Podcasts about SolarWinds

SolarWinds patches four critical remote code execution vulnerabilities. A ransomware attack on Conduant puts the data of over 25 million Americans at risk. RoguePilot enables Github repository takeovers. ZeroDayRat targets Android and iOS devices. North Korea's Lazarus group deploy Medusa ransomware against organizations in the U.S. and the Middle East. Attackers' breakout times drop to under half an hour.  CISA maintains its mission despite staffing challenges. Russian satellites draw fresh scrutiny. Two South Korean teenagers are charged with breaching Seoul's public bike service. Krishna Sai, CTO at SolarWinds, discusses why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI's tangible contributions. The Pope pushes prayerful priests past predictable programs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Krishna Sai, CTO at SolarWinds, discussing why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI's tangible contributions. Selected Reading Critical SolarWinds Serv-U flaws offer root access to servers (Bleeping Computer) Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans (GB Hackers) GitHub Issues Abused in Copilot Attack Leading to Repository Takeover (SecurityWeek) New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices (Hackread) North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East (The Record) CrowdStrike says attackers are moving through networks in under 30 minutes (CyberScoop) Shutdown at D.H.S. Extends to Cyber Agency, Adding to Setbacks (The New York Times) From Cold War interceptors to Ukraine: how Russia came to park spy satellites next to the West's most sensitive tech in orbit (Meduza) Korean cops charge two teens over Seoul bike hire breach (The Register) Pope tells priests to use their brains, not AI, to write homilies (EWTN News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you. Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver. 

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

In this episode of Security Squawk, Bryan Hornung, Reginald Ande, & Randy Bryan break down three stories that should change how executives think about cyber risk. This is not about tools, alerts, or vendor promises. It is about operational dependency, leadership accountability, and financial exposure when systems fail. Story one focuses on active exploitation of SolarWinds Web Help Desk vulnerabilities being used as an entry point for ransomware staging. Researchers are seeing attackers move fast after initial access, blending in by using legitimate remote management and incident response tools. That is the point. When attackers use normal looking admin utilities, many organizations do not detect the intrusion until the business impact is already locked in. If you run Web Help Desk or you have not verified your patch posture, this is a governance issue, not an IT debate. Patch timelines and exposure management are leadership decisions because they directly affect business interruption risk. Story two is a warning about the ransomware market adapting. As more organizations refuse to pay for data theft only extortion, threat actors are expected to pivot back toward encryption. Encryption creates urgency because it disrupts operations. The financial exposure shifts toward downtime, recovery labor, lost revenue, and customer churn. Executives should treat restore capability like a business continuity requirement. If your recovery plan has not been tested under pressure, it is not a plan. Story three covers the BridgePay ransomware incident and the downstream impact on merchants and local government services. Even when payment card data is not confirmed compromised, availability failures still create real harm. Customers do not care which vendor was hit. They only see that your business cannot process transactions. This is a clear reminder to revisit vendor criticality, SLAs, outage communications, and contingency processing options. Security Squawk is built for business owners, executives, board members, and IT leaders who want the real world impact without the fear marketing. Subscribe, share, and support the show at https://buymeacoffee.com/securitysquawk

Referências do EpisódioAnalysis of active exploitation of SolarWinds Web Help DeskBeyondTrust - Advisory ID: BT26-02CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRARoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Ukraine tightens controls on Starlink terminals VMware ESXi flaw now exploited SolarWinds Web Help Desk bug under attack Get the show notes here: https://cisoseries.com/cybersecurity-news-ukraine-tightens-controls-on-starlink-terminals-vmware-esxi-flaw-now-exploited-solarwinds-web-help-desk-bug-under-attack/ Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, maximizing log visibility without blowing your budget. Find threats your siloed tools miss. Get started today with pre-built AI agents and workflows that investigate, detect, and respond 24/7 or build your own at strike48.com/security.

