POPULARITY
Categories
In questo episodio si discute del Model Context Protocol (MCP) e delle sue implicazioni sulla sicurezza informatica, in particolare per quanto riguarda gli AI agent. Viene analizzato come MCP possa risolvere problemi di isolamento tra servizi, ma anche le vulnerabilità che emergono dalla sua implementazione. Si evidenziano casi reali di problemi di sicurezza, come quello di Asana, e si propone un approccio di Zero Trust per migliorare la sicurezza dei server MCP.
Moin aus Osnabrück und herzlich willkommen zur 31. Folge vom Update. Dieses Mal ist Julius Höltje bei Ulf am Mikrofon. Die beiden sprechen über Zero Trust, eines der wichtigsten Sicherheitskonzepte der modernen IT. Die digitale Landschaft hat sich in den letzten Jahren massiv verändert. Cloud-Anwendungen, Remote-Arbeit und immer ausgeklügeltere Cyber-Angriffe stellen Unternehmen vor neue Herausforderungen. Doch wie können sich Unternehmen effektiv schützen? Und welche Rolle spielt Zero Trust dabei?
What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]
If you like what you hear, please subscribe, leave us a review and tell a friend!
All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Welcome to a special episode of Jamf After Dark showcasing a recent discussion recorded by IDC India. Discover how Jamf is revolutionising Apple enterprise IT in India in this exclusive conversation. Featuring insights from Liz Benz - Chief Sales Officer, Jamf, Ben Oxnam - Senior VP and GM, EMEIA, Jamf, and Chiranjeev TK - Country Head, Jamf India, this dialogue explores the evolving landscape of enterprise device management, security, and Apple adoption across Indian businesses. Learn how Jamf is enabling organizations to: Seamlessly manage Apple devices at scale Strengthen endpoint security with Zero Trust principles Empower IT teams for a modern, mobile-first workforce Navigate the unique challenges and opportunities in the Indian enterprise ecosystem Whether you're a CIO, IT leader, or enterprise strategist, this session offers valuable perspectives on how Jamf and Apple are shaping the future of secure, scalable IT in India
In this conversation, Dr. Chase Cunningham and Eric Krohn discuss the evolving landscape of cybersecurity, particularly focusing on the impact of AI and Zero Trust principles. They explore the challenges small and medium businesses face in adopting new technologies, the importance of risk management, and the need for a collaborative approach between technology and business strategies. The discussion also touches on the recent funding trends in cybersecurity startups and the role of AI in enhancing security measures while addressing the human element in cybersecurity practices.TakeawaysThe AI boom is reshaping the cybersecurity landscape.Zero Trust is becoming a standard practice in security.Risk management strategies must evolve with technology.AI can enhance cybersecurity but requires careful implementation.Small and medium businesses face unique challenges in cybersecurity.Funding for cybersecurity startups is on the rise.Collaboration between tech and business is essential for success.AI can help simplify complex cybersecurity processes.Understanding the human element is crucial in cybersecurity.The future of cybersecurity will be driven by innovation and adaptability.
Everyone knows automation is powerful, but it's also a double-edged sword. This week on Feds At The Edge, we speak with cybersecurity experts who share how to securely align automation with Zero Trust principles. We spend the hour diving to importance of shared responsibility models, protecting critical surfaces, and using automation to enhance observability and control, especially in cloud environments. Michael Hardee, Chief Architect for Red Hat, shares insights on how automation can reduce social engineering risks by eliminating human override. While Don Yeske, Director, National Security Cyber Division at DHS, highlights how AI can uncover vulnerabilities in outdated enterprise architectures, including a recent zero-day attack. Both experts emphasize the “human-in-the-loop" approach, agreeing that automation should augment, not replace, human insight. As Michael Hardee reminds us, “automation is not a license for us to check out.” Tune in on your favorite podcast platform today!
In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.
