Podcasts about Splunk

Jyoti Bansal is the co-founder and CEO of Harness, the software delivery platform used by thousands of engineering teams, and previously founded AppDynamics, which he led from inception to a multibillion-dollar acquisition by Cisco. In this episode, Jyoti unpacks what it really takes to move from mid-market to enterprise, why he thinks in terms of “product-market-sales fit,” and how he structures Harness as a collection of “startups within a startup” to launch multiple “best-of-breed” products. In today's episode, we discuss: Why companies get stuck in the mid-market and struggle to move up into enterprise Why Jyoti deliberately lost Netflix as their customer The difference between product-market-sales fit, and product-market-fit How to build a scalable, capacity-driven go-to-market machine (instead of chasing deals) Diagnosing whether you have a product problem or a distribution problem How to hire and evaluate your first head of sales and top sales leaders Why Jyoti sold AppDynamics three days before IPO The “binary differentiator” rule for launching new products into crowded markets Why Harness runs 16 product lines under one roof Where to find Jyoti: LinkedIn: https://www.linkedin.com/in/jyotibansal/ Twitter/X: https://x.com/jyotibansalsf Where to find Brett: LinkedIn: https://www.linkedin.com/in/brett-berson-9986094/ Twitter/X: https://twitter.com/brettberson Where to find First Round Capital: Website: https://firstround.com/ First Round Review: https://review.firstround.com/ Twitter/X: https://twitter.com/firstround YouTube: https://www.youtube.com/@FirstRoundCapital This podcast on all platforms: https://review.firstround.com/podcast References: Amazon: https://www.amazon.com/ AppDynamics: https://www.appdynamics.com/ Barclays: https://home.barclays/ BIG Labs: https://www.biglabs.com/ Carlos Delatorre: https://www.linkedin.com/in/cadelatorre/ Charles Schwab: https://www.schwab.com/ Cisco: https://www.cisco.com/ Citi: https://www.citi.com/ Cloudability: https://www.apptio.com/products/cloudability/ Datadog: https://www.datadoghq.com/ Dynatrace: https://www.dynatrace.com/ Harness: https://www.harness.io/ Jeff Bezos: https://x.com/JeffBezos Microsoft: https://www.microsoft.com/ Nasdaq: https://www.nasdaq.com/ Netflix: https://www.netflix.com/ New Relic: https://newrelic.com/ Salesforce: https://www.salesforce.com/ Splunk: https://www.splunk.com/ Traceable: https://www.traceable.ai/ Unusual Ventures: https://www.unusual.vc/ VMware: https://www.vmware.com/ Timestamps: (01:48) Why do companies get stuck in the mid-market? (05:09) Designing a product for enterprise and mid-market (07:19) Why Jyoti lost Netflix as a customer - on purpose (10:18) Becoming a scalable GTM organization (12:32) The real signs of product-market fit (14:04) Have you delivered the value? (15:46) How to hire your first sales team (19:59) The four signs of excellent sales leaders (23:16) How to interview a sales leader (27:51) Where Jyoti developed his commercial taste (29:37) Why early founders need to learn sales (32:02) How AppDynamics began (36:36) Why Jyoti sold three days pre-IPO (41:55) What does a healthy board look like? (44:23) How Jyoti perceives competition (46:18) Why you need a binary differentiator (49:53) How to launch multiple products (52:00) “We need to be best of breed” (57:38) Why PMs are like mini-entrepreneurs (1:00:20) The startup within a startup (1:02:45) A culture of continuous improvement

Cisco's channel partner ecosystem has undergone a profound transformation following a series of announcements at its 2025 Partner Summit in San Diego. The core focus of said announcements is enabling partners in an era of artificial intelligence (AI) via edge computing and Splunk. This significant shift is driven by new AI and edge offerings (Cisco Unified Edge and Cisco IQ), which promise to provide partners with fast-tracked time to market for next-generation, Cisco-powered solutions. This move is a seismic change to how partners operate, shifting the focus from traditional hardware sales to integrated, outcome-focused solutions with AI at the center of it all. The networking giant further backed the evolution with substantial commitments in marketing spend and major investments in partner education and enablement to build expertise in AI and security. All this is set to be formalized in the upcoming Cisco 360 Partner Program, launching in 2026. We sat down with Technology Reseller News Senior Technology Reporter Moshe Beauford, who offered his expert perspective on the Cisco partner news.

On this episode of Stats on Stats, hosts Jordan, Tiffany, and Kenneth welcome Paul Stout, Field CTO and longtime tech veteran, for a conversation packed with insights, banter, and bold takes. From automating military workflows to tracking car data with Splunk, Paul shares how a nontraditional career path, business acumen, and humor have shaped his approach to tech leadership.Guest Connect:LinkedIn: https://www.linkedin.com/in/paulestout/Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks    | https://www.codeculturecollective.io  Merch: https://www.statsonstats.io/shop   LinkTree: https://linktr.ee/statsonstatspodcast   Stats on Stats Partners & AffiliatesIntelliCON 2026Website: https://www.intelliguards.com/intellic0n-speakersRegister: www.eventbrite.com/e/1497056679829/?discount=STATSONSTATSUse Discount Code: "STATSONSTATS" for 30% offAntisyphon TrainingWebsite: https://www.antisyphontraining.com   MAD20 TrainingWebsite: https://mad20.io   Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com   Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com   Dream Chaser's Coffee Website: https://dreamchaserscoffee.com   Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind   IntrusionsInDepthWebsite: https://www.intrusionsindepth.com  -----------------------------------------------------Episode was shot and edited at BlueBox Studio Tampahttps://blueboxdigital.com/bluebox-studio/

Splunk Infrastructure Monitoring is becoming a must-have for teams managing cloud-native and hybrid environments. In this episode, we break down how Splunk delivers real-time observability, AI-powered insights, and seamless cloud integration to help organizations detect issues faster, optimize performance, and support digital transformation.

AI without observability is guesswork.I har a blast chatting with Patrick Lin, SVP and GM of Observability at Splunk on The Ravit Show. We get straight into how teams keep AI reliable and how leaders turn telemetry into business results.What we cover: • .conf25 updates in Splunk Observability • AI Agentic Monitoring and AI Infrastructure Monitoring • How a unified experience with Splunk AppDynamics and Splunk Observability Cloud helps teams ship faster with fewer surprises • Why observability is now a growth lever, not just a safety net • Fresh insights from the State of Observability 2025 reportMy take: • The nervous system of AI is observability • Signal quality beats signal volume • OpenTelemetry works best when tied to business context • When SecOps and Observability work together, incidents become learning momentsIf you care about reliable AI, faster recovery, and clear impact on productivity and revenue, this one will help.#data #ai #conf2025 #splunk #splunkconf25 #SplunkSponsored #theravitshow

In this episode, Hendrik Deckers sits down with Rajat Dhawan, Group Chief Digital & Technology Officer at Soho House, who is a nominee for the CIONET Awards 2026 in the Data & AI category. Register here to find out who wins this prestigious title

