Deezer https://www.deezer.com/de/show/1162032 00:00:00 Herzlich willkommen zu Technikquatsch Folge 294! 00:02:52 Valve verschiebt Steam Machine, arbeitet an HDMI VRR und besserem Upscaler.https://store.steampowered.com/news/group/45479024/view/625565405086220583?l=english 00:10:50 Chinesische Hersteller von Speicherchips rücken in den Fokus.http://winfuture.de/news,156633.html 00:19:49 CPU-Tests als Vergleich zwischen RAM im Dual Channel und mit einem Riegelhttps://www.computerbase.de/artikel/arbeitsspeicher/ram-ein-modul-intel-core-ultra-200s-test.95998/ 00:24:55 SoC für neue Xbox werde 2027 bereit sein laut AMD. Ob Microsoft bereit sein wird, ist fraglich.https://www.computerbase.de/news/gaming/next-gen-konsole-amd-nennt-einen-moeglichen-starttermin-fuer-die-naechste-xbox.96024/ 00:30:29 Nachtrag zu Kernfusion und ITERhttps://www.simplyscience.ch/teens/wissen/strom-aus-kernfusionhttps://www.iter.org/ 00:38:03 Börse unruhig wegen Auswirkungen von AI auf SaaS-Unternehmen.https://www.reuters.com/business/media-telecom/global-software-stocks-hit-by-anthropic-wake-up-call-ai-disruption-2026-02-04/ 00:47:40 Kursstürze von Gaming-Unternehmen wie Take Two nach Release von Google Genie.https://bsky.app/profile/jasonschreier.bsky.social/post/3me7ii5loxs2z 01:02:27 Mo schaut: Es: Welcome to Derryhttps://www.imdb.com/title/tt19244304/ 01:11:54 Hinweis: Onimusha 2: Samurai’s Destiny auf Technikquatsch Gaminghttps://www.youtube.com/watch?v=-8iWiB3DxlM

spotify tiktok ai man microsoft single twitch discord als xbox windows gesch fokus damit ram sache auswirkungen preis vergleich samurai termin leistung kaum linux valve amd take two laut herzlich bereit sprecher grunds soc forks trost verlieren hdmi proton cpus conference call speicher arbeitet steam machines nachtrag konsolen jahresh amd ryzen fsr kernfusion meep vrr lisa su verschiebt rdna architekturen besserem saas unternehmen

131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 8, 2026 42:58

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios AcademyPub date: 2026-02-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring, SOC operations, and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

lessons drawing field academy ot ir monitoring cambios soc bryan singer incident response listen notes

Jeep JL/JT Aux Battery Destroying Your Main Battery? Here's Why

Jeep Talk Show, A Jeep podcast!

Play Episode Listen Later Feb 6, 2026 59:26

South Carolina got a taste of snow... but Southeast Texas turned it into a full wonderland meltdown!

spotify real cost south south carolina walmart choices weather pros remove cons pulling batteries fix buried destroying replacing busting jeep common mistakes usage aux fuse soc installing discord server ess spoiler no southeast texas concluding remarks bcm jeep gladiator future episodes idling tazer new battery alternator diy guide nicky g jeeptalkshow

AD #4226 - Tesla Mass Produces Dry Electrodes to Slash Costs By $1 Billion; Analyst Predicts Chinese OEMs Will Launch U.S. Joint Ventures In 2026; Ford Talks with Geely To Fill Excess Factory Capacity in Spain

Autoline Daily - Video

Play Episode Listen Later Feb 4, 2026 9:04

- Ford Talks with Geely To Fill Excess Factory Capacity in Spain - NADA CEO Mike Stanton Calls Chinese Car Imports "Bad for Consumers” - Analyst Predicts Chinese OEMs Will Launch U.S. Joint Ventures In 2026 - Tesla Mass Produces Dry Electrodes to Slash Costs By $1 Billion - Uber's Margin Squeeze: Lower Profits Today, More Robotaxis Tomorrow - Renault To Build EV Motors in France Using Chinese Components - $4 A Day for A New Car: China's 8-Year Loan War Begins - Honda And Mythic Co-Develop Energy-Efficient Ai Chips for SDVs - Singing Fish and Grizzly Bears: Jeep's "Cruel" New Cherokee Ad

AD #4226 - Tesla Mass Produces Dry Electrodes to Slash Costs By $1 Billion; Analyst Predicts Chinese OEMs Will Launch U.S. Joint Ventures In

Autoline Daily

Play Episode Listen Later Feb 4, 2026 8:49 Transcription Available

Double Trouble: Microsoft Office and Fortinet FortiCloud Flaws Under Attack

spotify attack flaws soc double trouble microsoft office fortinet cves

Play Episode Listen Later Feb 4, 2026 5:59

Got a question or comment? Message us here!This week's #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Metro bug, more social bans, leaky Moltbook

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Feb 4, 2026 7:04

React Native Metro bug impacts thousands of servers Greece and Spain set to ban social media for kids Moltbook shows the dangers of vibe coding Get the show notes here: https://cisoseries.com/cybersecurity-news-metro-bug-more-social-bans-leaky-moltbook/ Huge thanks to our sponsor, Strike48 Security teams are stretched. Attack surfaces and threat volumes keep growing, meanwhile SOC budgets stay flat and glorified chatbots with hallucination problems aren't helping. Strike48 is different. Agents scale independently, running investigations across your logs while your team can concentrate on the highest priority tasks that require human judgment and decision making. Try it today at Strike48.com/security.

social spain attack greece metro bans leaky soc

Exclusive Networks Tackles the Cybersecurity Talent Gap with CyberFarm and Channel Enablement, Podcast

