Podcasts about SolarWinds

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders. Chapters  00:00 Introduction and Welcome 00:59 The SolarWinds Incident Unfolds 03:13 Understanding the Attack and Response 04:04 The Role of SVR and Supply Chain Security 10:43 Technical Details of the Attack 14:56 Compliance and Reporting Challenges 19:24 Rebuilding Trust and Personal Impact 22:06 CISO Concerns and Company Support 22:14 Legal Challenges and Company Expenses 23:40 SEC Charges and Legal Proceedings 29:35 Supply Chain Security and Vendor Assurance 35:47 CISO Accountability and Industry Standards 39:41 Final Thoughts and Advice for CISOs

This Day in Legal History: Starve or SellOn August 15, 1876, the United States Congress passed a coercive measure aimed at forcing the Sioux Nation to relinquish their sacred lands in the Black Hills of present-day South Dakota. Known informally as the "starve or sell" bill, the legislation declared that no further federal appropriations would be made for the Sioux's food or supplies unless they ceded the Black Hills to the U.S. government. This came just two months after the Lakota and Northern Cheyenne had defeated General George Custer at the Battle of the Little Bighorn, a major blow to U.S. military prestige.The Black Hills had been guaranteed to the Sioux in the 1868 Treaty of Fort Laramie, which recognized their sovereignty over the area. But when gold was discovered there in 1874 during Custer's expedition, settlers and miners flooded the region, violating the treaty. Rather than remove the intruders, the federal government shifted blame and sought to pressure the Sioux into surrendering the land.The 1876 bill effectively weaponized hunger by conditioning life-sustaining aid on land cession. This tactic ignored treaty obligations and relied on exploiting the Sioux's vulnerability after a harsh winter and military setbacks. Despite resistance from many tribal leaders, the U.S. government eventually secured signatures under extreme duress. In 1980, the U.S. Supreme Court in United States v. Sioux Nation of Indians ruled that the Black Hills were taken illegally and ordered compensation—money the Sioux have famously refused, insisting instead on the return of the land.Russian state-sponsored hackers infiltrated the U.S. federal court system and secretly accessed sealed records for years by exploiting stolen user credentials and a vulnerability in an outdated server. The breach, which remained undisclosed until recently, involved the deliberate targeting of sealed documents tied to sensitive matters like espionage, fraud, money laundering, and foreign agents. These records, normally protected by court order, often include details about confidential informants and active investigations. Investigators believe the hackers were backed by the Russian government, though they haven't been officially named in public disclosures.The Department of Justice has confirmed that “special measures” are now being taken to protect individuals potentially exposed in the breach. Acting Assistant Attorney General Matt Galeotti said that while technical and procedural safeguards are being implemented broadly, the DOJ is focusing particular attention on cases where sensitive information may have been compromised. He did not provide specifics but acknowledged that the situation demands urgent and tailored responses. Judges across the country were reportedly alerted in mid-July that at least eight federal court districts had been affected.This breach follows an earlier major compromise in 2020, also attributed to Russian actors, involving malicious code distributed through SolarWinds software. In response to both incidents, the judiciary has ramped up its cybersecurity efforts, including implementing multifactor authentication and revising policies on how sealed documents are handled. Some courts now require such documents to be filed only in hard copy. However, officials and experts alike have criticized Congress for underfunding judicial cybersecurity infrastructure, leaving it vulnerable to increasingly sophisticated attacks.The situation raises ongoing concerns about the security of national security cases and the exposure of individuals whose cooperation with law enforcement was meant to remain confidential. Lawmakers have requested classified briefings, and President Trump, who is set to meet with Russian President Vladimir Putin, acknowledged the breach but downplayed its significance.Russian Hackers Lurked in US Courts for Years, Took Sealed FilesUS taking 'special measures' to protect people possibly exposed in court records hack | ReutersA federal trial in California is testing the legal boundaries of the U.S. military's role in domestic affairs, focusing on President Donald Trump's deployment of troops to Los Angeles during protests in June. California Governor Gavin Newsom sued Trump, arguing the deployment of 700 Marines and 4,000 National Guard troops violated the Posse Comitatus Act, an 1878 law that prohibits the military from engaging in civilian law enforcement. Testimony revealed that troops, including armed units and combat vehicles, were involved in activities like detaining individuals and supporting immigration raids—actions critics argue cross into law enforcement.The Justice Department defended Trump's actions, asserting that the Constitution permits the president to deploy troops to protect federal property and personnel. They also claimed California lacks the standing to challenge the deployment in civil court, since Posse Comitatus is a criminal statute that can only be enforced through prosecution. U.S. District Judge Charles Breyer expressed concern about the lack of clear limits on presidential authority in such matters and questioned whether the logic behind the Justice Department's arguments would allow indefinite military involvement in domestic policing.Military officials testified that decisions in the field—such as setting up perimeters or detaining people—were made under broad interpretations of what constitutes protecting federal interests. The case took on added urgency when, on the trial's final day, Trump ordered 800 more National Guard troops to patrol Washington, D.C., citing high crime rates, despite statistical declines. The Justice Department has also invoked the president's immunity for official acts under a 2024 Supreme Court ruling, further complicating California's legal path.Trial shows fragility of limits on US military's domestic role | ReutersThe U.S. legal sector added jobs for the fifth consecutive month in July, nearing its all-time high of 1.2 million positions set in December 2023, according to preliminary Bureau of Labor Statistics (BLS) data. While this signals positive momentum, long-term growth remains modest; employment is only 1.7% higher than its May 2007 peak, showing how the 2008 financial crisis and the pandemic stalled progress. Big law firms, however, have seen major gains: between 1999 and 2021, the top 200 firms nearly doubled their lawyer headcount and saw revenues grow by 172%.Still, the wider legal job market—including paralegals and administrative staff—hasn't kept pace. Technological efficiencies and AI have reduced reliance on support staff, and the lawyer-to-staff ratio has declined steadily. Some general counsels are now using AI tools instead of outside firms for tasks like summarizing cases and compiling data, suggesting further disruption is on the horizon. Meanwhile, superstar lawyers at elite firms now earn upward of $10 million a year, driven by rising billing rates and high-demand corporate work.Broader U.S. job growth lagged in July, with the BLS issuing significant downward revisions for previous months. President Trump responded by firing BLS Commissioner Erika McEntarfer, accusing her without evidence of data manipulation. On the law firm side, Boies Schiller is handling high-profile litigation over Florida's immigration policies, with rates topping $875 an hour for partners. Separately, Eversheds Sutherland reported a 10% jump in global revenue, citing strong performance in its U.S. offices and a new Silicon Valley branch.US legal jobs are rising again, but gains are mixed | ReutersThe U.S. Supreme Court has declined to temporarily block a Mississippi law requiring social media platforms to verify users' ages and obtain parental consent for minors, while a legal challenge from tech industry group NetChoice moves through the courts. NetChoice, whose members include Meta, YouTube, and Snapchat, argues the law violates the First Amendment's free speech protections. Although Justice Brett Kavanaugh acknowledged the law is likely unconstitutional, he stated that NetChoice hadn't met the high standard necessary to halt enforcement at this early stage.The Mississippi law, passed unanimously by the state legislature, requires platforms to make “commercially reasonable” efforts to verify age and secure “express consent” from a parent or guardian before allowing minors to create accounts. The state can impose both civil and criminal penalties for violations. NetChoice initially won limited relief in lower court rulings, with a federal judge pausing enforcement against some of its members, but the Fifth Circuit Court of Appeals reversed that pause without explanation.Mississippi officials welcomed the Supreme Court's decision to allow the law to remain in effect for now, calling it a chance for “thoughtful consideration” of the legal issues. Meanwhile, NetChoice sees the order as a procedural setback but remains confident about the eventual outcome, citing Kavanaugh's statement. The case marks the first time the Supreme Court has been asked to weigh in on a state social media age-check law. Similar laws in seven other states have already been blocked by courts. Tech companies, facing increasing scrutiny over their platforms' impact on minors, insist they already provide parental controls and moderation tools.US Supreme Court declines for now to block Mississippi social media age-check law | ReutersThis week's closing theme is by Samuel Coleridge-Taylor.On this day in 1875, Samuel Coleridge-Taylor was born in London to an English mother and a Sierra Leonean father. A composer of striking originality and lyricism, Coleridge-Taylor rose to prominence in the late 19th and early 20th centuries, earning acclaim on both sides of the Atlantic. Often dubbed the “African Mahler” by American press during his tours of the U.S., he became a symbol of Black excellence in classical music at a time when such recognition was rare. He studied at the Royal College of Music under Charles Villiers Stanford, and by his early twenties, had already composed his most famous work, Hiawatha's Wedding Feast, which became a staple of British choral repertoire.Coleridge-Taylor's music blended Romanticism with rhythmic vitality, often inflected with the spirituals and folk influences he encountered during his visits to the United States. He was deeply inspired by African-American musical traditions and maintained a lifelong interest in promoting racial equality through the arts. His catalogue includes choral works, chamber music, orchestral pieces, and songs—each marked by melodic richness and emotional depth.This week, we close with the fifth and final movement of his 5 Fantasiestücke, Op. 5—titled "Dance." Composed when he was just 18, the piece captures the youthful exuberance and technical elegance that would characterize his career. Lively, rhythmically playful, and tinged with charm, “Dance” is a fitting celebration of Coleridge-Taylor's enduring legacy and a reminder of the brilliance he achieved in his all-too-brief life.Without further ado, Samuel Coleridge Taylor's 5 Fantasiestücke, Op. 5 – enjoy! This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.minimumcomp.com/subscribe