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California. In this episode:  The foundational debate Strength over breadth Beyond traditional backgrounds Keeping perspective on risk Huge thanks to our sponsors, Adaptive Security and Dropzone AI AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com. Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How do you secure a world where trusted internal traffic now travels over the public internet? That's the question I put to Doug Merritt, CEO of Aviatrix, in this thought-provoking conversation recorded for Tech Talks Daily. Doug brings decades of experience from his time leading Splunk and other major technology players, and he now finds himself at the forefront of reshaping how enterprises think about cloud security. We discuss why the cybersecurity landscape is more treacherous than ever, especially as AI accelerates both defense and attack capabilities. Doug explains why the old "castle and moat" mindset no longer applies in the age of cloud workloads, where perimeters are atomized and workloads are ephemeral. He outlines how identity, endpoint, and network security form a three-legged stool—yet too many organizations focus on one leg while neglecting the others. Doug also shares why embedding protection directly into the network fabric changes the rules for defending the cloud, and how his team at Aviatrix is helping companies close dangerous visibility gaps. We explore the rise of agentic AI, the growing sophistication of lateral movement attacks, and why even trusted identities can pose risk in distributed environments. As we look to the future, Doug argues that the path forward is clear: build on strong foundations, simplify the noise, and make network visibility a first-class citizen in enterprise defense. What do you think—are most organizations ready to shift from bolted-on tools to truly embedded cloud security? I'd love to hear your thoughts after listening. Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

In this episode of the CIONET Podcast, Hendrik Deckers interviews Giuseppe Ficara, Senior Director and Global Head of Data and AI at Amplifon in Milano, Italy, the nominee in the Data & AI category. Register here to find out who wins this prestigious title

Johanna Jaakola – Integration Lead, Corporate Development Integration Team, Cisco Tesia Hostetler – Leader, Acquisition Integration Practice, Cisco Johanna Jaakola, Integration Lead on Cisco's Corporate Development Integration Team, and Tesia Hostetler, Leader of Cisco's Acquisition Integration Practice, continue their deep dive into Cisco's integration-led M&A framework. In Part 2, they reveal how integration planning shapes diligence, how value drivers guide surgical execution, and what it takes to coordinate a 180-person M&A community. From day one employee experience to go-to-market complexity and the Splunk mega-deal, this episode delivers practical frameworks for M&A professionals looking to accelerate value creation while protecting what matters most. Things you will learn: Learn how Cisco tests integration strategy during diligence and adjusts execution plans based on findings without losing sight of deal thesis Discover how Cisco structures functional integration leaders, maintains alignment through recurring touchpoints, and tracks everything in a centralized M&A hub Understand how to validate customer stories, align partner ecosystems, and make surgical decisions about when to integrate sales motions versus protecting existing revenue engines _____________________ M&A Doesn't Have to Be So Painful

In this episode of The Segment, host Raghu Nandakumara sits down with Carl Froggett, Chief Information Officer at Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity.With nearly three decades of experience — including over 20 years at Citi leading global infrastructure defense and cybersecurity services — Carl brings a rare, full-circle perspective on how the cyber landscape, leadership, and culture have evolved from the early 2000s to today's AI-driven world.You'll learn:How Carl “accidentally” fell into cybersecurity — and what the early days of firewalls and compliance-driven security looked like What it was like to pioneer one of Citi's first dedicated cyber teams Lessons in leadership from iconic figures like Charles Blauner, Greg Lavender, and John Miller How Citi became an early adopter of technologies like Palo Alto Networks, Splunk, CrowdStrike, and Illumio Why building business alignment and trust matters more than ever for CISOs How to frame security risks in business terms — and where many leaders go wrong The massive shift from machine learning to deep learning in cybersecurity How generative AI and “dark AI” are redefining the threat landscape — and why the next era of defense demands a mindset change Packed with nostalgia, hard-won wisdom, and forward-looking insight, this episode bridges cybersecurity history, human leadership, and the AI-powered future ahead.Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com 

In this episode of the CIONET Podcast, Hendrik Deckers interviews Jesús Oliva, Head of Data & AI at Moeve, who is a nominee for the CIONET Awards 2026 in the Data & AI category. Register here to find out who wins this prestigious title

Johanna Jaakola – Integration Lead, Corporate Development Integration Team, Cisco Tesia Hostetler – Leader, Acquisition Integration Practice, Cisco Johanna Jaakola, Integration Lead on Cisco's Corporate Development Integration Team, and Tesia Hostetler, Leader of Cisco's Acquisition Integration Practice, share how one of the world's most prolific acquirers structures deals for success. This episode breaks down Cisco's integration-led diligence model, where integration leads orchestrate due diligence from the deal thesis stage, ensuring strategic alignment and execution readiness before ink hits paper. Learn how Cisco's structured approach to integration strategy, two-stage approvals, and tight feedback loops between strategy and execution have transformed their M&A outcomes—with insights from their $28 billion Splunk acquisition. Things You'll Learn Why integration leads should orchestrate diligence How creating an integration thesis alongside your deal thesis ensures every diligence question tests strategic assumptions and drives execution clarity How Cisco's dual approval process (one to negotiate LOI, another for final purchase agreement) creates natural checkpoints to validate strategy before committing capital ____________________ Only 3 Days Left to Register for the Buyer-Led M&A™ Summit. This is the #1 virtual event built for dealmakers who want to eliminate chaos and take control from sourcing through integration.

Big traffic moments expose weak systems. Ticketmaster treats them as a proving ground.At .conf2025 I sat with Stephen from Ticketmaster to break down how they run reliable, resilient operations with Splunk. We started with his role and what his team owns. Then we went into the daily rhythm: where Splunk sits in their stack, how they monitor live traffic, and how signals turn into action during spikes.We talked about impact. Faster incident response. Tighter collaboration across teams when every second counts. Clear visibility across services so they can move from symptoms to root cause with less back and forth.Digital resilience was a major theme. Stephen walked through how they use Splunk products to harden critical paths, pressure test failure scenarios, and keep fan experiences stable during on-sales and marquee events.We also covered outcomes the business cares about. Better uptime. Fewer fire drills. Cleaner handoffs. The ability to learn from every incident and feed it back into playbooks and automation.We closed on what is next. More proactive detection. More use of data to predict hot spots before they flare. A roadmap that keeps resilience and customer experience front and center.#splunkconf25 #SplunkSponsored #data #ai #theravitshow

Competitions can change careers. Katie Brown is proof.At .conf2025 I sat with Katie Brown, Director of Platform Security at Splunk. We talked about her path from winning Boss of the SOC to joining Splunk, how she still supports the competition, and what her day to day looks like now. She shared a memorable challenge from BOTS that shaped how she works, practical advice for anyone thinking about capture the flag events, and why hands on contests help close the cybersecurity talent gap.Highlights • From BOTS champion to leading platform security, a clear example of skills turning into opportunity • Staying close to BOTS as a mentor and builder so more people can learn by doing • Lessons that stick, pressure testing analysis, teamwork, and clear thinking under time limits • Simple advice for newcomers, start small, practice often, document what you learn, share your work • Why competitions matter, real signals of skill, faster hiring signals for teams, confidence for candidatesIf you want a grounded view of how hands on learning opens doors in security, this will help.#splunkconf25 #SplunkSponsored #data #ai #theravitshow