Dug Song and Jon Oberheide are the co-founders of Duo Security.If you've never heard of Duo, it might be one of the most underrated software stories of all-time.Starting in 2010, they burned only $14 million to hit $100m in ARR, were acquired by Cisco for $2.35 billion in 2018, and now rumored to be doing over $1 billion in ARR inside Cisco 16 years later.We talk about how they built one of the most capital efficient SaaS companies ever from Ann Arbor, Michigan, and how their focus on the customer and company culture helped them win in a crowded cybersecurity market.We talk growing up in the early hacking culture of the 90s, why most security tools are painful to use, sizing their market, solving for non-consumption of a product, and how Duo flipped the model by designing for end users instead of security teams.We talk about staying in Michigan instead of moving to Silicon Valley, and why staying out of the tech bubble helped them execute.We break down the mechanics of scaling from zero to $100 million in ARR, everything they learned integrating with Cisco, and why more founders should build outside of San Francisco. A quick thank you ex-Duo employees Zack Urlocker, Ash Devata, and Katie Kilroy for their help brainstorming topics for the conversation.Try Numeral, the end-to-end platform for sales tax and compliance: [https://www.numeral.com](https://www.numeral.com/)Sign-up for Flex Elite with code TURNER, get $1,000: https://form.typeform.com/to/Rx9rTjFzTimestamps:(4:49) Meeting from Dug's Wi-Fi honeypot(7:33) 90's hacking culture and cybersecurity's wild west(14:49) How the internet was born in Ann Arbor(18:58) Staying in Michigan instead of moving to Silicon Valley(31:20) Philosophy on leadership and team building(39:48) What makes a good engineering leader(44:01) Starting Duo to make security easier(45:22) Why most security products suck(48:36) How fixing account takeover became a $1B ARR company(59:10) TAM, competition, fixing the non-consumption of security(1:04:04) Being a radical advocate for the customer(1:08:35) Duo's pizza sales play(1:12:45) Branding lessons from Anthropic, Tesla, Cliff Bar(1:17:47) When to say no to customers(1:21:27) Importance of culture when scaling(1:27:56) Duo's role in uncovering the SolarWinds breach(1:31:29) Scaling to $100M ARR on $14M burned(1:39:30) Inside the $2.35B Cisco acquisition(1:44:02) What big companies get wrong about customers(1:51:53) Building Michigan's startup ecosystemReferencedDuo Security: [https://duo.com](https://duo.com/)Cisco: [https://www.cisco.com](https://www.cisco.com/)University of Michigan: [https://umich.edu](https://umich.edu/)Follow DugTwitter: https://x.com/dugsongLinkedIn: https://www.linkedin.com/in/dugsongFollow JonTwitter: https://x.com/jonoberheideLinkedIn: https://www.linkedin.com/in/jonoFollow TurnerTwitter: https://twitter.com/TurnerNovakLinkedIn: https://www.linkedin.com/in/turnernovakSubscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week's cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess The Epstein files claim he had a personal hacker? Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again. Telco hides a free trip in its privacy policy, someone actually reads it and wins! This weeks's episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit Notepad++ Hijacked by State-Sponsored Hackers | Notepad++ Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++ Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog lcamtuf on X: "Moltbook debate in a nutshell" / X Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X Signal president warns AI agents are making encryption irrelevant Massive AI Chat App Leaked Millions of Users Private Conversations Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson EFTA01683874.pdf Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape Between Two Nerds: The internal logic of Russian power grid attacks - YouTube

Take a Network Break! We’ve got Red Alerts for HPE Juniper Session Smart Routers and SolarWinds. In this week’s news, Microsoft debuts its second-generation AI inferencing chip, Mplify rolls out a new Carrier Ethernet certification for supporting AI workloads, and AWS upgrades its network firewall to spot GenAI application traffic and filter Web categories. Google... Read more »

Take a Network Break! We’ve got Red Alerts for HPE Juniper Session Smart Routers and SolarWinds. In this week’s news, Microsoft debuts its second-generation AI inferencing chip, Mplify rolls out a new Carrier Ethernet certification for supporting AI workloads, and AWS upgrades its network firewall to spot GenAI application traffic and filter Web categories. Google... Read more »

Take a Network Break! We’ve got Red Alerts for HPE Juniper Session Smart Routers and SolarWinds. In this week’s news, Microsoft debuts its second-generation AI inferencing chip, Mplify rolls out a new Carrier Ethernet certification for supporting AI workloads, and AWS upgrades its network firewall to spot GenAI application traffic and filter Web categories. Google... Read more »

Tim Brown is the CISO at SolarWinds. In this episode, he joins host Paul John Spaulding and Bobby Ford, Chief Strategy & Experience Officer at Doppel, to discuss today's threat landscape and what organizations can do to protect themselves in light of new threats such as deepfakes and artificial intelligence. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Referências do EpisódioSolarwinds - WHD 2026.1 release notesCVE-2025-40551: Another Solarwinds Web Help Desk Deserialization IssueMultiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tacticCan't stop, won't stop: TA584 innovates initial accessTwo High-Severity n8n Flaws Allow Authenticated Remote Code ExecutionRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Tiered pricing is becoming the simplest way to sell AI-powered SaaS without turning your pricing page into a technical explanation. In my interview with Dan Balcauski, founder and Chief Pricing Officer at Product Tranquility, we talked about why AI is forcing new pricing decisions earlier than ever—and why "good, better, best" packaging often works because it keeps buying decisions clear while helping companies manage real AI costs.  The AI era is making pricing margin-aware again. Tiered pricing helps you protect margins without forcing buyers to learn your cost structure.  About Dan Balcauski Dan Balcauski is the founder and Chief Pricing Officer at Product Tranquility, where he helps high-volume B2B SaaS CEOs define pricing and packaging for new products. He is a TopTal certified Top 3% Product Management Professional and helps teach Kellogg Executive Education course on Product Strategy. Over the last 15 years, Dan has managed products across the full lifecycle—from concept incubation to launch, platform transitions, maintenance, and end of life—across consumer and B2B companies ranging from startups to publicly traded enterprises. He previously served as Head of Product at LawnStarter and was a Principal Product Strategist at SolarWinds. Why Tiered Pricing Is Winning in the AI Era For years, SaaS companies could price mostly around value because marginal costs were relatively stable. AI changes the math. Dan points out that companies are now cutting meaningful monthly checks to model providers, and leadership teams can't pretend cost-to-serve is irrelevant anymore.  That's a big reason tiered pricing is showing up everywhere right now. It gives teams a way to: Keep the offer simple for buyers Put premium capabilities where they belong Create a natural upgrade path that aligns with value and cost Most importantly, tiered pricing keeps you out of the weeds. The customer conversation stays focused on outcomes, not infrastructure. What Makes Tiered Pricing Actually Work Dan's point isn't "just shove AI into the top tier." Tiered pricing works when plan differences are easy to understand and tied to value drivers customers already recognize.  Here are three practical patterns from the discussion that hold up well in the AI era. 1) Put AI in higher tiers when it boosts a user's output If an AI feature makes a person more effective—faster drafting, better triage, higher quality responses—tiering can be straightforward. The buyer already understands why a "Better" or "Best" plan costs more: it changes the capability of the team.  This is also why seat-based pricing can still make sense for many AI-enhanced tools. If the value driver is still "help my team do better work," then users/seats remain an intuitive anchor.  If AI increases team productivity, tiered pricing can stay aligned to seats—because seats still map to value.  2) Use add-ons when AI changes the value driver Sometimes AI doesn't just "help" the user—it replaces work entirely. When that happens, forcing it into the same tier structure can distort value and create confusion. Dan points to Intercom as a strong example of handling this well: The core support platform stays priced per user (agents), because the value driver is agent effectiveness. Their AI agent ("Fin AI") is priced separately because the agent isn't involved—the value is the number of issues the AI resolves. That's why per-resolution pricing makes sense.  3) Don't make buyers learn token math Dan's strongest warning is about token pricing. Customers don't want to learn what tokens are, and sales teams don't want to explain them—especially when you're selling a business outcome like faster support or better customer experience.  Token-based pricing also shifts the conversation away from value and toward your vendor bill. As Dan puts it, customers don't care about your infrastructure costs, and pushing that complexity into the buying motion adds friction.  If your tiered pricing requires a footnote explaining tokens, you're adding sand in the gears.  A Tiered Pricing Checklist for AI Features Here's a simple way to apply this immediately: Good: Core workflow value, minimal AI (or AI where costs are predictable) Better: AI that boosts team output (speed, quality, throughput) Best: AI that drives outcomes at scale (automation, deflection, resolution) Add-on: Use when AI has a different value driver than the base product (example: per-resolution)  Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Setting Your Development Pricing Fixed or Hourly Project Pricing A Project Management and Pricing Guide for Success Building Better Foundations Podcast Videos – With Bonus Content