In an era where organizations depend heavily on commercial applications to run their operations, the integrity of those applications has become a top security concern. Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital, shares how protecting the software supply chain now extends far beyond open source risk.Zdjelar outlines how modern applications are built from a mix of first-party, contracted, open source, and proprietary third-party components. By the time software reaches production, its lineage spans geographies, development teams, and sometimes even AI-generated code. Incidents like SolarWinds, Kaseya, and CircleCI demonstrate that trusted vendors are no longer immune to compromise, and commercial software can introduce critical vulnerabilities or malicious payloads deep into enterprise systems.Regulatory drivers are increasing scrutiny. Executive Order 14028, Europe's Cyber Resilience Act, DORA, and U.S. Department of Defense software sourcing restrictions all require greater transparency, such as a Software Bill of Materials (SBOM). However, Zdjelar cautions that SBOMs—while valuable—are like ingredient lists without recipes: they don't reveal if a product is secure, just what's in it.ReversingLabs addresses this gap with a no-compromise analysis engine capable of deconstructing any file, of any size or complexity, to assess its safety. This capability enables organizations to make risk-based decisions, continuously monitor for unexpected changes between software versions, and operationalize controls at points such as procurement, SCCM deployments, or file transfers into critical environments.For CISOs, this represents a true technical control where previously only contractual clauses, questionnaires, or insurance policies existed. By placing analysis at the front of the software lifecycle, organizations can reduce reliance on costly manual testing and sandboxing, improve detection of tampering or hidden behavior, and even influence cyber insurance rates.The takeaway is clear: software supply chain security is a board-level concern, and the focus must expand beyond open source. With the right controls, organizations can avoid becoming the next headline-making breach and maintain trust with customers, partners, and regulators.Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57bNote: This story contains promotional content. Learn more.Guest: Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital | On Linkedin: https://www.linkedin.com/in/sasazdjelar/ResourcesLearn more and catch more stories from ReversingLabs: https://www.itspmagazine.com/directory/reversinglabsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: Black Hat 2025, Black Hat USA, sean martin, saša zdjelar, software supply chain security, commercial software risk, binary analysis, software bill of materials, sbom security, malicious code detection, ciso strategies, third party software risk, software tampering detection, malware analysis tools, devsecops security, application security testing, cybersecurity compliance