Telecom Reseller

Play Episode Listen Later Feb 4, 2026

Jason Beal, President, Americas, and Danielle Skipper, HR Business Partner at Exclusive Networks, joined Doug Green, Publisher of Technology Reseller News, to discuss one of the most pressing challenges facing MSPs and VARs today: the shortage of qualified cybersecurity talent and the need for practical, scalable solutions. Beal opened the conversation by describing Exclusive Networks as a global go-to-market specialist and value-added distributor focused on cybersecurity and security-adjacent technologies. As the company worked closely with vendors and channel partners worldwide, a consistent theme emerged—partners were struggling not only to attract skilled cybersecurity professionals but also to retain them. “We heard over and over from our partners and vendors that they were really struggling with attracting the right talent and retaining that talent,” Beal said, noting that this feedback prompted Exclusive Networks to develop a structured response. That response is CyberFarm, a university-based workforce development program launched at Cal Poly that combines hands-on experience with real-world channel exposure. Skipper explained that the program began four years ago with just three students and has since grown to support more than two dozen at a time, with over 100 students having passed through the initiative overall. “Imagine having someone who's spent two years learning the channel, working with vendors, earning certifications, and supporting real partners—by the time they graduate, they're ready to hit the ground running,” Skipper said. Unlike traditional internships, CyberFarm students work for at least 12 months—often two years or more—supporting both Exclusive Networks and its ecosystem of partners and vendors. Participants gain experience across a wide range of functions, including SOC analysis, business development, marketing, content creation, and sales operations. For MSPs and VARs, this creates access to a proven talent pool with significantly reduced ramp-up time and risk compared to traditional hiring. The discussion also highlighted how CyberFarm enables partner growth. Skipper shared examples of MSPs using CyberFarm talent to scale operations rapidly, adding capacity in engineering, marketing, and renewal management at critical growth stages. “For some partners, CyberFarm has been the difference between staying flat and scaling their business two, three, or four times,” she said. Beyond talent development, Beal outlined Exclusive Networks' broader enablement strategy for the channel. This includes pre- and post-sales technical services, go-to-market support, authorized training and certification programs, and CloudRise, a security services organization acquired by Exclusive Networks to act as a virtual engineering bench for partners. “Enablement isn't just a buzzword for us,” Beal said. “It's about putting MSPs in a position to succeed—technically, operationally, and now from a talent perspective as well.” As the conversation wrapped up, both guests emphasized that while AI and automation are reshaping cybersecurity, human expertise remains essential. Exclusive Networks' approach blends “AI and AIR”—artificial intelligence alongside authentic human relationships—to help partners grow sustainably. More information about Exclusive Networks and its channel programs is available at https://www.exclusive-networks.com/.

president ai talent exclusive air americas cybersecurity publishers networks tackles skipper beal soc enablement cal poly vars msps hr business partner doug green

131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy

Play Episode Listen Later Feb 4, 2026 42:58

In this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring & SOC and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.

lessons drawing field academy ot ir monitoring cambios soc bryan singer incident response

Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444

Paul's Security Weekly

Play Episode Listen Later Feb 2, 2026 97:58

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

ai interview vice president modern resilience attack initial entry webb cisco flows segments warwick emp soc ciso sentinelone enterprise security weekly

EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents

Cloud Security Podcast by Google

Play Episode Listen Later Feb 2, 2026 28:56

Guest: Dennis Chow, Director of Detection Engineering at UKG Topics: We ended our season talking about the AI apocalypse. In your opinion, are we living in the world that the guests describe in their apocalypse paper? Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether? Your team has a hybrid agent workflow: could you tell us what that means? Also, define "AI agent" please. What are your production use cases for AI and AI agents in your SOC? What are your overall SOC metrics and how does the agentic AI part play into that? It's one thing to ask a team "hey what did y'all do last week" and get a good report - how are you measuring the agentic parts of your SOC? How are you thinking about what comes next once AI is automatically writing good (!) rules for your team out of research blog posts and TI papers? Resources: Video version Agentic AI in the SOC: Build vs Buy Lessons EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP242 The AI SOC: Is This The Automation We've Been Waiting For? Google Cloud Skill Boost

director ai modern scaling playbook aspirations soc modernization been waiting for

Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444

Enterprise Security Weekly (Audio)

Play Episode Listen Later Feb 2, 2026 97:58

ai interview vice president modern resilience attack initial entry webb cisco flows segments warwick emp soc ciso sentinelone enterprise security weekly

Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444

Paul's Security Weekly TV

Play Episode Listen Later Feb 2, 2026 97:58

ai interview vice president modern resilience attack initial entry webb cisco flows segments warwick emp soc ciso sentinelone enterprise security weekly

Initial entry to resilience: understanding modern attack flows and this week's news - Warwick Webb - ESW #444

Enterprise Security Weekly (Video)

Play Episode Listen Later Feb 2, 2026 97:58

ai interview vice president modern resilience attack initial entry webb cisco flows segments warwick emp soc ciso sentinelone enterprise security weekly

Why MFA Isn't the Safety Net You Think It Is with Yaamini Barathi Mohan

Hacker Valley Studio

Play Episode Listen Later Jan 29, 2026 32:34

Phishing didn't get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

ai thinking co founders microsoft discord cloud mentorship mfa phishing cpo soc safety net mohan

Inside Ulta Beauty's SOC: Lessons from retail

The Intel by Auror: Retail Crime Intelligence Podcast

Play Episode Listen Later Jan 29, 2026 53:45

What does meaningful support look like when retail associates face their most difficult moments?In this episode, Julie Lawson from the Loss Prevention Foundation hosts a conversation with Mike Korso, Director of Loss Prevention Intelligence at Ulta Beauty, and Bobby Haskins of Auror to unpack how Ulta built its EPICenter and why associate safety sits at the center of every decision.From creating a centralized security operations center from a blank slate to rethinking how intelligence, technology, and people work together, the discussion offers a grounded look at what it takes to support stores in real time while earning trust across the business.In this episode, you'll learn:How Ulta designed its EPICenter around associate experience and life safetyWhat retailers should prioritize when building or evolving a security operations centerWhy soft skills, accuracy, and speed matter as much as technologyJump into the conversation:(00:00) Why associate support is the most valuable return on investment(03:16) Introducing Ulta Beauty's EPICenter and its mission(07:29) Securing leadership buy-in for a centralized SOC(11:13) Foundational roles and workflows inside the EPICenter(14:45) Choosing technology based on life safety priorities(18:30) Managing alert fatigue and intelligence accuracy(21:46) How Auror supports EPICenter intelligence workflows(24:24) Measuring impact beyond financial metrics(32:00) Key lessons from four years of SOC operations(35:01) Skills needed to lead a security operations center(42:27) Notifications and critical incident response(47:49) Technology risks and future blind spotsResources:Mike's LinkedIn: https://www.linkedin.com/in/michael-korso-mba-cfi-lpc/ Bobby's LinkedIn: https://www.linkedin.com/in/bobbyhaskins/ Julie's LinkedIn: https://www.linkedin.com/in/julie-lawson-mba-lpc-15b6231b/ Understand the latest organized retail crime trends: https://www.auror.co/retail-crime-insights-report Learn more about organized retail crime: https://www.auror.co/organized-retail-crimeRetail Secure Conference details: https://rccretailsecure.ca/agenda/Auror's website: ⁠https://www.auror.co/⁠

director technology lessons managing skills retail measuring securing foundational soc notifications epicenter ulta ulta beauty auror

Top Ransomware Threats Dominating Early 2026

spotify threats dominating ransomware soc

Play Episode Listen Later Jan 28, 2026 7:37

Got a question or comment? Message us here!Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how they're getting in, what infrastructure they're targeting, and the key indicators your SOC should be watching to stay ahead.

