POPULARITY
13 episodes with threat detection
12 episodes with threat detection
11 episodes with threat detection
12 episodes with threat detection
5 episodes with threat detection
4 episodes with threat detection
4 episodes with threat detection
3 episodes with threat detection
4 episodes with threat detection
Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale? Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond? What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol
Is Artificial Intelligence the ultimate security dragon, we need to slay, or a powerful ally we must train? Recorded LIVE at BSidesSF, this special episode dives headfirst into the most pressing debates around AI security.Join host Ashish Rajan as he navigates the complex landscape of AI threats and opportunities with two leading experts:Jackie Bow (Anthropic): Championing the "How to Train Your Dragon" approach, Jackie reveals how we can leverage AI, and even its 'hallucinations,' for advanced threat detection, response, and creative security solutions.Kane Narraway (Canva): Taking the "Knight/Wizard" stance, Kane illuminates the critical challenges in securing AI systems, understanding the new layers of risk, and the complexities of AI threat modeling.
ABOUT THE AUTHOR Akli Adjaoute is the founder of Exponion, a venture capital firm that provides cutting-edge startup companies with the financial resources and expertise they need to achieve success. Before Exponion, Adjaoute was the founder and CEO of Brighterion, which was acquired by Mastercard in 2017. Brighterion has received multiple awards, including the Innovation World Series Award, the Morgan Stanley Fintech Award, the Business Intelligence Group's 2022 Artificial Intelligence Excellence Award, the U.S. FinTech Award's 2022 Banking Tech of the Year, the 2021 Business Transformation 150 and the 2020 Fortress Cyber Security Award for Threat Detection. Adjaoute holds 35 patents and has an additional 50 patents pending approval. His inventions have been cited over 2,000 times. He is a renowned academic, speaker and writer in the fields of AI and security. He served as an adjunct professor at the University of San Francisco (USF) and as the Head of the AI department and Scientific Committee Chair at EPITA, one of Europe's leading institutions for engineering and computer science education. He holds a master's degree in computer science from the Université de Technologies de Compiègne and a Ph.D. in artificial intelligence from the University of Pierre & Marie Curie. For more information, please visit https://exponion.com/, or connect with Adjaoute on LinkedIn (https://www.linkedin.com/in/akli-adjaoute/).
In today's episode of Tech Talks Daily, I reconnect with Abnormal AI's CIO, Mike Britton, to explore one of the most pressing topics in the tech world—AI regulation and cybersecurity. Speaking from his base near Dallas, Mike brings a pragmatic perspective shaped by decades of experience at the intersection of enterprise technology and security. As the debate around artificial intelligence evolves, we examine the growing divide between the United States and Europe on regulatory approaches and what business leaders can learn from each side. While Europe takes a more cohesive, application-based approach, the US remains fragmented, relying on state-by-state policies and sector-specific laws. Mike unpacks why this patchwork complicates global alignment and what an effective risk-based, standardized framework might look like. He argues that regulation must focus on how AI is applied, not just its scale, especially as the technology becomes embedded in everything from healthcare to email automation. We also touch on the unintended consequences of overregulation, including the risk of pushing innovation into regions with fewer safeguards. As Abnormal Security works with some of the world's largest brands, Mike offers a frontline view into how threat actors are already leveraging AI to outpace traditional defenses. His insights reinforce the need for transparency, human oversight, and "kill switches" to ensure AI remains a tool for good, not a liability. From real-world examples to strategic recommendations, Mike outlines what CIOs and CISOs need to know now. His advice is clear, grounded, and actionable, whether embracing regulatory sandboxes, staying alert to geopolitical nuances in AI models, or maintaining continuous learning in a fast-moving space. So, how do we keep innovation ethical and secure in a world where AI is moving faster than ever? And what steps should technology leaders take to avoid falling behind or losing control of the tools meant to drive progress?