The U.S. judiciary announced plans to increase security for sensitive information on its case management system following what it described as “recent escalated cyberattacks of a sophisticated and persistent nature.” In a Thursday statement, the federal judiciary said it's “taking additional steps to strengthen protections for” that information. It also said its “further enhancing security of the system and to block future attacks, and it is prioritizing working with courts to mitigate the impact on litigants.” The statement from the third branch comes one day after a Politico report revealed that its case filing system had recently been breached. That report cited unnamed sources who were concerned that the identities of confidential court informants may have been compromised. While the federal courts' statement acknowledged a recent escalation in cyberattacks on its case management system, it didn't confirm details of the reported breach. In response to a FedScoop request for additional information about the reported attack, a spokesman for the Administrative Office of the U.S. Courts declined to comment and pointed back to the statement. The reported hack and statement come after a cyberbreach of the same system in 2020. In early 2021, during a hack of SolarWinds' Orion products, the federal courts disclosed that it found “apparent compromise” of the Case Management/Electronic Case Files system (CM/ECF) and was investigating the matter. Its statement after that breach similarly indicated that “federal courts are immediately adding new security procedures to protect highly sensitive confidential documents filed with the courts.” Jamie Holcombe is joining Maryland-based technology company US AI after wrapping up roughly six-and-a-half years as the chief information officer of the U.S. Patent and Trademark Office. Holcombe, who served as both CIO and chief AI officer at USPTO, will be vice president of the AI firm, with a focus on scaling its technology throughout the federal government, according to a Thursday announcement from US AI shared with FedScoop. Holcombe's last day at the agency was Wednesday, according to a USPTO spokeswoman. Deborah Stephens, deputy CIO for the agency, will serve as acting CIO. At USPTO, Holcombe oversaw “one of the federal government's largest IT transformations,” per the announcement. That work included leading the agency's transition to a cloud-first environment and the launch of its AI Lab, where USPTO can test use cases. As part of his new role, Holcombe will work to expand US AI's Intelligent Computing Platform, which is aimed at accelerating the adoption of AI in sectors that are highly regulated, across government. He will also lead the company's strategy to align its technology with its use in public sector and regulated areas, scaling codeless and zero-trust tools, and build on the company's “values of clarity, security, and accessibility in AI deployment.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Summary:In today's episode, Les speaks with Chris Peterson, co-founder and CEO of Radicl, and a pioneer in cybersecurity innovation. Chris shares his inspiring journey from early days at Price Waterhouse to co-founding LogRhythm, and now leading Radicl - a company on a mission to bring military-grade cybersecurity to small and medium-sized businesses (SMBs), especially those in the defense industrial base (DIB). With humility, vision, and deep industry experience, Chris talks about the challenges of cybersecurity for SMBs, the promise of AI in threat detection, and the principles that drive Radicl's product and culture.Here's a closer look at the episode:1. Chris's Cybersecurity RootsGrew up curious and mischievous - early hacking instincts emerged from pushing boundaries.First tech job at Price Waterhouse, where he was inspired by early internet penetration testing.Mentored by pioneers like George Kurtz (founder of CrowdStrike) and Ron Gula.Early work included database security assessments and automated audit tools.2. Building LogRhythmCo-founded LogRhythm after stints at Counterpane and Tenable.Bootstrapped early development by selling his home and self-funding the venture.Partnered with Phil Villella (nuclear physicist) and Andy Grolnick (CEO) to scale the company.Lessons from early days: founder commitment, frugality, focus on product-market fit.LogRhythm grew to 500 employees before exiting via private equity in 2018.3. The Genesis of RadiclFounded Radicl to address cybersecurity gaps in SMBs within the defense supply chain.Inspired by the SolarWinds hack and national security threats.Assembled a founding team including his brother Matt and a former fighter pilot.Mission: protect under-defended SMBs in DIB against industrial espionage.4. The Opportunity and Market NeedDIB SMBs are often unable to afford or operate traditional cybersecurity solutions.Barriers include tight margins, complex compliance (e.g. CMMC), and lack of in-house talent.Advances in cloud, automation, and AI now make affordable, scalable solutions viable.Radicl addresses both compliance operations and 24/7 security operations via software + human hybrid model.5. Radicl's Product and PlatformDelivers “virtual SOC” capabilities—blending human expertise with AI and automation.Handles CMMC readiness, threat detection, incident response, and vulnerability management.Designed for transparency: customers can engage with Radicl's ops team in-platform.AI-driven agents are increasingly being introduced to reduce cost and improve response times.6. Looking AheadPreparing for a Series A raise in the next 4–6 months to accelerate R&D investment.Focused on doubling down on AI innovation and expanding platform features.Vision: democratize advanced cybersecurity for SMBs while delivering elite protection to the DIB.Chris aims to balance company building with family, health, and meditation—striving for better life integration as a second-time founder.Resources:Website: RADICLhttps://www.linkedin.com/company/radicl-defense/ https://radicl.com/Chris Petersonhttps://www.linkedin.com/in/chrispetersen1/ https://radicl.com/bio-chris-petersen 

Here is the link to the free webinar on August 27, 2025 2pm EDT Empowering Agencies with Optimized IT Operations preview Cybersecurity teams are facing a “perfect storm” - more attacks, fewer defenders, and outdated infrastructure.  This week on Feds At The Edge, we offer a sneak peek into an upcoming webinar that will teach you how to truly see what's happening on your network- moving beyond basic monitoring to actionable observation.  Brian Chamberlain, Account Executive, USMC/USN, SolarWinds, Chamberlain breaks down why simple monitoring isn't enough. Without pinpointing blind spots or knowing where to start, agencies waste time, increase risk, and rack up costs. He explores:      Automation: Threats move too fast for humans to manage alone.         Hierarchy: How to prioritize  what matters most.           Compliance: Practical takes on NIST 800-207, FIPS 140-2, and Common Criteria.           AI in Action: How artificial intelligence can reveal inefficiencies and free humans to focus on decisions.   

Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel's lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.    

SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-403

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the recent ransomware attack on Marks & Spencer, the implications of Ingram Micro's investigation into a ransomware incident, and the lessons learned from major cyber attacks. He highlights the importance of cybersecurity measures, job opportunities in the field, and government initiatives aimed at improving cybersecurity. The conversation also explores the rise of sophisticated cyber threats, including deepfake scams and the activities of the hacker group Scattered Spider, concluding with insights into the future of cybersecurity.TakeawaysMarks & Spencer's ransomware attack was the result of social engineering.The attack involved impersonation of employees to reset passwords.Micro segmentation and multi-factor authentication could have mitigated the attack.Ingram Micro is investigating a ransomware attack that is affecting its operations.Lessons from past cyberattacks emphasize the need for software updates and ongoing training.Deepfake scams are becoming a significant threat.There are numerous job opportunities in the field of cybersecurity.Government funding for cybersecurity is crucial for rural hospitals.The SEC is settling with SolarWinds over cybersecurity failures.Organizations often overlook cybersecurity best practices.

SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Show Notes: https://securityweekly.com/bsw-403

SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-403

SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Show Notes: https://securityweekly.com/bsw-403

Software supply chain security has been on the top of minds lately, for a very good reason. With most steps depending on digital infrastructure, there are a lot of opportunities for cyber attacks to happen. At the same time, there is an often silent mistrust in open source software, because it is designed and developed in public environments. People think that because everyone can see the source code, and is aware of some of the bugs in it that aren't fixed yet, it somehow gives them the upper hand to carry out attacks against these projects. There's something odd about this perception though.In this MOSE Shorts segment, Wayne Starr shares his view on the state of software supply chain security in the open source ecosystem. He highlights the XZ incident, and how it was caught because the software was open source. He also highlights that this challenge is also present in closed source software, however, it is much harder to spot. This makes proprietary software even less secure, and you have to work twice as much to ensure that you are well protected when using it. Think about the "SolarWinds vulnerability" as an example.Learn more about:- Why the open environment is an advantage fro security perspective- SBOMs and their applicability and application in different ecosystems, like Go, Python or C- Why it matters how you release software- Can people still be hobbyists in the open source ecosystem?- User experience, air-gapped environments and the Zarf project- The productization work that turns open source projects into products- A case for experimenting with something in the product first, and then implementing it in the upstream project Hosted on Acast. See acast.com/privacy for more information.

Chinese security researchers claim to have found a new American APT, the SEC and SolarWinds are seeking a settlement, a company insider was behind Brazil's bank hack, and Luis Vuitton discloses a security breach. Show notes

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest that are relevant to the compliance professional. Top compliance stories: Where does BRIC go? (NYT) BCG modeled a plan to settle Palestinians. (FT) Tony Blair, BCG, and the Palestinians. (FT) SEC and SolarWinds settle. (Reuters) You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here. Learn more about your ad choices. Visit megaphone.fm/adchoices

In recent years, the United States has sustained some of the most severe cyber threats in recent history– from the Russian-government directed hack SolarWinds to China's prepositioning in U.S. critical infrastructure for future sabotage attacks through groups like Volt Typhoon. The Cybersecurity Infrastructure Security Agency (CISA) is responsible for responding to, and protecting against these attacks.  How do leaders steer through cyber crises, build trust, and chart a path forward? In conversation with Dr. Brianna Rosen, Just Security Senior Fellow and Director of the AI and Emerging Technologies Initiative, Jen Easterly, who just completed a transformative tenure as Director of CISA under the Biden Administration, unpacks the challenges, breakthroughs, and lessons from the front lines of America's cybersecurity efforts.  Jen Easterly   Just Security's Cybersecurity coverage Empathy Matters: Leadership in Cyber by Jen Easterly ( 2019) 

In this episode, hosts Sean Sebring and Chrystal Taylor engage with actual rock star Chris Greer, a Security Engineering Manager at SolarWinds, to explore the multifaceted world of cybersecurity. Chris shares his unconventional journey from being a musician to entering the IT field, emphasizing the importance of certifications and the mindset shift required when transitioning from IT operations to security. Topics covered: The significance of communication skills in tech roles The value of networking The challenges of leadership in the security domain © 2025 SolarWinds Worldwide, LLC. All rights reserved

Je, unajua kuwa kila sekunde Jua hutuma mto wa chembe hatari kuelekea Dunia? Karibu katika makala haya ya kuvutia yanayochunguza “Upepo wa Jua” — jambo la kushangaza ambalo linaweza kusababisha aurora nzuri, lakini pia kuharibu mitambo ya umeme duniani!

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Show Notes: https://securityweekly.com/esw-407

Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Show Notes: https://securityweekly.com/esw-407

In this Chats on the Road to RSAC 2025, , Sean Martin and Marco Ciappelli connect with Tim Brown, Chief Information Security Officer at SolarWinds, to unpack the critical issues facing CISOs today—and why the role remains worth pursuing.Brown is participating in multiple sessions at RSAC Conference 2025, including the CISO Bootcamp and Cyber Leaders Forum. Both are closed-door conversations designed to surface real concerns in a confidential, supportive setting. These aren't theoretical discussions—they're rooted in hard-earned experience. Brown, who has faced high-profile scrutiny and legal fallout from a past incident at SolarWinds, brings a uniquely personal perspective to these sessions.He points out that fear and hesitation are keeping many deputy CISOs from stepping up into the top role. His message to them: don't be afraid of the position. Despite the weight of responsibility, the role offers real influence, the ability to shape enterprise architecture, and the opportunity to drive meaningful business decisions. Brown emphasizes the importance of community support and collective growth, noting that the cybersecurity industry—still relatively young—is maturing and finding its footing when it comes to accountability and resilience.Beyond leadership development, mental health and stress management are key themes in the Cyber Leaders Forum. Brown acknowledges the toll the job can take, even sharing that his own health suffered despite thinking he was managing stress well. This honest reflection opens the door for deeper conversations about personal well-being in high-pressure roles.He's also appearing at the Cloud Security Alliance Summit with Chris Hoff, Chief Security Officer at LastPass, where they'll discuss incident response and field questions from the audience. On Wednesday, Brown joins a breakfast session with Tactic and Hyperwise, guiding attendees through a crisis simulation based on lessons from the Sunburst attack. His focus? Helping others avoid being unprepared in a moment of chaos.From insider threat modeling to supply chain transparency and the challenges of monitoring runtime behavior, Brown is clear-eyed about where CISOs need to focus next.This episode isn't just a preview of conference sessions—it's a call to future security leaders to lean in, not back.___________Guest: Tim Brown, CISO, Solarwinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesRSAC Session: CLF Ask Me Anything Session with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739404173721001x1MHRSAC Session: CISO Boot Camp Exclusive Fireside Chat with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739403254724001isXhCSA Summit at RSAC 2025: Fireside Chat with Tim Brown and Chris Hoff: https://www.csasummitrsac.com/event/5b3547c2-c652-4f77-97de-5b094e746626/agenda?session=1452408b-c822-4664-87b8-38ce1276247bLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Space Weather & Planetary Energy Update: Solar Winds, Magnetosphere, A Day of Shifts, Remembrance & Light RadianceIf you've been feeling waves of intensity—physical fatigue, sudden emotions, or expanded awareness—this episode brings clarity. Over the last 24 hours, Earth experienced unexpected solar storms with KP levels reaching 4 and 5, despite official forecasts predicting quiet skies. But as many energy sensitives know, something deeper is always at play.In this transmission, we explore what these geomagnetic surges really mean—how solar plasma, Light Codes, and the weakening of Earth's magnetosphere are not just planetary phenomena but part of a greater consciousness shift. We're in an active phase of ascension. These energetic waves are here to activate higher intelligence within you, flush old density, and support your nervous system in recalibrating to a new frequency.We also reflect on the symbolic weight of the Pope's passing and the stirring emotional ripple it may bring—an event that could mark a collective turning point. From sacred sorrow to cellular awakening, this moment invites us all to walk more gently, more presently, and more aligned with truth.This episode is a reminder: You are not broken. You are becoming. The shift is real—and you're right on time.