Technology and software development can take years to field capabilities that may no longer meet mission needs once they reach the finish line. Some department compliance practices can add 12-18 months for authorization. At the AWS Summit in Washington, D.C., Marine Corps Community Services Digital Program Manager David Raley said that his office is accelerating the development and approval processes for mission capability. Raley highlighted solutions like AWS GovCloud and a certified DevSecOps platform that help reduce authorization times from a year to 15 minutes. Raley also talked about the ways DOD is advancing zero trust implementation and security in cloud-native environments.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler's scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.
In this episode of The Segment, we dive deep into the critical intersection of cybersecurity, resilience, and organizational strategy with the renowned Dr. Larry Ponemon, founder of the Ponemon Institute and a pioneer in privacy and security research. With over 20 years of groundbreaking studies, including the IBM Cost of a Data Breach Report and the Global Cost of Ransomware Study, Dr. Ponemon shares valuable insights into the evolving cyber threat landscape and what businesses can do to stay ahead.We also talk about: The origins and evolution of the Ponemon Institute's research.Why prevention isn't enough, emphasizing containment and resilience in cybersecurity.The rising costs of data breaches and attackers' growing focus on disrupting operational resilience.How organizations can leverage research data to secure leadership buy-in and develop effective strategies.The importance of Zero Trust frameworks in addressing modern security challenges.The role of robust leadership, strategic planning, and redundancy in enhancing resilience.The evolving responsibilities of CISOs and unifying accountability within organizations.Emerging trends like artificial intelligence and global contributions to cybersecurity innovation.Metrics for measuring the effectiveness of security controls.The Global Cost of Ransomware Report: https://www.illumio.com/resource-center/cost-of-ransomware Listening Notes:[2:30 - 6:00] Advice for Mitigating Ransomware Risks[6:00 - 11:00] Role of Zero Trust in Security[11:00 - 16:00] Accountability in Security Strategies[16:00 - 21:00] Research Wishlist: Metrics and Trust[21:00 - 25:00] Long-Term Industry ObservationsTune in to learn how to shift from a prevention mindset to one of resilience and adaptability in an ever-changing digital world!
Explore the critical intersection of Data Center Infrastructure Management (DCIM), Common Data Center Security issues and Zero Trust Architecture (ZTA) with a special focus on how our innovative OpenData solution can help. As data centers face increasing security threats and regulatory pressures, understanding how to effectively integrate DCIM into a Zero Trust framework is essential for safeguarding operations and ensuring compliance.
Ante un escenario de 30 mil millones de amenazas cibernéticas diarias, Cloudflare y TD SYNNEX amplían su alianza estratégica para ofrecer soluciones Zero Trust, SASE y servicios de seguridad gestionados mediante una plataforma unificada que reduce costos y simplifica la operación tecnológica.
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various aspects of cybersecurity, focusing on recent data breaches, the implications for businesses, and the challenges faced by small and medium-sized enterprises (SMBs). He highlights the Victoria's Secret data breach as a case study, examines vulnerabilities in water utilities, and critiques the government's approach to cybersecurity funding and information sharing. The discussion also touches on the market dynamics surrounding cybersecurity firms like CrowdStrike and the implications of workforce changes within the Cybersecurity Infrastructure Agency (CISA).TakeawaysCybersecurity breaches can significantly impact business operations and stock performance.Organizations should proactively assess their connections to compromised entities.The government lacks effective reporting mechanisms for cybersecurity vulnerabilities.Small and medium-sized businesses are often left out of cybersecurity discussions.Congress needs to clarify definitions and incentivize cybersecurity participation among SMBs.Funding cuts to cybersecurity agencies can undermine national security efforts.CrowdStrike's market performance raises questions about accountability in cybersecurity.CISA is facing significant workforce challenges that may affect its effectiveness.Popular Chrome extensions can pose security risks by leaking sensitive data.Proactive measures are essential to mitigate cybersecurity threats.