In this episode, Subo Guha, Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber's mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform's modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber's strong commitment to ecosystem support and customer-centric growth.Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It's a clear statement: powerful security doesn't need to be out of reach for smaller teams or companies.This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
All Aboard the Innovation Express: RSAC 2025 On Track for Cybersecurity's FutureLet's face it—RSAC isn't just a conference anymore. It's a movement. A ritual. A block party for cybersecurity. And this year, it's pulling into the station with more tracks than ever before—figuratively and literally.In this On Location episode, we reconnect with Cecilia Murtagh Marinier, Vice President of Innovation and Scholars at RSAC, to dive into what makes the 2025 edition a can't-miss experience. And as always, Sean and Marco kick things off with a bit of improvisation, some travel jokes, and a whole lot of heart.From the 20th Anniversary of the Innovation Sandbox (with a massive $50M investment boost from Crosspoint Capital) to the growing Early Stage Expo, LaunchPad's Shark-Tank-style sessions, and the new Investor & Entrepreneur track, RSAC continues to set the stage for cybersecurity's next big thing.And this year, they're going bigger—literally. The expansion into the Yerba Buena Center for the Arts brings with it a mind-blowing immersive experience: DARPA's AI Cyber City, a physically interactive train ride through smart city scenarios, designed to show how cybersecurity touches everything—from water plants to hospitals, satellites to firmware.Add in eight hands-on villages, security scholars programs, coffee-fueled networking zones, and a renewed focus on inclusion, mentorship, and accessibility, and you've got something that feels less like an event and more like a living, breathing community.Cecilia also reminds us that RSAC is a place for everyone—from first-timers unsure where to begin to seasoned veterans ready to innovate and invest. It's about showing up, making a plan (or not), and being open to the unexpected conversations that happen in hallways, lounges, or over espresso in the sandbox village.And if you can't make it in person? RSAC has made sure that everything is accessible online—600 speakers, 600 vendors, and endless ways to engage, reflect, and be part of the global cybersecurity story.So whether you're hopping in the car, boarding a flight, or—who knows—riding a miniature DARPA train through Northridge City, one thing's for sure: RSAC 2025 is going full speed ahead—and we're bringing you along for the ride.⸻
In this Brand Story episode, Sean Martin and Marco Ciappelli sit down with Rob Allen, Chief Product Officer at ThreatLocker, to unpack how the company is reshaping endpoint security through a unique, control-first approach. Rob shares how ThreatLocker is challenging long-held assumptions about trust, visibility, and control in enterprise environments—and why the traditional “trust but verify” model is no longer good enough.From Default Permit to Default DenyThreatLocker's philosophy centers on a fundamental shift: moving from a default permit posture to a default deny stance. This approach, according to Rob, doesn't hinder operations—it creates boundaries that allow organizations to function safely and efficiently. It's not about locking systems down; it's about granting permissions with precision, so users can operate without even noticing security is present.Product Innovation Driven by Real FeedbackThe conversation highlights how customer input—and CEO Danny Jenkins' relentless presence at industry events—drives product development. New solutions like Web Control and Patch Management are designed as logical extensions of existing tools, allowing security teams to reduce risk without creating friction for end users. The addition of a software store, suggested by enterprise customers, gives users clarity on what's approved while reducing IT support tickets.Insights and the Detect DashboardRob also explains how ThreatLocker is unlocking the value of big data. With billions of data points collected every hour, their new Insights platform aggregates and analyzes cross-customer trends to better inform security decisions. Combined with the Detect Dashboard, teams now gain not only visibility but actionable intelligence—supported by polished visuals and streamlined workflows.More Than Just Tech—It's Peace of MindWhile the technology is impressive, Rob says the most rewarding feedback is simple: “ThreatLocker helps me sleep at night.” For many customers, that level of confidence is priceless. And in unexpected situations—like a blue-screen incident caused by third-party software—ThreatLocker has even been used to mitigate impacts in creative ways.Whether you're leading a global IT team or managing a growing MSP, this episode will make you think differently about how security fits into your operational strategy. Tune in to hear how ThreatLocker is turning bold ideas into real-world control.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer at ThreatLockerOn LinkedIn | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of Security Noise, Geoff and Skyler talk with IR Practice Lead Carlos Perez and Security Consultant Zach Bevilacqua about the world of security operations. They discuss current trends, the role of AI, challenges with traditional SIEM tools, and the value of proper logging and monitoring configurations. How important are proactive measures and effective communication within SOC teams? Find out what our team has to say on this episode of Security Noise! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.
As the cybersecurity world gears up for RSAC 2025 in San Francisco, we hit the road again—this time with Chris Pierson, Founder and CEO of BlackCloak, for a pre-event chat packed with insight, community spirit, and some big news.Chris is no stranger to the RSA stage—this year marks his 21st year presenting—and he's bringing his energy to two powerful sessions. The first, titled “Protecting What Matters: Your Family and Home,” kicks off bright and early on Monday, April 28. It's not about blinky lights or enterprise networks—it's about us. The cybersecurity community often talks about protecting organizations, but what about protecting ourselves and our families? Chris will explore how security pros can apply their skills at home, covering identity theft, scams, and home network safety. It's a refreshing and much-needed call to action that connects the personal and professional.On Wednesday, Chris returns with co-presenter James Shreve for a two-hour Learning Lab, “When Things Go Boom: Supply Chain Risk.” This Chatham House Rule session dives deep into one of today's most complex challenges: managing third-party risk without stopping the business in its tracks. Participants will step into different roles—board members, CISOs, legal, finance—to engage in a live, collaborative scenario that pushes them to think