Welcome to the Data Security Decoded podcast by Rubrik Zero Labs. Join our host Caleb Tolin and Head of Rubrik Zero Labs Joe Hladik as they dive deep into the evolving landscape of cybersecurity, from incident response to emerging threats. Joe shares insights from two decades of experience, including his work on high-profile cases like the SolarWinds breach, and breaks down the complex relationship between nation-state actors and cybercrime. Learn about the challenges of data sprawl, identity management, and why treating identity as the new perimeter isn't as simple as it seems. Joe also shares insights into the new report from Rubrik Zero Labs, The State of Data Security: A Distributed Crisis. Whether you're a security practitioner or executive, this episode offers valuable perspectives on data security posture management and the future of threat detection.

The U.S. government has renewed funding for the Common Vulnerabilities and Exposures (CVE) Program, a critical database for tracking cybersecurity flaws, just hours before its funding was set to expire. Established 25 years ago, the CVE program assigns unique identifiers to security vulnerabilities, facilitating consistent communication across the cybersecurity landscape. The renewal of funding comes amid concerns that without it, new vulnerabilities could go untracked, posing risks to national security and critical infrastructure. In response to the funding uncertainty, two initiatives emerged: the CVE Foundation, a nonprofit aimed at ensuring the program's independence, and the Global CVE Allocation System, a decentralized platform introduced by the European Union.In addition to the CVE funding situation, Oregon Senator Ron Wyden has blocked the nomination of Sean Planky to lead the Cybersecurity and Infrastructure Security Agency (CISA) due to the agency's refusal to release a crucial unclassified report from 2022. This report details security issues within U.S. telecommunications companies, which Wyden claims represent a multi-year cover-up of negligent cybersecurity practices. The senator argues that the public deserves access to this information, especially in light of recent cyber threats, including the SALT typhoon hack that compromised sensitive communications.The cybersecurity landscape is further complicated by significant layoffs at CISA, which could affect nearly 40% of its workforce, potentially weakening U.S. national security amid rising cyber threats. Recent cuts have already impacted critical personnel, including threat hunters, which could hinder the agency's ability to share vital threat intelligence with the private sector. Meanwhile, the Defense Digital Service at the Pentagon is facing a mass resignation of nearly all its staff, following pressure from the Department of Government Efficiency, which could effectively shut down the program designed to accelerate technology adoption during national security crises.On the technology front, OpenAI has released new AI reasoning models, O3 and O4 Mini, but notably did not provide a safety report for the new GPT-4.1 model, raising concerns about transparency and accountability in AI development. The lack of a safety report is particularly alarming as AI systems become more integrated into client-facing tools. Additionally, SolarWinds Corporation has been acquired by Ternerva Capital, prompting managed service providers (MSPs) to reassess their dependencies on SolarWinds products and consider the implications for product roadmaps and support guarantees. Four things to know today 00:00 From Panic to Pivot: U.S. Saves CVE Program at the Eleventh Hour04:17 A Cybersecurity Meltdown: One Senator Blocks, Another Leader Quits, and a Whole Pentagon Team Walks Out08:54 OpenAI Just Leveled Up AI Reasoning—But Left Out the Fine Print11:45 SolarWinds Is Private Again: What That Means for MSPs Watching the Roadmap  Supported by:  https://www.huntress.com/mspradio/ https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship   Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Passwords are the original digital clutter—messy, overstuffed, and way too easy to forget. Like a junk drawer full of old keys and cables, we keep tossing more into them, hoping they'll somehow keep working. But what if it's time to throw the whole thing out? In this episode, Ron Eddings is joined by Collin Sweeney of ZKX Solutions and Dr. Chase Cunningham, a.k.a. “Dr. Zero Trust,” for a bold conversation on the future of authentication. From the failures of MFA to the promise of zero-knowledge proofs, the crew breaks down how we got stuck with broken access systems—and what it'll take to finally fix them. Whether it's SIM swapping, face IDs, or security keys on the battlefield, this is the real talk on identity security you don't want to miss. Impactful Moments: 00:00 – Introduction 03:45 – ZKX's origin: voice verification breakthrough 06:45 – Collin's “oh crap” SolarWinds realization 09:15 – Why MFA still fails in practice 13:15 – Zero-knowledge proofs explained with a coin 15:30 – How ZKPs reduce identity attack surfaces 17:45 – Making MFA faster, smarter, more human 20:00 – MFA fatigue and ice skating uphill 24:00 – Why people still cling to passwords 30:54 – Quantum fears vs real-world encryption limits Links: Connect with Collin Sweeney: https://www.linkedin.com/in/collin-sweeney-6ab6a5176/ Check out ZKX Solutions new product, Helix: zkxsolutions.com/helix Connect with Chase Cunningham: https://www.linkedin.com/in/dr-chase-cunningham/ Grab a copy of Chase Cunningham's book “vArIable: A Novel in the gAbrIel Series” here: www.amazon.com/vArIable-gAbrIel-Dr-Chase-Cunningham-ebook/dp/B0DVMWCWCD?ref_=ast_author_mp     Check out Hacker Valley's upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord B

In this episode of SolarWinds TechPod, hosts Chrystal Taylor and Sean Sebring explore the key differences between monitoring and observability with guest Jeff Stewart, GVP of Product Management at SolarWinds. Observability goes beyond traditional monitoring, offering AI-driven insights and a holistic view of system health. Like understanding the anatomy of the body, observability reveals how IT systems are interconnected—where one issue can ripple across the entire environment. They discuss how businesses can leverage observability to reduce downtime, improve efficiency, and stay ahead in a rapidly evolving tech landscape. © 2025 SolarWinds Worldwide, LLC. All rights reserved

Michael Duffy, President Donald Trump's nominee for Undersecretary of Defense for Acquisition and Sustainment, has committed to reviewing the Pentagon's Cybersecurity Maturity Model Certification (CMMC) 2.0 if confirmed. This revamped program, effective since December, mandates that defense contractors handling controlled, unclassified information comply with specific cybersecurity standards to qualify for Department of Defense contracts. Concerns have been raised about the burden these regulations may impose on smaller firms, with a report indicating that over 50% of respondents felt unprepared for the program's requirements. Duffy aims to balance security needs with regulatory burdens, recognizing the vulnerability of small and medium-sized businesses in the face of cyber threats.In addition to the CMMC developments, the General Services Administration (GSA) is set to unveil significant changes to the Federal Risk Authorization Management Program (FedRAMP). The new plan for 2025 focuses on establishing standards and policies rather than approving cloud authorization packages, which previously extended the process for up to 11 months. The GSA intends to automate at least 80% of current requirements, allowing cloud service providers to demonstrate compliance more efficiently, while reducing reliance on external support services.Across the Atlantic, the UK government has announced a comprehensive cybersecurity and resilience bill aimed at strengthening defenses against cyber threats. This legislation will bring more firms under regulatory oversight, specifically targeting managed service providers (MSPs) that provide core IT services and have extensive access to client systems. The proposed regulations will enhance incident reporting requirements and empower the Information Commissioner's Office to proactively identify and mitigate cyber risks, setting higher expectations for cybersecurity practices among MSPs.The episode also discusses the implications of recent developments in AI and cybersecurity. With companies like SolarWinds, CloudFlare, and Red Hat enhancing their offerings, the integration of AI into business operations raises concerns about security and compliance. The ease of generating fake documents using AI tools poses a significant risk to industries reliant on document verification. As the landscape evolves, IT service providers must adapt by advising clients on updated compliance practices and strengthening their cybersecurity measures to address these emerging threats. Four things to know today 00:00 New Regulatory Shifts for MSPs: CMMC 2.0, FedRAMP Overhaul, and UK Cyber Security Bill05:21 CISA Cuts and Signal on Gov Devices: What Could Go Wrong?08:15 AI Solutions Everywhere! SolarWinds, Cloudflare, and Red Hat Go All In11:37 OpenAI's Image Generation Capabilities Raise Fraud Worries: How Businesses Should Respond  Supported by:  https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship  Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Episode Time Stamps 00:00 Going Linux #465 · Listener Feedback 01:35 Bill can breathe again 07:40 Reid: About the Lemur Pro 11:39 George from Tulsa: Learning the lesson again - buy hardware with Linux pre-installed 16:02 Guimar: Seeking advice on Linux 25:02 Roger: Microsoft news - Solar Winds 30:03 George: Commented on computer/monitor stands 33:13 George: On the M4 Mini 39:42 Harry: Shares his decision 41:26 Ambrose: About Linux kernel headers 50:18 Costas: The Ubuntu MATE installer 54:58 Gus: Comments on Snap packages 56:34 Ian: Remote access 58:05 goinglinux.com, goinglinux@gmail.com, +1-904-468-7889, @goinglinux, feedback, listen, subscribe 59:11 End

Nolan and Kelli welcome back friend of the pod David Hanrahan, who's just 60 days into his new role as CHRO at SolarWinds. The conversation kicks off with candid reflections on the Transform 2025 conference - the good, the bad, and what's missing from HR conferences today. They also dig into David's challenges and learnings transitioning to his new role, and a discussion on the changes coming for L&D initiatives.*Email us your questions or topics for Kelli & Nolan: hrheretics@turpentine.coFor coaching and advising inquire at https://kellidragovich.com/HR Heretics is a podcast from Turpentine.Support HR Heretics Sponsor:Metaview is the AI assistant for interviewing. Metaview completely removes the need for recruiters and hiring managers to take notes during interviews—because their AI is designed to take world-class interview notes for you. Team builders at companies like Brex, Hellofresh, and Quora say Metaview has changed the game—see the magic for yourself: https://www.metaview.ai/hereticsKEEP UP WITH DAVID, NOLAN + KELLI ON LINKEDINDavid: https://www.linkedin.com/in/davidhanrahan/Nolan: https://www.linkedin.com/in/nolan-church/Kelli: https://www.linkedin.com/in/kellidragovich/—LINKS:Solarwinds: https://www.solarwinds.com/—TIMESTAMPS:(00:00) Introduction(00:37) David's Take on Transform(03:33) The Grittiness of HR(05:42) Value of In-Person Relationships(08:50) Transform's Community Session(10:36) Blackjack, Craps, and the Games(11:28) David's New Role at SolarWinds(15:35) Sponsor: Metaview(17:29) G Suite vs Microsoft Outlook(18:00) Juggling New Job Responsibilities(20:35) Katie Burke's Self Reflection(22:18) Painful Changes and Lessons from Multiple CHRO Roles(25:03) The Weird Moment for L & D(28:55) Effective Leadership Development(33:41) David's BHAG: Leadership Development(35:29) Wrap This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit hrheretics.substack.com

SPHEREx wasn't alone on its recent launch to orbit aboard SpaceX's Falcon 9 rocket. NASA's PUNCH mission also hitched a ride.

From energy and wastewater treatment to communications, banking, and beyond, critical infrastructure are those assets, systems, and networks that support our daily lives. Any compromise to these resources, whether malicious or unintended, could have debilitating national security, economic, and public safety consequences.   Yet, our critical infrastructure remains vulnerable. And in an era of rising geopolitical tensions, it is also an easy and attractive target for nation state attackers. Solar Winds and more recently Salt Typhoon are two of many examples.   In this podcast, we explore the where's and why's of critical infrastructure vulnerability and associated compliance concerns, along with some strategies and best practices to improve critical infrastructure security and resilience.

Steve Satterwhite On Cyber is a Cybercrime Magazine Podcast series brought to you by Entelligence. In this episode, Steve Satterwhite, founder and CEO at Entelligence, joins host Paul John Spaulding and Tim Brown, CISO at Solarwinds, to discuss cybersecurity talent, diving into the skills gap faced by security leaders today and what can be done about it. An industry leader in delivering affordable, high value professional services to security-conscious enterprise and government organizations worldwide, Entelligence addresses the cyber skills gap by working as a seamless extension of each customer's organization, providing a set of customized services that include security readiness assessments, quick-start solution deployments, and longer-term resident expert engagements. Learn more about our sponsor at https://entelligence.com

Intel has appointed Lip Butan as its new CEO, effective March 18th, following a tumultuous period marked by a 54% drop in share prices and the ousting of former CEO Pat Gelsinger. Butan, a seasoned tech investor and former CEO of Keynes Design Systems, is expected to revitalize Intel's fortunes and navigate its controversial Foundry strategy aimed at expanding manufacturing capabilities. Investors reacted positively to his appointment, with Intel's stock price rising over 11% in after-hours trading. Butan's leadership is seen as crucial for Intel to compete in the semiconductor market, particularly in smartphone and AI chip sectors.In the realm of cybersecurity, SailPoint has expanded its Managed Service Provider program to make identity security solutions more accessible to smaller enterprises, addressing the increasing threats targeting vulnerable identities. This initiative allows businesses to onboard identity security as a fundamental function, focusing on entry-level use cases while providing pathways for future growth. Meanwhile, TeamViewer has launched its first integrated solution with One E, enhancing digital workspace experiences through improved device monitoring and secure remote connectivity.SolarWinds has announced its acquisition of Squadcast, a company specializing in incident response solutions, to bolster its capabilities in managing complex IT environments. This merger aims to streamline incident response and improve operational resilience for IT professionals. Additionally, Verizon Business has introduced a new security service called Trusted Connection, which enhances cybersecurity by implementing continuous verification of access to devices, networks, and cloud applications, addressing the significant risks posed by stolen credentials.A recent study by the Tao Center for Digital Journalism has raised concerns about the reliability of generative AI search tools, revealing that over 60% of citations provided by these tools are incorrect. This highlights the urgent need for better evaluation and citation practices in AI-powered searches. Furthermore, research from Harvard Business Review indicates that while AI can enhance executive decision-making, it requires active human engagement to avoid critical blind spots. The findings suggest that companies must find the right balance between human oversight and AI capabilities to optimize decision-making processes. Four things to know today 00:00 Intel Bets on New CEO Lip-Bu Tan—Will the Foundry Gamble Pay Off?04:47 Big Security Moves: SailPoint, SolarWinds, and Verizon Roll Out New Solutions—Here's What They Mean07:59 Think AI Search Is Reliable? 60% of Its Citations Are Wrong09:14 AI in the Boardroom? A New Study Says It's Helping—But Not Without Risks  Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Take a Network Break! This week we’re joined by guest analyst Tom Hollingsworth of The Futurum Group. We start with red alerts from Broadcom on multiple vulnerabilities and an emergency patch from Cisco for its Webex platform. In tech news we discuss SolarWinds’ acquisition of Squadcast and how it fits into the SolarWinds portfolio, Aviatrix’s... Read more »

Take a Network Break! This week we’re joined by guest analyst Tom Hollingsworth of The Futurum Group. We start with red alerts from Broadcom on multiple vulnerabilities and an emergency patch from Cisco for its Webex platform. In tech news we discuss SolarWinds’ acquisition of Squadcast and how it fits into the SolarWinds portfolio, Aviatrix’s... Read more »

Take a Network Break! This week we’re joined by guest analyst Tom Hollingsworth of The Futurum Group. We start with red alerts from Broadcom on multiple vulnerabilities and an emergency patch from Cisco for its Webex platform. In tech news we discuss SolarWinds’ acquisition of Squadcast and how it fits into the SolarWinds portfolio, Aviatrix’s... Read more »

Take a Network Break! We start with some Red Alert vulnerabilities to get your blood pumping, and then dive into networking news. Cisco announces new data center switches with AMD Pensando DPUs that let you deploy security and other services directly on to the switch. Cisco ThousandEyes is previewing Traffic Insights, which correlates flow records... Read more »

Take a Network Break! We start with some Red Alert vulnerabilities to get your blood pumping, and then dive into networking news. Cisco announces new data center switches with AMD Pensando DPUs that let you deploy security and other services directly on to the switch. Cisco ThousandEyes is previewing Traffic Insights, which correlates flow records... Read more »

Take a Network Break! We start with some Red Alert vulnerabilities to get your blood pumping, and then dive into networking news. Cisco announces new data center switches with AMD Pensando DPUs that let you deploy security and other services directly on to the switch. Cisco ThousandEyes is previewing Traffic Insights, which correlates flow records... Read more »

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ransomware payments saw a significant drop in 2024, falling by 35% compared to the previous year. Law enforcement agencies have arrested a suspected core member of the 8Base ransomware group, marking a significant development in efforts to combat cybercrime. The XE Group, a financially motivated cybercrime organization, has shifted its tactics from traditional card-skimming attacks to more sophisticated supply chain compromises.Security researchers at watchTowr have demonstrated a supply chain attack technique that surpasses the scale and stealth of the infamous SolarWinds breach.A newly discovered cyber-espionage campaign is targeting government and military entities in South Asia, according to researchers at Unit 42.

Send us a textThis episode dives deep into the ramifications of the DOJ's move to halt the HPE-Juniper merger, questioning whether this action genuinely promotes competition or stifles innovation. We also explore staggering investments in AI from top tech companies and what these might mean for future growth and competition. • Discussion on the DOJ's lawsuit against the HPE-Juniper merger • Examination of potential market impacts of the merger • Insights into AWS's and Google's significant AI investments • Analysis of market expectations regarding AWS's recent revenue growth • Concerns surrounding SolarWinds and private equity acquisitions • Calls to action for listeners to engage with their thoughts on these topicsCheck out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

Amazon has reported better-than-expected earnings for the fourth quarter of 2024, with a significant increase in net income attributed to cost-cutting measures and strength in its cloud business. Despite this positive performance, the company provided disappointing guidance for the current quarter, projecting sales that fall short of analysts' expectations. Amazon Web Services (AWS) continues to be a dominant player in the cloud market, but its growth rate of 19% lags behind competitors that are experiencing growth rates above 30%. This slower growth raises concerns about AWS's position in the increasingly competitive landscape of AI workloads.The labor market is showing signs of cooling, with recent revisions indicating a slower decline in job growth than previously anticipated. The tech sector added nearly 7,000 jobs in January, but the tech unemployment rate has risen slightly to 2.9%. A survey revealed that over 75% of businesses are struggling to meet their IT talent needs, particularly in areas like machine learning and cybersecurity. This has led many companies to focus on upskilling existing employees to address the talent shortage.In the small business sector, transactions rose by 5% in 2024, with a notable increase in technology-related acquisitions. Despite inflation and rising costs, demand for stable, recession-resilient businesses is growing, prompting brokers to predict an increase in seller financing amid tight lending conditions. The surge in technology transactions indicates a strong interest in IT services and software firms, which may be well-positioned for growth and acquisitions in the current market environment.Microsoft's Copilot Plus PCs have struggled to gain traction in the market, with disappointing sales figures attributed to high prices and a lack of compelling applications. Consumers are not actively seeking AI features, highlighting a disconnect between marketing efforts and real-world demand. This situation underscores the broader challenges of AI adoption, as companies like Microsoft work to clarify the value of their products in a competitive landscape. Four things to know today 00:00 Tech Talent in Demand as Companies Struggle to Fill AI and Cloud Roles05:33 Copilot+ PCs Struggle as Shoppers Say ‘No Thanks' to AI Upgrades06:55 Amazon's Profits Jump, But Is AWS Falling Behind in the AI Cloud Race?09:13 SolarWinds Sells for $4.4B—And N-Able Might Be Next Supported by:  https://www.huntress.com/mspradio/  Event: https://nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Countering adversaries in the cyber domain requires the Navy to harness information at the speed of technological innovation. During AFCEA West in San Diego, California, Vice Adm. Craig Clapperton, commander of U.S. Fleet Cyber Command and Navy Space Command, discussed how he is approaching the evolving landscape of cyber threats and developing strategies to counter them in his dual-hat role. From recent cyber incidents like SolarWinds and Volt Typhoon, to the role of emerging technologies like AI, Clapperton dives into the complexities of modern cyber warfare and explains how he's eyeing collaboration with industry partners and allies, recruiting top cyber talent and staying ahead of adversaries in a rapidly changing digital environment.

