Podcasts about SSO

In this holiday-themed episode of The Identity Jedi Show, we delve into major developments in the identity security industry. Host David kicks things off with holiday greetings before diving into significant recent events, including a whopping $700 million series B funding, a billion-dollar acquisition, and an $11 billion buyout. He also emphasizes the importance of staying plugged into The Identity Jedi community. Later, David introduces special guest Lee Header for a no-holds-barred interview about the state of the identity and access management industry—discussing the persistent challenges and necessary improvements. David and Lee cover everything from the 'enterprise SSO tax' to the gaps in standards adoption, and the role of AI in the future of identity security. Don't miss this insightful and honest discussion, plus tips on how the industry can better serve both security experts and end-users. Stay tuned and let's make the most of this festive season!https://saviynt.com/press-release/saviynt-raises-700m-in-kkr-led-round-to-establish-identity-security-as-the-foundation-for-the-ai-erahttps://newsroom.ibm.com/2025-12-08-ibm-to-acquire-confluent-to-create-smart-data-platform-for-enterprise-generative-aihttps://veza.com/company/press-room/servicenow-to-expand-security-portfolio-with-acquisition-of-vezas-leading-ai-native-identity-security-platform/00:00 Holiday Greetings and Show Introduction00:24 Upcoming Topics Teaser01:55 Housekeeping and Announcements02:53 Big News in Identity Security06:37 IBM's Strategic Acquisition11:40 Interview with Lee Tschetetter14:37 Enterprise SSO Tax Discussion37:20 Exploring the Higher Ed Ecosystem38:26 The Role of Grad Students in Higher Ed Projects39:00 Shared Signals Framework and Its Importance39:38 Challenges in Information Sharing40:56 The Need for Human-Friendly Standards42:15 The Complexity of Security Standards49:58 Real-World Examples of Security Mishaps55:25 The Importance of User-Friendly Security01:09:47 The Future of Identity and Security01:11:47 Final Thoughts and Reflections

https://www.loginradius.com/Discover why managing customer access demands a completely different approach than employee access. This episode unpacks the differences between CIAM and IAM, revealing how security priorities, scalability needs, and user experience expectations diverge - plus practical guidance on selecting the right SSO provider. LoginRadius City: Vancouver Address: 450 SW Marine Drive, Floor 18 Website: https://www.loginradius.com/

Jack Harrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com (mailto:elizabeth.becz@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Check out our newsletter (https://blog.logrocket.com/the-replay-newsletter/)! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStack Special Guest: Tanner Linsley.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines say the talent shortage is easing, yet nearly half of UK businesses still lack basic cyber skills. That disconnect sets the stage for a frank, practical tour through what actually reduces risk—no buzzwords required. We open with real takeaways from the UK's international cyber skills initiatives and move quickly to the daily decisions that shape resilience: encryption in the cloud, least privilege by default, and how to keep role-based access control from collapsing under credential creep.We make the identity layer tangible. Single sign-on can simplify life and lower password reuse, but it also centralizes risk. We share how to counterbalance SSO with MFA, conditional access, and strong monitoring. Cloud-based IAM accelerates deployment and gives flexibility, yet brings ongoing costs and integration challenges with legacy systems; outsourcing introduces a loss of control that must be offset by airtight requirements, auditability, and vendor transparency. Phishing remains the most reliable social engineering vector, so security awareness training isn't optional—it's the routine that turns policy into behavior.Zero trust becomes manageable when you stop treating it like a switch and start treating it like a program. We outline a phased path: define protect surfaces, segment by sensitivity, apply continuous verification where the impact is highest, and expand deliberately. Vendor access deserves the same precision: NDAs for legal guardrails, least privilege for scope, monitoring for assurance, and scheduled reviews to remove stale permissions. Along the way, we talk mentorship, pro bono work, and competitions as concrete ways to grow talent while delivering real security outcomes.We also road-test your knowledge with a focused Domain 1.9 CISSP question set, reinforcing the core ideas with scenario-based reasoning. If you're preparing for the CISSP or leading a security program, you'll walk away with a clear playbook: encrypt by default, minimize access, verify continuously, and measure what matters. If this resonates, subscribe, share with a teammate, and leave a review so others can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, Todd and Jon discuss the latest AI agreements, updates to the Apple ecosystem (OS 26.2), and the history of PowerShell. The core discussion focuses on the "overcomplication issue" facing tech enthusiasts and offers hardware and software tips to simplify daily workflows. AI & Industry News Disney & OpenAI: The Walt Disney Company has reached an agreement to license characters to OpenAI's Sora. Google Labs: Todd joined the waitlist for "Google Disco," a tool that uses "GenTabs" to create interactive web apps and complete tasks using natural language without coding. Visual Podcasting: Todd discussed using "Nano Banana Pro" and Gemini to create visual whiteboard summaries for podcast notes. Apple OS 26.2 Updates watchOS 26.2: Features updates to Sleep Scores, which Jon notes can feel "judgmental" regarding sleep quality. iPadOS 26.2: Reintroduces multitasking features like slide over and enables "Auto Chapters" for podcasts. macOS 26.2: Introduces "Edge Light" (a virtual ring light for video calls) and "low latency clusters" for local AI development on M5 Macs. Tech History PowerShell Origins: Jeffrey Snover, creator of PowerShell, revealed in a blog post that "cmdlets" were originally named "Function Units" (FUs), reflecting the "Unix smart-ass culture" of the era. Discussion: Simplifying the Tech Stack The hosts discuss the tendency to overcomplicate setups, such as using Docker for RSS feeds or complex SSO for home use. They recommend the following simplifications: Hardware KableCARD: A credit-card-sized kit containing multiple adapters, a light, and a phone stand to replace carrying multiple cables. Presentation Remotes: Use a simple dedicated remote ($20–$30) or repurpose a Surface Pen via Bluetooth instead of relying on complex software solutions. Software Pythonista (iOS/macOS): Run simple local scripts (e.g., GPA calculators) rather than paying for dedicated subscription apps. Homebridge: A lighter-weight alternative to Home Assistant for connecting IoT devices (like Sonos) to Apple HomeKit. Troubleshooting Tip Pixel Tablet YouTube Glitch: If the YouTube app on the Pixel Tablet displays unusable, giant thumbnails, the fix is to clear both the app's cache and storage/memory.

News On The Flipside Trump new pole numbers more pic with Epstein seems democrats not thru digging there own graves . Aliens Are Probably Out There, NASA Scientist Says—But There's a Dreadful Reason They Never Call King Charles' Cancer Is Not in Remission, Palace Clarifies: Treatment Moving into ‘Precautionary Phase' Archaeologists Found a Lost Temple in the Sand That Solves a Major Historical Puzzle Christmas brawl erupts in wealthy Massachusetts enclave during holiday celebration McDonald's pulls controversial Christmas commercial within days of being uploaded: 'Offensive from every angle' Entire Russian column destroyed entering Pokrovsk North Korean armored vehicles appear on the Ukrainian frontline Giant 250,000-mile X-ray cloud found around 3i/Atlas, and experts admit they don't understand it yet Trump's signature tax laws could let millions of Americans pay $0 in federal income tax. Here's who can eliminate their 2025 bill completely US sides with Russia and North Korea on UN resolution Israel unleashes Iron Beam laser weapon NASA confirms comet 3I/ATLAS is speeding up in new data Giant structure discovered deep beneath Bermuda is unlike anything else on Earth Russia strikes ports of Odesa and Chornomorsk with ballistic missiles, Turkish cargo ship hit Something weird is orbiting Neptune - and it shouldn't be SSO and Russian partisans cripple two Russian military cargo vessels

Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. https://helpx.adobe.com/security.html Ivanti Endpoint Manager Patches Ivanti patched four vulnerabilities in End Point Manager. https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US Fortinet FortiCloud SSO Vulnerability Due to a cryptographic vulnerability, Forinet s FortiCloud SSO authentication is bypassable. https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ruby-saml vulnerability Ruby fixed a vulnerability in ruby-saml. The issue is due to an incomplete patch for another vulnerability a few months ago. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3

In this episode, Dr. Jeffrey E. Gershenwald discusses the critical role surgical oncologists play in advancing evidence-based public policy. Using the FDA's black-box warning on indoor tanning for minors as a case study, Dr. Gershenwald highlights the science behind melanoma risk in adolescents and why advocacy is essential to protecting the next generation. Tune in to explore how policy action, prevention, and oncology expertise intersect, and why your voice as an SSO member matters beyond the operating room.

We weigh the promise and peril of the AI agent economy, pressing into how overprovisioned non-human identities, shadow AI, and SaaS integrations expand risk while go-to-market teams push for speed. A CMO and a CFO align on governance-first pilots, PLG trials, buyer groups, and the adoption metrics that sustain value beyond the sale.• AI adoption surge matched by adversary AI• Overprovisioned agents and shadow AI in SaaS• Governance thresholds before budget scale• PLG trials, sandbox, and POV sequencing• Visualization to reach the aha moment• Buying groups, ICP, and economic buyer alignment• Post‑sales usage, QBRs, NRR and churn signals• Zero trust limits and non-human identities• Breach disclosures as industry standards• Co-sourcing MSSP with in-house oversightSecurity isn't slowing AI down; it's the unlock that makes enterprise AI valuable. We dive into the AI agent economy with a CMO and a CFO who meet in the messy middle. The result is a practical blueprint for moving from hype to governed production without killing momentum.We start by mapping where controls fail: once users pass SSO and MFA, agents often operate beyond traditional identity and network guardrails. That's how prompts pull sensitive deal data across Salesforce and Gmail, and how third‑party API links expand the attack surface. From there, we lay out an adoption sequence that balances trust and speed. Think frictionless free trials and sandboxes that reach an immediate “aha” visualization of shadow AI and permissions, then progress to a scoped POV inside the customer's environment with clear policies and measurable outcomes. Along the way, we detail the buying group: economic buyers who sign and practitioners who live in the UI, plus the finance lens that sets pilot capital, milestones, and time-to-value expectations.We also challenge sacred cows. Zero trust is essential, but attackers increasingly log in with valid credentials and pivot through integrations, so verification must include non-human identities and agent-to-agent controls. Breach disclosures, far from being a greater threat than breaches, are foundational to ecosystem trust and faster remediation. And while MSSPs add critical scale, co-sourcing—retaining strategic oversight and compliance ownership—keeps accountability inside. If you care about ICP, PLG motions, PQLs, NRR, or simply reducing AI risk while driving growth, this conversation turns buzzwords into a playbook you can run.Vamshi Sriperumbudur: https://www.linkedin.com/in/vamsriVamshi Sriperumbudur was recently the CMO for Prisma SASE at Palo Alto Networks, where he led a complete marketing transformation, driving an impact of $1.3 billion in ARR in 2025 (up 35%) and establishing it as the platform leader.  Chithra Rajagopalan - https://www.linkedin.com/in/chithra-rajagopalan-mba/Chithra Rajagopalan is the Head of Finance at Obsidian Security and former Head of Finance at Glue, and she is recognized as a leader in scaling businesses. Chithra is also an Investor and Advisory Board member for Campfire, serving as the President and Treasurer of Blossom Projects.Website: https://www.position2.com/podcast/Rajiv Parikh: https://www.linkedin.com/in/rajivparikh/Sandeep Parikh: https://www.instagram.com/sandeepparikh/Email us with any feedback for the show: sparkofages.podcast@position2.com