2025 a Tipping Point: GENIUS, $308B Stablecoins, XRP & NFT Wins, Circle IPO

Fintech Confidential

Play Episode Listen Later Jan 27, 2026 62:41 Transcription Available

Tedd Huff, CEO of fintech advisory firm Voalyre and host of Fintech Confidential, sits down with Fintech Confidential CI, Robert Musiala, Partner at Baker Hostetler and co-leader of their Web3 and Digital Assets team, to break down what made 2025 the most consequential year in crypto regulation. The SEC reversed course, the Genius Act passed at lightning speed, and stablecoins exploded from $205 billion to $308 billion in market cap. This is the month-by-month breakdown of how regulatory clarity supercharged the entire industry.The SEC declared most crypto assets are not securities, dismantling years of legal uncertainty. Banks got the green light to offer crypto custody and exchange services. Circle's IPO validated stablecoins as core financial infrastructure. The Genius Act created the first federal stablecoin framework while banning yield payments and imposing strict reserve requirements. NFTs gained legal clarity, DeFi got legitimized, and crypto-native firms started filing for bank charters. If you're building in crypto, investing in blockchain, or trying to understand where regulation is headed in 2026, this breaks down the exact moves that matter.TAKEAWAYS:1️⃣ Genius Act created federal stablecoin operating rules2️⃣ Stables finally legal under federal framework3️⃣ IRS solves crypto tax confusion overnight4️⃣ Stablecoin yield payments now completely banned5️⃣ SEC stops lawsuits, issues guidance insteadLINKS:Guest: Robert MusialaLinkedIn: https://www.linkedin.com/in/robert-musiala/Baker Hostetler: https://www.bakerlaw.com/people/robert-musialaBlockchain Monitor: https://www.blockchainmonitor.com/Company: Baker HostetlerWebsite: https://www.bakerlaw.com/Web3 & Digital Assets: https://www.bakerlaw.com/practices/web3-digital-assetsFintech ConfidentialPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialSUPPORTERS:DFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains - fintechconfidential.com/dfnsSkyflow: Zero trust data privacy vault for PCI, CCPA, GDPR, SOC 2 compliance - skyflowsecure.comHawk: AI tools for real-time payment screening and fraud prevention - gethawkai.comABOUT:Robert Musiala is Partner and co-leader of Baker Hostetler's Web3 and Digital Assets team, providing weekly analysis on the Blockchain Monitor blog. Baker Hostetler is a leading U.S. law firm with over 900 attorneys serving blockchain clients from startups to Fortune 500 companies.Tedd Huff is the Founder of Voalyre and Diamond D3, professional services consulting firms focused on global payments and marketing. He is also video podcast host and executive producer on the Fintech Confidential network. Over the past 25+ years, he has contributed to FinTech startups as an Advisory Board Member, Co-Founder, and Chief Experience Officer, providing strategic and tactical direction for global companies, focusing on growth while delivering process improvements and user experience-driven value to simplify the complexity of payments.CHAPTERS:00:00 Episode Highlights02:08 Dfns: Wallets as a Service (sponsor)04:01 2025 Regulatory Changes and Market Impact04:43 January: SEC's Tone Shift and Market...

Vinay Toomu on ScaleFluidly's Revenue Orchestration Platform, AI & Adoption

CPQ Podcast

Play Episode Listen Later Jan 25, 2026 31:41

In this CPQ Podcast episode, Frank Sohn sits down with Vinay Toomu, who leads both ScaleFluidly (CPQ / quote-to-order platform) and CommerceCX (a systems integrator working with Salesforce and Conga). Since Vinay's last appearance in 2023, ScaleFluidly has matured into a full quote-to-order revenue orchestration platform—built on a composable core engine that customers can extend with their own apps. Vinay shares what he sees across real implementations: the biggest wins come from improving adoption, reducing friction for sales teams, and putting the right governance in place. They discuss support for direct sales, partner sales, and ecommerce, ScaleFluidly's low-code/no-code approach, and how their architecture differs for SMB (multi-tenant)versus enterprise (environment separation). The episode also covers newer capabilities like role-based controls, security certifications (ISO 27001 and SOC 2 Type 2), and a Chrome assistant designed to streamline CRM workflows. Finally, they unpack ScaleFluidly's practical view of AI in CPQ—where it works today, what's harder at enterprise scale, and how consolidation in the CPQ market could influence innovation.

ai platform adoption revenue crm salesforce chrome iso smb soc orchestration conga cpq

972 - This is Our Home 11

Play Episode Listen Later Jan 24, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. This is Our Home by Jim Phillips. October 18, 1976 Staten Island, New York City, New York Kevin mets a man with a terrible story while two other residents find an unusual tree. Dramatis Persone: Jim as the Keeper of Arcane Lore Randall as Frank Romero, Electrical Engineer Meredith as Marsha Janelle, Waitress Steve as Trae Grier, Gas Station Attendant Edwin as Kevin Mazer, Chemistry Teacher Gary as Peter Michale, Ex Pro Quarterback Sean as Kirk Griffin, Actor Download Subcription Options Podcast statistics

new york new york city games playing actor skype keeper staten island cthulhu soc waitress call of cthulhu electrical engineers jim phillips our home chemistry teacher arcane lore

971 - Curse of Nineveh 12

The Cybersecurity Defenders Podcast

Play Episode Listen Later Jan 23, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. Curse of Nineveh by Mike Mason, Mark Latham, Scott Dorward, Paul Fricker, and Andrew Kenrick Switchboard. October, 1925 London A rough man threatens the investigators but one investigator choses to face the peril. Dramatis Persone: Sean as the Keeper Edwin as Dame Agatha, Authoress Jonathan as Katherine "Kitty" Hall, Dilettante Steve as Connor Shaw, Archivist Max as Oswald Nickels, Big Game Hunter Gary as Heathcliff Hamilton, Military Officer Randall as Montgomery Helmsworth, Librarian Jim as Roger Schindler, Alienist Rachael as Maude Throckmorton, Adventuress Download Subcription Options Podcast statistics

games playing curse skype keeper librarians nineveh cthulhu soc call of cthulhu archivist alienist mark latham mike mason big game hunters dilettante connor shaw scott dorward