What if Zero Trust isn't a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and author of Project Zero Trust, reveals the human-first truth behind the Zero Trust movement, and why it's not something you buy but something you build. George shares stories from hacking a college database to launching a deepfake of himself trained on his own books, all while breaking down how AI and creativity are reshaping security leadership. Impactful Moments: 00:00 - Introduction 01:16 - Cyber Hall of Fame recognition 07:00 - Hacked his college to solve mail 09:00 - Took startup job without paycheck 14:14 - Zero Trust is a strategy, not tool 17:00 - Tailoring security like a custom suit 23:29 - AI strategy through Zero Trust lens 29:30 - Built a Zero Trust voice clone hotline 36:00 - You don't need to be a CISO 38:30 - Why weirdos make cybersecurity stronger Links: Connect with our guest, George Finney: https://www.linkedin.com/in/georgefinney/ Check out George's books on Amazon: https://www.amazon.com/stores/author/B01MT0C6X3 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
In this episode of Life of a CISO, Dr. Eric Cole reconnects with longtime friend and cybersecurity legend Dr. Anton Chuvakin, whom he has known for over 25 years. The conversation opens with reflections on their decades-long professional journey and transitions into a deep dive into Anton's current work at Google Cloud's Office of the CISO. Anton shares how his team supports secure cloud and AI adoption—not as traditional field CISOs focused on sales—but as strategic advisors and researchers helping clients understand and implement Google's advanced security models. The discussion spotlights Google's internal use of Zero Trust architecture, highlighting how Google eliminated the need for VPNs over a decade ago. Anton explains how this approach—initially pioneered through Google's BeyondCorp—combines stronger security with greater usability, a rare balance in cybersecurity. Dr. Cole presses into why more companies haven't adopted Zero Trust, prompting Anton to emphasize the power of organizational inertia. Drawing from his years at Gartner, Anton notes that despite the proven benefits, many enterprises resist change due to legacy systems and mindset barriers. This episode offers a compelling look at the evolving landscape of enterprise security and the importance of embracing innovation over outdated habits.
Chong Shen from Flower Labs joins us to discuss what it really takes to build production-ready federated learning systems that work across data silos. We talk about the Flower framework and it's architecture (supernodes, superlinks, etc.), and what makes it both "friendly" and ready for real enterprise environments. We also explore how the generative Generative AI boom is reshaping Flower's roadmap.Featuring:Chong Shen Ng – LinkedInChris Benson – Website, GitHub, LinkedIn, XDaniel Whitenack – Website, GitHub, XEpisode links:The future of AI training is federatedDeepLearning.ai short course on Federated Learning with FlowerFlower MonthlyFederated Learning in AutomotiveFederated AI in FinanceFederated Learning in HealthcareFederated AI on IoT SystemsFlowerTune LLM LeaderboardFlower IntelligenceGitHubSlackFlower DiscussCheck out upcoming webinars!Sponsors:NordLayer is toggle-ready network security built for modern businesses—combining VPN, access control, and threat protection in one platform that deploys in under 10 minutes with no hardware required. It's built on Zero Trust architecture with granular access controls, so only the right people access the right resources, and it scales effortlessly as your team grows. Get up to 32% off yearly plans with code practically-10 at nordlayer.com/practicalai - 14-day money-back guarantee included.
Joe Tidy investigates what may be the cruelest and most disturbing cyber attack in history. A breach so invasive it blurred the line between digital crime and psychological torture. This story might make your skin crawl.Get more from Joe linktr.ee/joetidy.Get the book Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet (https://amzn.to/3He7GNs).SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.