Minimal viable pricing is the fastest way to stop debating what your product should cost and start learning what customers will actually pay for. In my interview with Dan Balcauski, founder and Chief Pricing Officer at Product Tranquility, we talked about how early-stage teams can set pricing that's "good enough" to sell, validate value, and iterate—without getting stuck chasing the perfect number. Pricing can feel risky because it shapes perception, positioning, and revenue. But Dan's message is practical: you don't need perfect pricing to move forward—you need minimal viable pricing that creates clear decisions and real feedback loops. Minimal viable pricing isn't "cheap pricing." It's "clear pricing" that helps you test value and drive decisions. About Dan Balcauski Dan Balcauski is the founder and Chief Pricing Officer at Product Tranquility, where he helps high-volume B2B SaaS CEOs define pricing and packaging for new products. A TopTal-certified Top 3% Product Management Professional, Dan also teaches in Kellogg Executive Education's Product Strategy coursework. Over the last 15 years, he has led products across the full lifecycle—from concept incubation to launch, platform transitions, maintenance, and end-of-life—across both consumer and B2B markets. Before Product Tranquility, he served as Head of Product at LawnStarter and as a Principal Product Strategist at SolarWinds following its $4B acquisition. What "minimal viable pricing" actually means Dan's approach starts with a mindset shift: early-stage companies rarely fail because their initial price was off by 10–20%. They fail because they haven't found a repeatable customer problem, a clear value promise, or a reliable way to acquire customers. Minimal viable pricing means: You set a price you can defend. You package it in a way customers can understand. You use real conversations and real deals to refine it. It's pricing as a learning tool—not a spreadsheet exercise. Minimal viable pricing starts with your "free option" One of the most actionable parts of the discussion was Dan's breakdown of freemium vs free trial—and why it matters so much for minimal viable pricing. A free trial creates urgency. There's a natural deadline, which forces customers to evaluate value and decide. A freemium model can work, but it often creates a huge pool of users who never engage deeply enough to convert. If your goal is to learn quickly, trials often generate clearer signals: Who gets value fast? What feature set drives adoption? What objections stop the purchase? Minimal viable pricing works best when your go-to-market motion creates real decisions—not endless "maybe later." Trial length: don't confuse "short" with "effective" There's a trend toward shorter trials (like 7 days), but Dan's point is simple: a short clock doesn't help if your customer can't realistically experience value in that window. In B2B especially, onboarding delays, competing priorities, and internal approvals can chew up days instantly. A minimal viable pricing approach asks: What's the shortest trial that still allows a motivated customer to succeed? If you're selling to teams, the answer is often longer than you think. Use minimal viable pricing to clarify positioning Dan also shared a framing that sticks: are you selling a Timex or a Rolex? In other words, are you competing on affordability and simplicity—or premium value and outcomes? Minimal viable pricing isn't just about the number. It's also about: The story your pricing tells The kind of customer you attract The expectations you set around results and support You don't need a dozen plans to communicate this. You need clarity. If customers can't tell who your product is for from the pricing page, your "pricing problem" might actually be a positioning problem. The goal: learn faster, not argue longer Minimal viable pricing gives you a way to move forward without pretending you have perfect information. Start with something simple, sell it, listen hard, and iterate. If you want a practical takeaway from Dan's perspective, it's this: pricing is one of your best feedback loops. Use it early. Use it intentionally. And don't let the hunt for "perfect" delay the real work—helping customers win. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Defining An MVP Properly for Your Goals Price With Confidence: Estimation Made Simple How to Build a Minimal Viable Product Without Blowing Your Budget Building Better Foundations Podcast Videos – With Bonus Content