#285 - Defender Fridays: The future of SOC leadership with John Hubbard from SANS Institute

Play Episode Listen Later Jan 23, 2026 32:10

This week on Defender Fridays, John Hubbard, SANS Institute Cyber Defense Curriculum Lead, discusses the future of security operations and what it means for SOC leaders today. We'll be talking about:Building continuous improvement into SOC leadershipCurrent vendor and product trends shaping security operationsAI's real impact on SOC jobs and operationsFew instructors combine real-world security operations center (SOC) leadership, curriculum design, and frontline defense experience like John Hubbard. As a Senior Instructor at the SANS Institute, author of SANS SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations, and co-author of SANS LDR551: Building and Leading Security Operations Centers, John translates years of frontline SOC leadership into practical lessons students can immediately apply. His courses give participants more than technical knowledge—they build the skills and judgment that ensure professionals thrive in modern security operations.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience. Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!This episode is brought to you by LimaCharlie, the world's first SecOps Cloud Platform (SCP). Build and customize your security stack like "lego blocks" with our flexible, API-first solution.Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandImprove response times with automation and real-time capabilitiesTry the SecOps Cloud Platform free: https://limacharlie.ioHost: Maxime Lamothe-Brassard - Founder at LimaCharlie

leadership building register defenders eliminate api soc senior instructor sans institute john hubbard limacharlie

Cybersecurity: Building Confidence, Community, and Careers with Reanna Schultz

Stats On Stats Podcast

Play Episode Listen Later Jan 23, 2026 65:57

Reanna Schultz joins Stats On Stats to talk about what it really takes to build a meaningful career in cybersecurity. From breaking into the field without certifications to leading a SOC team, public speaking, and giving back through community-driven initiatives, Reanna shares honest lessons on confidence, networking, and knowing your worth. This episode blends real career advice with candid stories and practical guidance for anyone navigating tech today.Chapters00:00 Introduction and Fun Banter03:57 Plant Parenting and Personal Growth09:53 90s R&B Game Show12:41 Transition to Technology and Cybersecurity19:40 Public Speaking Journey and Challenges24:46 Advice for Aspiring Cybersecurity Professionals29:31 Hiring Practices in Cybersecurity35:53 Finding Your Passion in Tech40:27 Navigating Career Growth and Job Satisfaction55:04 Overcoming Imposter Syndrome59:46 The Value of Experience Over Certifications01:04:35 Giving Back to the CommunityGuest Connecthttps://www.youtube.com/@CyberSpeakLabs Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks | https://www.codeculturecollective.io Merch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & AffiliatesIntelliCON 2026Website: https://www.intelliguards.com/intelli... Register: www.eventbrite.com/e/1497056679829/?discount=STATSONSTATSUse Discount Code: "STATSONSTATS" for 30% offAntisyphon TrainingWebsite: https://www.antisyphontraining.com MAD20 TrainingWebsite: https://mad20.io Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com Dream Chaser's Coffee Website: https://dreamchaserscoffee.com Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind IntrusionsInDepthWebsite: https://www.intrusionsindepth.com -----------------------------------------------------Episode was shot and edited at BlueBox Studio Tampahttps://blueboxdigital.com/bluebox-studio/

Multi-stage SharePoint attack, SmarterMail bypass flaw, AI worries Davos

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Jan 23, 2026 9:27

Multi‑stage AiTM phishing and BEC campaign abusing SharePoint SmarterMail auth bypass flaw now exploited despite patch The problem of AI agents emerges at Davos Huge thanks to our sponsor, Dropzone AI All week we've talked about alert fatigue, MTTR, and the math that's breaking your SOC. Here's the proof. Dropzone AI is trusted by over 300 global enterprises and MSSPs. Named a Gartner Cool Vendor. Recognized in the Fortune Cyber 60. And backed by $37 million in Series B funding. But they're not stopping at a single agent. They're building toward fully agentic SOC teams where human engineers are augmented with specialized AI agents for threat hunting, detection engineering, and forensics. Your team deserves a backup that never sleeps. Book a demo at dropzone.ai. Find the stories behind the headlines at CISOseries.com.

ai attack stage named davos recognized worries bec soc flaw bypass series b sharepoint mssps gartner cool vendor ciso series

SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

Play Episode Listen Later Jan 22, 2026 6:33

Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Zoom Vulnerability A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access. https://www.zoom.com/en/trust/security-bulletin/zsb-26001/ Possible new SSO Exploit (CVE-2025-59718) on 7.4.9 https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ SANS SOC Survey The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches. https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter

970 - This is Our Home 10

Easy Catalan: Learn Catalan with everyday conversations | Converses del dia a dia per aprendre català

Play Episode Listen Later Jan 22, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. This is Our Home by Jim Phillips. October 18, 1976 Staten Island, New York City, New York A burst of work distracts the residents but when they have a respite they jump back into the investigation. Dramatis Persone: Jim as the Keeper of Arcane Lore Randall as Frank Romero, Electrical Engineer Meredith as Marsha Janelle, Waitress Steve as Trae Grier, Gas Station Attendant Edwin as Kevin Mazer, Chemistry Teacher Gary as Peter Michale, Ex Pro Quarterback Sean as Kirk Griffin, Actor Download Subcription Options Podcast statistics

new york new york city games playing actor skype keeper staten island cthulhu soc waitress call of cthulhu electrical engineers jim phillips our home chemistry teacher arcane lore