The theme of the current administration is to do more with less. Today, we hear from experts on how they have assisted in implementing Zero Trust by leveraging all resources possible. We know implementing Zero Trust is a continuous process; David Bottom from the SEC provides guidelines on what to review constantly. He suggests focusing on decreasing privileges, patching systems, and learning how to extract meaningful signals from the flood of data entering the federal government. None of this can be done without cooperation across the agency. As an example of working with others, David Bottom references the SEC's EDGAR (Electronic Data Gathering, Analysis, and Retrieval). Jennifer Franks, GAO, recommends that listeners take advantage of federal guidelines to spend as little as possible while meeting compliance goals. For example, CISA, OMB, and NIST all offer guidance in implementation. She has an excellent eight-word summary of Zero Trust: right users, proper access, at the right time. Many agencies are understaffed. As a result, one way to meet goals is to leverage the right tools. Brian "Stretch" Meyers believes the most "bang for the buck" will be achieved by using tools to establish visibility. From there, one can identify key items to reach compliance. Zero Trust is an initiative that is here to stay. Listen to the podcast to get ideas on how to optimize the staff and resources at hand.
In this conversation, Dr. Chase Cunningham and Michael Shieh from Mammoth Cyber discuss the evolution of Zero Trust security, focusing on browser security and AI's role in enhancing security measures. They explore the concept of data-first security, the significance of mobile security, and the future of Zero Trust in the context of increasing cyber threats. Michael emphasizes the need for a browser-centric approach to security, which allows for better control and visibility over user behavior and data access.TakeawaysMammoth Cyber focuses on browser-centric security solutions.The evolution of web applications has increased data leakage risks.AI tools are becoming integral to browser security.Data isolation allows users to access data without downloading it.User productivity should not be hindered by security measures.The attack surface for cyber threats is broader than ever.Browser security is essential for all users, not just enterprises.Phishing training is less effective than implementing browser isolation.Mobile security is crucial as users access company data on personal devices.The future of Zero Trust will heavily involve browser security solutions.
Send us a textIhab Shraim shares his expertise on domain security and why it represents the "missing chapter" in modern cybersecurity strategy. We explore how AI is accelerating cyber threats from years to weeks and why protecting your online presence is more critical than ever.• Domain security is often overlooked despite being critical to an organization's reputation and online presence• Over 93% of security professionals can't identify their company's domain registrar or DNS provider• Modern cyber criminals are sophisticated organizations who target "soft targets" rather than heavily defended perimeters• AI-powered tools like FraudGPT and WormGPT enable custom malware creation for as little as $200 on the dark web• Voice cloning and deepfake technologies are being used in increasingly convincing social engineering attacks• Zero Trust architecture and layered security approaches are essential for comprehensive protection• Blended attacks targeting multiple systems simultaneously represent the future of cyber warfare• Reputation management encompasses domain protection, brand abuse prevention, and counterfeit detection• Personal data protection requires vigilance about what you share online and implementing proper security at home• Companies must have actionable response plans, not just detection capabilitiesConnect with Ihab Shraim on LinkedIn or email him at ihab.shraim@cscglobal.com to learn more about domain security and protecting your online presence.Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
In this episode of the Brilliance Security Magazine Podcast, we sit down with Matt Stern, Chief Security Officer at Hypori, to discuss how organizations can move beyond outdated mobile device management strategies and adopt a zero-trust approach to the future. Stern shares compelling insights from his extensive experience in both military and federal cybersecurity, highlighting why traditional BYOD approaches—like MDM and MAM—are no longer adequate. If you're a CISO, IT leader, or just curious about secure mobile innovation, this is a conversation you don't want to miss.SummaryThe episode begins with Matt Stern's journey from Army Ranger to cybersecurity executive. He discusses how his experience leading large-scale cyber operations, including the U.S. Army CERT and the EINSTEIN national cybersecurity system, shaped his threat-centric approach to enterprise security.The conversation then turns to the evolving BYOD (Bring Your Own Device) landscape. Stern highlights the risks posed by traditional mobile device management (MDM) and mobile application management (MAM) solutions—such as increased attack surface, privacy concerns, and inadequate control over unmanaged personal devices. He also touches on regulatory challenges like the “No TikTok Law,” which bans certain apps on government-affiliated devices due to data exposure risks.Stern explains how Hypori addresses these issues with its Virtual Mobile Infrastructure (VMI), which keeps all data and compute operations off the user's device. Hypori streams pixels only—meaning no data is stored or processed locally—eliminating risks associated with compromised devices. He walks listeners through Hypori's layered authentication system and robust security architecture, which enables secure operation from any personal device without compromising user privacy.The show concludes with a discussion on cost savings and operational efficiency. Stern notes that the Department of Defense already uses over 70,000 Hypori licenses and highlights how organizations can achieve significant savings—up to 42%—by eliminating the need to purchase and manage government-furnished equipment (GFE). His advice to IT leaders: assess your current BYOD risks, examine the real-world behaviors of your workforce, and consider whether legacy models are hindering your security posture.