This week, we look at the rapidly shifting landscape of digital defense, where the line between "smart computing" and true Artificial Intelligence is becoming increasingly blurred. As criminals begin to use Large Language Models to craft flawless phishing emails and bespoke malware, the "human factor" is being tested like never before.We're asking a vital question: Is it time to stop blaming the user and start building better guardrails? From the "confidently wrong" nature of AI decision-making to the terrifying reality of supply chain attacks like SolarWinds, we explore why the old methods of "detect and react" are no longer enough to keep businesses safe.In our interview this week, we talk about the journey of cybersecurity with Danny Jenkins, co-founder of ThreatLocker. From his early days as an apprentice in Cavan to leading a global security firm in Florida, Danny explains the evolution of "Zero Trust" and why the most dangerous hacking tools today might look exactly like your iPhone charging cable.—-----Listen to Tech Radio now on Apple, Spotify and YouTubehttps://www.podfollow.com/tech

In this landmark 99th episode of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Denny LeCompte—CEO of Portnox (https://www.portnox.com/) and a former SolarWinds executive—to examine one of cybersecurity's oldest yet most persistently exploited challenges: access control.Despite decades of investment in passwords, MFA, and perimeter defenses, breaches rooted in access failures continue to dominate headlines. Drawing on firsthand experience—including lessons learned from the SolarWinds Sunburst breach—LeCompte explains why password-centric security models are fundamentally misaligned with human behavior and modern digital environments.Together, Chatterjee and LeCompte argue for a decisive shift toward passwordless, device-centric, zero-trust access models that assume human fallibility, eliminate implicit trust, and dramatically reduce attack surfaces. Framed through Dr. Chatterjee's Commitment–Preparedness–Discipline (CPD) lens, the episode reframes access control not as an IT configuration issue, but as a core pillar of cybersecurity governance, business resilience, and competitive survival.Time Stamps00:49 — Episode framing and the persistence of access control failures03:15 — Why passwords remain fundamentally broken05:54 — Enterprise vs. consumer passwordless realities09:25 — SolarWinds breach lessons and access control failures17:52 — Zero trust explained without the buzzwords23:07 — Device identity, IoT risk, and network visibility28:02 — Why identity and device controls must converge35:52 — How leaders should assess access control maturity42:52 — Designing security for human behavior43:30 — Closing reflectionsTo access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-99-access-control-reimagined-why-identity-devices-and-zero-trust-must-converge/Connect with Host Dr. Dave ChatterjeeLinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons,

SolarWinds TechPod returns with its annual IT trends and predictions episode — and 2026 is all about Agentic AI. In this episode of SolarWinds TechPod, hosts Sean Sebring and Chrystal Taylor are joined by Sascha Giese (SolarWinds) and Lauren Okruch (SolarWinds Product Marketing) to break down how AI, ITSM, automation, governance, and resilience will shape IT operations in 2026. As a leader in IT management, observability, and IT service management, SolarWinds offers a unique perspective on how Agentic AI is moving IT from automation to autonomous action — and what that means for governance, security, and the evolving role of IT teams. Topics covered in this SolarWinds TechPod episode: What Agentic AI means for modern IT organizations How SolarWinds sees AI evolving beyond traditional automation The rise of shadow AI and shadow IT in enterprise environments Why IT governance and trust are critical in 2026 How ITSM is changing with AI-driven workflows Energy, sustainability, and cost considerations of AI at scale Resilience, multi-cloud strategies, and right-compute decision making Why IT is no longer just a cost center — but an innovation engine This episode is essential listening for SolarWinds users, IT leaders, sysadmins, service desk teams, and technology decision-makers preparing for the next era of AI-powered IT operations. Subscribe to SolarWinds TechPod for expert insights on ITSM, observability, AI in IT, automation, and digital transformation — straight from the SolarWinds community.

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can quietly scale, persist, and evade traditional defenses.

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can quietly scale, persist, and evade traditional defenses.

The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Salesforce partner Gainsight has customer data stolen Crowdstrike fires insider who gave hackers screenshots of internal systems Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs Shai-Hulud npm/Github worm is back, and rm -rf'ier than ever SEC gives up on Solarwinds lawsuit Dog eats cryptographer's key material This week's episode is sponsored by runZero. HD Moore pops in to talk about how they're integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero's tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models. This episode is also available on Youtube. Show notes Google says hackers stole data from 200 companies following Gainsight breach Gainsight Status Trust Status CrowdStrike fires 'suspicious insider' who passed information to hackers Salesforce cuts off access to third-party app after discovering ‘unusual activity' Атаки разящей панды: APT31 сегодня Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets FCC eliminates cybersecurity requirements for telecom companies Trade Associations Cybersecurity Practices Ex Parte SEC voluntarily dismisses SolarWinds lawsuit Record-breaking DDoS attack against Microsoft Azure mitigated The Cloudflare Outage May Be a Security Roadmap – Krebs on Security Critics scoff after Microsoft warns AI feature can infect machines and pilfer data vx-underground on X: "I've had a surprising amount of people ask me about Copilot" Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack Russia arrests young cybersecurity entrepreneur on treason charges This campaign aims to tackle persistent security myths in favor of better advice Oops. Cryptographers cancel election results after losing decryption key. Uncovering network attack paths with runZeroHound Model Context Protocol

In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and encourages the tech community to participate actively in shaping better laws and frameworks. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst   00:00 Introduction and Sponsor Message 00:51 Checkout.com Refuses Ransom and Supports Cyber Research 04:10 SEC Ends Case Against SolarWinds and CISO 08:36 FCC Reverses Cybersecurity Mandates 12:22 The Importance of Policy in Cybersecurity 14:42 Conclusion and Call to Action

Plus: Pony AI will gain global momentum, say analysts. And the SEC drops its landmark cyber case against SolarWinds. Julie Chang hosts. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy's state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. Roses are red, violets are blue, this poem just jailbroke your AI too. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis of the T-Minus Space Daily show sits down with Lt. General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. This is an excerpt of T-Minus Deep Space airing tomorrow in all of your favorite podcast app. Selected Reading Cyber Command Taps Reid Novotny as New AI Chief (MeriTalk) UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers (Fortra) Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day (SecurityWeek) Salesforce alerts customers of data breach traced to a supply chain partner (CXOtoday) Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack (Security Affairs) SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance (SecurityWeek) Four charged with plotting to sneak Nvidia chips into China (The Register) SEC voluntarily dismisses SolarWinds lawsuit (The Record) NSO Group argues WhatsApp injunction threatens existence, future U.S. government work (CyberScoop) Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models (Arxiv) Freesound Music Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

If you like what you hear, please subscribe, leave us a review and tell a friend!

It's an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the SEC dropping its enforcement action against SolarWinds and its CISO (13:25), and the FCC reversing course on a longstanding security rule for telecom providers (26:00).Support the show

In this episode of Great Women in Compliance, co-host Dr. Hemma Lomax welcomes Shannon Ralich, Vice President of Compliance and Chief Privacy Officer at Machinify, to discuss the evolving landscape of data privacy, cybersecurity, and responsible AI. Shannon shares her remarkable journey from a curious child taking apart electronics to a seasoned leader blending technology, law, and strategy. She offers insight into how curiosity and creativity can fuel governance excellence and explains what it means to design systems that anticipate risk and enable responsible innovation. Together, Hemma and Shannon explore: How privacy and cybersecurity intersect in today's fast-evolving AI environment The most pressing compliance challenges around data governance and global regulation Lessons from the SolarWinds and Uber cases and the growing conversation around individual accountability for CISOs and compliance leaders Practical steps for staying agile—through reliable news sources, cross-functional camaraderie, and professional networks How to translate corporate compliance skills into meaningful community impact through nonprofit leadership and animal rescue advocacy Shannon's message is a powerful reminder that the best leaders bring their full selves to the work: technical precision, ethical clarity, and human compassion. Biography: Shannon Ralich is the Vice President of Compliance and Chief Privacy Officer at Machinify, a healthcare intelligence company applying AI to improve the efficiency and integrity of healthcare payments. With more than 20 years of experience across legal, compliance, privacy, and cybersecurity roles, Shannon specializes in aligning governance frameworks with business innovation. She also serves on the Advisory Board of the Privacy Bar Section of the IAPP (International Association of Privacy Professionals). She is widely respected for her strategic, forward-thinking approach to data protection and responsible AI governance. Beyond her professional expertise, Shannon is a passionate advocate for animal welfare. She sits on the Board of Directors for the Neuse River Golden Retriever Rescue, where she leverages her operational and technological skills to strengthen fundraising, improve systems, and support global rescue missions. A lifelong learner and self-described “builder,” Shannon finds creativity and grounding through woodworking, outdoor adventures with her family, and contributing to causes that make both workplaces and communities more humane. Note: The views expressed in this podcast are our own and do not represent the views of our employers, nor should they be taken as legal advice in any circumstances. 

MUST HEAR!!!!And if you want to watch, here you go:Rumble Video for this EpisodeYour LINKS:Get Dr Monzo's Whole Food Supplements for your 90 Essential Revitalizing Nutrients here: https://SemperFryLLC.comClick His Picture on the Right for the AZURE WELL products and use code BB5 for your discount.Join Dr. Glidden's Membership site:https://leavebigpharmabehind.com/?via=pgndhealthCode: baalbusters for 25% OffFind clickable portals to Dr Monzo and Dr Glidden on Dan's site, and it's the home of the best hot sauce, his book, and Clean Source Creatine-HCL.Subscribe to the NEW dedicated channel for Dr Glidden's Health Solutions Showhttps://rumble.com/c/DrGliddenHealthShowPods & Exclusives AD-FREE! Just $5/mohttps://patreon.com/c/DisguisetheLimitsDon't be a schmoe, Support the Show!Become a supporter of this podcast: https://www.spreaker.com/podcast/ba-al-busters-broadcast--5100262/support.

U.S. federal cybersecurity policy has regressed by approximately 13%, according to a report from the Cyberspace Solarium Commission 2.0. This decline is attributed to budget cuts and workforce reductions at key agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department's Cyber Diplomacy Staff. The report indicates that nearly a quarter of previously implemented recommendations have lost their status, which raises concerns about the nation's ability to effectively address rising cyber threats. Mark Montgomery, a former Navy Rear Admiral, emphasized that these cuts hinder the agency's effectiveness, calling for the restoration of funding and personnel to strengthen national cyber defenses.In addition to the decline in federal cybersecurity readiness, AI-generated code is now responsible for one in five security breaches, as reported by Aikido. The study found that AI coding tools account for 24% of production code, with 43% of U.S. organizations reporting serious incidents linked to AI-related flaws. Interestingly, the report also noted that increasing the number of security tools does not necessarily enhance safety; organizations using six to nine tools experienced a 90% incident rate, compared to 64% for those with one or two tools. Despite these challenges, 96% of industry professionals remain optimistic that AI will eventually produce secure and reliable code.The episode also highlights the impact of generative AI on IT service management, revealing that organizations utilizing this technology have reduced incident resolution times by nearly 18%. A report from SolarWinds indicated that the average resolution time decreased from 27.42 hours to 22.55 hours after implementing generative AI. Furthermore, a survey by Accenture found that 19% of office workers admitted to entering sensitive business information into free, unsecured AI tools, underscoring significant gaps in cybersecurity awareness and training.For Managed Service Providers (MSPs) and IT service leaders, these developments signal a pressing need for improved governance and training regarding AI usage. The findings suggest that organizations should focus on reducing tool sprawl and enhancing employee education on cybersecurity responsibilities. As small business optimism declines amid rising inflation and supply chain issues, MSPs should position themselves as stability partners, helping clients navigate these challenges rather than pushing the latest technology trends. The evolving landscape of cybersecurity threats, particularly those involving AI and automation, necessitates a proactive approach to risk management and incident response. Three things to know today 00:00 U.S. Cyber Defenses Slide as AI Code Risks Rise and Governance Gaps Widen05:41 Inflation, Uncertainty, and Automation Push Small Firms Toward Caution and Cost Control09:23 From Prompt Injections to Hidden Malware, Cyber Attacks Are Shifting Toward Stealth and Precision This is the Business of Tech.     Supported by:  https://saasalerts.com/platform-overview-for-msps/?utm_source=mspradio 

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

First CISO Charged by SEC: Tim Brown on Trust, Context, and Leading Through Crisis - Interview with Tim Brown | AISA CyberCon Melbourne 2025 Coverage | On Location with Sean Martin and Marco CiappelliAISA CyberCon Melbourne | October 15-17, 2025Tim Brown's job changed overnight. December 11th, he was the CISO at SolarWinds managing security operations. December 12th, he was leading the response to one of the most scrutinized cybersecurity incidents in history.Connecting from New York and Florence to Melbourne, Sean Martin and Marco Ciappelli caught up with their longtime friend ahead of his keynote at AISA CyberCon. The conversation reveals what actually happens when a CISO faces the unthinkable—and why the relationships you build before crisis hits determine whether you survive it.Tim became the first CISO ever charged by the SEC, a distinction nobody wants but one that shaped his mission: if sharing his experience helps even one security leader prepare better, then the entire saga becomes worthwhile. He's candid about the settlement process still underway, the emotional weight of having strangers ask for selfies, and the mental toll that landed him in a Zurich hospital with a heart attack the week his SEC charges were announced."For them to hear something and hear the context—to hear us taking six months off development, 400 engineers focused completely on security for six months in pure focus—when you say it with emotion, it conveys the real cost," Tim explained. Written communication failed during the incident. People needed to talk, to hear, to feel the weight of decisions being made in real time.What saved SolarWinds wasn't just technical capability. It was implicit trust. The war room team operated without second-guessing each other. The CIO handled deployment and investigation. Engineering figured out how the build system was compromised. Marketing and legal managed their domains. Tim didn't waste cycles checking their work because trust was already built."If we didn't have that, we would've been second-guessing what other people did," he said. That trust came from relationships established long before December 2020, from a culture where people knew their roles and respected each other's expertise.Now Tim's focused on mentoring the next generation through the RSA Conference CSO Bootcamp, helping aspiring CISOs and security leaders at smaller companies build the knowledge, community, and relationships they'll need when—not if—their own December 12th arrives. He tailors every talk to his audience, never delivering the same speech twice. Context matters in crisis, but it matters in communication too.Australia played a significant role during SolarWinds' incident response, with the Australian government partnering closely in January 2021. Tim hadn't been back in a decade, making his return to Melbourne for CyberCon particularly meaningful. He's there to share lessons earned the hardest way possible, and to remind security leaders that stress management, safe spaces, and knowing when to compartmentalize aren't luxuries—they're survival skills.His keynote covers the different stages of incident response, how culture drives crisis outcomes, and why the teams that step up matter more than the ones that run away. For anyone leading security teams, Tim's message is clear: build trust now, before you need it.AISA CyberCon Melbourne runs October 15-17, 2025 Coverage provided by ITSPmagazineGUEST:Tim Brown, CISO at SolarWinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

In this special mini episode of SolarWinds TechPod, hosts Chrystal Taylor and Sean Sebring sit down again with Matai Wilson to unpack the latest AI innovations announced during SolarWinds Day. Discover how SolarWinds is building the future of autonomous IT operations, from proactive remediation and Root Cause Assist (RCA) to an Agentic Framework that will transform how IT pros interact with systems.

Send us a textIn anticipation of Voices from the Holy Land's upcoming October 19th online film salon "The Israel Occupation Tech Lab," we will hear a segment Jeremy Rothe-Kushel produced in December 2020 and then remixed for August 2021 titled "Cyberweaponry, Kill-Switch Diplomacy and the Technology of Occupation."To find out about and register for Voices from the Holy Land's October 19th "Israel Occupation Tech Lab" film salon, you can go to voicesfromtheholyland.org or Tinyurl.com/VFHL-October2025"In this week's segment, I preliminarily explore the realm of cybertechnology and cyber weapons 'battle-tested' on Palestinian people in the Occupied Territories and then deployed worldwide. This will work also to begin establishing a foundation for further future explorations into cyber breaches, cyberwar, and what could seen as a geopolitical & defacto Israeli policy; a policy to solidify Israel's realpolitikally absolute international immunity from the effective sanctioning of its asserted official territorial expansion in the West Bank and Golan Heights, and its long-term ongoing abuse of Palestinian human rights:  This geopolitical strategy could be titled "kill-switch diplomacy", based upon the presence of Israeli military intelligence originated hardware and software delivered via both civilian and military spheres, and deployed into the epicenter of critical infrastructure in countries around the world, with civil society carrots of access to Israeli high technology up front, and an implied threat of Israeli-military intelligence accessed infrastructure kill-switch sticks on the backend.The recently announced hack of SolarWinds Orion Network management software that was cyber-penetrated in early 2020 via supply side software update delivery into thousands of Information Technology systems around the world, including significant portions of the US government, such as the Pentagon, Secret Service, State Department, Treasury, Commerce and Homeland Security, and vast numbers of Fortune 500 companies, is both resonant and possibly relevant here. While we will not delve deeply into it now, I just want to mention that there is industry analysis alleging a Microsoft 365 Office Cloud tie-in to the delivery of the SolarWinds Orion exploit, plausibly tying it to the issue of last year's surprising Trump-pushed Pentagon Cloud Joint Enterprise Defense Infrastructure contract to Microsoft over the expected recipient and previous cloud partner of the US government Amazon, led by Trump-critic Jeff Bezos, who was also personally targeted and hacked by Saudis apparently using Israeli NSO group cyberweaponry. Microsoft, which has had Research and Design units, facilities and operations heavily based in Israel for many years, in 2015 purchased an Israeli-originated company Adallom, started by 3 veterans of the Israeli NSA Unit 8200 and cyber entrepreneurial special forces-style super-elite Talpiot Program with Series A investment funding from the "Bill Gates of Israel" and godfather of it's modern cybertechnology industry, Zohar Zisapel of the RAD Group.  The next year, and in the lead up to the development of the Pentagon Cloud project announcement and then contract award, Microsoft put Adallom in the place of and rebranded it as Microsoft Cloud App Security.And while the SolarWinds hack, described as possibly the most substantial hack in US history giving the exploiters of the intrusion "God door access", has been publicly and preliminarily ascribed to Russian SVR advanced persistent threat cyber intelligence units, as this show's earlier interview with New York Times best-selling author and journalist Seth Abramson showed, Russia and Israel worked in cyber purpose together in relation to

AI-powered cyberattacks are rapidly evolving, prompting a significant shift in cybersecurity strategies. According to a recent Gartner report, IT leaders are expected to allocate over half of their cybersecurity budgets to preemptive defense measures by 2030. This change is driven by the inadequacy of traditional detection and response tools in the face of sophisticated cyber threats, particularly those enhanced by artificial intelligence. Experts warn that while preemptive measures can mitigate risks, organizations may encounter challenges in integrating these new systems and overcoming cultural inertia.Datadog's 2025 State of Cloud Security Report highlights a growing trend among organizations adopting data perimeters to combat credential theft, with 40% of organizations implementing this advanced security practice. Additionally, 86% of organizations are utilizing multi-account setups within AWS, which allows for better enforcement of security protocols. Meanwhile, OpenAI's report reveals that cybercriminals are increasingly leveraging AI for malicious activities, including phishing and surveillance, showcasing the urgent need for enhanced cybersecurity measures.In response to market pressures, Synology has reversed its policy on drive restrictions for its network-attached storage models, allowing the use of non-validated third-party drives. This decision comes after user feedback indicated dissatisfaction with the previous requirement for proprietary drives, which were often more expensive. For managed service providers (MSPs), this change offers greater flexibility and cost-effectiveness, making Synology's products more appealing once again.Pax8 has launched the Pax8 Agent Store, a platform designed to help MSPs adopt and offer AI-driven tools to small and medium-sized businesses. This marketplace aims to facilitate the integration and monetization of intelligent automation solutions, with early access set for December 2025. Additionally, SolarWinds has introduced an AI agent to enhance operational resilience for IT teams, while Barracuda Networks has launched Barracuda Research, a centralized resource for threat intelligence. Both initiatives aim to empower organizations in managing cybersecurity threats more effectively. Four things to know today00:00 Gartner, OpenAI, Datadog, and DHS Paint a Stark Cyber Future: AI Attacks Surge, Budgets Shift, and Defenses Fracture06:01 New Pax8 Platform Targets Repeatable AI Services, Sets Early Access for December08:03 Synology Reverses Course on Pricey Drives — Because You Stopped Buying09:53 SolarWinds and Barracuda Push AI to Ease IT Burdens—But Can They Deliver Real Value? This is the Business of Tech.     Supported by:  Comet, Scalepad Webinar:  https://bit.ly/msprmail

professorjrod@gmail.comCloud perimeters are fading, identities are multiplying, and threats move faster than patches. We dive into the real mechanics of securing a hybrid world—mapping cloud deployment choices, clarifying shared responsibility across SaaS, PaaS, and IaaS, and showing how Zero Trust reshapes defenses around identity, posture, and context. It's a practical tour from first principles to field-tested patterns, grounded by case studies like Capital One and SolarWinds and anchored in frameworks such as NIST SP 800-207.We start by decoding public, private, hosted private, community, and hybrid models, then connect those choices to risk: multi-tenant isolation, data flows between zones, and the observability challenges of decentralization. From there, we move into reliability engineering—high availability, geo-redundancy, disaster recovery—and the role Kubernetes plays in scaling securely, with a frank look at container pitfalls and how least privilege and image scanning reduce blast radius. Automation takes center stage with infrastructure as code, autoscaling, and software-defined networking, plus how SASE brings secure access to a remote-first workforce without bolting on more complexity.Embedded systems and IoT get a hard look: scarce memory, weak encryption, default credentials, and unpatchable firmware that turns convenience into risk. We offer a simple playbook—segment aggressively, enforce egress controls, rotate credentials, and plan device lifecycles—to stop small sensors from causing big outages. Zero Trust ties it all together: never trust, always verify; microsegment to prevent lateral movement; and evaluate every access request through identity, device health, and real-time signals. Along the way, we weave in Security+ exam-style questions so you can test your knowledge and lock in the fundamentals.If this helped you see your cloud and Zero Trust roadmap more clearly, follow the show, share it with a teammate, and leave a quick review. Got certified recently or put these controls into practice? Email professorjrod@gmail.com—we'd love to shout you out on a future episode.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

Uhura, Collins, Nimbus Manticore, Sonic Wall, Async Rat, Solar Winds, ShadowV2, H1B, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-514

Uhura, Collins, Nimbus Manticore, Sonic Wall, Async Rat, Solar Winds, ShadowV2, H1B, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-514

Uhura, Collins, Nimbus Manticore, Sonic Wall, Async Rat, Solar Winds, ShadowV2, H1B, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-514

Matai Wilson, Senior Director for Product Management at SolarWinds, joins TechPod to explore the evolving landscape of AI technology. The conversation delves into the challenges of building AI technology, the exciting future of AI in IT operations, and the upcoming features and tools SolarWinds is developing to enhance user experience and operational efficiency.

Matai Wilson, Senior Director for Product Management at SolarWinds, joins TechPod to explore the evolving landscape of AI technology. The conversation delves into the challenges of building AI technology, the exciting future of AI in IT operations, and insights into the upcoming features and tools SolarWinds is developing to enhance user experience and operational efficiency. © 2025 SolarWinds Worldwide, LLC. All rights reserved

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders. Chapters  00:00 Introduction and Welcome 00:59 The SolarWinds Incident Unfolds 03:13 Understanding the Attack and Response 04:04 The Role of SVR and Supply Chain Security 10:43 Technical Details of the Attack 14:56 Compliance and Reporting Challenges 19:24 Rebuilding Trust and Personal Impact 22:06 CISO Concerns and Company Support 22:14 Legal Challenges and Company Expenses 23:40 SEC Charges and Legal Proceedings 29:35 Supply Chain Security and Vendor Assurance 35:47 CISO Accountability and Industry Standards 39:41 Final Thoughts and Advice for CISOs

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders. Chapters 00:00 Introduction and Welcome 00:59 The SolarWinds Incident Unfolds 03:13 Understanding the Attack and Response 04:04 The Role of SVR and Supply Chain Security 10:43 Technical Details of the Attack 14:56 Compliance and Reporting Challenges 19:24 Rebuilding Trust and Personal Impact 22:06 CISO Concerns and Company Support 22:14 Legal Challenges and Company Expenses 23:40 SEC Charges and Legal Proceedings 29:35 Supply Chain Security and Vendor Assurance 35:47 CISO Accountability and Industry Standards 39:41 Final Thoughts and Advice for CISOs

In an era where organizations depend heavily on commercial applications to run their operations, the integrity of those applications has become a top security concern. Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital, shares how protecting the software supply chain now extends far beyond open source risk.Zdjelar outlines how modern applications are built from a mix of first-party, contracted, open source, and proprietary third-party components. By the time software reaches production, its lineage spans geographies, development teams, and sometimes even AI-generated code. Incidents like SolarWinds, Kaseya, and CircleCI demonstrate that trusted vendors are no longer immune to compromise, and commercial software can introduce critical vulnerabilities or malicious payloads deep into enterprise systems.Regulatory drivers are increasing scrutiny. Executive Order 14028, Europe's Cyber Resilience Act, DORA, and U.S. Department of Defense software sourcing restrictions all require greater transparency, such as a Software Bill of Materials (SBOM). However, Zdjelar cautions that SBOMs—while valuable—are like ingredient lists without recipes: they don't reveal if a product is secure, just what's in it.ReversingLabs addresses this gap with a no-compromise analysis engine capable of deconstructing any file, of any size or complexity, to assess its safety. This capability enables organizations to make risk-based decisions, continuously monitor for unexpected changes between software versions, and operationalize controls at points such as procurement, SCCM deployments, or file transfers into critical environments.For CISOs, this represents a true technical control where previously only contractual clauses, questionnaires, or insurance policies existed. By placing analysis at the front of the software lifecycle, organizations can reduce reliance on costly manual testing and sandboxing, improve detection of tampering or hidden behavior, and even influence cyber insurance rates.The takeaway is clear: software supply chain security is a board-level concern, and the focus must expand beyond open source. With the right controls, organizations can avoid becoming the next headline-making breach and maintain trust with customers, partners, and regulators.Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57bNote: This story contains promotional content. Learn more.Guest: Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital | On Linkedin: https://www.linkedin.com/in/sasazdjelar/ResourcesLearn more and catch more stories from ReversingLabs: https://www.itspmagazine.com/directory/reversinglabsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, Black Hat USA, sean martin, saša zdjelar, software supply chain security, commercial software risk, binary analysis, software bill of materials, sbom security, malicious code detection, ciso strategies, third party software risk, software tampering detection, malware analysis tools, devsecops security, application security testing, cybersecurity compliance