200: Objectes amb valor sentimental

Play Episode Listen Later Jan 22, 2026 25:11

Tema del dia Arribem a l'episodi 200 al·lucinant d'haver-ne fet tants, però amb ganes de fer-ne 200 més. A l'episodi d'avui comentem algunes qüestions que ens heu preguntat, com ara si es pot dir "bon dia" també a la tarda, fem un aclariment de pronúncia sobre el dígraf "ny" i, finalment, parlem d'objectes que tenen un valor sentimental per a nosaltres. Som-hi! Premis Martí Gasull: vota'ns! Cançó "Tanca els ulls", de Txarango Bonus El Joan descriu (o intenta descriure) un objecte suposadament impossible d'endevinar. En podeu trobar una imatge a Discord! Transcripció Andreu: [0:15] Bon dia, Joan! Joan: [0:16] Bon dia! Andreu: [0:17] Bon dia o bon vespre. L'altre dia van preguntar a la comunitat, el Mike, va ser, diu: "Podem dir 'bon dia' tot el dia? O hem de dir 'bona tarda'? Es pot dir 'bon vespre'?" I és una pregunta una mica complexa. Tu què dius, quan saludes la gent a la tarda, per exemple? Què dius, "bon dia" o "bona tarda"? Joan: [0:37] Jo crec que dic "bon dia". El que passa que hi ha gent que et respon així com dient: "Deus voler dir 'bona tarda', no?" Andreu: [0:43] Ja. Clar, és això, que avui dia, en català, sí que es pot dir "bona tarda", no hi ha cap problema, està recollit al diccionari, però tradicionalment en català sempre hem dit "bon dia" fins que s'ha fet fosc. Es pot dir "bon dia" tot el dia, fins que es fa fosc. I clar, i ara, per aquesta influència del castellà, que en castellà diuen "buenas tardes", doncs quan dius "bon dia", per exemple, a les quatre de la tarda, hi ha gent que et diu: "No, no, ara ja és tarda", i tu: "No, també és 'bon dia'". Joan: [1:17] Bé, és un debat una mica estèril, no… Andreu: [1:20] Però per als aprenents jo crec que és interessant, no?, saber si es pot dir "bon dia"… Clar, perquè en altres, en castellà, en anglès, tu dius "buenos días" o "good morning" només al matí. En canvi, nosaltres també ho podem dir a la tarda. I tu dius "bon vespre"? Joan: [1:35] No, tot i que hi estic molt a favor, eh?, m'agrada. Soc més de dir "bona nit" quan ja és fosc, però "bon vespre" poder és més acurat. Andreu: [1:44] Clar, perquè ara a l'hivern, que es fa de nit, no ho sé, a les sis, a les sis de la tarda, tu dius "bona nit", a les sis? Ja, és estrany, no? Llavors és millor "bon vespre". Joan: [1:53] Sí. Andreu: [1:54] Jo també, hi estic d'acord. Molt bé, doncs Joan, tu ens vas dir aquí al pòdcast que tens molts cosins… Joan: [2:00] Sí. Andreu: [2:01] Llavors, espero que ja hagis demanat/ordenat als teus cosins que ens votin! Joan: [2:06] Sí, sí, sí, sí, sí, sí, sí, sí! A més a més em fa molta gràcia perquè, bé, la gent que no ho sàpiga, ens van nominar als Premis Martí Gasull en la categoria d'Innovació o (alguna cosa) així. Andreu: [2:17] Sí, ho vam explicar amb la Sílvia a l'episodi passat. Joan: [2:20] D'acord. I sí, sí, sí, els hi vaig escriure i… em fa molta gràcia, perquè vaig fer molt espam així per WhatsApp, i tothom em responia amb la imatge, saps? La imatge aquella de: "Ja has votat", no sé què. I jo: "D'acord, d'acord". Però he de dir que dels meus cosins només m'ho han enviat dos, no sé els altres si m'han ignorat o què. Andreu: [2:36] Dos de cinquanta? Ui, Joan… Joan: [2:37] No tinc cinquanta cosins. O sigui, en tinc vint-i-un, el que passa que un parell… doncs això. Andreu: [2:42] Ah, d'acord. Joan: [2:43] Saps? Et vaig dir que per Nadal... A veure, jo diria que ara… Andreu: [2:45] Ah, que sou cinquanta familiars, d'acord. Joan: [2:47] Sí, sí. O més. A veure, he de dir que el meu pare és un "spammer", saps aquests boomers que només fan que enviar i reenviar missatges? Andreu: [2:57] Sí. Joan: [2:57] Jo confio que ell ho hagi reenviat a molta gent. Andreu: [3:00] D'acord. Confiem en el Jordi… Joan: [3:02] I ja devem anar pels deu milions de vots, Andreu, més que habitants hi ha a Catalunya. Fes-te membre de la subscripció de pòdcast per accedir a les transcripcions completes, a la reproducció interactiva amb Transcript Player i a l'ajuda de vocabulari.

whatsapp discord valor deus bon ui podem innovaci nadal catalunya soc sentimental clar andreu fes molt saps tanca llavors joan joan

Tesla hacked at Pwn2Own Automotive, Everest sitting on Under Armour data? PurpleBravo fake jobs campaign targets IP addresses

Joey Pinz Discipline Conversations

Play Episode Listen Later Jan 22, 2026 7:47

Tesla hacked at Pwn2Own Automotive Everest sitting on Under Armour data? PurpleBravo fake jobs campaign targets IP addresses Huge thanks to our sponsor, Dropzone AI Quick tip for SOC leaders measuring MTTR. Stop optimizing the human. Optimize what the human has to do. Dropzone AI handles the investigation legwork autonomously. Correlating alerts, gathering evidence, documenting findings. Your analysts only engage when it actually matters. The results are investigations that took hours and now take under 10 minutes with much better accuracy of up to 30%. And analysts who can finally focus on real threats. Proven at over 300 enterprises who have deployed Dropzone AI. See the data at dropzone.ai.

data fake jobs tesla campaign sitting ip mount everest targets proven optimize hacked automotive armour under armour soc correlating pwn2own ip addresses

#805 MSSP Alert Live - Tony Pietrocola:

Play Episode Listen Later Jan 21, 2026 30:30

Send us a textIn this high-energy and entertaining episode, Joey Pinz sits down with cybersecurity founder and unabashed Italian-American storyteller Tony Pietrocola. From stomping grapes as a child to running an AI-driven security operations platform, Tony brings a rare blend of toughness, humor, and entrepreneurial clarity.They jump from wine, cooking, and massive NFL bodies to college football, concussions, and how elite athletes are built differently. Tony shares what makes college football the real American spectacle—and why private equity is about to reshape the sport.On the cybersecurity front, Tony breaks down the challenges MSPs face, why most still struggle with security, and how AgileBlue helps them build profitable, white-label practices without the overhead of running a SOC. He explains the three questions every MSP should ask a vendor, the rise of AI-assisted attacks, and why consolidation and greenfield opportunities are the biggest missed revenue streams.The conversation ends with health, habit, and personal transformation—discussing Joey's 130-lb weight loss, Tony's daily 5 a.m. workouts, and the childhood structure that forged their work ethic.