When it comes to data protection, the word “immutability” often feels like it belongs in the realm of enterprise giants with complex infrastructure and massive budgets. But during this RSAC Conference conversation, Sterling Wilson, Field CTO at Object First, makes a strong case that immutability should be, and can be, for everyone.Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagious: not just among vendors, but also from practitioners expressing serious concerns about their ability to recover data post-incident. These conversations weren't hypothetical; they were real worries tied to rising insurance premiums, regulatory compliance, and operational survivability. And at the core of all this? Trust in the data backup process.Agentic AI, AI capable of making decisions independently, is one of the trends Wilson flags as both promising and risky. It offers potential for improving preparedness and accelerating recovery. But it also raises concerns around access and control of sensitive data, particularly if exploited by adversaries. For Sterling, the opportunity lies in combining proactive readiness with simplicity and control, especially for those who aren't traditional security practitioners.Object First is doing just that through OOTBI: Out of the Box Immutability. And yes, there's a mascot: OOTBI. More than just a marketing hook, OOTBI represents a shift toward making backup and recovery systems approachable, usable, and, importantly, accessible. According to Wilson, the product gets users from “box to backup” in 15 minutes... with encrypted, immutable storage that meets critical requirements for cyber insurance coverage.Cost, Wilson adds, is a key barrier that often prevents organizations from reaching data protection best practices. That's why Object First now offers consumption-based pricing models. Whether a business is cloud-first or scaling fast, it's a path to protection that doesn't require breaking the budget.Ultimately, Wilson emphasizes education and community as critical drivers of progress. From field labs where teams can configure their own Opi, to on-location conference conversations, the company is building awareness, and reducing fear, by making secure storage not just a feature, but a foundation.This episode is a reminder that effective cybersecurity isn't only about innovation; it's about inclusion, practicality, and trust... both in your tools and your team.Learn more about Object First: https://itspm.ag/object-first-2gjlNote: This story contains promotional content. Learn more.Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/ResourcesLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, sterling wilson, immutability, agentic, ai, backup, recovery, cybersecurity, insurance, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various pressing issues in cybersecurity, including the recent leadership changes at CISA, NATO's proposal for cybersecurity spending, market trends in cybersecurity IPOs, and the alarming number of exposed credentials. He emphasizes the importance of cybersecurity in business growth and critiques the healthcare sector's approach to cybersecurity investments. The conversation also touches on emerging threats and concludes with a call to action for the cybersecurity community to address these challenges.TakeawaysCISA's leadership changes raise questions about its effectiveness.NATO's inclusion of cybersecurity in spending targets is a significant development.Market trends indicate a shift towards IPOs in cybersecurity.The exposure of 184 million login credentials highlights ongoing security issues.Cybersecurity teams contribute significantly to business growth.Healthcare organizations prioritize IT security but struggle with implementation.Hackers are increasingly exploiting cloud services for attacks.CrowdStrike's lack of accountability raises concerns in the industry.The cybersecurity community must work together to address emerging threats.There is a need for greater transparency and accountability in cybersecurity incidents.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Knight, former CISO, Hyundai Capital America Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Windows 11 might fail to start after installing KB5058405, says Microsoft Victoria's Secret website goes offline following cyberattack Billions of stolen cookies available, worrying security experts Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Microsoft wants to update all the things LexisNexis breach impacts 364,000 people Cyber insurance premium volume expected to double Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397
In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don't forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.