beyond checklists. Real talk. Real collaboration. And practical takeaways.But that's not all. BlackCloak is also unveiling its new Digital Executive Protection Framework, designed to help organizations assess and strengthen protections for executives and their families. Chris teases that this framework includes 14 essential tenets that blend physical, digital, and organizational awareness—and he'll be sitting down with us again at the event to go deeper.With 15–20 BlackCloak team members on site, a full schedule of meetings, events, and community conversations, this year is shaping up to be a milestone for BlackCloak at RSAC. If you're attending, keep an eye on their LinkedIn page for updates, booking links, and suite details.As Chris says, it's about lifting our heads, scanning the horizon, and showing up for our community—and our families.Keywords: RSAC2025, Chris Pierson, BlackCloak, cybersecurity, RSA Conference, digital protection, executive protection, supply chain risk, identity theft, privacy, home network security, third-party risk, CISOs, cybersecurity community, digital executive protection framework, GRC, threat intelligence, infosec, personal security, cybersecurity awareness______________________Guest: Chris Pierson, Founder & CEO of BLACKCLOAK | Digital Executive Protection | Concierge Cybersecurity & Privacy Protection . . . in their Personal Lives | On LinkedIn: https://www.linkedin.com/in/drchristopherpierson/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsBLACKCLOAK:https://itspm.ag/itspbcweb____________________________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageChris SessionsProtecting What Matters—Your Family & Home https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739369849404001eWtUWhen Things Go Boom! Your Supply Chain Riskhttps://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727434586212001yGwMBLACKCLOAK WEBSITE:https://itspm.ag/itspbcweb____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Join Marco and Sean in their annual pre-RSAC conversation with Linda Gray Martin and Britta Glade. Discover what's new and exciting at RSAC 2025—expanded campuses, innovative programming, and compelling guest speakers like Magic Johnson and Ron Howard. Dive into special events, immersive experiences, and the launch of a vibrant community platform aimed at fostering continuous learning and connection among cybersecurity professionals. Get ready for another unforgettable year celebrating many voices within one united community.Full Intro/Blog:RSA Conference 2025 is here, and Marco and Sean continue their beloved tradition with a vibrant preview conversation featuring Linda Gray Martin, Chief of Staff and Senior Vice President at RSAC, and Britta Glade, Senior Vice President, Content & Communities. This year's conference theme, "Many Voices, One Community," highlights the collaborative and inclusive spirit driving the cybersecurity world forward.In this engaging discussion, Marco and Sean explore the exciting expansions and innovations attendees can anticipate. RSAC is expanding its campus, taking over San Francisco's stunning Yerba Buena Center for the Arts, enhancing the attendee experience with a new keynote auditorium and the DARPA AI Cyber Challenge. The Sandbox area promises captivating interactive experiences, including a fictional town simulation designed to showcase AI's role in safeguarding critical infrastructure.Keynotes remain a conference highlight, with influential voices like NBA legend Magic Johnson sharing insights on teamwork, and filmmaker Ron Howard discussing storytelling and human connections in a unique father-daughter interview format. Closing celebrations feature an exciting conversation with Jamie Foxx, alongside vibrant performances from DJ Irie and local sensation Jazz Mafia.New educational tracks addressing essential topics such as Protecting Home and Family and Security Foundations ensure that content remains both relevant and accessible. The introduction of a new community membership platform is set to revolutionize ongoing engagement, offering secure messaging, tailored cybersecurity content, and collaborative opportunities long after the conference ends.Embrace the spirit of innovation, unity, and continuous growth at RSAC 2025, where the cybersecurity community comes together to drive meaningful change.Keywords:RSAC 2025, RSA Conference, cybersecurity, community, innovation, Magic Johnson, Ron Howard, Jamie Foxx, DARPA AI Cyber Challenge, Sandbox, Yerba Buena Center for the Arts, keynote speakers, networking, continuous learning, community membership platform, protecting home and family, security foundations, technology, inclusive community, immersive experience.__________________________________Guest: Linda Gray Martin | Chief of Staff, RSAC and Senior Vice President, RSA Conferencehttps://www.linkedin.com/in/linda-gray-martin-223708/Britta Glade | Senior Vice President, Content & Communities, RSA Conferencehttps://www.linkedin.com/in/britta-glade-5251003/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641____________________________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society & Technology stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-and-technology-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In a conversation that sets the tone for this year's RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O'Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.Wilson's session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just as seeing, but understanding and acting on what you see—confidence in defense capabilities may be misplaced. Wilson references a study conducted with IDC that highlights this very disconnect: organizations feel secure, yet admit they can't see enough of their environment to justify that confidence.This episode tackles one of the core paradoxes of AI in cybersecurity: it offers the promise of enhanced detection, speed, and insight, but only if applied thoughtfully. Generative AI and large language models (LLMs) aren't magical fixes, and they struggle with large datasets. But when layered atop refined systems like user and entity behavior analytics (UEBA), they can help junior analysts punch above their weight—or even automate early-stage investigations.Wilson doesn't stop at the tools. He zooms out to the business implications, where visibility, talent shortages, and tech complexity converge. He challenges security leaders to rethink what visibility truly means and to recognize the mounting noise problem. The industry is chasing 40% more CVEs year over year—an unsustainable growth curve that demands better signal-to-noise filtering.At its heart, the episode raises important strategic questions: Are businesses merely offloading thinking to machines? Or are they learning how to apply these technologies to think more clearly, act more decisively, and structure teams differently?Whether you're building a SOC strategy, rethinking tooling, or just navigating the AI hype cycle, this conversation with Steve Wilson offers grounded insights with real implications for today—and tomorrow.