2026 Security Predictions: Agentic SOC, China Threats, and Quantum Readiness | A Brand Highlight Conversation with Vincent Stoffer, Field Chief Technology Officer of Corelight

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jan 21, 2026 7:50

Vincent Stoffer, Field Chief Technology Officer at Corelight, shares his predictions for 2026 and what security teams should prepare for in the coming year. With nearly a decade at Corelight and a background in network and security engineering, Stoffer brings a unique perspective on where the industry is heading.The conversation explores the emergence of the agentic SOC, where AI agents work alongside human analysts to accelerate detection, response, and incident resolution. Stoffer explains that while the protocols and tools have been in development, 2026 is the year organizations will finally see these capabilities deliver real results. The key differentiator, he notes, is data quality. Tools that provide rich, detailed, and comprehensive network evidence will thrive in this AI-enabled environment.Stoffer also addresses the persistent threat from nation-state actors, particularly China's Typhoon campaigns targeting critical infrastructure. From energy and telecoms to international partners, these threats continue to expand with AI-powered acceleration. Understanding your environment and detecting anomalous behavior remains essential for organizations facing these sophisticated adversaries.The discussion concludes with a look at post-quantum readiness. While quantum computing threats may be 10 to 20 years away, Stoffer emphasizes the importance of understanding cryptographic assets now. Corelight has published a white paper detailing how NDR provides the network visibility needed to locate cryptographic assets and plan migration to quantum-ready cipher suites.This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTVincent Stoffer, Field Chief Technology Officer at CorelightOn LinkedIn: https://www.linkedin.com/in/vincent-stoffer-07057827/RESOURCESLearn more about Corelight: https://corelight.comAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSVincent Stoffer, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic SOC, network detection and response, NDR, critical infrastructure security, nation-state threats, China Typhoon campaigns, Salt Typhoon, Volt Typhoon, post-quantum cryptography, quantum readiness, AI in cybersecurity, security operations, incident response, network visibility, Zeek Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

969 - Curse of Nineveh 11

Play Episode Listen Later Jan 21, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. Curse of Nineveh by Mike Mason, Mark Latham, Scott Dorward, Paul Fricker, and Andrew Kenrick Switchboard. October, 1925 London As they learn more about the latest victim of the curse, one investigator encounters a dangerous situation. Dramatis Persone: Sean as the Keeper Edwin as Dame Agatha, Authoress Jonathan as Katherine "Kitty" Hall, Dilettante Steve as Connor Shaw, Archivist Max as Oswald Nickels, Big Game Hunter Gary as Heathcliff Hamilton, Military Officer Randall as Montgomery Helmsworth, Librarian Jim as Roger Schindler, Alienist Rachael as Maude Throckmorton, Adventuress Download Subcription Options Podcast statistics

games playing curse skype keeper librarians nineveh cthulhu soc call of cthulhu archivist alienist mark latham mike mason big game hunters dilettante connor shaw scott dorward

CISA Retires 10 Emergency Directives – Progress for Feds, Wake-Up for the Rest of Us

Play Episode Listen Later Jan 21, 2026 6:31

Got a question or comment? Message us here!CISA has officially retired 10 emergency directives ... marking real progress for federal cybersecurity

spotify progress wake emergency retires feds soc cisa directives

968 - This is Our Home 09

Play Episode Listen Later Jan 20, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. This is Our Home by Jim Phillips. September 27, 1976 Staten Island, New York City, New York The residents are still reeling from recent events when another important piece of paper is found. Dramatis Persone: Jim as the Keeper of Arcane Lore Randall as Frank Romero, Electrical Engineer Meredith as Marsha Janelle, Waitress Steve as Trae Grier, Gas Station Attendant Edwin as Kevin Mazer, Chemistry Teacher Gary as Peter Michale, Ex Pro Quarterback Sean as Kirk Griffin, Actor Download Subcription Options Podcast statistics

new york new york city games playing actor skype keeper staten island cthulhu soc waitress call of cthulhu electrical engineers jim phillips our home chemistry teacher arcane lore

No Password Required Podcast Episode 68 — Rob Hughes

No Password Required

Play Episode Listen Later Jan 20, 2026 44:51

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7: Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point. The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

security champion transitioning launching geeks chapters cybersecurity i am compliance required mfa federation passwords risk management tipping points early days phishing managing stress tech startups soc rsa ciso data protection fido information security authentication zero trust infosec digital identity cloud security incident response security policies data governance critical infrastructure grc cyber risk it security sso passkeys cyber resilience cloud infrastructure access management identity management access control chief technologist security operations security awareness security strategy physical security supply chain security vulnerability management enterprise security digital trust provisioning it operations threat detection dream cars security architecture security culture attack surface corporate security identity security password security security engineering security operations center early internet security teams enterprise it anomaly detection fido2 operational risk infrastructure security patch management cybersecurity leadership secure access security controls account takeover security innovation tech history security governance security monitoring technical leadership cybersecurity podcast least privilege rob hughes identity governance cybersecurity careers carlton fields user authentication

Department of Know: Easterly helms RSAC, Third party apps report, Self-poisoning AI

Play Episode Listen Later Jan 20, 2026 36:56

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Dmitriy Sokolovskiy, senior vice president, information security, Semrush, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Dropzone AI How many alerts did your SOC investigate last week? How many sat in the queue untouched? If you don't know those numbers, or you don't like them, Dropzone AI can help. They've helped enterprises like UiPath and Zapier handle ten times more alerts without adding headcount. Their AI SOC agents work around the clock, investigating every alert autonomously. Book a demo and they'll show you exactly how many hours you could recover. Head over to dropzone.ai and request your demo today. All links and the video of this episode can be found on CISO Series.com

head poisoning zapier soc helms semrush uipath easterly rsac sarah lane third party apps ciso series

Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance

Absolute AppSec

Play Episode Listen Later Jan 20, 2026

In this episode of Absolute AppSec, Nathan Hunstad, Director of Security at Vanta, discusses the intersection of security policy, governance, and technical defense. Drawing on his unique background in political science and the Minnesota state legislature, Hunstad argues that policy acts as the essential "conductor" for an organization's security tools. A major theme of the conversation is the challenge of compliance for startups, with the group advising founders to prioritize business survival and basic security hygiene—like password managers and IAM—before pursuing intensive certifications like SOC 2. The discussion also explores how AI is accelerating both development velocity and the ability to automate tedious security questionnaires. Furthermore, Hunstad contrasts the security posture of modern, cloud-native startups against legacy enterprises, noting that older organizations often struggle with "dark corners" of un-inventoried, vulnerable legacy tech. The episode concludes with a critique of outdated authentication standards, specifically advocating for the removal of mandatory password rotation in favor of NIST-aligned, phishing-resistant MFA.