MathWorks, Creator of MATLAB, Confirms Ransomware Attack Adidas warns of data breach after customer service provider hack Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397
This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company's data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor's booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust's Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it's too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinhadigitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utmsource=share&utmmedium=memberdesktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-397
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Tim Jacobs, vp, CISO, Commonwealth Care Alliance. In this episode: Starting from zero Prepare for decisive decisions Working back from unacceptable Discovering inefficiencies A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM FULL SHOW NOTES https://www.microsoftinnovationpodcast.com/691 What happens when cybercrime becomes as organized—and profitable—as a Fortune 500 company? In this episode, Louis Arthur-Brown, a cybersecurity leader and solutions partner at CodeStone, pulls back the curtain on the evolving threat landscape. From ransomware-as-a-service to deepfake deception, Louis shares real-world insights and practical strategies for defending your organization in an AI-accelerated world. Whether you're a tech leader or a curious professional, this conversation will sharpen your security instincts and help you build resilience where it matters most. KEY TAKEAWAYS Cybercrime is industrialized: Ransomware-as-a-service and affiliate models make it easy for anyone—even non-technical actors—to launch attacks for as little as $50. AI is amplifying threats: A 1,300% rise in phishing emails last year is just the beginning. Deepfakes and voice cloning are reshaping social engineering tactics. MFA and basic hygiene go a long way: Implementing multi-factor authentication and conditional access can block up to 92% of cyberattacks. Zero Trust is essential: Organizations must move beyond the “walled garden” mindset and adopt a “never trust, always verify” approach to access and data. Data strategy is security strategy: Tools like Microsoft Purview and Windows 365 help classify, protect, and monitor sensitive data—especially in AI-enabled environments. RESOURCES MENTIONED
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn't frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure.ThreatLocker's mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia's Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what's working and where they need help.Why Being There MattersDifferent regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it's conversations about Cyber Essentials that shape booth discussions. Regulations aren't just compliance checklists; they're also conversation starters that change how organizations prioritize security.The ThreatLocker team doesn't rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what's necessary, and blocking what isn't.Booth D90 and BeyondRob Allen invites anyone—whether they're new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It's not just about showcasing technology; it's about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.If you're at InfoSecurity Europe, stop by. If you're not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerCyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcastAustralia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interviLearn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25 ______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people's attention, though, wasn't the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker's controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.Zero Trust Is a Journey—But It Doesn't Have to Be ComplicatedOne key message Rob emphasizes is that true security doesn't come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they're all winter coats, you're not prepared for summer,” Sean Martin jokes, reinforcing Rob's point that layers should be distinct, not redundant.ThreatLocker's approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.From Technical Wins to Human ConnectionsThe conversation wraps with a reminder that cybersecurity isn't just about tools—it's about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974⸻Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com AFCEA'S TechNet Cyber conference held in Baltimore, Maryland was the perfect opportunity to sit down with Bryan Rosensteel, Head of Public Sector Marketing at Wiz. Wiz is the “new kid on the block,” and it has had tremendous growth. During the interview, Bryan Rosensteel shows how agentless approaches can improve visibility and assist with compliance. We all know how complexity has infiltrated federal technology. We have the usual suspect of Cloud Service Providers, hybrid clouds, private clouds, and, if that was not complicated enough, alt-clouds. As a result, it is almost impossible to get a “bird's eye” visibility to provide cyber security. Two main ways have been proposed to secure this much-desired system's view. Agent. One approach is to put a bit of code on each device, called an “agent” method. It is good for granular control, but can slow down a scan and must be maintained Agentless. Bryan Rosensteel from Wiz describes something called a “agentless” method to gain visibility into complex systems. This method leverages infrastructure and protocols to accomplish the scanning objective much faster. Bryan Rosensteel states that in a world of constant attacks, this faster method allows for rapid updates to threats. Beyond better observation, an agentless method, like the one provided by Wiz, allows for compliance automation, continuous monitoring, and sets the groundwork for effective Zero Trust implementation.