Monzy Merza (@monzymerza, CEO/Founder @Crogl) talks about build a next-generation Enterprise SOC by leveraging AI to stay ahead of Cybersecurity threats.SHOW: 969SHOW TRANSCRIPT: The Cloudcast #969 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Crogl websiteTechCrunch articleForbes ArticleIntellyx ArticleLast WatchDog ArticleTopic 1 - Welcome to the show, Monzy. Give everyone a brief introduction and tell us about your unique journey from government research to Splunk to Databricks to founding Crogl.Topic 2 - Let's start with the current state of cybersecurity and AI. We're seeing headlines about AI being the top cybersecurity concern for 2025, even overtaking ransomware. From your perspective, what's driving this shift and why should organizations be paying attention to the intersection of cybersecurity and AI?Topic 3 - You've described Crogl as an "Iron Man suit" for security analysts. That's a compelling metaphor. Can you break down what you mean by that and how your approach differs from the traditional "reduce alerts" mentality that most vendors have been pushing?Topic 4 - Let's talk about your "knowledge engine" and what you call an “AI for the Enterprise SOC”. You're using compound AI systems with LLMs, smaller models, and knowledge graphs. This sounds quite different from vendors who are just "bolting on" LLMs to existing tools. Walk us through this architectural decision and why it matters.Topic 5 - The cybersecurity industry is experiencing massive alert fatigue - 4,500 alerts per day, with analysts only able to investigate 8-25 of them. Your philosophy is "every alert should be analyzed" rather than filtering them out. That seems counterintuitive to what the market has been doing. How does your autonomous investigation approach actually work in practice?Topic 6 - Where do you see this evolution heading, and what are the implications for SOC teams and security practitioners? Are we heading toward fully autonomous SOCs?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodI

I had a blast at .conf25 2025 by Splunk and an on-site interview I recorded with Lizzy Li, Principal PM for dashboards at Splunk. I spent time at the Data Visualizations area to understand how teams bring Splunk data to life for investigations and exec reviews. Lizzy walked me through three layers:- Splunk UI Toolkit for reusable UI components so internal teams and developers can build apps faster- The dashboard framework and visualizations that power charts across the Splunk portfolio and let developers create custom experiences- Dashboard Studio, the general purpose tool most customers use to build and share dashboardsWhat stood out:- Flexibility. Customers are not limited to charts in a grid. Think floor plans, architecture diagrams, and network maps that match real-world layouts- One view of more data. Dashboard Studio can bring together logs, observability metrics, and with federation, external data sources- Scale and performance. Tabs let you pack multiple dashboards into one, and performance updates keep large numbers of charts responsive- New this year. More advanced logic and the ability to show or hide panels dynamically so analysts can tailor the view during an investigationIf you care about clear, flexible dashboards that can handle real-world complexity, you will like this conversation. Full interview is below.#splunkconf25 #SplunkSponsored #data #ai #theravitshow

Welcome to the CanadianSME Small Business Podcast, hosted by Kripa Anand. In this episode, we explore how Wi-Fi sensing technology is transforming data collection, enabling businesses to capture actionable insights without additional hardware or disruption.Joining us is Tom Mathai, CEO at Aqusense Inc., a serial entrepreneur with over 27 years of global tech experience. Tom shares how Aqusense leverages AI-powered Wi-Fi sensing to detect human presence, monitor environments, and drive innovation across industries.Key Highlights:1. Wi-Fi Sensing Explained: How subtle RF signal variations detect human and object movements.2. Technology Differentiation: Aqusense's patented AI sensors for Human Presence Detection and environmental awareness.3. Real-World Impact: Transformative applications across industries, from IoT to smart spaces.4. Key Partnerships: Collaborations with companies like Splunk to expand market reach and innovation.5. Entrepreneurial Vision: Tom's global journey and long-term roadmap for Aqusense in IoT.Special Thanks to Our Partners:RBC: https://www.rbcroyalbank.com/dms/business/accounts/beyond-banking/index.htmlUPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWAGoogle: https://www.google.ca/A1 Global College: https://a1globalcollege.ca/ADP Canada: https://www.adp.ca/en.aspxFor more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age!Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.