director ai minnesota drawing security i am compliance mfa soc nist vanta security governance

EP497: What You Don't Know About Healthcare Transactions and Clearinghouses Could Cost You, With Zack Kanter

Relentless Health Value

Play Episode Listen Later Jan 15, 2026 38:27

Okay. This show today is part of our Relentless Health Value "The Inches Are All Around Us" series. This Inches Talk is a metaphor for finding all those little places where there is healthcare waste as a first step in an effort to excise all these little pockets of waste. For a full transcript of this episode, click here. If you enjoy this podcast, be sure to subscribe to the free weekly newsletter to be a member of the Relentless Tribe. Shane Cerone said this phrase during episode 492, and I loved it because there are inches all around us for sure. And the thing with all these inches that we're gonna talk about today and last week and next week and the week after that, yeah, these are inches that actually you could cut them. And there are millions and billions of dollars, and you actually improve patient care. You improve clinical team experience. Also, you're cutting out friction and making it easier to do the right thing to care for patients. These are no-brainer kinds of stuff if your North Star is better and more affordable patient care, but they are also somebody else's bread and butter in a "one person's cost is another person's revenue" kind of way. So, yeah … what makes perfect common sense might not be as easy as it might look on paper, as we all know so well. So, last week we dug into all of the inches of expensive friction that develop when stakeholders interact—like, a clinical organization and a payer and a plan sponsor, self-insured employer. They try to get paid or pay. They try to direct contract because what will be found fast enough is that the data is not the data is not the data, as Mark Newman talked about last week (EP496); and a dollar is not a dollar is not a dollar. Again, you'll find this out fast enough. All of you know when you talk to entities up and down the patient journey or across the life of a claim, otherwise known as a healthcare transaction. It's mayhem to get a claim paid often enough. Each stakeholder comes in with their own priorities and views and accounting methods and various rollups. I like how Stephanie Hartline put it. She wrote, "Healthcare … moves through many hands without a rail that preserves truth along the way. Attribution breaks, and truth gets reassembled later. The difference isn't capability—it's infrastructure. Line-item billing ≠ line-item settlement." Or I also like how Chris Erwin put it. He wrote, "When the blueprint isn't standardized, you aren't scaling. You're just compounding chaos." And yeah, then all of a sudden when there's no through line, there's no rail that connects all the data to the data to the data, or all the dollars to the dollars to the dollars. Suddenly 30% of any given healthcare transaction goes to trying to straighten it all back out again—to reassemble it, as Stephanie said. It's like unleashing 100 chaos monkeys and then having to pay to recapture them all. Listen to the show with David Scheinker, PhD (EP363) from last year about "Hey, how about we all just use the same template and avoid a lot of this." Or read Zeke Emanuel's book about how the USA should potentially consider copying the Netherlands model because they have private insurance. But they cut admin costs 75% or something like that. Oh, right … through standardization. Jesse Hendon summarized this the other day. He wrote, "Providers don't need armies of coders to fight 50 different insurance rule books [when you have some standardization here]." I say all this to say after recording the episode with Mark Newman from last week, I have become intently fascinated by what goes on in this non-standardized or otherwise friction points between stakeholders. There are a lot of inches in this gray area land of confusion. This show today digs into one of them, which is what does it take to process a claim? Just technically. What are the pipes involved to submit a claim and, again, get paid for it, which is a healthcare transaction—just simply the technology moving the data around—even if everything in the pipes is a non-standardized hot mess. Because just fixing up the processing and the pipes here—again, while this doesn't solve the entire data isn't a data isn't a data or a dollar isn't a dollar isn't a dollar problem—if we can just cut out some of the processing and the moving the data around costs, just this all by itself is $6 billion a year worth of inches. Plus, as an added bonus, fix up the pipes for better data flow and now patient care can be faster if, for example, the prior auth or etc. processes transpire faster. And clearinghouses have entered the chat. But you know, when clearinghouses come up, at least in my world, when the clearinghouse word gets dropped, it's usually accompanied by like a puff of smoke because no one is quite sure what those guys do all day. So, we all sort of look at each other in the conversation and move on. Lucky for me and possibly you if I've managed to suck you into my web of intrigue, I ran into Zack Kanter from Stedi, a new clearinghouse, who agreed to come on the pod here and aid my exploration into this demarcation zone between stakeholders. So, let's start here. What is a clearinghouse? Well, a clearinghouse is the same thing as a switch when we're talking about pharmacy data transfers, if you're familiar with that terminology and that's helpful. But either way, in the conversation with Zack Kanter that follows, Zack will explain this better; but clearinghouses are like a hub, maybe, that connects all the payers with all the providers. So, if you want an eligibility check or you wanna submit a claim or do a prior auth of the payer, whatever you're trying to do, get paid, you as an EHR system or a doctor's office or an RCM (revenue cycle management) company, you don't have to set up your own personal data connection with every single payer out there. You don't have to go through all the authentications and the BAAs (Business Associate Agreements) and map all the fields and set up the 100 SOC 2–compliant APIs (application programming interfaces). Instead, you can hook up to one clearinghouse, and then that clearinghouse connects with everybody else. So, most medical claims transactions have a clearinghouse in the middle, like an old-timey telephone operator routing your claim or denial or approval of that claim or eligibility check or whatever to the right place. And unfortunately, old-timey telephone operator is a pretty apt metaphor, depending on which clearinghouse you're using. Anyway, Zack Kanter told me that the price to just send and receive an electronic little piece of data in healthcare through a clearinghouse costs about 1,000 times more than any other industry would pay. Like, if you do an eligibility check, that's gonna cost 10 to 15 cents per. The trucking industry pays that much for 1,000 such data transfers. They would riot if someone asked them to spend a dollar for 10 data transfers. That'd be ridiculous in their eyes. But in healthcare, all these dimes add up to, again, $6 billion a year—them's some inches there—which also equal delays in payment and patient care. Now you might be thinking, "Oh, well, maybe it costs this much because healthcare is so much more complicated than trucking or whatever." Well, turns out the opposite is true: Because of HIPAA, ironically enough, healthcare is, in fact, much more standardized (we were talking about standardization before); but healthcare is actually much more standardized than many other industries due to HIPAA's administrative simplification rules, which mandate a universal language for transactions—the pipes I'm talking about now. So, actually, for as much as I was just kvetching about chaos monkeys, compared to other industries, the baseline construct here is actually much more orderly than, for example, the trucking industry or whatever, like Amazon or Walmart has to deal with with their millions of vendors. Now—and here's a really big point, especially for self-insured employers—you know who the main customer is for a lot of the more programmatic, the newer kinds of clearinghouses? I'll tell you: newer digital entities who do RCM (revenue cycle management) for provider organizations, and that can be great if you're a practice just trying to keep up with payer denials and expedite patient care. But look, all you plan sponsors and self-assured employers and maybe unions out there, the more RCM purveyors start working with programmatic clearinghouses, the more you not doing programmatic prepayment integrity programs with unconflicted third-party prepayment integrity vendors who are as hooked into the data streams and the clearinghouses as the RCM vendors are, the more, as I said last week, increasingly you're bringing an ever more rusty knife to a gunfight. So, that is certainly something to consider. There's a whole episode next week about this with Mark Noel from ClaimInsight. Or if you just can't wait, go back and listen to the show with Kimberly Carleson (EP480) just for the gist of it, or the one with Dawn Cornelis (EP285) from a few years ago. They're talking post-payment integrity programs, but a lot of the same rules apply. The show today is sponsored by Aventria Health Group, as usual. But I do want to say that we got some very appreciated financial support from Stedi, the only programmable healthcare clearinghouse. And here is my conversation about all of the inches that are all around us, specifically in the healthcare data pipes, with Zack Kanter, who is the CEO and founder over at Stedi. Also mentioned in this episode are Stedi; Shane Cerone; Mark Newman; Stephanie Hartline; Chris Erwin; David Scheinker, PhD; Zeke Emanuel, MD, PhD; Jesse Hendon; Mark Noel; ClaimInsight; Kimberly Carleson; Dawn Cornelis; Aventria Health Group; Preston Alexander; Eric Bricker, MD; and Kada Health. For a list of healthcare industry acronyms and terms that may be unfamiliar to you, click here. You can learn more at stedi.com. You can also follow Zack and Stedi on LinkedIn. Zack Kanter is the founder and CEO of Stedi, the only programmable healthcare clearinghouse. Stedi has raised $92 million from Stripe, Addition, First Round, USV, Bloomberg Beta, and other top investors. He has previously appeared on podcasts, including In Depth by First Round Capital, Invest Like the Best, Village Global, and Rule Breaker Investing. 09:47 What things are being paid for that we might not be aware we're paying for in healthcare? 12:09 Why HIPAA actually makes healthcare more standardized than other industries. 15:35 How healthcare is ahead in some ways and behind in others. 18:03 Where do the 4 to 5 days come from in healthcare transaction processing? 20:39 Why these transaction delays affect care delay. 23:14 EP482 with Preston Alexander. 23:18 EP472 with Eric Bricker, MD. 27:10 How should the process work from the time a provider clicks "validate"? 30:19 Why is the clearinghouse the right place to solve all these issues? 31:41 Why are we where we are in terms of these issues? 35:28 Why people should be looking at their clearinghouse costs. 36:59 What to know about Stedi. You can learn more at stedi.com. You can also follow Zack and Stedi on LinkedIn. @zackkanter discusses #healthcaretransactions and #clearinghouses on our #healthcarepodcast. #healthcare #podcast #financialhealth #patientoutcomes #primarycare #digitalhealth #healthcareleadership #healthcaretransformation #healthcareinnovation Recent past interviews: Click a guest's name for their latest RHV episode! Mark Newman, Stacey Richter (INBW45), Stacey Richter (INBW44), Marilyn Bartlett (Encore! EP450), Dr Mick Connors, Sarah Emond (EP494), Sarah Emond (Bonus Episode), Stacey Richter (INBW43), Olivia Ross (Take Two: EP240)

united states ceo amazon phd cost healthcare md walmart netherlands first round north star addition apis transactions stripe providers hipaa attribution soc ehr in depth kanter invest like rcm first round capital usv village global mark newman zeke emanuel bloomberg beta

967 - Burn the Gaspee 01

Joey Pinz Discipline Conversations

Play Episode Listen Later Jan 15, 2026

Skype of Cthulhu presents a Call of Cthulhu scenario. Burn the Gaspee, from Flames of Freedom. June 09, 1772 Providence, Rhode Island HMS Gaspee has run aground, and a group of disgruntled colonists rush to burn her to ashes. Dramatis Persone: Steve as the Keeper of Arcane Lore Max as Gerard Hartman, Whaler Gary as Keturah Wallis, Smuggler Randall as Prudence Collinsworth, Smuggler Jim as Modest Lynch, Mariner Rachael as Ansel Mallory, Boatswain Download Subcription Options Podcast statistics

freedom games playing burn skype providence rhode island keeper flames cthulhu soc call of cthulhu mariner smuggler whalers boatswain arcane lore

#802 MSSP Alert Live - Brianna Steele:

Play Episode Listen Later Jan 14, 2026 27:11

Send us a textIn this inspiring conversation, Joey Pinz speaks with cybersecurity advocate Brianna Steele, who brings a refreshing and deeply human perspective to one of the world's most technical professions. With a background in psychology and a passion for understanding human behavior, Brianna explains why attacker motivations, intentions, and emotional drivers are just as important as the tools they use.Brianna shares her journey from Arizona to the Washington, D.C. area, her involvement with Women in CyberSecurity (WiCyS), and why representation and mentorship are pivotal for bringing more women into the field. She breaks down how behavioral analysis shapes her interest in SOC work and why understanding “why people hack” matters as much as how they do it.The conversation expands into AI as a study companion, fasting and lifestyle discipline, motivation rooted in love, and the importance of self-awareness when entering a high-pressure industry. Brianna's warmth and clarity make this an energizing episode for anyone exploring cybersecurity, career transition, or personal growth.

music women spotify tiktok ai apple washington arizona psychology empowerment minds cybersecurity linktree steele women in tech thought leadership soc tom izzo opening doors mssp explore more wicys cybersecurity careers

966 - This is Our Home 08