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various aspects of cybersecurity, including the impact of ransomware attacks on businesses, the importance of strong password practices, and the emerging threats posed by ransomware as a service operations like Dragon Force. He highlights recent data breaches in retail, the significance of red teaming in cybersecurity, and the security risks associated with Chinese-made solar inverters. The conversation also touches on legislative responses to cybersecurity threats and a recent ransomware attack on Coinbase.TakeawaysLive streaming can be frustrating and often isn't truly live.Ransomware attacks can significantly impact stock prices.Investors can find opportunities in companies affected by breaches.Ransomware as a service is a growing threat in cybersecurity.Weak passwords are a common vulnerability in many organizations.Data breaches often lead to stolen customer information.Red teaming can help organizations identify vulnerabilities before they are exploited.Chinese-made devices pose potential security risks to critical infrastructure.Legislative measures are being considered to address cybersecurity threats.Companies like Coinbase are exploring alternative responses to ransomware demands.
S2E6: Zscaler Mythbusting Zero Trust: Rethinking Cybersecurity in Healthcare Host: Frank Cutitta Guests: Tamer Baker, Zscaler CTO, and Nate Couture, AVP-Information Security- CISO at The University of Vermont Health Network To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen
In this conversation, Dr. Zero Trust shares his experiences from the RSA show, discussing the overall atmosphere, vendor interactions, and the introduction of the 10 Ring app for vendor reviews. He highlights certain vendors' threats and emphasizes the importance of data-driven analysis. The discussion also covers insights from a recent Gartner report on security controls and various cybersecurity incidents, concluding with reflections on the industry's future.TakeawaysRSA was interesting but had minimal value overall.The atmosphere at RSA included unusual elements like robot dogs and puppies.Some vendors are willing to threaten analysts for their opinions.Data-driven analysis is crucial in evaluating vendor performance.The 10 Ring app received positive feedback for vendor reviews.Gartner's report highlights misconfiguration as a major security issue.Organizations need to focus on continuous optimization of security controls.Recent cybersecurity incidents show the ongoing vulnerabilities in the industry.CrowdStrike is cutting jobs to scale its business amid market pressures.Basic cybersecurity hygiene is still not being followed by many organizations.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, COO, Gigaom. Joining us is our sponsored guest, Rob Allen, chief product officer at ThreatLocker. In this episode: Reinforcing zero trust Focus on effectiveness Understanding zero trust limitations What's next Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Welcome to Episode 401 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben Stegink and Scott Hoag dive into the intricacies of implementing Zero Trust principles within Microsoft 365 environments. They explore the foundational aspects of Zero Trust, starting with identity management and the importance of Entra ID. They also cover: Identity Management: The critical role of identity in Zero Trust, including MFA, password policies, and least privilege access. Endpoint Security: Strategies for verifying and managing devices, including compliance checks and the balance between corporate and BYOD devices. Networking: The complexities of securing network traffic in a SaaS environment, including conditional access policies and the emerging Global Secure Access feature. Application Management: The role of Defender for Cloud in monitoring shadow IT and ensuring data security across various applications. Data Protection: Techniques for safeguarding sensitive information, including DLP policies and the upcoming network-level DLP capabilities. Join us as we unpack these topics and provide practical insights for enhancing your organization's security posture with Zero Trust. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Zero Trust deployment for technology pillars Securing identity with Zero Trust Secure endpoints with Zero Trust Secure endpoints with Zero Trust Secure applications with Zero Trust Secure data with Zero Trust Microsoft Zero Trust Assessment About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