Detection rules aren't just for fun—they're critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud.Why prevention isn't enough—and how detection fills the gapThe biggest mistakes in detection rules that could blow up your SOCHow to scale detections across hundreds (or thousands) of cloud accountsThe ROI of Detection as Code—why security leaders should careCommon low-hanging fruit detections every cloud security team should implementDavid has spent over a decade working in detection engineering, threat hunting, and building SIEM & EDR products. He shares real-world insights on how companies can improve their detection strategies and avoid costly security missteps.Guest Socials: David's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(03:06) What is Detection as Code?(03:41) What was before Detection as Code?(05:36) Business ROI for doing Detection as Code?(07:49) Building Security Operations in Google Cloud(12:41) Threat Detection for different type of workload(14:54) What is Google SecOps?(20:36) Different kinds of Detection people can create(24:46) Scaling Detection across many Google Cloud accounts(28:47) The role of Data Pipeline in Detection(31:44) Detections people can start with(34:14) Stages of maturity for detection(36:43) Skillsets for Detection Engineering(39:32) The Fun Section
In this episode, SAP's Lalit Patil explores the impact of AI on cybersecurity within cloud ERP. It emphasizes the need for agile business transformation, sustainability, and robust security. The discussion includes cybersecurity strategies like zero trust, and AI's role in threat detection/response. The speaker highlights balancing AI benefits with data integrity risks, advocating for proactive, AI-enabled security measures to protect sensitive business data in the cloud.
⬥GUEST⬥Allie Mellen, Principal Analyst, Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Send us a text In this episode, we dive into the critical world of security data strategy with experts Aqsa Taylor and Justin Borland, authors of the upcoming book Applied Security Data Strategy: A Leader's Guide. Justin, a veteran of the Equifax breach, shares firsthand lessons from one of the biggest security incidents in history, while Aqsa explores her journey from electrical engineering to cloud security and the role of governance in data management. Together, they unpack the challenges of handling massive security data, the power of real-time analytics, and how Abstract Security's platform transforms data strategy with deduplication, normalization, and tiered storage. Perfect for CIOs, CSOs, and security pros looking to future-proof their organizations. Subscribe for more cybersecurity insights!Key Points Covered:Introduction to Aqsa Taylor and Justin Borland, emphasizing their expertise and new book.Justin's Equifax experience as a compelling narrative hook.Aqsa's background and insights on governance and cloud security.Abstract Security's innovative approach to data strategy (deduplication, real-time analytics, etc.).Target audience callout (CIOs, CSOs, security professionals) and a subscription prompt.Why this description? It's concise, highlights the episode's value, and uses action-oriented language to engage viewers. It balances technical appeal with accessibility for a broad cybersecurity audience. Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
⬥GUEST⬥Allie Mellen, Principal Analyst, Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Send us a textIn this week's episode, we explore the exciting evolution of Security Information and Event Management (SIEM)—the Next-Generation SIEM (NGSIEM). Traditional SIEM solutions have long been crucial for cybersecurity, but they're facing significant challenges with modern infrastructures. Discover how NGSIEM tackles these limitations through advanced AI analytics, machine learning, cloud-native deployment, enhanced data parsing, and powerful automation capabilities. Don't miss this deep dive into how AI and Generative AI are transforming incident response, threat hunting, and cybersecurity collaboration for good!
Zero Trust World 2025: Strengthening Cybersecurity Through Zero TrustZero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.A Deep Dive into Windows Security and Zero Trust
Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.Defining Zero Trust in PracticeSean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.A Focus on Security OperationsSecurity operations and incident response are among the core themes of this year's discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.Learning Through EngagementOne of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.The Power of CommunityBeyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.Zero Trust World 2025 is just getting started, and there's much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into: Why cloud security is NOT like on-prem – and how that affects incident response How attackers exploit APIs in seconds (yes, seconds—not hours!) The secret to building a cloud detection program that actually works The biggest detection blind spots in AWS, Azure, and multi-cloud environments What most SOC teams get WRONG about cloud security Guest Socials: Will's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:38) A bit about Will Bengtson (05:41) Is there more awareness of Incident Response in Cloud (07:05) Native Solutions for Incident Response in Cloud (08:40) Incident Response and Threat Detection in the Cloud (11:53) Getting started with Incident Response in Cloud (20:45) Maturity in Incident Response in Cloud (24:38) When to start doing Threat Hunting? (27:44) Threat hunting and detection in MultiCloud (31:09) Will talk about his BlackHat training with Rich Mogull (39:19) Secret Detection for Detection Capability (43:13) Building a career in Cloud Detection and Response (51:27) The Fun Section