Parce que… c'est l'épisode 0x665! Shameless plug 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Dans cet épisode, l'équipe composée de Nicolas, Dominique et Cindy explore les mesures d'hygiène de base en cybersécurité que les petites et moyennes entreprises devraient mettre en place. L'objectif est d'identifier les solutions peu coûteuses qui offrent un gain important en sécurité et qui aident les organisations à répondre aux exigences de certifications et de conformité. L'authentification et la gestion des mots de passe Le premier pilier essentiel abordé concerne l'authentification et la gestion des mots de passe. Contrairement à ce que certains pourraient penser, les mots de passe demeurent un enjeu critique et représentent la faiblesse numéro un dans la majorité des tests d'intrusion. Cette problématique touche autant les mots de passe utilisés pour se connecter aux services externes que ceux utilisés à l'interne, incluant les comptes de service. L'équipe recommande fortement l'adoption de l'authentification unique (SSO) dès que possible, malgré l'existence d'une liste de la honte recensant les entreprises qui forcent leurs clients à prendre des forfaits coûteux pour accéder au SSO. Le principe est simple : moins il y a de mots de passe, mieux c'est. L'utilisation d'un gestionnaire de mots de passe s'avère non négociable. Il ne suffit pas de demander aux employés d'utiliser des mots de passe différents et complexes pour chaque site sans leur fournir les outils appropriés. Les experts mettent en garde contre l'utilisation des gestionnaires intégrés aux navigateurs web comme Chrome ou Edge, qui ne sont pas de qualité égale aux véritables gestionnaires de mots de passe autonomes disponibles sur le marché. Un point crucial soulevé est que si quelqu'un compromet une machine en tant qu'administrateur, il peut accéder à tous les mots de passe stockés dans le navigateur, alors qu'un gestionnaire de mots de passe dédié nécessite le mot de passe maître pour y accéder, offrant ainsi une protection supplémentaire même en cas de compromission de la machine. La protection des postes de travail Le deuxième élément fondamental concerne ce qu'on appelait autrefois les antivirus, maintenant connus sous le nom d'EDR (Endpoint Detection and Response). Cette protection minimale devrait être mise en place sur tous les environnements, même sur les ordinateurs Mac. Bien que les EDR ne soient pas infaillibles et puissent être contournés, ils représentent un premier niveau de protection accessible financièrement. L'équipe souligne l'importance de choisir un EDR adapté aux besoins spécifiques de l'entreprise en considérant plusieurs facteurs : le prix, la quantité de postes à protéger, le support offert, l'interface utilisateur, et la présence ou non de ressources techniques internes capables de gérer la solution. Certains EDR sont plus faciles à administrer tandis que d'autres offrent plus d'options mais nécessitent des formations et du personnel qualifié. Ces solutions deviennent de plus en plus accessibles pour les PME et constituent une brique essentielle de la sécurité. Les mises à jour automatiques Le troisième pilier aborde la question du patching, ces fameuses mises à jour souvent perçues comme un mal nécessaire. Pour les PME, la recommandation est claire : activer le patching automatique plutôt que de compter sur une vérification manuelle quotidienne. Cette approche s'applique non seulement aux systèmes internes mais aussi aux applications web comme WordPress. Un point important soulevé est que l'activation du patching automatique implique probablement d'avoir une bonne gestion des sauvegardes. Par exemple, si WordPress se met à jour automatiquement le mercredi, il est prudent de faire une sauvegarde le mardi pour pouvoir restaurer rapidement en cas de problème. Cette règle s'applique également aux serveurs internes, même si certains secteurs comme le manufacturier ou l'industriel peuvent nécessiter une approche plus nuancée. Il est rappelé que dans le cadre de Sécuritaire Canada, une des questions d'évaluation porte justement sur l'activation du patching automatique pour les postes de travail, ce qui devrait être une pratique standard. La gestion des sauvegardes Le quatrième élément essentiel concerne les sauvegardes. Une recommandation cruciale est de ne jamais joindre les sauvegardes au domaine. L'équipe partage plusieurs anecdotes illustrant les conséquences d'une mauvaise gestion des sauvegardes, comme la perte de dix ans de photos personnelles ou l'impossibilité d'accéder à une sauvegarde chiffrée dont le mot de passe était uniquement stocké sur la machine principale défaillante. La qualité d'une sauvegarde est égale à la dernière fois qu'elle a été testée. Les experts ont vu des situations catastrophiques où des organisations pensaient avoir des sauvegardes fonctionnelles mais ne les avaient jamais testées, pour découvrir leur inefficacité au moment d'un incident. Les sauvegardes ne servent pas uniquement en cas d'incident de sécurité, mais aussi lors de bris matériels, d'incendies ou d'autres catastrophes. Un conseil important : bien que le chiffrement des sauvegardes soit essentiel, il faut s'assurer que la clé principale n'est pas uniquement stockée sur le système sauvegardé. Il en va de même pour le mot de passe maître d'un gestionnaire de mots de passe, qui devrait être conservé sur papier quelque part en lieu sûr. Mesures complémentaires Au-delà de ces quatre piliers fondamentaux, l'équipe propose quelques mesures additionnelles. Pour les entreprises ayant un site web, l'utilisation d'un service de proxy comme Cloudflare permet d'ajouter une couche de protection accessible, voire quasi gratuite pour les PME. Bien que non infaillible, cette solution offre de la détection et une protection contre les exploits potentiels, tout en améliorant la performance et la rapidité du site. Pour les organisations utilisant Active Directory, deux outils gratuits sont recommandés : Purple Knight de Semperis et Pink Castle (récemment acquis par Tenable). Ces outils permettent de réaliser des audits de configuration et fournissent un score de sécurité sans avoir à engager immédiatement un auditeur externe coûteux. Ils génèrent des rapports en HTML, PDF ou Excel permettant d'identifier et de corriger les problèmes de configuration les plus évidents. L'importance de la base L'équipe insiste sur le fait qu'avant d'investir dans des outils complexes et coûteux comme la surveillance du dark web, il est primordial d'avoir une base solide. Comme pour une maison, si les fondations sont bancales, la plus belle construction s'effondrera. La bonne nouvelle est que cette base n'est pas nécessairement coûteuse et que de nombreux outils gratuits ou peu dispendieux existent pour établir un diagnostic et améliorer sa posture de sécurité. Un dernier point crucial, qui fera l'objet d'un épisode ultérieur, concerne la sensibilisation des employés. Ceux-ci peuvent être le meilleur allié ou la pire faiblesse d'une organisation. Il ne s'agit pas d'une formation ponctuelle mais d'un effort continu. En conclusion, les experts rappellent que ces éléments de base sont précisément ceux qui sont vérifiés dans les formulaires d'assurance et les certifications. Prendre ces mesures préventives est comparable à une visite médicale préventive : c'est beaucoup moins coûteux et traumatisant qu'une opération d'urgence suite à un incident majeur. Consulter un expert pour mettre en place ces mesures de base coûte généralement moins cher que de gérer les conséquences d'une cyberattaque. Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Cyndie Feltz Nicholas Milot Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x663! Préambule Je teste une nouvelle façon d'enregistrer en mode nomade. J'ai l'air essoufflé, même si je ne suis pas en train de courir. C'est mon mode delivery avec ce type de micro qui est à retravailler pour mieux respirer et ne pas avoir l'air de courir. Shameless plug 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Notes IA Anthropic claims of Claude AI-automated cyberattacks met with doubt Kevin Beaumont: “If you're wondering what any o…” - Cyberplace EchoGram tokens like ‘=coffee' flip AI guardrail verdicts OpenAI Fights Order To Turn Over Millions of ChatGPT Conversation SecureVibes - AI-backed Tool Uses Claude AI Agents to Scan for Vulnerabilities Across 11 Languages Google is introducing its own version of Apple's private AI cloud compute Red SilentButDeadly - Network Communication Blocker Tool That Neutralizes EDR/AV Ubuntu 25.10's Rusty sudo holes quickly welded shut Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security Authentication Coercion Attack Tricks Windows Machines into Revealing Credentials to Attack-controlled Servers Hackers abuse Triofox antivirus feature to deploy remote access tools Blue What is OpenID Connect (OIDC)? — Explainer tied to CVE-2025-54603 Orgs Move to SSO, Passkeys to Solve Bad Password Habits Removing support for –no-quarantine for casks · Issue #20755 · Homebrew/brew Google sues to dismantle Chinese phishing platform behind US toll scams Kevin Beaumont: “My suggestion with ClickFix fo…” - Cyberplace CISA's expiration leaves a dangerous void in US cyber collaboration Cyber information sharing law would get extension under shutdown deal bill DNS Provider Quad9 Sees Piracy Blocking Orders as “Existential Threat” Privacy Copy-paste now exceeds file transfer as top corporate data exfiltration vector Proton might recycle abandoned email addresses and the privacy risks are terrifying Firefox vous protège sérieusement contre le fingerprinting EU's leaked GDPR, AI reforms slated by privacy activists Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par CitizenM

Michael Assraf is building Flamingo, an open-source and AI-powered operating system for managed service providers. After exiting Vicarious in May 2024, he spent seven months on market research before writing a single line of code—conducting 15+ MSP interviews, mapping their complete tool stack economics, and testing distribution channels with a free community product. The research revealed a structural margin crisis: MSPs operate on 10-15% margins with 30% of revenue flowing to vendor payouts and 25-30% to technician labor. Meanwhile, private equity consolidation drives customer pricing down while legacy vendors raise prices. Michael closed a $2.2 million pre-seed in February 2025, built OpenMSP as a lead-gen vehicle that generated 1,000+ waitlist signups, and launched Open Frame with 70% of capital still in the bank. In this launch-day conversation, he breaks down why the $380 billion MSP market remains massively underinvested, how Facebook ads outperformed LinkedIn 5:1, and why he's giving away the core product while charging for hosted deployment. Topics Discussed: The seven-month research phase: 15+ MSP interviews, mapping 19 tool categories with pricing data, evaluating open source project maturity through commit frequency and VC backing MSP margin compression mechanics: 30% vendor payouts, 25-30% labor costs, 10-15% net margins being crushed by PE-driven consolidation and vendor price increases Building OpenMSP as distribution validation: four months before alpha, generated 1,000 waitlist signups and 200 Slack members while testing paid acquisition channels Why Facebook delivered 40%+ of leads at $6-8 CPL while outbound completely failed with IT-busy MSPs aged 25-50 in central US markets Launching with 70% of $2.2M pre-seed still in bank by solving for distribution and product-market fit before scaling headcount Open Frame's architecture: unified control plane over open source tools (RMM, SSO, zero trust) with dual AI agents—one for end users, one for technicians Offering both self-hosted (free, GitHub) and commercial SaaS (per-seat pricing starting January 2026) to build trust in an underserved market The MSP category opportunity: $380B market, 12% annual growth, 30-40K US MSPs, minimal VC-backed innovation against 20-year-old incumbents GTM Lessons For B2B Founders: Build lead-gen infrastructure before you have a product to sell: Four months before launching Open Frame, Michael shipped OpenMSP—a free tool that analyzes MSP tech stacks and suggests open source replacements. It wasn't a waitlist landing page; it delivered standalone value while capturing intent data. This generated 1,000 qualified signups and 200 Slack community members while simultaneously validating paid acquisition channels. By launch, he knew Facebook cost $6-8 per lead while outbound failed completely. Most founders build product first, then scramble for distribution. Michael inverted the sequence. Fire fast on sales hires in early stage, or don't hire them at all: Michael fired three VP Sales at Vicarious before learning the lesson: "The moment to bring salespeople is not when you are able to sell your product, is when someone else is able to sell your product." The critical test isn't whether the founder can close deals—founders sell vision and relationship. The test is whether a marketing person, SDR, or non-sales hire can generate revenue. Only then do salespeople accelerate an already-working motion. Hiring VP Sales at $50K ARR because the board wants "someone to own revenue" burns 12+ months and $200K+ learning this. Spend 6-12 months researching before building in unfamiliar markets: Michael conducted 15+ MSP interviews, mapped all 19 tool categories they use with pricing, evaluated open source alternatives by analyzing GitHub commit frequency and pull requests, identified which projects had VC backing for long-term viability, and tested multiple marketing channels before alpha deployment. This allowed him to launch with product-market fit indicators already validated and 70% of his $2.2M still in the bank. The alternative—build fast, iterate with customers—works when you deeply understand the market. When you don't, research is cheaper than pivots. Target categories where lack of innovation creates adoption momentum: MSPs represent 30-40K companies in the US alone, part of a $380B global market growing 12% annually. Yet VCs historically avoided the space assuming low ACV and high churn. The dominant platforms—ConnectWise, Datto, Asea—have existed 20+ years with minimal AI adoption or architectural modernization. Michael specifically chose MSPs because "in cyber security you would never get traction that we're getting right now unless you're spending millions of dollars." In crowded categories, distribution cost kills you. In starved categories, any credible innovation gets attention. Architect your product so adoption mechanically improves customer unit economics: Open Frame attacks both sides of MSP margin compression simultaneously. The open source tool suite eliminates the 30% of revenue paid to commercial vendors. The dual AI agent system (end-user self-service + technician orchestration) reduces the 25-30% spent on labor. Michael didn't find a problem and then figure out monetization—he reverse-engineered a solution where product adoption directly expands customer margins. When your product makes customers structurally more profitable, adoption isn't a marketing problem. // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co   //   Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