Brian Goldfarb is the Senior Vice President and Chief Marketing Officer at SolarWinds. After earning his A.B. in Computer Science and Economics from Duke University, Brian initially explored a career on Wall Street but soon transitioned to product management at Microsoft, marking the start of his two-decade journey in the tech industry. At Google, Brian played a key role in launching the Cloud Platform. He later led platform marketing at Salesforce, and before joining SolarWinds, he served as CMO at both Splunk and Tenable. Now, after nearly a year with SolarWinds, Brian oversees the company's global marketing strategy, covering its industry-leading observability, database, and service management solutions.SolarWinds is a leading IT management software provider that helps businesses monitor and manage their IT infrastructure, applications, and networks. Known for its user-friendly and scalable solutions, SolarWinds serves a broad range of industries, focusing on identifying and resolving IT challenges. SolarWinds continues to deliver solutions that empower IT professionals to maintain reliable and secure environments.In today's show, Alan and Brian dive into cybersecurity, discussing SolarWinds and the solutions they offer. They examine the major cybersecurity incident that impacted both the company and the industry and how SolarWinds successfully recovered from it. Additionally, they explore what marketing looks like at SolarWinds, how the role of CMO has evolved, and what we should consider about the future of this role.In this episode, you'll learn:Insights for successfully recovering from a massive cyberattackTips for creating a strong marketing structureThe profile of the modern CMO and how it has evolvedKey Highlights:[01:15] Brush with fame on a game show[03:08] Career path to CMO at SolarWinds[05:29] Story behind Kubernetes [07:23] Scope of SolarWinds[10:39] Recovering from a massive cyberattack[14:25] How marketing is structured at SolarWinds[15:52] What CMO role should be focused on[17:56] How the CMO role interacts with the rest of the team [21:20] “Lack of novelty is not a bad thing”[27:30] An experience from your past that defines you[30:24] Advice to your younger self[31:36] A topic that you and other marketers need to learn more about[33:11] Trends or subcultures others should follow[36:30] OOH Advertising's impact internally [37:30] Largest opportunity or threat to marketers todayLooking for more?Visit our website for the full show notes, links to resources mentioned in this episode, and ways to connect with the guest! Become a member today and listen ad-free, visit https://plus.acast.com/s/marketingtoday. Hosted on Acast. See acast.com/privacy for more information.

International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric's remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google's December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today's CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today's question comes from N2K's CompTIA® A+ Core Exam 1 Practice Test (Core Exam 2 Practice Test is also available on our site). Have a question that you'd like to see covered? Email us at certbyte@n2k.com. Check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: www.comptia.org Selected Reading International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging Service (SOCRadar) German Police Shutter Country's Largest Dark Web Market (Infosecurity Magazine) 10/10 directory traversal bug hits SailPoint's IdentityIQ (The Register) Solana Web3.js Library Backdoored in Supply Chain Attack (SecurityWeek) SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code (Cyber Security News) 16 Zero-Days Uncovered in Fuji Electric Monitoring Software (GovInfo Security) Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability (Hackread) VulnerabilitiesCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks (SecurityWeek) U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog (SecurityAffairs) MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts (GB Hacker) Android's December 2024 Security Update Patches 14 Vulnerabilities (SecurityWeek) FTC accuses data brokers of improperly selling location info (The Register) Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Want to share your thoughts? Fill out our listener form Request A Customized Workshop For Your Company Join us for an insightful episode of "Negotiate Anything" with host Kwame Christian and guest Jennifer Zador, General Counsel at PlanSource. Jennifer shares her unique experiences navigating high-stakes negotiations during cybersecurity crises, including the infamous SolarWinds incident. She provides invaluable tips on maintaining confidence, clear communication, and self-care under pressure, drawing from her extensive career and personal life. This episode is a must-listen for anyone looking to improve their negotiation skills, especially in the context of crisis management. What will be covered: The SolarWinds cybersecurity crisis and its impact on business and government clients. The importance of clear, concise, and transparent communication in high-stakes negotiations. Self-care practices that help maintain mental and emotional stability during crises. Follow Jennifer Zador on LinkedIn Contact ANI Request A Customized Workshop For Your Company Follow Kwame Christian on LinkedIn The Ultimate Negotiation Guide Click here to buy your copy of How To Have Difficult Conversations About Race! Click here to buy your copy of Finding Confidence in Conflict: How to Negotiate Anything and Live Your Best Life! What's in it for you? Exclusive Advice: Gain insights from top negotiation experts. Community Support: Connect with a like-minded community focused on growth. Personal & Professional Growth: Unlock strategies to enhance every aspect of your life. You deserve to negotiate more of the best things in life, and now you can! Don't wait—be the first in line to experience this game-changing resource.

Apple proposes 45-day maximum certificate life. SEC fines four companies for downplaying their SolarWinds attack severity. Google adds 5 new features to Messenger including inappropriate content. Does AI-driven local device-side filtering resolve the encryption dilemma forever? The very nice looking "Session" messenger leaves Australia for Switzerland. Another quick look at the question of the EU's software liability moves. Fake North Korean employees WERE found to install backdoor malware. How to speed up an SSD without using SpinRite. Using ChatGPT to review and suggest improvements in code. And Internet governance has been trying to move the Internet to IPv6 for the past 25 years, but the Internet just doesn't want to go. Why not? And will it ever? Show Notes - https://www.grc.com/sn/SN-998-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT e-e.com/twit threatlocker.com for Security Now 1password.com/securitynow