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this episode of Built In the Bluegrass, we're diving into the world of cybersecurity with Rich Connor, President of LockStock Cybersecurity & Analytics. With the increasing threat of digital vulnerabilities, LockStock is on the front lines, providing cutting-edge security solutions to businesses big and small. Join us as we chat with Rich about how they're helping companies navigate the ever-evolving cybersecurity landscape, their approach to risk management, and what every entrepreneur needs to know to keep their business safe in the digital age. Tune in for insights on protecting your digital assets and securing a safer future—right here in the Bluegrass State. Find all Built In The Bluegrass links here https://linktr.ee/builtinthebluegrass We want to take a moment to thank our partner – the Kentucky Association of Manufacturers. For over 100 years, KAM has served our state's manufacturing industry through advocacy, workforce development, education, and training, as well as cost-saving benefits for members. Fighting for manufacturers is what KAM does best, representing the industry in both Frankfort and Washington, D.C. Whether it's advocacy, offering shipping discounts, or group health insurance, KAM has its members covered. Learn more and become a member by visiting www.kam.us.com
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Artificial intelligence for IT security operations (AISecOps) is revolutionizing cybersecurity. In this episode, we discuss how AI and machine learning are used to analyze IT data, allowing organizations to: Proactively identify and respond to threats: Detect anomalies, predict outages, and automate incident response. Improve efficiency: Streamline security operations and optimize resource allocation. Enhance threat detection: Uncover complex attack patterns and stay ahead of emerging threats. We'll cover real-world applications of AISecOps, the challenges in implementing this technology, and future trends in AI-driven security. Finally, we'll provide actionable insights for organizations looking to strengthen their security posture with AISecOps. Speakers: John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection Kimberlee Coombes, Security Solution Architect, Connection Show Notes: 00:00 Introduction to AIOps and Cybersecurity 03:07 The Role of AIOps in Threat Detection 06:01 Adapting to Evolving Cyber Threats 08:58 AI in Proactive Threat Hunting 11:55 Challenges in AIOps: False Positives and Data Quality 14:51 The Future of AIOps and Self-Healing Systems 17:45 AI and Zero Trust Strategies 21:07 AIOps for Small and Medium Businesses 23:52 Final Thoughts and Recommendations
Humor is the best medicine, so they say. In critical IT security jobs, a little humor could help you prevent burnout and maintain your mental equilibrium. Lydia Graslie, a Cloud Threat Detection Engineer at Edward Jones, shares her insights on the complexities of cloud security and the challenges posed by modern cloud platforms, as well... Read more »
Humor is the best medicine, so they say. In critical IT security jobs, a little humor could help you prevent burnout and maintain your mental equilibrium. Lydia Graslie, a Cloud Threat Detection Engineer at Edward Jones, shares her insights on the complexities of cloud security and the challenges posed by modern cloud platforms, as well... Read more »
Humor is the best medicine, so they say. In critical IT security jobs, a little humor could help you prevent burnout and maintain your mental equilibrium. Lydia Graslie, a Cloud Threat Detection Engineer at Edward Jones, shares her insights on the complexities of cloud security and the challenges posed by modern cloud platforms, as well... Read more »
In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek
Today on the Salesforce Admins Podcast, Josh Birk talks to Jagan Nathan, Technical Architect with Customer Success at Salesforce. Join us as we chat about guest user anomalies and what you can do about them with the Threat Detection app. You should subscribe for the full episode, but here are a few takeaways from our […] The post Key Security Best Practices for Salesforce Admins Using Data Cloud appeared first on Salesforce Admins.
Guest: Chuck Brooks, President, Brooks ConsultingLinkedIn: https://www.linkedin.com/in/chuckbrooksTwitter: https://twitter.com/chuckdbrooksHost: Dr. Rebecca WynnOn ITSPmagazine
Join us in the latest episode of "Altitude," where host Jason Gervickas sits down with Sarmed Faraj, Security Consultant Manager at Accenture and Aviatrix Certified Engineer (ACE), to delve into the dynamic realm of network security and the significant impact of AI on cloud security. With a robust background in both civil engineering and computer science, Sarmed has transitioned seamlessly into IT, establishing himself as a leader in security and consulting.Together, Jason and Sarmed tackle the complex challenges enterprises face today in multicloud and hybrid environments, including the limitations of traditional firewalls, lack of visibility and control, challenges with hybrid connectivity, and the growing demand for real-time data processing. Additionally, Sarmed discusses the instrumental role of Aviatrix in streamlining network management, bolstering security, and driving cost efficiency.Sarmed also discusses the role of AI in networking and security, addressing common skepticism and drawing parallels between its evolutionary path and that of the internet. Emphasizing the critical need for AI investments, Sarmed states that companies hesitant to adopt these technologies will struggle to remain competitive in the coming years.This episode is essential for professionals looking to understand the current and future landscapes of network security and how AI continues to shape this industry.Learn More: Discover how Aviatrix Secure High-Performance Datacenter Edge can help you securely connect your data centers to the cloud with optimal performance and simplicity here. Get Multicloud Certified: Advance in your career and get multicloud certified through the Aviatrix Certified Engineer (ACE) Program here. Connect with Sarmed: Learn more about Sarmed's background and connect with him on LinkedIn here. Timestamped Overview:00:00 Intro01:36 Majored in computer science after preferring coding.05:14 Accenture's impressive leadership and consulting support.06:48 On-site training and supportive, engaging leadership.10:42 Replacing NAT gateways for cost savings.14:34 Issue with AVN threads causing connectivity problems.17:58 Firewalls struggle with cloud security dynamics.19:07 Troubleshooting firewall issues with AI assistance.25:31 Secure egress traffic and reduce NAT costs.27:11 Accenture uses AI for security threat detection.31:58 AI needs regulation to prevent misuse and hacking.
Streamline threat detection and response across diverse environments with Microsoft Sentinel, your cloud-native SIEM solution. With features like Auxiliary logs for low-cost storage and proactive data optimization recommendations, you can efficiently manage high volumes of security data without compromising on threat intelligence. Leverage built-in AI and automation to uncover hidden threats and reduce investigation time from days to minutes. Rob Lefferts, CVP for Security Solutions at Microsoft, joins Jeremy Chapman to show how to migrate from existing SIEM solutions with built-in migration tools, ensuring seamless access to your security logs while maintaining investigative integrity. ► QUICK LINKS: 00:00 - Microsoft Sentinel, modern Cloud SIEM 01:12 - Unified security operations platform 02:55 - Prioritize security updates 04:27 - Storage options 05:11 - Optimize data coverage and usage 06:17 - Protect against long-term persistent attacks 07:58 - Automation using auxiliary logs 08:59 - Manual effort 10:10 - Automation 12:07 - Migration 13:31 - Wrap up ► Link References Get started at https://aka.ms/MicrosoftSentinel Find samples for the Playbook Logic App and the Function app at https://aka.ms/AuxLogsTIapp ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Let us know your thoughts. Send us a Text Message. Follow me to see #HeadsTalk Podcast Audiograms every Monday on LinkedInEpisode Title:
SHOW: 859Rick Song (Co-founder & CEO @ Persona) talks about the evolution of identity verification and threat detection.Want to go to All Things Open in Raleigh for FREE? (Oct 27th-29th)We are offering 5 Free passes, first come, first serve for the Cloudcast CommunityRegistration Link - www.eventbrite.com/e/916649672847/?discount=Cloudcastfree Instructions:Click reg linkClick “Get Tickets”Choose ticket optionProceed with registration (discount will automatically be applied, cost will be $0)SHOW TRANSCRIPT: The Cloudcast #859 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST - "CLOUDCAST BASICS"SHOW NOTES:Persona webpageTech Crunch Article on PersonaTopic 1 - Welcome to the show. Give everyone a little bit about your background with a quick introduction please.Topic 2 - You cut your teeth at Square prior to Persona, what lessons did you learn there, and how did your experience there impact what you are doing at Persona?Topic 3 - We are, of course, seeing an uptick in personal fraud in both our personal and professional lives through identity theft and personal information leaking into the world. If someone has all the proper information, how do you identify this as a false identity?Topic 4 - How has AI impacted all of this? I would think with the power of GenAI tools, this industry has accelerated dramatically?Topic 5 - Do we have another arms race on our hands to identify and protect both our personal and professional lives from fraud?Topic 6 - Is Persona a 3rd party API similar in architecture to Stripe? If I'm an architect in an organization today and I want to get started, how would I do that?Topic 7 - If there was one thing you wanted people to understand about this, what would it be?Topic 8 - You have access to a lot of personal data, how is this data handled and secured?FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
On this episode of The Cybersecurity Defenders Podcast we talk about low noise threat detection with Joshua Neil, Founder at Alpha Level.Josh is a seasoned expert with over 20 years of experience in developing data-driven solutions to security challenges faced by both the U.S. Government and industry at large. With a deep understanding of enterprise security, they are focused on the fact that perimeter defenses alone aren't enough to prevent attackers from breaching systems. They emphasize the importance of visibility into enterprise behavior, the need for statistical methods in attack detection, and the interconnected nature of attacks across multiple endpoints. Their work revolves around quantifying security-relevant rare events and leveraging context to support analysts in distinguishing true breaches from false positives.Statistical Inference by George Casella and Roger Berger
How CI/CD Tools can expose your Code to Security Risks? In this episode, we're joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments. Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks. Guest Socials: Mike's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introductions (01:56) A word from episode sponsor - ThreatLocker (02:31) A bit about Mike Ruth (03:08) SDLC in 2024 (08:05) Mitigating Challenges in SDLC (09:10) What is Buildkite? (10:11) Challenges observed with Buildkite (12:30) How Terraform works in the SDLC (15:41) Where to start with these CICD tools? (18:55) Threat Detection in CICD Pipelines (21:31) Building defensive libraries (23:58) Scaling solutions across multiple repositories (25:46) The Fun Questions Resources mentioned during the call: GitHub Actions Terraform Buildkite Mike's BSidesSF Talk
In this session SecurityWeek speaks to Bennett Pursell, Ecosystem Strategist at the Open Source Security Foundation (OpenSSF) about OpenSSF Siren, a community data-sharing initiative aimed at bolstering the defenses of open source projects worldwide. In this fireside chat, Pursell discusses the origins and goals of OpenSSF Siren, exploring transparent access to data that can help small- and medium-sized businesses during active incidents. Pursell also shares insights on the value of threat intelligence, the shelf life of IOC (indicators of compromise) and how businesses with limited resources can mitigate exposure to risk.(Recorded at SecurityWeek's 2024 Threat Detection & Incident Response Summit)Follow SecurityWeek on LinkedIn
In this episode of Detection at Scale, Jack speaks with Saksham Tushar, Head of Security Operations & Threat Detection Engineering at CRED, about the challenges of compliance in a high-growth environment. Saksham shares their strategy for automating security processes and enriching data to enhance threat detection. He emphasizes the importance of verifying automated outcomes to ensure accuracy. Saksham also covers how CRED uses Python libraries for efficient incident response and the significance of contextual understanding in security incidents. With a focus on streamlining compliance and leveraging intelligence, Saksham provides valuable insights into building a robust security operations framework in a rapidly evolving landscape. Topics discussed: How CRED distilled complex compliance requirements into a manageable set of common standards to streamline processes. The importance of correlating various log sources to create a comprehensive view of security incidents. How automation has transformed security processes, making them more efficient and effective. The use of threat intelligence and how it is centralized and automated to provide actionable insights for security teams. The development of internal Python libraries that facilitate quick data queries for incident investigations. The importance of understanding the context around security incidents to better inform responses and strategies. How using notebooks for investigations aids in communication and auditing, allowing for clear documentation of processes. How to organize a team to maintain agility while ensuring diverse skill sets are leveraged effectively. The necessity of verifying automated processes to ensure they yield accurate and actionable outcomes. Resources Mentioned: Saksham Tushar on LinkedIn CRED website
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector segment, guest host Michael Sikorski speaks with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. A deadbeat dad dodges debt through death. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this Threat Vector segment, guest host Michael Sikorski, CTO of Unit 42, engages in a thought-provoking conversation about the historical challenges and advances in cyber conflict with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. Selected Reading Critical Privilege Escalation in LiteSpeed Cache Plugin (Patchstack) Google fixes ninth Chrome zero-day exploited in attacks this year (The Register) Cisco Patches High-Severity Vulnerability Reported by NSA (SecurityWeek) Slack AI can leak private data via prompt injection (The Register) Major Backdoor in Millions of RFID Cards Allows Instant Cloning (SecurityWeek) FAA proposes new cybersecurity rules for airplanes (The Record) U.S. charges Karakurt extortion gang's “cold case” negotiator (Bleeping Computer) ASD's ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (CISA) Kremlin blames widespread website disruptions on DDoS attack; digital experts disagree (The Record) Deadbeat dad faked his own death by hacking government sites (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us a Text Message.Purav Desai is a Microsoft 365 incident responder at a large financial institution (name withheld to protect the innocent). He shares his journey and expertise in the field. He explains how his early exposure to Microsoft security solutions and their constant innovation led him to specialize in 365 security and incident response. He discusses the importance of mentors and influential figures in his career, highlighting the lessons he learned from them. He then dives into his popular project, Deciphering UAL (Unified Audit Logs), which aims to make sense of the complex logs in Microsoft 365. Purav shares an incident response scenario involving a banking Trojan and how he used telemetry and logging to investigate and remediate the issue. He concludes by discussing effective threat detection methods in Microsoft 365, including threat hunting with KQL and leveraging Zero-Hour Auto-Purge (ZAP) to prevent the spread of attacks. In our conversation, we dive into:How specializing in Microsoft 365 security and incident response can be a wise choice due to the constant innovation and market demand for Microsoft solutions.How having mentors and influential figures in your career can provide valuable guidance and inspire you to push yourself and try new things.His personal project, Deciphering UAL (Unified Audit Logs), aims to make sense of the complex logs in Microsoft 365, providing insights for digital forensics and incident response.How proper licensing and logging configuration are crucial for effective incident response.How native tools like Purview Audit and eDiscovery provide valuable insights for forensic analysis.The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Join Sean Martin and TAPE3 as they dive into key insights from Black Hat 2024, highlighting the crucial need to embed cybersecurity into core business practices to drive growth and resilience. Discover how leveraging AI, modular frameworks, and human expertise can transform cybersecurity from a defensive function into a strategic enabler of business success.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas
In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization's security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture's evolution.A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai's rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai's tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23Note: This story contains promotional content. Learn more.Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3aiView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.Key Points Discussed:Behavioral Detection vs. Signature-Based Methods:Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities.Enhanced Capabilities for Real-Time Response:The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation.Recognition and Impact:RAD Security's innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position.Supply Chain Security:Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security's verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability.Future of Cloud Security:As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats.RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.Learn more about RAD Security: https://itspm.ag/radsec-l33tzNote: This story contains promotional content. Learn more.Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]On LinkedIn | https://www.linkedin.com/in/brookemotta/On Twitter | https://x.com/brookelynz1ResourcesA Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4biOpen Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kroLearn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-securityView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
On this episode of The Cybersecurity Defenders Podcast we talk threat detection & research with Zack Allen, Security Detection & Research Leader at Datadog.Zack is a seasoned security research, engineering, and product leader with over a decade of experience in building organizations that create impactful security for customers. Zack specializes in threat research and intelligence, cloud security, software engineering, and DevOps. His expertise has significantly contributed to advancing the field of cybersecurity. He is also the visionary behind Detection Engineering Weekly, a platform that provides insights and updates on the latest in detection engineering. You can subscribe to Zack's newsletter here.
In this episode of Detection at Scale, Jack Naglieri chats with Darren LaCasse, Director of Threat Intelligence, Incident Response, & Threat Detection at Elastic. Darren offers insights into the innovative project around detection as code, shedding light on the methodologies Elastic employs to enhance security operations. Darren touches on the challenges of managing massive amounts of data, the importance of prioritization in security tasks, and how automation has revolutionized their response strategies. He also shares practical advice on conducting gap analyses to focus on what truly matters. Topics discussed: The importance of prioritizing security tasks to focus on critical business-impacting elements, ensuring a resilient security framework. Strategies for handling and analyzing large volumes of security data to maintain effective monitoring and response capabilities. How automation has halved alert volumes, freeing analysts from repetitive tasks and enhancing overall productivity. Conducting regular gap analyses and attack path discussions to visualize vulnerabilities and direct security efforts effectively. The role of tagging and context-aware responses in streamlining security operations and making analysts' lives easier. Prioritizing security efforts based on the criticality of vendors and data, focusing first on restricted and critical vendors. The importance of conducting at least annual reviews to reassess and improve security controls and monitoring strategies. Using metrics to measure the effectiveness of security measures and guide continuous improvement efforts. Resources Mentioned: Darren LaCasse on LinkedIn Elastic Security Solution website
Host Curtis Chang and "founding friend" David French sit down for a deep dive into ways people are detecting threats in today's polarized landscape. They explore how both conservatives and progressives (including Christians of both stripes) often distort potential dangers, creating a misleading perception of reality and double standards. They also provide practical strategies for repairing our dysfunctional threat detectors. Listen to The Kingdom of Jesus and get sheet music, lyrics, and prayers for your church Donate to Redeeming Babel HERE Bring The After Party course to your church or small group! Order The After Party Book by Curtis Chang & Nancy French
In this week's episode of The Conference Room, host Simon Lader sits down with Peter Prizio, CEO of SnapAttack, a cybersecurity vendor, to explore the journey of building a startup in the cybersecurity industry and the importance of proactive security measures. KEY TAKEAWAYS FROM THIS WEEK'S EPISODE Peter Prizio Background (01:22 - 02:17) Peter shares his journey to becoming CEO of SnapAttack, highlighting his diverse background in electrical engineering, consulting, and cybersecurity. SnapAttack Development Story (02:17 - 03:39): Discussion on the unique story of SnapAttack development, originating from a product within Booz Allen Hamilton's Dark Labs and later spun out as a standalone product. Challenges Faced by SnapAttack (03:39 - 05:07): Peter elaborates on the challenges and opportunities SnapAttack faced as a startup, including securing venture capital funding and establishing a brand in the market. Differentiation Strategy (13:23 - 15:37): The conversation explores SnapAttack strategy for differentiation in a competitive cybersecurity market, focusing on proactive security and efficiency. Peter's Product Management Background (22:17 - 29:27): Peter discusses how his product management background prepared him for the CEO role, emphasizing the importance of surrounding oneself with a capable team and fostering open communication. Establishing a Company (30:19 - 36:16): Peter discusses the importance of having a mentor network and provides top three tips for establishing a company. AI Innovation and Threat Detection (36:16 - 42:18): Peter talks about recent developments at SnapAttack, including leveraging AI innovation for threat detection and prevention. SnapAttack's Journey and Challenges (42:14 - 03:53:53): Peter shares SnapAttack's origin story and the challenges faced in establishing product-market fit and brand credibility. Messaging Strategies and Market Differentiation (03:55:21 - 04:03:18): Discussion on evolving messaging strategies, proactive security approach, and product differentiation in the cybersecurity market . CEO Role and Leadership Challenges (04:03:18 - 04:14:31): Peter reflects on his transition from VP of Product to CEO, managing diverse functions, and provides insights into effective leadership. THIS WEEK'S GUEST - PETER PRIZIO Peter Prizio, CEO of SnapAttack, pioneers enterprise security solutions. With a focus on consolidating intel, emulation, engineering, hunting, and purple teaming into an intuitive, no-code platform, SnapAttack revolutionizes security operations. Peter's background spans defense engineering and public services, with a dedication to fostering collaboration for proactive security. Holding an MBA from George Washington University and a BS in Electrical Engineering from the University of Connecticut, he drives innovation to address cybersecurity challenges. To learn more about Peter Prizio please visit his Linkedin Profile To learn more about SnapAttack, please visit their website YOUR HOST - SIMON LADER Simon Lader is the host of The Conference Room, Co-Founder of global executive search firm Salisi Human Capital, and founder of the Cybersecurity Business Growth Think Tank. Since 1997, Simon has helped cybersecurity vendors to build highly effective teams and is one of the leading voices in the cybersecurity and search industries. Get to know more about Simon at: Twitter: https://twitter.com/simonlader LinkedIn: https://www.linkedin.com/in/headhuntersimonlader/ The Conference Room is available on Spotify Apple podcasts Amazon Music IHeartRadio
© 2020-2025 Ivy Podcast Discovery LLC