Parce que… c'est l'épisode 0x640! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Description Introduction et parcours professionnel Mathieu Saulnier, connu sous le pseudonyme “Scooby” dans la communauté de cybersécurité, possède une vingtaine d'années d'expérience dans le domaine. Son parcours l'a mené d'un grand fournisseur internet et de télécommunications vers la gestion d'un SOC (Security Operations Center), puis vers des rôles de recherche sur les menaces pour des vendeurs de SIEM et d'EDR. Aujourd'hui, il occupe le poste de product manager pour BloodHound Community Edition chez SpecterOps, une position qu'il a obtenue grâce à ses nombreuses présentations sur BloodHound au fil des années. BloodHound version 8 et la révolution OpenGraph La version 8 de BloodHound représente une évolution majeure de l'outil. La fonctionnalité phare est OpenGraph, qui permet d'ingérer n'importe quel type de données dans le graphe et de créer ses propres chemins d'attaque pour différentes technologies. Historiquement, BloodHound se concentrait exclusivement sur Active Directory et Azure/Entra ID, mais cette limitation appartient désormais au passé. Avec le lancement d'OpenGraph, SpecterOps a publié plusieurs nouveaux collecteurs pour diverses technologies : One Password, Snowflake, et Jamf (pour la gestion des postes de travail Mac). La communauté a réagi avec enthousiasme, puisqu'en seulement 48 heures après l'annonce, un contributeur externe a créé un collecteur pour Ansible. Plus récemment, un collecteur pour VMware vCenter et ESXi a également vu le jour, démontrant l'adoption rapide de cette nouvelle capacité. La distinction fondamentale : access path versus attack path Mathieu utilise une analogie éclairante avec Google Maps pour expliquer la différence entre un chemin d'accès et un chemin d'attaque. Google Maps montre les chemins autorisés selon différents modes de transport (voiture, vélo, transport en commun), chacun ayant ses propres règles et restrictions. C'est l'équivalent d'un graphe d'accès qui indique où on a le droit d'aller. Un chemin d'attaque, en revanche, représente la perspective d'un adversaire qui ne se préoccupe pas des règlements. L'exemple donné est celui d'une voiture roulant sur une piste cyclable à Montréal : c'est interdit, on sait qu'on risque une contravention, mais c'est techniquement possible. Dans le monde numérique, les conséquences sont souvent moins immédiates et moins visibles, ce qui explique pourquoi les attaquants exploitent régulièrement ces chemins non conventionnels. L'évolution du modèle de données BloodHound a commencé modestement avec seulement trois types d'objets (utilisateurs, groupes et ordinateurs) et trois types de relations (member of, admin et session). Depuis, le modèle s'est considérablement enrichi grâce aux recherches menées par SpecterOps et d'autres organisations. Des propriétés comme le Kerberoasting ont été ajoutées, permettant d'identifier les objets vulnérables à ce type d'attaque et d'élever ses privilèges. La vraie puissance d'OpenGraph réside dans la capacité de relier différents systèmes entre eux. Par exemple, si un attaquant compromet le poste d'un utilisateur ayant accès à un dépôt GitHub, il peut voler les tokens et sessions pour effectuer des commits au nom de cet utilisateur, potentiellement dans une bibliothèque largement utilisée, ouvrant ainsi la voie à une attaque de la chaîne d'approvisionnement (supply chain attack). Cette interconnexion multi-dimensionnelle des systèmes était difficile à visualiser mentalement, mais le graphe la rend évidente. Créer des collecteurs OpenGraph : exigences et bonnes pratiques Pour qu'un collecteur soit accepté dans la liste officielle des projets communautaires, certains standards doivent être respectés. Il faut créer le connecteur avec une documentation détaillant les permissions minimales nécessaires (principe du moindre privilège), expliquer son fonctionnement, les systèmes d'exploitation supportés, et les dépendances requises. La documentation devrait également inclure des références sur comment exploiter ou défendre contre les vulnérabilités identifiées. Bien que non obligatoires, des éléments visuels personnalisés (icônes et couleurs) sont fortement recommandés pour assurer une cohérence visuelle dans la communauté. Le projet étant open source, les utilisateurs peuvent toujours modifier ces éléments selon leurs préférences. Un aspect crucial est la fourniture de requêtes Cypher pré-construites. Sans ces requêtes, un utilisateur qui ne connaît pas Cypher pourrait importer toutes les données mais se retrouver bloqué pour les exploiter efficacement. Le langage Cypher et l'accès aux données BloodHound fonctionne sur une base de données graphique, historiquement Neo4j, mais maintenant également PostgreSQL grâce à un module de conversion. Le langage de requête utilisé est Cypher, qui possède une syntaxe particulière. Pour rendre l'outil plus accessible, SpecterOps maintient une bibliothèque Cypher contenant de nombreuses requêtes créées par l'équipe et la communauté. Ces requêtes peuvent être exécutées directement depuis le portail BloodHound. L'entreprise explore également l'utilisation de LLM (Large Language Models) pour générer des requêtes Cypher automatiquement, bien que le corpus public de données spécifiques à BloodHound soit encore limité. Les pistes futures incluent l'utilisation de MCP (Model Context Protocol) et d'approches agentiques pour améliorer la génération de requêtes. Usage défensif et offensif : deux faces d'une même médaille Mathieu souligne que les mêmes requêtes Cypher peuvent servir tant aux équipes bleues (défensives) qu'aux équipes rouges (offensives). La différence réside dans l'intention et l'utilisation des résultats, pas dans les outils eux-mêmes. C'est l'équivalent du marteau qui peut construire ou détruire selon l'utilisateur. Pour l'usage défensif, BloodHound Enterprise offre des fonctionnalités avancées comme le scan quasi-continu, l'identification automatique des points de contrôle critiques (choke points), et des outils de remédiation. Même la version communautaire gratuite permet de découvrir des vulnérabilités majeures lors de la première exécution. Exemples concrets et cas d'usage Mathieu partage des exemples frappants de découvertes faites avec BloodHound. Dans une entreprise de plus de 60 000 employés, il a identifié un serveur où tous les utilisateurs du domaine (domain users) avaient été accidentellement configurés comme administrateurs locaux. Comme un compte administrateur de domaine se connectait régulièrement à ce serveur, n'importe quel utilisateur pouvait devenir administrateur du domaine en seulement trois étapes : RDP vers le serveur, dump de la mémoire pour récupérer le token, puis attaque pass-the-hash. Un autre cas récent impliquait le script de login d'un administrateur de domaine stocké dans un répertoire accessible en écriture à tous. En y plaçant un simple script affichant un popup, l'équipe de sécurité a rapidement reçu une notification prouvant la vulnérabilité. Nouvelles fonctionnalités : la vue tableau Bien que moins spectaculaire qu'OpenGraph, la fonctionnalité “table view” répond à un besoin important. La célèbre citation de John Lambert de Microsoft (2015) dit : “Les attaquants pensent en graphe, les défenseurs pensent en liste. Tant que ce sera vrai, les attaquants gagneront.” Bien que la visualisation graphique soit le paradigme central de BloodHound, certaines analyses nécessitent une vue tabulaire. Par exemple, une requête identifiant tous les comptes Kerberoastables retourne de nombreux points à l'écran, mais sans informations détaillées sur les privilèges ou l'appartenance aux groupes. La vue tableau permet de choisir les colonnes à afficher et d'exporter les données en JSON (et bientôt en CSV), facilitant l'analyse et le partage d'informations. Deathcon Montréal : la conférence pour les défenseurs En complément à son travail sur BloodHound, Mathieu est le site leader de Montréal pour Deathcon (Detection Engineering and Threat Hunting Conference). Cette conférence unique, entièrement axée sur les ateliers pratiques (hands-on), se déroule sur deux jours en novembre. Contrairement aux conférences traditionnelles, tous les ateliers sont pré-enregistrés, permettant aux participants de travailler à leur rythme. L'événement se limite volontairement à 50 personnes maximum pour maintenir une atmosphère humaine et favoriser les interactions. Les participants ont accès à un laboratoire massif incluant Splunk, Elastic, Sentinel et Security Onion, et conservent cet accès pendant au moins un mois après l'événement. Sans sponsors, la conférence est entièrement financée par les billets, et l'édition 2024 a déjà vendu plus de 30 places, avec de nombreux participants de l'année précédente qui reviennent. Conclusion BloodHound avec OpenGraph représente une évolution majeure dans la visualisation et l'analyse des chemins d'attaque en cybersécurité. En permettant l'intégration de multiples technologies au-delà d'Active Directory, l'outil offre désormais une vision holistique des vulnérabilités organisationnelles. Que ce soit pour la défense ou les tests d'intrusion, BloodHound continue de démontrer que penser en graphe plutôt qu'en liste constitue un avantage stratégique décisif en matière de sécurité. Collaborateurs Nicolas-Loïc Fortin Mathieu Saulnier Crédits Montage par Intrasecure inc Locaux réels par Bsides Montréal

This week, we dig into the latest DORA report and OpenAI's big product updates. Plus, some hot takes on airline status and the Eurostar. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/urU5sn8Ufl8?si=WNrIuP_uXbhIg4gq) 540 (https://www.youtube.com/live/urU5sn8Ufl8?si=WNrIuP_uXbhIg4gq) Runner-up Titles Just plug in an iPhone Be helpful, not helpless Rundown Announcing the 2025 DORA Report | Google Cloud Blog (https://cloud.google.com/blog/products/ai-machine-learning/announcing-the-2025-dora-report/) OpenAI Agentic Commerce (https://openai.com/index/buy-it-in-chatgpt/) (https://openai.com/sora/) The New Sora App (https://openai.com/sora/) Introducing ChatGPT Pulse (https://openai.com/index/introducing-chatgpt-pulse/) Relevant to your Interests Intel and Apple hold investment talks, no deal in sight - 9to5Mac (https://9to5mac.com/2025/09/24/intel-and-apple-hold-investment-talks-no-deal-in-sight/) Ed Zitron is mad as hell (https://www.ft.com/content/4c8d6420-d088-4660-8973-c4996cd990fb) TikTok will stay: Trump signs executive order to keep app in the US (https://siliconangle.com/2025/09/25/tiktok-will-stay-trump-signs-executive-order-keep-app-us/) 10+ Hidden Features in iOS 26 (https://www.macrumors.com/guide/ios-26-hidden-features/) Splunk .conf25: Forging a Data Foundation for Cisco's AgenticOps Vision (https://futurumgroup.com/insights/splunk-conf25-forging-a-data-foundation-for-ciscos-agenticops-vision/) JFrog SwampUp 2025: The Agentic Development Era Emerges From The Swamp (https://www.forrester.com/blogs/jfrog-swampup-2025-the-agentic-development-era-emerges-from-the-swamp/) RIP, AOL dial-up: Take a walk down memory lane to 5 other now-defunct tech icons that defined millennials' youths (https://www.aol.com/rip-aol-dial-walk-down-063119808.html) Logitech launches MX Master 4 flagship productivity mouse – the best mouse we've tested adds haptic feedback, circular Action Ring shortcuts (https://www.tomshardware.com/peripherals/gaming-mice/logitech-launches-mx-master-4-flagship-productivity-mouse-the-best-mouse-weve-tested-adds-haptic-feedback-circular-action-ring-shortcuts) Charlie Javice Sentenced to 85 Months in Prison for Fraud (https://www.nytimes.com/2025/09/29/business/charlie-javice-sentence.html) Spotify CEO Daniel Ek to step aside (https://www.axios.com/2025/09/30/spotify-ceo-daniel-ek) Cloudscape - Cloudscape Design System (https://cloudscape.design/) Cursor CLI (https://cursor.com/cli) Introducing Claude Sonnet 4.5 (https://www.anthropic.com/news/claude-sonnet-4-5) Cursor CLI (https://cursor.com/cli) Introducing Claude Sonnet 4.5 (https://www.anthropic.com/news/claude-sonnet-4-5) GitHub Copilot CLI is now in public preview (https://github.blog/changelog/2025-09-25-github-copilot-cli-is-now-in-public-preview/) Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover (https://joel.drapper.me/p/rubygems-takeover/) How Ruby Went Off the Rails (https://www.404media.co/how-ruby-went-off-the-rails/) Open source to closed doors: RubyGems control fight erupts (https://www.theregister.com/2025/09/25/open_source_to_closed_doors/) Platform Engineering and AI - Two Buzzwords Finally Meet! | Michael Cote (https://www.youtube.com/watch?v=6jL3xp3LmQw) Nonsense Build-A-Bear Stock Outperforms Nvidia (https://theonion.com/build-a-bear-stock-outperforms-nvidia/) (The Onion) Conferences CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Coté speaking, Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th-16th, London. Use code SDT20 for 20% off. Wiz Wizdom Conferences (https://www.wiz.io/wizdom), NYC November 3-5, London November 17-19 SREDay Amsterdam (https://sreday.com/2025-amsterdam-q4/), Coté speaking, November 7th. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Black Rabbit (https://www.netflix.com/title/81630027) Coté: Sune, Hackney, London (https://www.sune.restaurant). Photo Credits Header (https://unsplash.com/photos/a-eurostar-train-is-shown-in-close-up-KRJNGFKNjJM)

Josh Liburdi, Principal Engineer of Security Operations at DoorDash, joins Maxime Lamothe-Brassard, LimaCharlie CEO / Founder, to talk about building the Strelka file scanning system.As a security engineer who works in security operations (prevention, detection, and response), Josh has more than a decade of industry experience and has worked at several diverse organizations, including Brex, Target, and CrowdStrike.He also presents at information security conferences (BSides NYC & SF, SANS, fwd:cloudsec), is a published author (Bluenomicon from Splunk, Huntpedia from Sqrrl), and is active in the open source security community with contributions to many projects, including Substation at Brex (creator), Strelka at Target (creator), and the Zeek network analysis framework.Join Defender Fridays, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals. Become part of the LimaCharlie Community. Learn more about LimaCharlie at limacharlie.io.

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

Morgan runs a public relations and marketing agency called Firebrand. They raise awareness of technology brands to build awareness, create demand, drive lead generation and close sales. Prior to Firebrand, he was the founder in the US of LEWIS , a global communications firm, which we grew to $35m in revenues and 250+ staff in the US, and $75m with 600 staff globally. He has over 30 years' tech experience, both consumer and B2B. He has advised a range of companies including start-ups such as Amount, Prophecy and Weaviate; non-profits, such as AARP, Mozilla and VSP Vision Care; and public companies, such as BT Group, Equinix, MuleSoft, Splunk and Sky. At LEWIS, he lead the acquisition of three companies - Page One Power which they integrated and rebranded as LEWIS Pulse; the Davies Murphy Group, a 65-person PR and marketing consultancy; and Piston, a 50-person full-service digital advertising agency.

Spiros Xanthos is the CEO of Resolve AI, a platform to put AI on-call for humans. He previously started Log Insight that was acquired by VMware. And started Omnition that was acquired by Splunk. He also helped start OpenTelemetry. They've raised $35M from amazing investors such as Greylock.Spiros's favorite books: - Zero to One (Author: Peter Thiel)- Build (Author: Tony Fadell)(00:01) Introduction & Setting the Stage(00:42) AI's Impact on Software Engineering(02:55) What Reliability Means in Software(04:34) Resolve AI Explained in Plain English(06:33) Real-World Example of Resolve in Action(08:28) Early Customers & Lessons from Company Building(11:40) OpenTelemetry & The Open Source Journey(16:55) Positioning a Developer Tool in a Crowded Market(18:58) Philosophy of Product Building(21:06) Cultural Norms: What to Keep and What to Change(24:33) Radical Transparency & Team Dynamics(26:50) Recruiting for Resilience in Early Team Members(28:59) Future of AI in Software Engineering(31:25) Resolve AI Roadmap & Expansion Plans(33:28) Exciting AI Advancements on the Horizon(35:17) Rapid Fire Round--------Where to find Spiros Xanthos: LinkedIn: https://www.linkedin.com/in/spiros/--------Where to find Prateek Joshi: Newsletter: https://prateekjoshi.substack.com Website: https://prateekj.com LinkedIn: https://www.linkedin.com/in/prateek-joshi-infiniteX: https://x.com/prateekvjoshi 

What 25 years in venture capital teaches you about building billion-dollar startups that founders wish they knew earlier...David Hornik, founding partner at Lobby Capital and former August Capital partner, breaks down the real dynamics between VCs and founders that most entrepreneurs completely misunderstand. From his $50M+ exits including Splunk, GitLab, and Bill.com, David shares why venture capital success isn't about the money - it's about finding the right partnership.In this conversation, you'll discover why the best investors act as collaborators, not gatekeepers, and how startup culture matters as much as your product-market fit. David reveals the misconceptions founders have about what VCs actually look for, the importance of long-term vision alignment, and why building supportive communities around entrepreneurs drives real innovation.Key takeaways for founders:Trust and alignment matter more than just growth metrics Your company culture determines long-term success The best VCs become mentors, not just money providers Staying true to your mission while adapting is crucial for survivalDavid's unique background spans Stanford Computer Music to Harvard Law, plus he created the first VC blog and podcast. He's been honored on Forbes' Midas List and teaches at both Stanford Business School and Harvard Law School.Subscribe for more founder insights and hit the bell for notifications! What's the biggest misconception you had about VCs? Drop it in the comments below.Follow us on our channels for exclusive startup content and behind-the-scenes insights from interviews like this one.SpotifyApple PodcastsYoutubeNewman Media Studios LinkedIn

Panther CEO William Lowe explains how integrating Amazon Bedrock AI into their security platform delivered 50% faster alert resolution for enterprise customers while maintaining the trust and control that security practitioners demand.Topics Include:Panther CEO explains how Amazon partnership accelerates security outcomes for customersCloud-native security platform delivers 100% visibility across enterprise environments at scaleCustomers like Dropbox and Coinbase successfully replaced Splunk with Panther's solutionPlatform processes petabytes monthly with impressive 2.3-minute average threat detection timeCritical gap identified: alert resolution still takes 8 hours despite fast detectionSecurity teams overwhelmed by growing attack surfaces and severe talent burnoutConstant context switching across tools creates inefficiency and organizational collaboration problemsAI integration with Amazon Bedrock designed to accelerate security team decision-makingFour trust principles: verifiable actions, secure design, human control, customer data ownershipResults show 50% faster alert triage; future includes Slack integration and automationParticipants:· William H Lowe – CEO, PantherSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of B2B Sales Trends, Harry Kendlbacher speaks with Christian Smith, former Chief Revenue Officer at Splunk, about what it really takes to transform a business at scale. Christian helped lead Splunk through a massive shift — from $500M to $5B in recurring revenue and from on-prem to cloud SaaS. Drawing on his 35-year career, he shares what it means to go beyond traditional value selling and align the entire company around outcomes, impact, and economic value. Inside the conversation: - What it takes to lead an enterprise transformation of this magnitude. - Why traditional value selling falls short, and how to apply the Outcome → Impact → Value framework. - How to build a value-aligned organization where product, marketing, and sales speak the same language. - Best practices for defending spend in front of the CFO and giving champions “defendable artifacts” of value. - How to approach CXO conversations with confidence — without overengineering them. - Why use case taxonomies are essential to connecting features to real business outcomes. - What really gets in the way of transformation and how leaders can break down silos to align around the customer. If you're looking for practical insights on building a culture of value and showing up stronger in executive conversations, this episode is one you'll want to hear.

What does it take to run a world-class Security Operations Center (SOC) in today's high-stakes, high-speed cybersecurity landscape?In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Jessica (Bair) Oppenheimer, Cisco's Director of Security Operations, for an in-depth look at next-generation Security Operations Centers (SOCs). Jessica shares her expertise from securing high-stakes events like the Paris 2024 Olympics, NFL Super Bowl, Black Hat, and RSAC Conference. Discover how her team leverages AI, full packet capture with EndaceProbes, and integrations with Cisco XDR and Splunk to combat AI-driven threats and ensure rapid detection and response. This episode is a must-listen for cybersecurity professionals who want to stay ahead of evolving threats. It is packed with insights on balancing automation with human expertise and key KPIs for SOC success.ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

Feeling the pressure to grow—but struggling to get above the line of power in your deals? You're not alone. In a market saturated with noise, generic emails, and product-first selling, the biggest threat to your revenue isn't bad outreach—it's a lack of real executive relationships. In this episode of Revenue Boost: A Marketing Podcast titled “Beyond the Buyer: How Executive Engagement Drives More B2B Revenue,” host Kerry Curran is joined by Silicon Valley veteran Sarah Moody, tech entrepreneur and co-founder of SEEL (Society of Executive Engagement Leaders). Sarah has helped brands like Splunk, Palo Alto Networks, and other global enterprise players unlock growth through one powerful lever: multi-threaded executive engagement. And the cost of ignoring it? Expansion failure, revenue risk, and brand irrelevance.

Please enjoy this encore of Career Notes. Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry." We thank Ryan for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry." We thank Ryan for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal, Duha. Joining us is our sponsored guest, Edward Wu, CEO and founder, Dropzone AI. In this episode:  Building context-aware verification frameworks Understanding why UX fails Moving beyond AI replacement narratives Building for a crisis A huge thanks to our sponsor, Dropzone AI Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

Having met at the UC Davis Wine Executive Program, Kia Behnia, CEO, and Mason Earles, CTO, founded Scout to replicate the best sensor in the vineyard, “the farmer's eye.” Leveraging off-the-shelf hardware, Scout uses AI to process images taken from a tractor to automate vineyard mapping, vine counting, yield forecasting, virus identification, and more. From managing vineyard assets to implementing precision agriculture to improve quality, Scout is harnessing the power of AI to optimize vineyard management.Detailed Show Notes: Mason's background - UC Davis Professor, Apple, AI & agricultureKia's background for Scout - owns the Neotempo wine brand, worked at Splunk, the “data for everything” companyThe official company name is Agricultural Scout, dba Scout, the website is agscout.ai, so it can be called any of those namesFounded in 2022, initially more hardware-based, but pivoted to an intelligence company using off-the-shelf hardwareThe goal is to “replicate the farmer's eye” with an AI-based solution using cameras, tractors, and Scout cloud and mobile app (which can be used offline); the brain is centered around a phoneUS only today (~50-100 clients, 300 blocks, 2M vines, processed 56M photos), going international in 20264 main use cases currently: Automate vine count, inventory, and mapping of vines - 4x faster than people could doEstimate crop performance - both vigor and fruitYield forecasting - can use every step in the growing season to forecast yield with historical performance and weather forecastsHealth performance and vine mapping - leveraging AI for virus detection3 types of clientsEstate wineriesVineyard management companies (“VMC”)Real estate investors or owners to track vineyardsBenefits include: $400-1,200 savings/acreProductivity gains through managing more acres with fewer people, identifying low-performing vines, and the program tells farmers where to sampleRemote monitoring of faraway vineyardsEarly season yield forecastingDisease management - virus can cause $170k/acre damage over 3-5 years, costs $40/PCR test, the goal is to keep virus 50 acresNeighborhood and AVA discountsStarter - 2 scan package (for inventory and virus)Professional - 6 scan packageTypical customer starts w/ 2 and upgrades to 6Monarch promotion, customers get 1 free scanUp front hardware costs ~$3,000New product in beta in July 2025 - ChatGPT Scout for vineyardsMarketing mostly through word of mouth, industry trade shows, and webinars have been effective, as has partnership with Monarch (already tech enthusiasts)Barriers to purchase are often due to farming budgets built around labor Hosted on Acast. See acast.com/privacy for more information.

In this episode of Breaking Badness, Kali Fencl sits down with Audra Streetman, a former journalist turned threat intelligence analyst at Splunk. Audra shares her journey from local newsrooms to the frontlines of cybersecurity, detailing how her storytelling skills translate directly into threat research. Audra walks us through how ransomware attacks like JBS Foods and the Excellion breach sparked her pivot into cyber. She dives deep into persistent threat tactics, such as file transfer appliance exploitation, the growing risk of cloud infrastructure attacks, and North Korean IT worker scams. If you're a cybersecurity professional, a curious career switcher, or someone looking to stay ahead of threat actor trends, this episode delivers real insight with practical relevance.

How do you keep complex digital experiences running smoothly when every layer, from networks to cloud infrastructure to applications, can break in ways that frustrate customers and burn out IT teams? This question is at the heart of my conversation recorded live at Cisco Live in San Diego with Patrick Lin, Senior Vice President and General Manager for Observability at Splunk, now part of Cisco. In this episode, Patrick explains how observability has evolved far beyond simple monitoring and is becoming the nerve centre for digital resilience in a world where reactive alerts no longer cut it. We unpack how Splunk and Cisco ThousandEyes are now deeply integrated, giving teams a single source of truth that connects application behaviour, infrastructure health, and network performance, even across systems they do not directly control. Patrick also shares what these two-way integrations mean in practice: faster incident resolution, fewer blame games, and far less time wasted chasing false alerts. We explore how AI is enhancing this vision by cutting through the noise to detect real anomalies, correlate related events, and suggest root causes at a speed no human team could match. If your business depends on staying online and your teams are drowning in disconnected data, this conversation offers a glimpse into the next phase of unified observability and assurance. It might even help quiet the flood of alerts that keep IT professionals awake at night. How is your organisation tackling alert fatigue and rising complexity? Listen in and tell me what strategies you have found that actually work.

Cribl's Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.Topics Include:Cribl company name originCompany helps organizations screen data to find valuable insightsEd Bailey was Cribl's first customer back in 2018Data growth of 25% yearly created seven-figure cost increasesCEOs and CIOs complained about explosive data storage costsUsers demanded more data while budgets remained constrainedBailey discovered Cribl through a random Facebook advertisementCribl Stream sits between data sources and destinationsNo new agents required, uses existing infrastructure connectionsReduced data growth from 28% to 8% within yearDevelopment cycles shortened from six weeks to two weeksBailey managed global security and telemetry data systemsOperated large Splunk instance across forty different countriesTeam spent time collecting data instead of extracting valueCribl provided consistent data control plane for operationsSmart engineers could focus on machine learning solutionsMigrated from terrible SIEM to better security platformData strategy should focus on business requirements firstNot all data has the same business valueTier one: Critical data goes to expensive platformsTier two: Important data stored in cheaper lakesTier three: Compliance data in low-cost object storageSIEM costs around one dollar per gigabyte storedData lakes cost twelve to eighteen cents per gigabyteObject storage costs fractions of pennies per gigabyteAWS partnership provides scalable infrastructure for rapid growthEC2, EKS, and S3 are heavily utilized servicesCribl Search finds data directly in object storageAvoids costly data movement for search and analysisParticipants:Edward Bailey – Field CISO, CriblSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

This week Jim's guest on The CMO Podcast is Carrie Palin, the SVP and Chief Marketing Officer of Cisco, the $55 billion by revenue tech leader, whose purpose is to leverage technology, people, and broader networks to solve society's greatest challenges. Cisco is on quite a roll–its stock is up about 40% in the last year. Carrie never took a marketing class in school, and never even imagined she would be a top tech B2B marketer, let alone the CMO of one of the world's great companies. But serendipity happened, and Carrie said yes to IBM coming out of TCU, and began a tech marketing career that took her to Dell, Box, Splunk, and now Cisco. Carrie has had a remarkable run in her four years as Cisco's CMO, which we will talk about. Tune in for a conversation with a CMO, who believes some things in life are simply non-negotiable.---This week's episode is brought to you by Deloitte and StrawberryFrog.Learn more: https://strawberryfrog.com/jimSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Google issues an emergency patch for a Chrome zero-day. A new malware campaign uses fake DocuSign CAPTCHA pages to trick users into installing a RAT. A high-severity Splunk vulnerability allows non-admin users to access and modify critical directories. Experts warn congress that Chinese infiltrations are preparations for war. Senators look to strengthen cybersecurity collaboration in the U.S. energy sector. Crocodilus Android malware adds fake contacts to victims' phones. SentinelOne publishes a detailed analysis of their recent outage. Cartier leaves some of its cyber sparkle exposed. Our guest is Jon Miller, CEO and Co-founder of Halcyon, discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Microsoft and CrowdStrike tackle hacker naming…or do they? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Jon Miller, CEO and Co-founder of Halcyon who is discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Listen to Jon's conversation here. Selected Reading Google patches new Chrome zero-day bug exploited in attacks (Bleeping Computer) Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware  (Infosecurity Magazine) Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents (Cyber Security News) China hacks show they're 'preparing for war': McMaster (The Register) FCC Proposes Rules to Ferret Out Control of Regulated Entities by Foreign Adversaries (Cooley) US lawmakers propose legislation to expand cyber threat coordination across energy sector (Industrial Cyber) Android malware Crocodilus adds fake contacts to spoof trusted callers (Bleeping Computer) SentinelOne Global Service Outage Root Cause Revealed (Cyber Security News) Romanian man pleads guilty to 'swatting' plot that targeted an ex-US president and lawmakers (AP News) Cartier reports data breach exposing customer personal information (Beyond Machines) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Lights On Data Show, host George Firican discusses the rapidly evolving landscape of data management with Kamal Hathi, Senior Vice President and GM at Splunk, a Cisco company. They explore the challenges organizations face as they scale and adopt AI, emphasizing the importance of digital resilience, security, and observability. Kamal shares insights from Splunk's latest report, 'The New Rules of Data Management' (https://splk.it/3RLx67g), which surveys over 1,400 IT, engineering, and cybersecurity professionals across 16 industries. Key topics include the importance of data federation, tiering, and having a clear data strategy for business success. Tune in to learn how leading organizations are overcoming data challenges to achieve better business outcomes.

In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg's 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House. They explore how threat intelligence, storytelling, and mentorship shape the future of cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick opens up about what it takes to build secure systems, stronger teams, and more empathetic leadership in cybersecurity.

Fred Wilmot, CEO and co-founder of Detecteam, and Sebastien Tricaud, CTO and co-founder, bring a candid and critical take on cybersecurity's detection and response problem. Drawing on their collective experience—from roles at Splunk, Devo, and time spent in defense and offensive operations—they raise a core question: does any of the content, detections, or tooling security teams deploy actually work?The Detecteam founders challenge the industry's obsession with metrics like mean time to detect or respond, pointing out that these often measure operational efficiency—not true risk readiness. Instead, they propose a shift in thinking: stop optimizing broken processes and start creating better ones.At the heart of their work is a new approach to detection engineering—one that continuously generates and validates detections based on actual behavior, environmental context, and adversary tactics. It's about moving away from one-size-fits-all IOCs toward purpose-built, context-aware detections that evolve as threats do.Sebastien highlights the absurdity of relying on static, signature-based detection in a world of dynamic threats. Adversaries constantly change tactics, yet detection rules often sit unchanged for months. The platform they've built breaks detection down into a testable, iterative process—closing the gap between intel, engineering, and operations. Teams no longer need to rely on hope or external content packs—they can build, test, and validate detections in minutes.Fred explains the benefit in terms any CISO can understand: this isn't just detection—it's readiness. If a team can build a working detection in under 15 minutes, they beat the average breakout time of many attackers. That's a tangible advantage, especially when operating with limited personnel.This conversation isn't about a silver bullet or more noise—it's about clarity. What's working? What's not? And how do you know? For organizations seeking real impact in their security operations—not just activity—this episode explores a path forward that's faster, smarter, and grounded in reality.Learn more about Detecteam: https://itspm.ag/detecteam-21686Note: This story contains promotional content. Learn more.Guests: Fred Wilmot, Co-Founder & CEO, Detecteam | https://www.linkedin.com/in/fredwilmot/Sebastien Tricaud, Co-Founder & CTO, Detecteam | https://www.linkedin.com/in/tricaud/ResourcesLearn more and catch more stories from Detecteam: https://www.itspmagazine.com/directory/detecteamWebinar: Rethink, Don't Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam | https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, fred wilmot, sebastien tricaud, detecteam, detection, cybersecurity, behavior, automation, red team, blue team, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.Cyber Resilience, Not Just StorageAccording to Herzog, today's enterprise buyers—especially those in the Global Fortune 2000—aren't just asking how to store data. They're asking how to protect it when things go wrong. That's why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.Built-In Defense and Blazing-Fast RecoveryThe integration isn't cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.Real-World Scenarios, Real Business OutcomesHerzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.Simplified Operations, Smarter SecurityThe message is clear: storage can't be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.Learn more about Infinidat: https://itspm.ag/infini3o5dNote: This story contains promotional content. Learn more.Guest: Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/ResourcesLearn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidatLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Meet Rob Swymer, a Boston native and seasoned sales executive, with over four decades of experience leading high-performance teams through empathy and servant leadership. Key insights from Rob's best-selling book, “Surrender to Your Adversity”: Practical strategies for building resilience. Embracing challenges to thrive personally and professionally. Behind-the-scenes stories from Rob's leadership roles at major Fortune 500 companies, including: Home Depot, Bank of America, Dell, Morgan Stanley, Macy's, Equifax, CSX, Fidelity Information Systems, and Splunk. The power of empathy in leadership—how Rob's servant leadership approach drove results and strengthened teams. Transitioning from Corporate America to giving back: Rob shares his experience retiring as Group VP at Splunk (UK & Ireland) in January 2024. His renewed mission of empowering the next generation of leaders. Mental Health as a Business Imperative: Rob's role as a global mental health disruptor. Why mental wellness is essential for executive success. Lessons from Rob's TEDx experience and insights from appearances on Fox News, ExtraTV, MSN, CBS, NewsNation, NY Post, and CW. Practical tips from a Certified Resilience Coach: Rob provides actionable advice on overcoming adversity, managing stress, and creating lasting success. How to apply resilience strategies in your own life—starting today. Connect with Rob: Learn more about Rob's coaching programs and resources to build resilience and elevate your personal and professional leadership.   Linkedin: https://www.linkedin.com/in/rob-swymer-15a1541/  Facebook: https://www.facebook.com/rob.swymer  Instagram: https://www.instagram.com/robswymer/ Website: www.robswymer.com

Veteran and entrepreneur Chad Grills of National Capital League discusses his experience with Big Tech and how building anything meaningful and lasting will likely not come out of Silicon Valley or places like California. He explains how Silicon Valley was seeded by DOD, the Intelligence Community, and DARPA. The culture of Silicon Valley and most major cities will not allow anything original or good for humanity to emerge. He argues we have neither communism nor capitalism, but a monopolistic system that keeps the little guy out. He stresses a need for better governance, creating good culture, maintaining personal integrity, and is optimistic about the ability of America to reinvent itself. Watch on BitChute / Brighteon / Rumble / Substack / YouTube Geopolitics & Empire · Chad Grills: Is a 'Golden Age' Possible for America? #537 *Support Geopolitics & Empire! Become a Member https://geopoliticsandempire.substack.com Donate https://geopoliticsandempire.com/donations Consult https://geopoliticsandempire.com/consultation **Visit Our Affiliates & Sponsors! Above Phone https://abovephone.com/?above=geopolitics easyDNS (15% off with GEOPOLITICS) https://easydns.com Escape Technocracy course (15% off with GEOPOLITICS) https://escapethetechnocracy.com/geopolitics PassVult https://passvult.com Sociatates Civis (CitizenHR, CitizenIT, CitizenPL) https://societates-civis.com Wise Wolf Gold https://www.wolfpack.gold/?ref=geopolitics Websites National Capital League https://www.nclhq.com X https://x.com/ChadJGrills Short Stories: Veterans after War https://www.amazon.com/Short-Stories-Veterans-after-War-ebook/dp/B0127DN39M Dustin Chambers: DOGE & America's Chance to Cut the Government Down to Size https://geopoliticsandempire.com/2025/01/02/dustin-chambers-doge-americas-chance-to-cut-the-government-down-to-size About Chad Grills Chad is the former founder and CEO of a company backed by Founders Fund and Sequoia. His previous clients include companies like: Salesforce (6x business units), Dell, Splunk, Twilio, and Government entities like Lawrence Livermore National Laboratory. He was selected “Best of Year” by Apple for two podcasts he hosted. He has spoken at places like the Defense Foreign Language Institute, Coast Guard Academy, Salesforce World Tour, and the Spartan Up Podcast. He's a U.S. Army veteran with deployments to Iraq, Egypt, and has provided security for the 56th Presidential Inauguration. He's the author of three books. His upcoming book is on the Texas Miracle and the economic destiny of Texas. He founded the National Capital League as a studios and labs to build media and technology products. *Podcast intro music is from the song "The Queens Jig" by "Musicke & Mirth" from their album "Music for Two Lyra Viols": http://musicke-mirth.de/en/recordings.html (available on iTunes or Amazon)

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked. https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Splunk Vulnerabilities Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code. https://advisory.splunk.com/ Firefox 0-day Patched Mozilla patched a sandbox escape vulnerability that is already being exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/