At the Crexendo UGM, Mike Somers, Founder and COO of Beetexting, sat down with Doug Green, Publisher of Technology Reseller News, to discuss Beetexting's newest integrations and AI innovations for compliance and customer engagement. Beetexting provides a corporate texting platform designed to help teams move beyond email, offering shared inboxes, automation, and collaboration features that streamline customer communication. “We built Beetexting to help teams communicate faster and more effectively,” said Somers. “It's about enabling businesses to connect with their customers in a modern, compliant way.” At the Crexendo UGM, Somers announced that Beetexting has launched a direct integration with NetSapiens, making it easier for Crexendo resellers to provision and manage accounts. “Partners can now log in via SSO, set up accounts, and monitor onboarding success—all within a unified dashboard,” he explained. Somers also revealed a new partnership with Phone.com and several AI-driven tools that address one of the industry's biggest challenges: 10DLC compliance. Beetexting's TCR Agent uses conversational AI to guide businesses through the 10DLC registration process in minutes, while its AI-powered Compliance Agents monitor outgoing messages to ensure adherence to company policies and regulations, including FINRA and HIPAA. “The Compliance Agent is like a hall monitor for messaging,” Somers said. “It helps users stay compliant in real time, prevents issues before they happen, and continuously learns company-specific policies.” With Beetexting's innovations, resellers and service providers can deliver a fully white-labeled, compliant business texting solution that adds measurable value to their communications offerings. To learn more about Beetexting, visit www.beetexting.com.

In this episode, Eric and Brian kick off the week with a look at the SPX options market, recent price action, and key gamma levels heading into FOMC week. Eric recaps his recent put credit spread trades from Alpha Crunching, discusses how he's managing new positions into record highs, and explains how he's balancing bullish exposure with call credit spreads and discretionary hedges. The conversation also covers upcoming events—including major tech earnings from Apple, Microsoft, and Google—and how they might influence market sentiment.Brian shares a practical example of a LEAPS diagonal trade on AVGO that's been profitable even without much price movement, illustrating how selling weekly calls can generate consistent income against a long-dated call. The two also discuss covered call timing, hedging approaches, and using instruments like SSO to gain leveraged exposure with less capital.

In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we're honest, it's not really Zero Trust. So, how and why did we get here? Show notes

Mukund Jha is CEO of Emergent, an agentic vibe-coding platform. They've raised $23M from Lightspeed, Y Combinator, Together Fund, and Prosus. He was previously the cofounder and CTO of Dunzo, a hugely popular ecommerce company in India.Mukund's favorite books: The Hard Thing About Hard Things (Author: Ben Horowitz)(00:01) Intro(00:07) State of vibe-coding and where we are today(01:42) Emergent in plain English: what the product delivers(03:07) From prototype to traction: the first 90 days(06:03) What changed in the last 24 months (models + infra)(08:13) Early infra bets that enabled speed(12:07) Precision vs. control: editing and debugging without code(14:21) One-click to production: the unglamorous infra behind it(15:55) Points of failure across prompt → plan → code → test → deploy(17:53) Models division of labor: planning, codegen, tests, commits(20:05) What “reasoning” means and how they evaluate it(22:13) Context & memory strategy (beyond naive RAG)(24:22) Representing large codebases so agents don't hallucinate structure(27:03) Orchestration walkthrough: adding SSO end-to-end(29:40) Agent coordination protocols (how agents talk)(31:05) Debugging long-running agents and trace observability(32:37) Company-building lessons from Dunzo to Emergent(36:10) Philosophy: offloading decisions to models(36:57) Rapid Fire Round--------Where to find Mukund Jha: LinkedIn: https://www.linkedin.com/in/mukund-jha-a1596413/--------Where to find Prateek Joshi: Newsletter: https://prateekjoshi.substack.com Website: https://prateekj.com LinkedIn: https://www.linkedin.com/in/prateek-joshi-infiniteX: https://x.com/prateekvjoshi 

Send us a textArt Poghosyan shares his journey from IT security consultant to CEO of Britive, a cloud-native identity and access management company. His experience during economic downturns shaped his understanding of how cybersecurity services remain resilient through various market cycles.• Started in IT security right after completing a master's in technology risk management• Worked with early IAM solutions including LDAP directories, SSO, and authentication systems• Founded Advanced Technology Solutions focusing on IAM implementation services• Identified growing challenges with traditional IAM solutions in cloud environments• Created Britive to address cloud-native identity management challenges• Witnessed explosion of machine identities in cloud environments creating security risks• Now focused on securing new identity types including AI and agentic identities• Cybersecurity consulting proves relatively recession-proof as security needs persist in both growth and contraction• Capital One AWS breach highlighted risks of excessive privileges in cloud environments• Current focus includes securing agent-to-agent interactions in AI systemsConnect with Art on LinkedIn or email him at art@britive.com to learn more about Britive's solutions for cloud and AI identity challenges. 

This week on The Business of Open Source, I spoke to Or Weis, the CEO and co-founder of Permit.io. Or is a serial entrepreneur who has had a long career in developer tools. We talked about Permit's relationship with open source, including of course the open source projects that they create and maintain. One thing to note is that none of Permit's open source projects are branded as “Permit.” They are all separate from the permit.io brand. On the other hand, Or talked about the essential balancing act for open source companies… figuring out the balance between what goes in the open source project and what goes in the commercial offering. “Companies that get it wrong die, and companies that get it right end up flourishing,” he said. Or Weiss has a theory about open source businesses that he calls ‘open foundations.' He thinks that this model is better than open core — to be honest I think open foundations is a type of open core, but I think that Or's argument about how to do open core are fundamentally correct. Permit's primary open source project is OPAL, and the way that Or puts it is that Permit uses OPAL, but it is not OPAL. The two pieces of software are different and have different value propositions. He also talked about how important it is for everyone to understand what features belong in the project and what belongs in the product… by ‘everyone' he means product managers in your team but also members of the open source community. We also talked about how you have to have a moat for your product, and especially with AI coding tools a lot of models do not have a moat anymore. Which is why he doesn't think that just SSO and a fancy UI are enough of a difference between project and product anymore. If you are interested in having more conversations about building open source businesses, join us next May in Paris at Open Source Founders Summit! 

Dr. Kathleen Horst, Dr. Rachel Jimenez, and Dr. Yara Abdou discuss the updated guideline from ASTRO, ASCO, and SSO on postmastectomy radiation therapy. They share new and updated recommendations on topics including PMRT after upfront surgery, PMRT after neoadjuvant systemic therapy, dose and fractionation schedules, and delivery techniques. They comment on the importance of a multidisciplinary approach and providing personalized care based on individual patient characteristics. Finally, they review ongoing research that may impact these evidence-based guidelines in the future. Read the full guideline, “Postmastectomy Radiation Therapy: An ASTRO-ASCO-SSO Clinical Practice Guideline” at www.asco.org/breast-cancer-guidelines" TRANSCRIPT This guideline, clinical tools, and resources are available at www.asco.org/breast-cancer-guidelines. Read the full text of the guideline and review authors' disclosures of potential conflicts of interest in the Journal of Clinical Oncology, https://ascopubs.org/doi/10.1200/JCO-25-01747  Brittany Harvey: Hello and welcome to the ASCO Guidelines podcast, one of ASCO's podcasts delivering timely information to keep you up to date on the latest changes, challenges, and advances in oncology. You can find all the shows, including this one, at asco.org/podcasts. My name is Brittany Harvey, and today I am interviewing Dr. Kathleen Horst, expert panel chair from Stanford University; Dr. Rachel Jimenez, expert panel vice chair from Massachusetts General Hospital; and Dr. Yara Abdou, ASCO representative from the University of North Carolina, authors on "Postmastectomy Radiation Therapy: An American Society for Radiation Oncology, American Society of Clinical Oncology, and Society of Surgical Oncology Clinical Practice Guideline." Thank you for being here today, Dr. Horst, Dr. Jimenez, and Dr. Abdou. Dr. Kathleen Horst: Thank you for having us. Brittany Harvey: And then just before we discuss this guideline, I would like to note that ASCO takes great care in the development of its guidelines and ensuring that the ASCO conflict of interest policy is followed for each guideline. The disclosures of potential conflicts of interest for the guideline panel, including Dr. Horst, Dr. Jimenez, and Dr. Abdou who have joined us here today, are available online with the publication of the guideline in the Journal of Clinical Oncology, which is linked in the show notes. Then to dive into the content that we are here today to talk about, Dr. Horst, could you start us off by describing what prompted the update for this joint guideline between ASTRO, ASCO, and SSO, and what is the scope of this 2025 guideline on postmastectomy radiation therapy? Dr. Kathleen Horst: Thank you. This joint guideline was last updated in 2016. Over the past decade, the treatment of breast cancer has evolved substantially. Newer systemic therapy regimens have increasingly personalized treatment based on tumor biology, and local therapy management has explored both the de-escalation of axillary surgery and more abbreviated courses of radiation therapy. Given these advances, it was important to revisit the role of postmastectomy radiotherapy in this modern era of breast cancer therapy. This updated guideline addresses four key questions, including postmastectomy radiation therapy after upfront surgery as well as after neoadjuvant systemic therapy. It also reviews the evolving role of various dose and fractionation schedules and optimal treatment techniques and dose constraints. Brittany Harvey: Excellent. I appreciate that background, Dr. Horst. So then, next, Dr. Jimenez, I would like to review the recommendations of this guideline across those four key questions that Dr. Horst just mentioned. So first, what does the panel recommend for PMRT for patients who received initial treatment with mastectomy? Dr. Rachel Jimenez: The panel provided pretty strong consensus that patients with positive lymph nodes or patients with large tumors involving the skin or the chest wall should receive postmastectomy radiation. However, the panel also recognized that the omission of postmastectomy radiation may be appropriate for select patients who have positive lymph nodes and have an axillary lymph node dissection if they have a low nodal burden and other favorable clinical or pathologic features. For patients without lymph node involvement at the time of surgery and no involvement of the skin or chest wall, postmastectomy radiation was not advised by the panel. Brittany Harvey: Understood. It is helpful to understand those recommendations for that patient population. Following that, Dr. Abdou, what are the key recommendations for PMRT for patients who received neoadjuvant systemic therapy before mastectomy? Dr. Yara Abdou: When we think about PMRT after neoadjuvant treatment, the key point is that the initial stage of presentation still matters a lot. So for example, if a patient comes in with more advanced disease, say a large primary tumor, like a clinical T4, or more extensive nodal disease, like an N2 or N3 disease, those patients should get PMRT, no matter how well they respond to neoadjuvant therapy, because we know it reduces the risk of recurrence and that has been shown pretty consistently. On the other hand, if there are still positive lymph nodes after neoadjuvant treatment, basically residual nodal disease, PMRT is also strongly recommended because the risk of local-regional recurrence is much higher in that setting. The gray area is the group of patients who start with a lower burden of nodal disease, such as N1 disease, but then become node negative at surgery. For those patients, we tend to individualize the decision. So if the patient is young or has triple-negative disease, or if there is a lot of residual disease in the breast even though the nodes are cleared, then radiation is probably helpful. But if everything has melted away with pCR in both the breast and the nodes, then it may be safe to omit PMRT in those patients. For patients with smaller tumors and no nodal involvement to begin with, like a clinical T1-T2 N0, if they are still node negative after neoadjuvant treatment, then PMRT is generally not recommended because their baseline recurrence risk is low. And finally, if the margins are positive and cannot be re-excised, then PMRT is recommended after neoadjuvant therapy. Brittany Harvey: Yes, those distinctions are important for appropriate patient selection. So then, Dr. Horst, we have just reviewed the indications for PMRT, but for those patients who receive PMRT, what are the appropriate treatment volumes and dose fractionation regimens? Dr. Kathleen Horst: The guideline addresses coverage of the chest wall and regional nodes with a specific discussion of the data regarding internal mammary nodal irradiation, which has been an area of controversy over many years. The guideline also reviews the data exploring moderate hypofractionation, or shorter courses of radiation therapy. The task force recommends utilizing moderate hypofractionation for the majority of women requiring postmastectomy radiation, which is likely to have a large impact on clinical practice. This recommendation is based on the evolving data demonstrating that a 3-week course of radiotherapy after mastectomy provides similar oncologic outcomes and minimal toxicity for most patients compared to the standard 5-week treatment course. Brittany Harvey: Thank you for reviewing that set of recommendations as well. So then, Dr. Jimenez, to wrap us up on the key questions here, what delivery techniques are recommended for treating patients who receive PMRT? Dr. Rachel Jimenez: So this portion of the guideline is likely to be most helpful for radiation oncologists because it represents the most technical part of the guideline, but we do believe that it offers some important guidance that has, to this point, been lacking in the postmastectomy radiation setting. So first, the panel recommends that all patients should undergo 3-dimensional radiation planning using CAT scan based imaging, and this includes contouring. So contouring refers to the explicit identification, using a drawing interface on the CAT scan imaging, by the radiation oncologist to identify the areas that are targeted to receive radiation, as well as all of the nearby normal tissues that could receive unintended radiation exposure. And we also provide radiation oncologists in the guideline with suggestions about how much dose each target tissue should receive and what the dose limits should be for normal tissues. Additionally, we make some recommendations regarding the manner in which radiation is delivered. So for example, we advise that when conventional radiation methods are not sufficient for covering the areas of the body that are still at risk for cancer, or where too high of a dose of radiation would be anticipated to a normal part of the body, that providers employ a technique called intensity modulated radiation therapy, or IMRT. And if IMRT is going to be used, we also advise regular 3-dimensional imaging assessments of the patient's body relative to the treatment machine to ensure treatment fidelity. When the treatments are delivered, we further advise using a deep inspiration breath-hold technique, which lowers the exposure to the heart and to the lungs when there is concern for cardiopulmonary radiation exposure, and again, that image guidance be used along with real-time monitoring of the patient's anatomy when those techniques are employed. And then finally, we advise that patients receiving postmastectomy radiation utilize a bolus, or a synthetic substance placed on the patient's skin to enhance radiation dose to the superficial tissue, only when there is involvement of the skin with cancer or other high-risk features of the cancer, but not for every patient who receives postmastectomy radiation. Brittany Harvey: Understood. And then, yes, you just mentioned that section of the guideline is probably most helpful for radiation oncologists, but I think you can all comment on this next question. What should all clinicians, including radiation oncologists, surgical oncologists, medical oncologists, and other oncologic professionals, know as they implement all of these updated recommendations? Dr. Rachel Jimenez: So I think one of the things that is most important when we consider postmastectomy radiation and making recommendations is that this is a multidisciplinary panel and that we would expect and encourage our colleagues, as they interpret the guidelines, to employ a multidisciplinary approach when they are discussing each individual patient with their surgical and medical oncology colleagues, that there is no one size fits all. So these guidelines are intended to provide some general guidance around the most appropriate techniques and approaches and recommendations for the utilization of postmastectomy radiation, but that we recognize that all of these recommendations should be individualized for patients and also represent somewhat of a moving target as additional studies, both in the surgical and radiation oncology realm as well as in the systemic therapy realm, enter our milieu, we have to adjust those recommendations accordingly. Dr. Kathleen Horst: Yeah, I would agree, and I wanted to comment as a radiation oncologist, we recognize that local-regional considerations are intertwined with systemic therapy considerations. So as the data evolve, it is critical to have these ongoing updates in a cross-disciplinary manner to ensure optimal care for our patients. And as Dr. Jimenez mentioned, these multidisciplinary discussions are critical for all of us to continue to learn and understand the evolving recommendations across disciplines but also to individualize them according to individual patients. Dr. Yara Abdou: I could not agree more. I think from a medical oncology perspective, systemic therapy has gotten much better with adjuvant CDK4/6 inhibitors, T-DM1, capecitabine, and immune therapy. So these are all newer adjuvant therapies, so the baseline recurrence risks are lower than what they were in the trials that established PMRT. So the absolute benefit of radiation varies more now, so smaller for favorable biology but still relevant in aggressive subtypes or with residual disease. So it is definitely not a one-size-fits-all. Brittany Harvey: Yes, I think it is important that you have all highlighted that multidisciplinary approach and having individualized, patient-centric care. So then, expanding on that just a little bit, Dr. Abdou, how will these guideline recommendations affect patients with breast cancer? Dr. Yara Abdou: So basically, reiterating what we just talked about, these guidelines really move us towards personalized care. So for patients at higher risk, so those with larger tumors, multiple positive nodes, or residual nodal disease after neoadjuvant therapy, PMRT remains essential, consistently lowering local-regional recurrence and improving survival. But for patients at intermediate or lower risk, the recommendations support a more selective approach. So instead of a blanket rule, we now integrate tumor biology, response to systemic therapy, and individual patient factors to decide when PMRT adds meaningful benefit. So the impact for patients is really important because those at high risk continue to get the survival advantage of radiation while others can be spared the unnecessary treatment and side effects. So in short, we are aligning PMRT with modern systemic therapy and biology, making sure each patient receives the right treatment for their situation. Brittany Harvey: Absolutely. Individualizing treatment to every patient will make sure that everyone can achieve the best outcomes as possible. So then, Dr. Jimenez, to wrap us up, I believe Dr. Horst mentioned earlier that data continues to evolve in this field. So in your opinion, what are the outstanding questions regarding the use of PMRT and what are you looking to for the future of research in this space? Dr. Rachel Jimenez: So there are a number of randomized phase III clinical trials that are either in active accrual or that have reported but not yet published that are exploring further de-escalation of postmastectomy radiation and of axillary surgery. And so we do not yet have sufficient data to understand how those two pieces of information integrate with each other. So for example, if you have a patient who has a positive lymph node at the time of diagnosis and forgoes axillary surgery aside from a sentinel lymph node biopsy, we do not yet know that we can also safely forgo radiation entirely in that setting. So we expect that future studies are going to address these questions and understand when it is appropriate to simultaneously de-escalate surgery and radiation. Additionally, there is a number of trials that are looking at ways in which radiation could be omitted or shortened. So there is the RT CHARM trial, which has reported but not yet published, looking at a shorter course of radiation. And so we do make recommendations around that shorter course of radiation in this guideline, but we anticipate that the additional data from the RT CHARM study will provide further evidence in support of that. Additionally, there is a study called the TAILOR RT trial, which looks at forgoing postmastectomy radiation in patients who, to Dr. Abdou's point, have a favorable tumor biology and a low 21-gene recurrence score. And so we are going to anticipate the results from that study to help guide who can selectively forgo postmastectomy radiation when they fall into that favorable risk category. So there are a number of questions that I think will help flesh out this guideline. And as they publish, we will likely publish a focused update on that information to help provide context for our colleagues in the field and clarify some of these recommendations to suit the latest data. Brittany Harvey: Absolutely. We will look forward to those de-escalation trials and ongoing research in the field to build on the evidence and look for future updates to this guideline. So I want to thank you for your work to update these guidelines, and thank you for your time today, Dr. Horst, Dr. Jimenez, and Dr. Abdou. Dr. Rachel Jimenez: Thank you. Dr. Yara Abdou: Thank you. Dr. Kathleen Horst: Thank you. Brittany Harvey: And then finally, thank you to all of our listeners for tuning in to the ASCO Guidelines podcast. To read the full guideline, go to www.asco.org/breast-cancer-guidelines. You can also find many of our guidelines and interactive resources in the free ASCO Guidelines app, which is available in the Apple App Store or the Google Play Store. If you have enjoyed what you have heard today, please rate and review the podcast and be sure to subscribe so you never miss an episode. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.  

Patrick (Tracer Labs) breaks down Trust ID, a consent + identity layer that replaces cookie pop-ups with a portable, user-owned identity (and embedded wallet). We dig into how Tracer helps brands unify siloed data without storing PII, verify real humans amid AI traffic, and enable one-click privacy that travels site-to-site.Timestamps[00:00] AI = most traffic; attribution is broken [00:01] Intro — Patrick, Tracer Labs & Trust ID [00:02] Patrick's crypto origin story & prior ventures [00:05] The problem: siloed brand data + compliance burden [00:06] What Trust ID does: consent + identity + embedded wallet [00:07] One-click wedge: spin up wallet, tokenize consent, no more cookies [00:09] Brands get real humans, no PII; users keep privacy & control [00:12] GDPR/CCPA costs; why a new US standard is needed[00:15] AI search & bot traffic: restoring pre-intent signal[00:18] Federated identity, modular plug-in, keep existing auth[00:19] Agentic “child IDs” w/ wallets & rule sets (Q1 roadmap)[00:20] KYC/KYB as commoditized credentials that travel with you [00:22] Live MVP; replacing legacy consent managers; early clients [00:24] Who's adopting: cards, casinos, banks, travel; multi-brand SSO [00:25] Unifying loyalty & rewards across properties [00:26] Founder advice: talk to customers on day one [00:31] Digital identity misconceptions; why this time is different [00:33] Abstraction for users; less friction, fewer decisions[00:36] Vision: 0.5–1B users; cut spam; programmatic commerce [00:38] The ask: hiring devs; enterprise intros; $15M seed openConnecthttps://www.tracerlabs.com/https://www.linkedin.com/company/tracerlabs/https://www.linkedin.com/in/patrickmoynihan1/DisclaimerNothing mentioned in this podcast is investment advice and please do your own research. Finally, it would mean a lot if you can leave a review of this podcast on Apple Podcasts or Spotify and share this podcast with a friend.Be a guest on the podcast or contact us - https://www.web3pod.xyz/

In this series “Evidence Today and Tomorrow”, the HPB disease site working group of the SSO explored current gaps in HPB surgical oncology, highlighting existing evidence and ongoing work aimed at filling those gaps. In this episode, Dr. Julie Hallet, chair of the HPB disease site working group, and Dr. Noah Cohen, member of the HPB disease site working group, are joined by Drs. Michael Lidksy and Bas Groot Koerkamp to review evidence in hepatic artery infusion pump therapy.

What if one of the biggest threats to our sewer systems, public health, and city budgets was something we barely notice every day? In this episode of the Smells Like Money Podcast, host Suzan Chin-Taylor sits down with Eric DuPre, Founder & President of Texas Infragroup, to uncover the surprising role of the manhole cover in inflow & infiltration (I&I) and sanitary sewer overflows (SSOs).

Send us a textCheck us out at:  https://www.cisspcybertraining.com Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA catastrophic data loss incident involving South Yorkshire Police serves as a powerful security lesson in today's episode. We examine how 96,174 pieces of body-worn video evidence vanished during an IT upgrade, affecting 126 criminal cases. This real-world security failure highlights the critical importance of proper data management, backups, and third-party oversight—fundamental concepts that directly apply to your CISSP exam preparation.The heart of this episode tackles five challenging CISSP exam questions spanning multiple security domains. We methodically work through complex scenarios involving encryption algorithm selection, mitigating Single Sign-On risks in healthcare environments, containing Advanced Persistent Threats, addressing cross-border data protection compliance, and handling SQL injection vulnerabilities in government applications.For each question, I break down the critical thinking process that helps you eliminate incorrect answers and identify the best solution. You'll understand why AES-256 balances security and performance for financial data, how multi-factor authentication strengthens SSO implementations, when network segmentation becomes crucial for APT containment, why Data Loss Prevention systems address insider threats, and the importance of parameterized queries in secure software development.This episode demonstrates how to approach scenario-based questions methodically, turning what seems overwhelming into manageable decision points. By breaking down complex questions step-by-step, you dramatically improve your chances of success on the CISSP exam while building practical security knowledge that translates directly to real-world challenges.Visit CISSP Cyber Training for more resources, including 360 free practice questions to accelerate your certification journey. Remember, a methodical approach to security problems is your path to passing the CISSP exam the first time.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Oracle's long term CSO departs, and we're not that sad about it Canada's House of Commons gets popped through a Microsoft bug Russia degrades voice calls via Whatsapp and Telegram to push people towards Max South-East Asian scam compounds are also behind child sextortion Reports that the UK has backed down on Apple crypto are… strange Oh and of course there's a Fortinet bug! There's always a Fortinet bug! This week's episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You'll never guess which one was a few lines of PAM config, and which was a multi-month engineering project! This episode is also available on Youtube. Show notes Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs Oracle CSO blasted over anti-security research rant - iTnews New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump' Cashout Scheme – Krebs on Security How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch UK has backed down on demand to access US Apple user data, spy chief says DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for" Hackers target Workday in social engineering attack Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge" 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED .:: Phrack Magazine ::. Accenture to buy Australian cyber security firm CyberCX - iTnews

On this episode, I cover the news from Patch Tuesday including an update issue on Windows 11 when using WSUS, I get into a new SSO feature for macOS and much more! Reference Links: https://www.rorymon.com/blog/windows-12-predictions-patch-tuesday-news-teams-security-enhancements/

In this episode of the Food Junkies Podcast, Dr. Vera Tarman and Clarissa Kennedy welcome back Dr. Nicole Avena — neuroscientist, researcher, and author — to discuss her team's latest paper exploring a provocative question: Could GLP-1 receptor agonists, while reducing food cravings, also negatively impact dopamine regulation, mood, and addiction risk? Dr. Avena breaks down the science behind GLP-1 drugs, their effects on the brain's reward pathways, and why these mechanisms might lead to unintended consequences such as anhedonia, apathy, and depressive symptoms. Together, they examine potential tolerance and rebound effects, the role of GABAergic neurons, and the paradox of eliminating “food noise” while risking a hypodopaminergic state. The conversation also covers dose-dependence, the importance of holistic support and mindful eating skills, and ethical considerations for use in vulnerable populations — especially those with a history of addiction or mental health challenges. Listeners will gain nuanced insight into: How GLP-1s work in the brain's reward and motivation systems Why side effects may be tied to dosing, individual sensitivity, and muscle loss The risk of emotional flattening and its impact on recovery and quality of life Strategies to use these medications responsibly, including lower-dose approaches and lifestyle integration Broader implications for the food industry, public health, and prevention — including concerns about pediatric use Dr. Avena also shares a preview of her upcoming talk at the International Food Addiction & Comorbidities Conference in September 2025, where she'll address GLP-1 research, early-life risk factors for ultra-processed food addiction, and prevention strategies. If you've ever wondered about the long-term story behind the GLP-1 craze — especially for those navigating food addiction recovery — this in-depth discussion is a must-listen. Get your IN-PERSON or LIVESTREAM ticket(s) HERE! Use code SSO for a 40% discount!   The content of our show is educational only. It does not supplement or supersede your healthcare provider's professional relationship and direction. Always seek the advice of your physician or other qualified mental health providers with any questions you may have regarding a medical condition, substance use disorder, or mental health concern.

Hey Hey beautiful people here is this weeks Radio Rewind in High Definition Sounds. Hey hey Beautiful People I'm back once again like a Renegade master this Wednesday on Cruise FM. so try and control your excitement!! The paradise sessions - Discos Revenge returns to its original birthplace on Wednesday's 8-10pm with @markymmp on @cruise_fm UK cruise FM. SSo in Wednesdays's So the Star's on 45's take over this week features the amazing Traxsource Hot joints of 2025 so far. Powered by DJ Allan's Awesome 4Some and we also have another brand new amazing Awesome 4Some from DJ Allan in the second hour of the show so be prepared for another high energy uplifting radio show that brings sunshine and smiles on a a Humpday. It's a Specially Prepped Rewind for your aural pleasure. Much Love Marky MMP Cruise FM, and hope you can join me on this special weekly journey delivered with love.. 
 Title Artist Rockin Your World (Main NYC Streets Mix) StretchMan I Don't Love You Anymore (Eric Kupper Remix) The Philly All Stars, Eric Kupper Ride On The Moon (Funkatomic Revenge Extended) Funkatomic, Tracy Hamlin, Derrick Mckenzie Squire for Hire (Fouk Remix) Nathan Haines, Marlena Shaw & Fouk Times Are Changing Ben Westbeech, RAHH Fighting Love (Extended Mix) Mark Knight, Mark Dedross Gimme A Clap (Main Mix) Mild Sauce I Say A Little Prayer 4 U (Jay's Prayer Mix) Jay Caruso Love Taste (Original Mix) GooDisco Right Here Right Now (Mark Francis Re Edit Of DJ Spen, Gary Hudgins, & Thomy Davis Remix) Alicia Myers, DJ Spen, Mark Francis, Gary Hudgins, Thommy Davis Can't Hold Back (Your Loving) (Brian Tappert Rework) Kano, Brian Tappert Slave to the Vibe (Original Extended Mix) Jay Caruso, Aja Luv High (Eric Kupper Extended Remix) Sonic Soul Orchestra, Camden Rose, Eric Kupper That's the Way Love Is (Jerome Sydenham & Tiger Stripes Remix 2025 Remaster) Ten City, Jerome Sydenham, Tiger Stripes Change Of Mind (Stephan Duy's 2025 Extended Edit) Per QX, Stephan Duy Never Gonna Fall In Love Again (Like I Fell In Love With You) (Micky More & Andy Tee Remix) Diplomats Of Soul, Incognito, Vanessa Haynes, Micky More & Andy Tee Another Holiday (Extended Mix) Michael Gray, Sian-Lee Baby Don't Make Me Wait (Sean McCabe Vocal Remix) MissFly, David Bailey, Sean McCabe Heavy Vibes (Yogi Extended Remix) Dr Packer, Yogi We Rise (Johnny Montana And Yorkee Remix) Ann Nesby Rhythm In Me (Original Mix) Tony Deledda, Abyss Deep Sound Lab, Roxanne Myles Let It Flow Raffaele Ciavolino I love you all.
I hope you enjoy on this special weekly journey packed with love and here is the listen back link.

Dr. Tro Kalayjian is a board-certified physician in Internal Medicine and Obesity Medicine, and the founder of Toward Health, a virtual metabolic health clinic helping people break free from food addiction and chronic metabolic disease. He's also a founding member of the Society of Metabolic Health Practitioners and an international speaker on metabolic psychiatry, obesity, and nutrition science. But what makes Dr. Tro's work truly powerful is that it's personal. He grew up in a household affected by obesity and struggled with his own weight into adulthood, reaching over 350 pounds. After years of frustration with traditional medical advice, he took a deep dive into the research and completely transformed his health—losing over 150 pounds and sustaining that loss for more than a decade. His clinic's latest research, published in Frontiers in Psychiatry, shows how combining low-carb nutrition with real-time support, psychological care, and metabolic monitoring can significantly reduce food addiction and binge eating symptoms—offering hope for those who haven't found relief in diets or medications alone. Dr. Tro is passionate about helping others find food freedom, and today he's here to share the science, the struggle, and the solutions that actually work. Research Highlights: Published in Frontiers in Psychiatry (2025): 43 lbs average weight loss ~40–50% improvement in food addiction and binge eating symptoms Outcomes comparable to medications (e.g. amphetamines, GLP-1s) — but without long-term side effects Case series (220 people) on keto for binge eating showed significant improvements, challenging the old myth that "restrictive diets worsen eating disorders"

In this series “evidence today and tomorrow”, the HPB disease site working group of the SSO explored current gaps in HPB surgical oncology, highlighting existing evidence and ongoing work aimed at filling those gaps. In this episode of SurgOnc Today, Dr. Julie Hallet from the Unviersity of Toronto and chair of the SSO HPB Disease Site Working Group, and Dr. Winnie Lo from Eastern Virginia Medical School are joined by Dr. Adam Yopp and Dr. Amit Singal from UT Southwestern, and Dr. Katie Kelley from University of California San Francisco. They will be discussing the state-of-the-art evidence and upcoming trials on treating hepatocellular carcinoma.

In this special live episode of Autonomous IT, Live! we walk through a high-stakes incident response drill that mimics a disturbingly realistic threat scenario: an attacker gains access to your internal tools — not by breaking in, but by logging in.Here's the setup: a user unknowingly reuses compromised credentials with the company's SSO provider. An attacker logs in, flies under the radar, and impersonates internal IT support using Slack, email, and calendar invites. Their goal? Convince employees to install a fake remote access tool—all while avoiding anyone likely to report suspicious behavior.Join Landon Miles, Tom Bowyer, and Ryan Braunstein as they:

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That's broken. Cubeless is tearing down the barriers. With Cubeless Verify, we're delivering SSO and MFA that anyone can use—no IT army required. No hidden fees. No contracts. No catch. Just enterprise-grade security made simple, and free forever. The gatekeepers had their turn. Now it's yours. Go to https://securityweekly.com/cubelessidv to start using Cubeless Identity today. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. A lack of identity standards tailored specifically for AI agents, is creating a roadblock for developers. Existing infrastructure was not designed with autonomous agents in mind. How will identity standards need to evolve in order to meet the needs of an agent driven ecosystem? https://frontegg.com/product/frontegg-ai This segment is sponsored by Frontegg. Visit https://securityweekly.com/fronteggidv to learn more about them! Traditional IGA tools struggle to deliver full observability—and stall when it's time to take action. Axonius Identities is changing that—bringing actionability to identity governance by embedding it into the broader cyber asset platform. In this session, CEO of AxoniusX, Amir Ofek shares how Axonius is modernizing IGA with real-time enforcement, unified asset-to-identity context, and a radically different approach to controlling access across dynamic environments. https://www.axonius.com/products/identities Axonius Blog: From Roles to Rules – An Access Paradigm Shift: https://www.axonius.com/blog/from-roles-to-rules Axonius Cybersecurity Asset Management Platform Overview: https://www.axonius.com/platform See how Axonius makes identity actionable. Visit https://securityweekly.com/axoniusidv. As enterprises are looking to rapidly deploy AI agents to drive innovation, they face an urgent need to secure this new "digital workforce" without hindering speed. Traditional security models weren't built for the unique identity and access demands of autonomous AI. This session will cut through the hype, address the real security concerns head-on, and outline a modern, cloud-native framework for managing privileged access for AI agents, ensuring your organization can innovate fast and stay secure. https://www.britive.com/use-cases/agentic-ai-security https://www.britive.com/resource/events/zero-standing-privileges-human-ai-nhi https://www.britive.com/resource/blog/agentic-ai-redefining-identity-security-cloud https://www.britive.com/resource/blog/owasp-vulnerabilities-llm-goes-rogue-navigating-corporate-chaos https://www.britive.com/resource/blog/agent-to-agent-access-security https://www.britive.com/resource/blog/genai-data-privacy-ip-protection https://www.britive.com/resource/blog/rethinking-nhi-cloud-security-strategies This segment is sponsored by Britive. Visit https://securityweekly.com/britiveidv to learn more about Britive's agentless cloud-native Privileged Access Management platform. As digital transformation accelerates and advanced threats evolve, industries of all kinds face rising pressure to secure identities, prevent fraud, and deliver seamless user experiences. Aware CEO Ajay Amlani shares how biometric technology is stepping up to meet these challenges—providing fast, accurate, and scalable solutions that strengthen security while reducing friction. Discover how biometrics is reshaping the identity landscape and enabling trust in an increasingly complex world. https://www.aware.com/blog/ This segment is sponsored by Aware. Visit https://securityweekly.com/awareidv to learn more about them! As threat landscapes grow more complex and stakeholder expectations rise, organizations must reimagine their approach to cyber resilience and trust. This interview will explore how artificial intelligence is transforming cybersecurity—from identifying vulnerabilities in real time to automating response and aligning security initiatives with broader business goals. Join us for a forward-looking discussion on what it means to lead with AI, earn digital trust, and create a resilient enterprise that's built to withstand tomorrow's threats. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-414

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That's broken. Cubeless is tearing down the barriers. With Cubeless Verify, we're delivering SSO and MFA that anyone can use—no IT army required. No hidden fees. No contracts. No catch. Just enterprise-grade security made simple, and free forever. The gatekeepers had their turn. Now it's yours. Go to https://securityweekly.com/cubelessidv to start using Cubeless Identity today. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. A lack of identity standards tailored specifically for AI agents, is creating a roadblock for developers. Existing infrastructure was not designed with autonomous agents in mind. How will identity standards need to evolve in order to meet the needs of an agent driven ecosystem? https://frontegg.com/product/frontegg-ai This segment is sponsored by Frontegg. Visit https://securityweekly.com/fronteggidv to learn more about them! Traditional IGA tools struggle to deliver full observability—and stall when it's time to take action. Axonius Identities is changing that—bringing actionability to identity governance by embedding it into the broader cyber asset platform. In this session, CEO of AxoniusX, Amir Ofek shares how Axonius is modernizing IGA with real-time enforcement, unified asset-to-identity context, and a radically different approach to controlling access across dynamic environments. https://www.axonius.com/products/identities Axonius Blog: From Roles to Rules – An Access Paradigm Shift: https://www.axonius.com/blog/from-roles-to-rules Axonius Cybersecurity Asset Management Platform Overview: https://www.axonius.com/platform See how Axonius makes identity actionable. Visit https://securityweekly.com/axoniusidv. As enterprises are looking to rapidly deploy AI agents to drive innovation, they face an urgent need to secure this new "digital workforce" without hindering speed. Traditional security models weren't built for the unique identity and access demands of autonomous AI. This session will cut through the hype, address the real security concerns head-on, and outline a modern, cloud-native framework for managing privileged access for AI agents, ensuring your organization can innovate fast and stay secure. https://www.britive.com/use-cases/agentic-ai-security https://www.britive.com/resource/events/zero-standing-privileges-human-ai-nhi https://www.britive.com/resource/blog/agentic-ai-redefining-identity-security-cloud https://www.britive.com/resource/blog/owasp-vulnerabilities-llm-goes-rogue-navigating-corporate-chaos https://www.britive.com/resource/blog/agent-to-agent-access-security https://www.britive.com/resource/blog/genai-data-privacy-ip-protection https://www.britive.com/resource/blog/rethinking-nhi-cloud-security-strategies This segment is sponsored by Britive. Visit https://securityweekly.com/britiveidv to learn more about Britive's agentless cloud-native Privileged Access Management platform. As digital transformation accelerates and advanced threats evolve, industries of all kinds face rising pressure to secure identities, prevent fraud, and deliver seamless user experiences. Aware CEO Ajay Amlani shares how biometric technology is stepping up to meet these challenges—providing fast, accurate, and scalable solutions that strengthen security while reducing friction. Discover how biometrics is reshaping the identity landscape and enabling trust in an increasingly complex world. https://www.aware.com/blog/ This segment is sponsored by Aware. Visit https://securityweekly.com/awareidv to learn more about them! As threat landscapes grow more complex and stakeholder expectations rise, organizations must reimagine their approach to cyber resilience and trust. This interview will explore how artificial intelligence is transforming cybersecurity—from identifying vulnerabilities in real time to automating response and aligning security initiatives with broader business goals. Join us for a forward-looking discussion on what it means to lead with AI, earn digital trust, and create a resilient enterprise that's built to withstand tomorrow's threats. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-414

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That's broken. Cubeless is tearing down the barriers. With Cubeless Verify, we're delivering SSO and MFA that anyone can use—no IT army required. No hidden fees. No contracts. No catch. Just enterprise-grade security made simple, and free forever. The gatekeepers had their turn. Now it's yours. Go to https://securityweekly.com/cubelessidv to start using Cubeless Identity today. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. A lack of identity standards tailored specifically for AI agents, is creating a roadblock for developers. Existing infrastructure was not designed with autonomous agents in mind. How will identity standards need to evolve in order to meet the needs of an agent driven ecosystem? https://frontegg.com/product/frontegg-ai This segment is sponsored by Frontegg. Visit https://securityweekly.com/fronteggidv to learn more about them! Traditional IGA tools struggle to deliver full observability—and stall when it's time to take action. Axonius Identities is changing that—bringing actionability to identity governance by embedding it into the broader cyber asset platform. In this session, CEO of AxoniusX, Amir Ofek shares how Axonius is modernizing IGA with real-time enforcement, unified asset-to-identity context, and a radically different approach to controlling access across dynamic environments. https://www.axonius.com/products/identities Axonius Blog: From Roles to Rules – An Access Paradigm Shift: https://www.axonius.com/blog/from-roles-to-rules Axonius Cybersecurity Asset Management Platform Overview: https://www.axonius.com/platform See how Axonius makes identity actionable. Visit https://securityweekly.com/axoniusidv. As enterprises are looking to rapidly deploy AI agents to drive innovation, they face an urgent need to secure this new "digital workforce" without hindering speed. Traditional security models weren't built for the unique identity and access demands of autonomous AI. This session will cut through the hype, address the real security concerns head-on, and outline a modern, cloud-native framework for managing privileged access for AI agents, ensuring your organization can innovate fast and stay secure. https://www.britive.com/use-cases/agentic-ai-security https://www.britive.com/resource/events/zero-standing-privileges-human-ai-nhi https://www.britive.com/resource/blog/agentic-ai-redefining-identity-security-cloud https://www.britive.com/resource/blog/owasp-vulnerabilities-llm-goes-rogue-navigating-corporate-chaos https://www.britive.com/resource/blog/agent-to-agent-access-security https://www.britive.com/resource/blog/genai-data-privacy-ip-protection https://www.britive.com/resource/blog/rethinking-nhi-cloud-security-strategies This segment is sponsored by Britive. Visit https://securityweekly.com/britiveidv to learn more about Britive's agentless cloud-native Privileged Access Management platform. As digital transformation accelerates and advanced threats evolve, industries of all kinds face rising pressure to secure identities, prevent fraud, and deliver seamless user experiences. Aware CEO Ajay Amlani shares how biometric technology is stepping up to meet these challenges—providing fast, accurate, and scalable solutions that strengthen security while reducing friction. Discover how biometrics is reshaping the identity landscape and enabling trust in an increasingly complex world. https://www.aware.com/blog/ This segment is sponsored by Aware. Visit https://securityweekly.com/awareidv to learn more about them! As threat landscapes grow more complex and stakeholder expectations rise, organizations must reimagine their approach to cyber resilience and trust. This interview will explore how artificial intelligence is transforming cybersecurity—from identifying vulnerabilities in real time to automating response and aligning security initiatives with broader business goals. Join us for a forward-looking discussion on what it means to lead with AI, earn digital trust, and create a resilient enterprise that's built to withstand tomorrow's threats. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Show Notes: https://securityweekly.com/esw-414

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That's broken. Cubeless is tearing down the barriers. With Cubeless Verify, we're delivering SSO and MFA that anyone can use—no IT army required. No hidden fees. No contracts. No catch. Just enterprise-grade security made simple, and free forever. The gatekeepers had their turn. Now it's yours. Go to https://securityweekly.com/cubelessidv to start using Cubeless Identity today. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. A lack of identity standards tailored specifically for AI agents, is creating a roadblock for developers. Existing infrastructure was not designed with autonomous agents in mind. How will identity standards need to evolve in order to meet the needs of an agent driven ecosystem? https://frontegg.com/product/frontegg-ai This segment is sponsored by Frontegg. Visit https://securityweekly.com/fronteggidv to learn more about them! Traditional IGA tools struggle to deliver full observability—and stall when it's time to take action. Axonius Identities is changing that—bringing actionability to identity governance by embedding it into the broader cyber asset platform. In this session, CEO of AxoniusX, Amir Ofek shares how Axonius is modernizing IGA with real-time enforcement, unified asset-to-identity context, and a radically different approach to controlling access across dynamic environments. https://www.axonius.com/products/identities Axonius Blog: From Roles to Rules – An Access Paradigm Shift: https://www.axonius.com/blog/from-roles-to-rules Axonius Cybersecurity Asset Management Platform Overview: https://www.axonius.com/platform See how Axonius makes identity actionable. Visit https://securityweekly.com/axoniusidv. As enterprises are looking to rapidly deploy AI agents to drive innovation, they face an urgent need to secure this new "digital workforce" without hindering speed. Traditional security models weren't built for the unique identity and access demands of autonomous AI. This session will cut through the hype, address the real security concerns head-on, and outline a modern, cloud-native framework for managing privileged access for AI agents, ensuring your organization can innovate fast and stay secure. https://www.britive.com/use-cases/agentic-ai-security https://www.britive.com/resource/events/zero-standing-privileges-human-ai-nhi https://www.britive.com/resource/blog/agentic-ai-redefining-identity-security-cloud https://www.britive.com/resource/blog/owasp-vulnerabilities-llm-goes-rogue-navigating-corporate-chaos https://www.britive.com/resource/blog/agent-to-agent-access-security https://www.britive.com/resource/blog/genai-data-privacy-ip-protection https://www.britive.com/resource/blog/rethinking-nhi-cloud-security-strategies This segment is sponsored by Britive. Visit https://securityweekly.com/britiveidv to learn more about Britive's agentless cloud-native Privileged Access Management platform. As digital transformation accelerates and advanced threats evolve, industries of all kinds face rising pressure to secure identities, prevent fraud, and deliver seamless user experiences. Aware CEO Ajay Amlani shares how biometric technology is stepping up to meet these challenges—providing fast, accurate, and scalable solutions that strengthen security while reducing friction. Discover how biometrics is reshaping the identity landscape and enabling trust in an increasingly complex world. https://www.aware.com/blog/ This segment is sponsored by Aware. Visit https://securityweekly.com/awareidv to learn more about them! As threat landscapes grow more complex and stakeholder expectations rise, organizations must reimagine their approach to cyber resilience and trust. This interview will explore how artificial intelligence is transforming cybersecurity—from identifying vulnerabilities in real time to automating response and aligning security initiatives with broader business goals. Join us for a forward-looking discussion on what it means to lead with AI, earn digital trust, and create a resilient enterprise that's built to withstand tomorrow's threats. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Show Notes: https://securityweekly.com/esw-414

Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-413

Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-413

Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Show Notes: https://securityweekly.com/esw-413

Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security. This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them! Topic Segment: Is AI taking our jerbs or not? I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared. Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole. Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage? Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question. The Enterprise News In this week's enterprise security news, Not much interesting funding to discuss Securonix acquires ThreatQuotient Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something) Yet another free vulnerability database ChatGPT can now clandestinely record meetings Threat detection resources a VERY expensive Zoom call (for the victim) Should we stop using SOC2s? Should we give up on least privilege? How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max? Show Notes: https://securityweekly.com/esw-413

In this episode of SurgOnc Today, Dr. Olga Kantor from Brigham and Women's Hospital and Dr. Taiwo Adesoye from MD Anderson Cancer Center discuss the breast track highlights of the SSO 2025 Annual Meeting, focusing on a few potentially practice changing trials presented at the meeting. In case you missed the meeting, be sure to check out the On Demand content, now available at https://learn.surgonc.org/.

The Future of HubSpot is PasswordlessLearn how HubSpot's CISO Alyssa Robinson breaks down passwordless authentication, innovative security strategies, and the art of balancing usability with protection on the latest episode. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

On this episode, I chat with Victor Shih about all things China. We discuss China's massive local debt crisis, the CCP's views on AI, what happens after Xi, and more.Victor Shih is an expert on the Chinese political system, as well as their banking and fiscal policies, and he has amassed more biographical data on the Chinese elite than anyone else in the world. He teaches at UC San Diego, where he also directs the 21st Century China Center.Watch on YouTube; listen on Apple Podcasts or Spotify.Sponsors* Scale is building the infrastructure for smarter, safer AI. In addition to their Data Foundry, they just released Scale Evaluation, a tool that diagnoses model limitations. Learn how Scale can help you push the frontier at scale.com/dwarkesh.* WorkOS is how top AI companies ship critical enterprise features without burning months of engineering time. If you need features like SSO, audit logs, or user provisioning, head to workos.com.To sponsor a future episode, visit dwarkesh.com/advertise.Timestamps(00:00:00) – Is China more decentralized than the US?(00:03:16) – How the Politburo Standing Committee makes decisions(00:21:07) – Xi's right hand man in charge of AGI(00:35:37) – DeepSeek was trained to track CCP policy(00:45:35) – Local government debt crisis(00:50:00) – BYD, CATL, & financial repression(00:58:12) – How corruption leads to overbuilding(01:10:46) – Probability of Taiwan invasion(01:18:56) – Succession after Xi(01:25:10) – Future growth forecasts Get full access to Dwarkesh Podcast at www.dwarkesh.com/subscribe

New episode with my good friends Sholto Douglas & Trenton Bricken. Sholto focuses on scaling RL and Trenton researches mechanistic interpretability, both at Anthropic.We talk through what's changed in the last year of AI research; the new RL regime and how far it can scale; how to trace a model's thoughts; and how countries, workers, and students should prepare for AGI.See you next year for v3. Here's last year's episode, btw. Enjoy!Watch on YouTube; listen on Apple Podcasts or Spotify.----------SPONSORS* WorkOS ensures that AI companies like OpenAI and Anthropic don't have to spend engineering time building enterprise features like access controls or SSO. It's not that they don't need these features; it's just that WorkOS gives them battle-tested APIs that they can use for auth, provisioning, and more. Start building today at workos.com.* Scale is building the infrastructure for safer, smarter AI. Scale's Data Foundry gives major AI labs access to high-quality data to fuel post-training, while their public leaderboards help assess model capabilities. They also just released Scale Evaluation, a new tool that diagnoses model limitations. If you're an AI researcher or engineer, learn how Scale can help you push the frontier at scale.com/dwarkesh.* Lighthouse is THE fastest immigration solution for the technology industry. They specialize in expert visas like the O-1A and EB-1A, and they've already helped companies like Cursor, Notion, and Replit navigate U.S. immigration. Explore which visa is right for you at lighthousehq.com/ref/Dwarkesh.To sponsor a future episode, visit dwarkesh.com/advertise.----------TIMESTAMPS(00:00:00) – How far can RL scale?(00:16:27) – Is continual learning a key bottleneck?(00:31:59) – Model self-awareness(00:50:32) – Taste and slop(01:00:51) – How soon to fully autonomous agents?(01:15:17) – Neuralese(01:18:55) – Inference compute will bottleneck AGI(01:23:01) – DeepSeek algorithmic improvements(01:37:42) – Why are LLMs ‘baby AGI' but not AlphaZero?(01:45:38) – Mech interp(01:56:15) – How countries should prepare for AGI(02:10:26) – Automating white collar work(02:15:35) – Advice for students Get full access to Dwarkesh Podcast at www.dwarkesh.com/subscribe

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users' browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up. It's extremely difficult to bypass. That's because when you're in the browser it doesn't matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it. There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it's enrolled into your SSO, are you sure that's how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable? This is a fun one! This episode is also available on Youtube. Show notes

In this hosts-only episode, Amy and Brad get real about the developer experience - from the stress of job interviews to the complexities of choosing the right framework. They discuss why companies are comparing candidates more than ever, share strategies for answering behavioral interview questions, and debate the merits of Remix versus Next.js (spoiler: Brad's all-in on Remix). The conversation shifts to feature flags and progressive rollouts, with insights from Brad's work at Stripe. SponsorWorkOS helps you launch enterprise features like SSO and user management with ease. Thanks to the AuthKit SDK for JavaScript, your team can integrate in minutes and focus on what truly matters—building your app. Chapter Marks00:00 - Intro00:41 - Sponsor: WorkOS01:47 - Brad's Keyboard and Mouse Shopping Spree04:30 - Keyboard Layout Discussion07:23 - Apple Ecosystem: Reminders and Notes09:23 - Family Sharing and Raycast Integration09:43 - Notion vs Apple Notes for Project Management11:31 - File Storage and Backup Strategies14:00 - Machine Backup Philosophy16:46 - Job Interview Preparation Tips19:40 - Answering the "Weakness" Question21:53 - Addressing Weaknesses: Delegation Examples24:29 - Conflict Resolution Interview Questions25:46 - Company Research Before Interviews27:00 - Tech Stack Considerations: Remix vs Next.js28:30 - Framework Migration Decisions29:30 - Astro for Content Sites31:02 - Backend Languages: Go vs TypeScript32:30 - React Server Components Future34:23 - Feature Flags and Boolean as a Service35:30 - Feature Flag Segmentation and A/B Testing36:54 - PostHog and Analytics Tools38:30 - Progressive Rollouts and Error Monitoring40:20 - Amy's Picks and Plugs43:35 - Brad's Picks and Plugs  

This show has been flagged as Clean by the host. Standard UNIX password manager Password management is one of those computing problems you probably don't think about often, because modern computing usually has an obvious default solution built-in. A website prompts you for a password, and your browser auto-fills it in for you. Problem solved. However, not all browsers make it very easy to get to your passwords store, which makes it complex to migrate passwords to a new system without also migrating the rest of your user profile, or to share certain passwords between different users. There are several good open source options that offer alternatives to the obvious defaults, but as a user of Linux and UNIX, I love a minimal and stable solution when one is available. The pass command is a password manager that uses GPG encryption to keep your passwords safe, and it features several system integrations so you can use it seamlessly with your web browser of choice. Install pass The pass command is provided by the PasswordStore project. You can install it from your software repository or ports collection. For example, on Fedora: $ sudo dnf install pass On Debian and similar: $ sudo apt install pass Because the word pass is common, the name of the package may vary, depending on your distribution and operating system. For example, pass is available on Slackware and FreeBSD as password-store. The pass command is open source, so the source code is available at git.zx2c4.com/password-store. Create a GPG key First, you must have a GPG key to use for encryption. You can use a key you already have, or create a new one just for your password store. To create a GPG key, use the gpg command along with the --gen-key option (if you already have a key you want to use for your password store, you can skip this step): $ gpg --gen-key Answer the prompts to generate a key. When prompted to provide values for Real name, Email, and Comment, you must provide a response for each one, even though GPG allows you to leave them empty. In my experience, pass fails to initialize when one of those values is empty. For example, here are my responses for purposes of this article: Real name: Tux Email: tux@example.com Comment: My first key This information is combined, in a different order, to create a unique GPG ID. You can see your GPG key ID at any time: $ gpg --list-secret-keys | grep uid uid: Tux (My first key) tux@example.com Other than that, it's safe to accept the default and recommended options for each prompt. In the end, you have a GPG key to serve as the master key for your password store. You must keep this key safe. Back it up, keep a copy of your GPG keyring on a secure device. Should you lose this key, you lose access to your password store. Initialize a password store Next, you must initialize a password store on your system. When you do, you create a hidden directory where your passwords are stored, and you define which GPG key to use to encrypt passwords. To initialize a password store, use the pass init command along with your unique GPG key ID. Using my example key: $ pass init "Tux (My first key) " You can define more than one GPG key to use with your password store, should you intend to share passwords with another user or on another system using a different GPG key. Add and edit passwords To add a password to your password store, use the pass insert command followed by the URL (or any string) you want pass to keep. $ pass insert example.org Enter the password at the prompt, and then again to confirm. Most websites require more than just a password, and so pass can manage additional data, like username, email, and any other field. To add extra data to a password file, use pass edit followed by the URL or string you saved the password as: $ pass edit example.org The first line of a password file must be the password itself. After that first line, however, you can add any additional data you want, in the format of the field name followed by a colon and then the value. For example, to save tux as the value of the username field on a website: myFakePassword123 username: tux Some websites use an email address instead of a username: myFakePassword123 email: tux@example.com A password file can contain any data you want, so you can also add important notes or one-time recovery codes, and anything else you might find useful: myFake;_;Password123 email: tux@example.com recovery email: tux@example.org recovery code: 03a5-1992-ee12-238c note: This is your personal account, use company SSO at work List passwords To see all passwords in your password store: $ pass list Password Store ├── example.com ├── example.org You can also search your password store: $ pass find bandcamp Search Terms: bandcamp └── www.bandcamp.com Integrating your password store Your password store is perfectly usable from a terminal, but that's not the only way to use it. Using extensions, you can use pass as your web browser's password manager. There are several different applications that provide a bridge between pass and your browser. Most are listed in the CompatibleClients section of passwordstore.org. I use PassFF, which provides a Firefox extension. For browsers based on Chromium, you can use Browserpass with the Browserpass extension. In both cases, the browser extension requires a "host application", or a background bridge service to allow your browser to access the encrypted data in your password store. For PassFF, download the install script: $ wget https://codeberg.org/PassFF/passff-host/releases/download/latest/install_host_app.sh Review the script to confirm that it's just installing the host application, and then run it: $ bash ./install_host_app.sh firefox Python 3 executable located at /usr/bin/python3 Pass executable located at /usr/bin/pass Installing Firefox host config Native messaging host for Firefox has been installed to /home/tux/.mozilla/native-messaging-hosts. Install the browser extension, and then restart your browser. When you navigate to a URL with an file in your password store, a pass icon appears in the relevant fields. Click the icon to complete the form. Alternately, a pass icon appears in your browser's extension tray, providing a menu for direct interaction with many pass functions (such as copying data directly to your system clipboard, or auto-filling only a specific field, and so on.) Password management like UNIX The pass command is extensible, and there are some great add-ons for it. Here are some of my favourites: pass-otp: Add one-time password (OTP) functionality. pass-update: Add an easy workflow for updating passwords that you frequently change. pass-import: Import passwords from chrome, 1password, bitwarden, apple-keychain, gnome-keyring, keepass, lastpass, and many more (including pass itself, in the event you want to migrate a password store). The pass command and the password store system is a comfortably UNIX-like password management solution. It stores your passwords as text files in a format that doesn't even require you to have pass installed for access. As long as you have your GPG key, you can access and use the data in your password store. You own your data not only in the sense that it's local, but you have ownership of how you interact with it. You can sync your password stores between different machines using rsync or syncthing, or even backup the store to cloud storage. It's encrypted, and only you have the key.Provide feedback on this episode.

Richard Gearhart and Elizabeth Gearhart, co-hosts of Passage to Profit Show interview Jessica Dante from Dante Media and the "Love and London" brand, "The Mind Whisperer" Dawna Campbell from The Healing Heart, Inc. and Ian L. Paterson from Plurilock™.   In this episode, we chat with Jessica Dante, founder of Dante Media and the savvy travel guru behind the viral “Love and London” brand. From uncovering classic tourist scams to dishing out honest advice on what to skip (sorry, Madame Tussauds!), Jessica shares how she built a million-strong following by helping travelers have smarter, more authentic adventures in London and Paris. Read more at: Love and London website: https://loveandlondon.com/, Youtube: https://www.youtube.com/user/loveandlondon, Instagram: https://www.instagram.com/loveandlondon/?hl=en, Love and London's free 101 Guide: https://loveandlondon.com/london-101-guide-main/    Dawna Campbell is the CEO and Founder of The Healing Heart, Inc., an international business that provides life-changing services to clients all over the world. Dawna is widely recognized as The Mind Whisperer for her unparalleled ability to reprogram the subconscious brain for instant money creation, enabling her clients to manifest a life of happiness, prosperity, and love. Read more at: Read more at: https://www.dawnacampbell.com/   Ian L. Paterson is the CEO of Plurilock™ and is a data entrepreneur with more than 15 years of experience in leading and commercializing technology companies focused on data analytics and cybersecurity. Plurilock™ is a global cyber solutions provider and maker of Plurilock AI, leading platform for SSO, CASB, DLP, AI identity + AI safety. Read more at: https://plurilock.com/   Whether you're a seasoned entrepreneur, a startup, an inventor, an innovator, a small business or just starting your entrepreneurial journey, tune into Passage to Profit Show for compelling discussions, real-life examples, and expert advice on entrepreneurship, intellectual property, trademarks and more. Visit https://passagetoprofitshow.com/ for the latest updates and episodes. Chapters (00:00:00) - Start Your Business Now(00:00:25) - Passage to Profit(00:01:38) - How to Spot Unsightly Opportunities as an Entrepreneur(00:03:28) - How to Spot Unseen Opportunities?(00:05:06) - Spotting Unsightly Opportunities(00:06:13) - The Importance of Identifying Unsightly Opportunities(00:07:25) - Meet Jessica Dante(00:10:05) - Love and London(00:11:51) - Tutorial on How to Make a Living on YouTube(00:15:36) - Have All the Attention Made You a Better Manager?(00:17:28) - Oprah on Her Own Career(00:18:13) - The challenges of running a small business(00:19:20) - Jessica Alba on Meet and Focuses(00:20:12) - How to Make a Money on YouTube With Shorts(00:24:01) - Small Business Health Insurance(00:25:01) - Travel Guides for London(00:27:10) - Intellectual Property News: AI and Copyright(00:30:31) - Do Authors Own AI Content?(00:36:57) - Home Warranty: How to Prosper Yourself(00:38:57) - Richard and Elizabeth Gearhart(00:39:22) - What's Going On With Your Projects?(00:41:07) - Carb and colorectal cancer risk(00:41:55) - How to Read Your Mind's Quantum Field(00:45:53) - How to Stop Resisting in Your Life(00:48:58) - Does Money Play a Role in Healing?(00:50:34) - What Made Me Who I Am(00:53:20) - Where Do You See Your Practice Taking You?(00:54:50) - Cybersecurity in the Elevator(00:55:56) - How to Outrun Cyber Threats(01:01:30) - Top 5 tips for cyber security(01:06:40) - Is there anything really exciting coming down the pike in cybersecurity?(01:09:34) - Tax Doctor(01:10:55) - What is Your Secret to Success?(01:13:37) - Ian L. Patterson on Networking(01:15:11) - Passive to Profit

A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant. https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810 A Phihsing Tale of DOH and DNS MX Abuse Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/ Using OpenID Connect for SSH Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH. https://github.com/openpubkey/opkssh/

In this episode of the Identity Center Podcast, Jim McDonald discusses policy enforcement, adaptive authentication, and fraud prevention with Patrick Harding, Chief Product Architect at Ping Identity. They delve into how policy enforcement can be managed locally to maintain performance for SaaS applications while ensuring greater flexibility using standards like AuthZEN. Jim and Patrick also cover the benefits and challenges of using SAML and OpenID Connect for single sign-on (SSO) and explore the future role of AI agents in identity and access management. Additionally, they provide valuable tips for attending identity-focused conferences in Berlin and Las Vegas.Chapters00:00 Introduction to Policy Enforcement01:29 Welcome to the Identity Center Podcast01:54 Conference Discount Codes03:03 Guest Introduction: Patrick Harding from Ping Identity03:54 Patrick's Journey into Identity06:56 Challenges in Adaptive Authentication10:50 SaaS Applications and Policy Enforcement21:18 Advanced Fraud Analytics29:23 Integrating On-Premise and Cloud Applications30:35 Effort and Challenges in Modernizing Applications31:22 The Shift to OpenID Connect32:22 SaaS Applications and Single Sign-On Costs33:52 AI Agents and Adaptive Authentication34:54 The Future of AI Agents in Business39:15 Delegation and Authentication for AI Agents43:46 The Impact of AI on Jobs and Efficiency47:11 Advice for Future Careers in a Tech-Driven World52:57 Conference Tips and Final ThoughtsConnect with Patrick: https://www.linkedin.com/in/pharding/Conference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit

Week D - If a preview update falls in the woods and no one downloads it, did it really happen? Plus, what is going on with AI for free? Isn't this stuff expensive? Windows 23H2/24H2: Taskbar share, Spotlight updates, Windows Backup snooze in File Explorer, etc. Dev and Beta - Semantic search adds OneDrive photo search to Search (was in File Explorer previously), plus the Recall reboot no one is explaining. And Trim comes to Snipping Tool (Canary and Dev) Beta (23H2) - Share gets a drag tray and Start All apps gets new Grid and Category views Lenovo revenues surge 20 percent Framework announces Ryzen AI-based Laptop 13, plus Laptop 12 and Desktop Opera adds Bluesky, Discord, and Slack to the sidebar Microsoft 365 Microsoft confuses us with a test of a free, ad-supported core Office suite for Windows Amazon kills Chime, will use Zoom, Teams, and more Amazon kills Appstore for Android Google to drop SMS-based 2FA, move to QR codes Paul continues with his SSO removals, an update on whether this impacts account availability AI/Dev Following up the previous discussion with an interesting way to use an AI chatbot Alexa enters the AI era OpenAI now has 400 million weekly active users Microsoft cancels some AI datacenter leases, but it's not done spending billions on AI Anthropic releases first reasoning model, with a twist Gemini Code Assist is now free for individuals! ThinkDeeper and Voice in Copilot no longer have usage restrictions OpenAI makes Deep Research available to all paid customers Apple delays biggest Siri advances past iOS 18.4 - Math is hard, but AI is even harder Spotify expands into AI-narrated audiobooks NVIDIA partners to bring free ASL training to everyone .NET 10 Preview 1 arrives with the promise of LTS and not much else Xbox Xbox Cloud Gaming gets its first update in a while, and it's a big one Microsoft delays Fable reboot to 2026 Tips and Picks Tip of the week: You can view the source code for the oldest machine-readable version of Unix App pick of the week: Adobe Photoshop for iPhone RunAs Radio this week: Exchange Server in 2025 with Michel de Rooij Brown liquor pick of the week: Glenrothes 15 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: 1password.com/windowsweekly cachefly.com/twit