In today's threat environment, it's not enough to back up your data—you have to be able to trust that those backups will be there when you need them. That's the message from Sterling Wilson, Field CTO at Object First, during his conversation at RSAC Conference 2025.Object First is purpose-built for Veeam environments, offering out-of-the-box immutability (OOTBI) with a hardened, on-premises appliance. The goal is simple but critical: make backup security both powerful and practical. With backup credentials often doubling as access credentials for storage infrastructure, organizations expose themselves to unnecessary risk. Object First separates those duties by design, reducing the attack surface and protecting data even when attackers have admin credentials in hand.Immutability as a Foundation—Not a FeatureThe conversation highlights data from a recent ESG study showing that 81% of respondents recognize immutable object storage as the most secure way to protect backup data. True immutability means data cannot be modified or deleted until a set retention period expires—an essential safeguard when facing ransomware or insider threats. But Sterling emphasizes that immutability alone isn't enough. Backup policies, storage access, and data workflows must be segmented and secured.Zero Trust for Backup InfrastructureZero trust principles—verify explicitly, assume breach, enforce least privilege—have gained ground across networks and applications. But few organizations extend those principles into the backup layer. Object First applies zero trust directly to backup infrastructure through what they call zero trust data resilience. That includes verifying credentials at every step and ensuring backup jobs can't alter storage configurations.A Real-World Test: Marysville School DistrictWhen Marysville School District suffered a ransomware attack, nearly every system was compromised—except the Object First appliance. The attacker had administrative credentials, but couldn't access or encrypt the immutable backups. Thanks to the secure design and separation of permissions, recovery was possible—demonstrating that trust in your backups can't be assumed; it must be enforced by design.Meeting Customers Where They AreTo support both partners and end customers, Object First now offers OOTBI through a consumption-based model. Whether organizations are managing remote offices or scaling their environments quickly, the new model provides flexibility without compromising security or simplicity.Learn more about Object First: https://itspm.ag/object-first-2gjlNote: This story contains promotional content. Learn more.Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/ResourcesLearn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-firstLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, sterling wilson, ransomware, immutability, backups, cybersecurity, zero trust, data protection, veeam, recovery, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can't control what you can't see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.The Zero Trust Mindset: Assume Breach, Limit AccessRob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It's not about waiting to detect bad behavior—it's about blocking the behavior before it starts.The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker's automation is designed to lower that barrier and get organizations to meaningful control faster.Modern Threats, Simplified DefensesAs AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don't require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it's created. Whether it's PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you're ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We're working on it.” That exchange captured the spirit of the entire event — security is not a destination, it's an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward. ___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Treasury to cut off Southeast Asian cybercrime key player. Passwordless by default coming your way. Our guest is Kevin Magee, from Microsoft, sharing a medley of interviews he gathered on the show floor of RSAC 2025. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin closes out RSAC 2025 with a high-energy medley of interviews straight from the show floor, packed with sharp insights and bold ideas from some of cybersecurity's standout voices. It's a dynamic and fast-paced finale to our RSAC coverage—and you can find links to all of the guests featured in the show notes. In this segment, you'll hear from Christopher Simm, CTO at Bulletproof; Dr. Chase Cunningham (aka Dr. Zero Trust), Chief Strategy Officer at Ericom Software; Helen Patton, cybersecurity advisor at Cisco; Jeremy Vaughan, CEO and co-founder of Start Left Security; and Tzvika Shneider, CEO of Pynt. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Day 4 Recap: Closing Celebration with Alicia Keys, RSAC College Day, and What's Ahead for 2025 (RSAC Conference) Canadian Electric Utility Hit by Cyberattack (SecurityWeek) Ascension discloses second major cyber attack in a year (The Register) Harrods latest retailer to be hit by cyber attack (BBC) Microsoft fixes Exchange Online bug flagging Gmail emails as spam (Bleeping Computer) Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages (404 Media) TikTok hit with 530 million euro privacy fine in investigation into China data transfer (AP News) Ukrainian extradited to US for alleged Nefilim ransomware attack spree (CyberScoop) US wants to cut off key player in Southeast Asian cybercrime industry (The Record) Microsoft makes all new accounts passwordless by default (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices