Podcasts about zero trust

Cyber threats aren't evolving, they're accelerating.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The good news is that federal security measures are preventing successful attacks; the bad news is that adversaries are examining every nook and cranny of a federal system and increasingly targeting the browser itself as an attack vector. During the interview, Scott "Monty" Montgomery gives a quick overview of Enterprise Browsers and Secure Enterprise Browsers.  After all, browsers have been around since 1994. It may be the only application ubiquitous on home-based machines and in enterprise systems. They were not designed for security; they were intended to open the internet to the World Wide Web, full of images, links, and audio. Malicious actors did not have to focus on an app with limited use; by targeting a browser, they have almost unlimited targets to attack. Montgomery mentions the increase in browser-based attacks. In fact, they increased by 198% in the second half of 2023. Scott explains that phishing persists because people are curious or fearful, leading them to click on malicious links. A Secure Enterprise Browser can help prevent many common phishing exploits. Additionally, an SEB can support policies and controls. This means that an SEB fits completely with any current Zero Trust initiatives across all agencies. Beyond that, SEBs can be configured to manage legacy systems and even operate in low-bandwidth environments.  

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvZero trust isn't a checkbox or a buzzword; it's a mindset shift that changes how we design networks, ship code, and protect data. We dig into what “never trust, always verify” actually looks like when you have a messy reality: hybrid clouds, legacy apps living next to microservices, and users hopping on through VPNs that still grant too much access after MFA.We start with a timely lesson from an AI analytics supplier breach to show why third-party integrations can be your Achilles heel. From there, we map out where policy should live and how it should be enforced: near the workload, with PEPs at gateways or in a service mesh, and a central PDP to keep logic consistent while decisions happen at wire speed. You'll hear why relying on VLANs, static ACLs, or a “trusted subnet” breaks the zero trust promise, and how to move toward per-request evaluation that accounts for identity, device posture, location, and behavior.Then we go data-first. Labels, encryption, and rights management let policies travel with sensitive files, so access and usage rules hold even off-network. We contrast ZTNA with legacy VPNs, explain how to avoid turning MFA into a broad hall pass, and share a realistic migration path: start with one critical application, microsegment around it, validate performance and usability, and expand. This is the playbook that reduces lateral movement, shrinks blast radius, and helps you pass the CISSP with real-world understanding.If this resonates, subscribe, share with a teammate who's designing access controls, and leave a review with your biggest zero trust roadblock. Your feedback helps shape future deep dives and study guides.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode, we take a look at the new Microsoft Zero Trust Assessment tool. We reflect on Zero Trust in general, its application in the Microsoft security landscape, and what this exciting tool will offer you.(00:00) - Intro and catching up.(05:00) - Show content starts.Show links- Microsoft Zero Trust Assessment tool- Demo of Microsoft Zero Trust Assessment (Merill Fernando)- Give us feedback!

In this episode of Darnley's Cyber Café, we dive into the real story behind CrowdStrike's recent insider scandal, and what it teaches us about the hidden dangers brewing inside modern companies. We break down how a “bad apple” employee allegedly leaked internal information to a notorious hacking collective, why insider threats are so hard to detect, and how businesses can spot warning signs before damage is done.If you've ever wondered how hackers exploit trust, how companies uncover hidden risks, or how one employee can change everything, pull up a chair. This episode might make you look at your workplace… and your latte… a little differently.Tune in to find out what's really simmering beneath the surface.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Yuriy Tsibere from ThreatLocker to discuss an essential topic for cybersecurity leaders: Defense Against Configurations (DAC). With a focus on the significant risks posed by misconfigurations, Yuriy shares insights on how ThreatLocker's new DAC tool helps organizations identify and rectify vulnerabilities in OS configurations, ensuring a higher degree of security. They explore the critical role of maintaining proper endpoint configurations, Zero Trust principles, and how DAC seamlessly integrates into ThreatLocker's platform to provide real-time monitoring and reporting. Yuriy also touches on how DAC supports various security frameworks and compliance standards, making it a valuable asset for any organization aiming to enhance its cybersecurity posture. Big Thanks to Threatlocker for supporting this episode. Register to attend Zero Trust World 2026: https://ztw.com/?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=dac_yuriy_q4_25&utm_content=dac_yuriy-&utm_term=video Use discount code ZTWCISOTRADECRAFT26 for $200 off

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Why do entire organisations invest millions building resilient data centres yet leave their endpoints exposed to outages that can last days? That question kept coming back to me during my conversation with James Millington of IGEL at the Now and Next event, because it highlights a gap that most IT leaders still underestimate. James walked me through the reality he sees every day. Companies have high availability strategies for their servers, cloud platforms, and networks, yet the devices workers rely on remain the weakest point. When ransomware or system failure hits, the response often involves scrambling for spare laptops, calling suppliers, and hoping inventory exists. As James pointed out in our chat, many firms quietly rely on a handful of unused machines sitting in a cupboard. That approach might have worked a decade ago, but today's threat landscape exposes every delay. Our discussion centred on IGEL's dual boot approach, a fresh way to recover access within minutes by placing IGEL OS alongside Windows on the same device. Instead of waiting hours or even weeks to rebuild machines, organisations can simply switch to a secure environment that restores access to cloud apps, collaboration tools, and virtual desktops. James shared stories of analysts admitting no comparable solution exists, and of customers having light bulb moments as they calculated the true cost of endpoint recovery. The theme running underneath it all was simple. You cannot coordinate your crisis response unless your people have a working device in their hands. Everything else depends on that. This episode also reflects a wider shift in how organisations think about resilience. Leaders are beginning to question old assumptions about failover, preparation, and what it takes to keep people productive when attacks or outages strike. The conversations I heard throughout Now and Next showed that businesses are realising the endpoint is no longer a peripheral concern. It is the gateway to every service that keeps a company running. When that gateway fails, everything slows. James also shared lighter moments from his journey. His career began as a DJ, something he has circled back to at IGEL events, and it was fascinating hearing how skills from that era still show up in his approach to communication and timing. It reminded me how varied experiences shape the leaders driving today's conversations around security, SaaS evolution, Zero Trust, and the growing overlap between IT and operational technology. So here is my question for you. As cyber risks rise and downtime becomes harder to tolerate, how ready do you feel for the disruption that begins at the endpoint? I would love to hear your thoughts. Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

Dr. Cunningham created the influential Zero Trust Extended (ZTX) Framework at Forrester Research, playing a key role in accelerating global adoption of Zero Trust principles across industries and governments worldwide.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In a recent report from Microsoft, they share that foreign adversaries are increasing attacks on American infrastructure. One variation is that they will not penetrate systems and attack, but they will steal credentials and install code to act in stealth mode. This code can hide for years and be deployed when the antagonist wants. Today, we sat down with Travis Roseik from Rubrik to try to find some options for defending against this hidden attack. Let us say an agency has improved its resistance to foreign attacks. This is satisfactory progress, but what happens in a situation where the malicious code was planted prior to the increased defense. Further, during the interview, Roseik states that companies may be able to leverage AI to improve defense, nation states will be using that same AI to improve attack methods. If malicious code is within the walls of an organization, whether by AI or user error, Roseik makes the point that a defensive posture may not be enough in today's sophisticated world of attack. He recommends moving from a defensive approach to an initiative-taking threat hunting strategy. Even if Zero Trust and threat hunting fail, the best response is to have immutable backups. For example, if a breach occurs and the system recovers quickly, then the attackers will go after more vulnerable targets. The conversation underscores the urgency for organizations to adapt and innovate to counteract these threats.

We get to talk to Ken Adams, the Chief Strategy Officer at Foxhole Technology and the long-serving Industry Chair of the ACT-IAC Cyber COI. Ken shares his career journey, insights into the collaborative dynamics within the gov tech community, and the importance of continuity and professional relationships. Ken highlights the significance of volunteer work, the impact of ACT-IAC projects like 'Zero Trust' and 'ATO as Code,' and the balance between day jobs and volunteer commitments. The conversation also touches on the non-sales ethos of these engagements and the value of maintaining a collaborative and supportive environment among industry and government participants.Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate. Intro/Outro Music: See a Brighter Day/Gloria TellsCourtesy of Epidemic Sound(Episodes 1-159: Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound)

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Data Diodes & Remote Access: How Industrial Systems Stay Secure in a Connected WorldPub date: 2025-11-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCan your plant stay connected and completely secure? In this episode of Protect It All, host Aaron Crow teams up with Lior Frenkel, CEO and co-founder of Waterfall Security, to explore how industries are rethinking OT cybersecurity in the age of ransomware and AI-powered attacks. Together, they break down why traditional firewalls can't fully protect industrial control systems and how unidirectional gateways (data diodes) are redefining safety for everything from nuclear plants to casinos. You'll learn: What data diodes really are and how they physically block inbound attacks. Why “air gaps” are no longer enough for modern connected environments. How remote-access tools like HERA are enabling secure operations. Real-world stories of industries upgrading defenses without losing efficiency. Whether you manage critical infrastructure, handle OT security, or just want to understand how cyber-physical systems stay safe, this episode will give you a new appreciation for data flow, digital risk, and resilience. Tune in to discover the future of secure connectivity - only on Protect It All. Key Moments:  07:46 Balancing Security and Operational Data 16:25 "One-Way Data Flow Explained" 22:19 "Air Gap for Data Transfer" 27:44 Increasing Awareness of Security Threats 32:05 Challenges of Power Plant Management 35:29 Global Risks Require Local Understanding 44:44 "OT Security and Zero Trust" 48:24 "Remote Access vs On-Site Work" 55:48 "HERA: TPM-Powered Remote Access" 58:43 Encrypted Remote Access Streaming 01:05:32 Secure Remote Control for Infrastructure 01:13:00 "Solving Critical Incident Response Gaps"   About the Guest : Lior Frenkel is a globally recognized OT cybersecurity leader and the CEO/co-founder of Waterfall Security Solutions, the company behind the industry-standard Unidirectional Security Gateways protecting critical infrastructure worldwide. With 25+ years of cybersecurity expertise, multiple patents, and leadership roles across Israel's top technology, industrial, and export organizations, Lior is a key voice shaping the future of industrial cyber defense and national cyber strategy.How to connect Lior: Website: https://waterfall-security.com/LinkdIn: https://www.linkedin.com/in/lior-frenkel-91534/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

You were promised safe SaaS - but got silent data loss.In Inside the Salesloft Breach, Rob Maas and Luca Cipriano expose how trusted integrations became the attack vector.They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You'll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook.Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source.(00:00) - Cloud first did not mean data safe. (00:45) - What Salesforce is and why attackers target it. (02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access. (04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens. (07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed. (09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout. (11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility. Key Topics Covered:•  How one sign-in token became a master key for your CRM.•  The attacker's route: from code repo → cloud → Salesforce → data exfiltration.•  What shared responsibility means in SaaS — and what's actually on you.•  What truly stops it: trusted apps only, IP allowlists, short-lived tokens, and continuous monitoring.Found value and want outcome focused guidance every week? Subscribe to Threat Talks, turn on notifications and add your questions for the next deep diveGuest and Host Links: Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/Click here to view the episode transcript. Additional resources:Threat Talks https://threat-talks.com/ON2IT https://on2it.net/?AMS IX https://www.ams-ix.net/amsSalesforce https://www.salesforce.com/Salesloft https://www.salesloft.com/Drift https://www.drift.com/Okta https://www.okta.com/Have I Been Pwned https://haveibeenpwned.com/

We speak with Deepen Desai, Chief Security Officer & Executive Vice President of Cyber & AI Engineering at Zscaler on the latest zero trust and AI innovations empowering organisations to secure their digital transformation journeys and stay ahead of evolving threats.With nearly two decades of expertise in cybersecurity, Deepen is regarded as a pioneer in advancing threat intelligence, secure product development, and enterprise protection. Beyond his scope of leading cyber and AI engineering, Deepen also oversees the ThreatLabz team, a world-class security research group focused on identifying emerging threats, analyzing vulnerabilities, and delivering actionable insights to protect organizations at Zscaler. Under his leadership, Zscaler's award-winning zero-trust architecture continues to evolve, providing businesses with robust defenses against sophisticated attack vectors like ransomware, phishing, and advanced malware.Before joining Zscaler, Deepen held key security leadership positions at Dell SonicWALL, where he helped develop cutting-edge security solutions and strategies for businesses navigating an increasingly complex threat landscape. His breadth of experience in fields like security operations, threat research, and compliance has established him as a respected authority in the industry.#ZL2025 #zerotrustsecurity #mysecuritytv #zscaler

We speak with Dhawal Sharma, Executive Vice President & Head of Product Strategy at Zscaler on the latest innovations in zero trust to enhance security, simplify access management, and significantly reduce legacy infrastructure costs.Dhawal Sharma is a visionary leader and expert in cloud security who currently serves as Executive Vice President and Head of Product Strategy at Zscaler. Since joining the company in 2012, Dhawal has made significant contributions to its success by leading key product management initiatives that have strengthened the foundation of Zscaler's solutions and transformed the way businesses approach secure digital transformation.From 2012 to 2018, Dhawal oversaw all core product management at Zscaler, driving innovation and excellence across the company's primary offerings. Today, he leads emerging product innovations and core platform responsibilities, focusing on cutting-edge advancements in cloud security, networking, data path optimization, IoT security, Network Function Virtualization (NFV), Network Performance Monitoring (NPM), Data Loss Prevention (DLP), and regulatory compliance. His ability to identify industry needs ahead of the curve has positioned Zscaler as a leader in cloud-native security solutions.Dhawal's professional journey spans two decades, during which he has held key product management, product marketing, and sales leadership roles in security, networking, compliance, and network management across both large enterprises and tech startups. Prior to Zscaler, Dhawal worked at Cisco, where he excelled in strategic roles that shaped the security and networking landscape.An accomplished academic, Dhawal holds a Technical MBA degree with a specialization in Networking and IT Infrastructure from Symbiosis Center for IT. He also holds a Bachelor's in Engineering degree specializing in Computer Science. #ZL2025 #zerotrustsecurity #mysecuritytv #zscaler

Sende uns Deine NachrichtIn dieser Episode sprechen Norman Müller und Christian Bennefeld über die Schattenseiten der KI-Transformation. Es geht um digitale Authentizität, Prompt-Injektionen in alltäglichen Dokumenten und das Risiko vernetzter Agentensysteme. Christian erklärt, wie sich über scheinbar harmlose PDFs Bewerbungsverfahren manipulieren lassen und warum das Model Context Protocol ohne harte Authentifizierung zum Einfallstor wird. Für Unternehmen heißt das. Zero Trust ernst nehmen, Guard-Modelle vorschalten, Kontexte trennen und Agentenzugriffe streng absichern.Zudem diskutieren wir den gesellschaftlichen Vertrauensverlust durch Deepfakes, Wasserzeichen und Provenienzstandards sowie die Grenzen von Regulierung. Der Mittelstand steht zwischen Hype und Haftung. Sinnvolle Agenten-Use-Cases brauchen klare ROI Logik und ein robustes Sicherheitsdesign. Zum Schluss gibt es Literaturtipps aus der Praxis und eine persönliche Antwort auf die Frage, was KI im besten Fall verändern sollte. Zeit zum Nachdenken.Hier findest du die Shownotes, das Video zum Podcast und den Zugang zu unserer Podcast-Community:www.bundesverband.aiSupport the show________________ Du möchtest noch mehr? Abonniere den Podcast bei Apple oder Spotify, folge für noch mehr exklusive Inhalte (wie z.B. Videoaufzeichnungen und Hintergrundinformationen) unserer Podcast-Community https://geniusalliance.substack.com und vernetze dich mit Norman auf LinkedIn https://www.linkedin.com/in/muellernorman Bitte unterstütze unsere Arbeit und schreibe uns eine Podcast-Bewertung bei Apple und Spotify. Damit hilfst du uns, weiterhin spannende Gäste in den Podcast einzuladen, von denen wir alle lernen können.

What if the real weakness in enterprise cybersecurity isn't the cloud or the network, but the endpoint sitting on every desk? In this episode, Klaus Oestermann, CEO of IGEL Technology, joins me at the Now and Next event in Frankfurt to discuss why he calls the endpoint the forgotten link in digital transformation. Klaus explains how decades of detect and mitigate thinking have left enterprises vulnerable, and why it is time to move toward a prevention-first security model that stops attacks before they start. He shares how IGEL's dual boot architecture allows organizations to recover thousands of devices in minutes, and why prevention-first design can deliver measurable ROI with an average 62 percent reduction in endpoint IT costs and more than 900,000 dollars in annual savings. During our conversation, Klaus also reflects on the surge in ransomware across critical sectors and why governments and enterprises alike are rethinking their endpoint strategies. He talks about how IGEL has become an essential part of modern Zero Trust frameworks, protecting sectors like healthcare, manufacturing, and public services, while partnering with leading technology providers to build stronger, integrated defenses. We also explore how those savings can be reinvested into Zero Trust, AI innovation, and new layers of defense, as well as how IGEL is helping secure critical national sectors from healthcare to manufacturing. From Audi's factory floors to government agencies, Klaus outlines a future where resilience begins at the endpoint, not the data center. Do you think enterprises are ready to make that shift? I would love to hear your thoughts after the episode. Useful Links Connect with Klaus Oestermann on LinkedIn Learn more about IGEL Follow on LinkedIn, Twitter and YouTube Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of Sharkpreneur, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the Visible Ops series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats intocompetitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott Aldridge: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/?hl=en LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ Learn more about your ad choices. Visit megaphone.fm/adchoices

BIO: Scott Alldridge is CEO of IP Services and President of the IT Process Institute, a bestselling author of the VisibleOps series, and a Certified Chief Information Security Officer.STORY: Scott's worst investment was a stake in a startup promising to deliver hot coffee by drone. Excited by the futuristic idea, he invested before the concept was proven—but the project quickly crashed when the FAA banned drone deliveries and a prototype failed spectacularly.LEARNING: Being first doesn't always mean being right. Due diligence is non-negotiable. “You don't have to jump in. Being the first with the most doesn't matter if it's a bad idea—you'll lose money anyway.”Scott Alldridge Guest profileScott Alldridge is CEO of IP Services and President of the IT Process Institute, a bestselling author of the VisibleOps series, and a Certified Chief Information Security Officer. He holds an MBA in cybersecurity and has over 30 years of experience in IT and cybersecurity leadership. Scott empowers organizations to achieve resilience through process excellence, Zero Trust, and AI-driven security.Worst investment everIf you live in the Pacific Northwest, coffee isn't just a drink; it's a way of life. Seattle is home to Starbucks, and in Oregon, coffee culture runs deep. So when Scott was pitched an idea that combined coffee and technology—delivering hot coffee via drone—he couldn't resist.The concept sounded revolutionary: push a button on your phone, and a drone drops off your piping-hot Americano right at your doorstep. It felt like the future—part Amazon innovation, part TED Talk dream.Excited, Scott invested for a 3% stake in the startup. The founders promised a caffeinated empire built on convenience and cutting-edge tech.But just three months later, the buzz wore off. The FAA issued a cease-and-desist order on all drone delivery experiments, particularly those involving liquids.And then came the final straw: the company's prototype drone spilled an entire cup of hot coffee mid-flight, grounding both the drone and Scott's hopes. The “coffee drone revolution” turned into a $10,000 lesson in wishful thinking. Delivering hot coffee by drone was never going to fly—literally.Lessons learnedBeing first doesn't always mean being right.It's tempting to jump into the next big idea, especially when it sounds exciting and visionary. However, early-stage innovation carries significant risk, especially when the concept hasn't been tested or proven.Enthusiasm can cloud judgment. Instead of investing based on a slick pitch deck or futuristic concept, it's smarter to wait until an idea is validated, tested, and compliant with regulations.Andrew's takeawaysEvery idea looks brilliant until reality—and regulation—show up.Even in large corporations, where top analysts and executives lead multi-million-dollar mergers, success isn't guaranteed. Only about 20% of them added value within three to five years.Business is hard, and due diligence is non-negotiable.Actionable adviceAlways do your due diligence. Before investing in any idea—no matter how exciting—slow down and dig deep:Validate the concept. Is there a working prototype, or just a fancy pitch?Check the regulations, especially if the business operates...

Don Yeske, a former director of national security in the cyber division at DHS, said its “groundbreaking zero trust architecture” focused on 46 capabilities.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Officer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks. The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats. For additional resources on Zero Trust + AI, visit Zscaler's Replace Legacy Systems for Better Security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google uncovers PROMPTFLUX malware CISA warns of CentOS Web Panel bug Threat group targets academics Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Ep. 281 How Zero Trust Automation Helps Federal Agencies do More with Less Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com As this interview was recorded, the federal government was in the middle of a shutdown. Hundreds of pundits have given interviews about the politics of the situation; very few have looked at the impact on cybersecurity during a phase of workforce reduction. Today, we sat down with Gary Barlet, the Public Sector CTO at Illumio, to see whether Zero Trust can help the federal government bridge this short personnel gap. Barlet begins by giving an overview of Zero Trust and automation. Rather than having human beings vet entry into federal systems, the concept is to use an automated process that reviews credentials and decides on permission. Barlet emphasizes the importance of Zero Trust in automating security tasks and maintaining operational resilience, especially with reduced staff. He continues to mention several other benefits of Zero Trust in a federal environment. Compliance:  A well-thought-out Zero Trust architecture will enable managers to collect data to demonstrate policy enforcement. Legacy: One can effectively take existing systems and "ring fence" them off. This approach creates hundreds and hundreds of rings of defense. Design:  During the interview, Gary recommends that you have a handle on the real traffic to reduce complexity. That way, when policies change, the rules can adapt to the environment. Maturity Level:  Although CISA has a maturity level for Zero Trust. Barlet distills down some of the requirements for which efforts can be applied to sensitive systems. He suggests focusing on security, not necessarily on a grade. Additionally, he addresses the challenges of managing complex, hybrid environments and the emergence of shadow AI models, stressing the need for robust policies and controls.            

Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.You can sign up for her newsletter at https://newsletter.shehackspurple.ca/SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.View all active sponsors.Books Alice and Bob Learn Secure Coding by Tanya Janca Alice and Bob Learn Application Security by Tanya Janca

For years, many businesses believed that Apple devices were inherently secure. That illusion has faded. In this episode of Tech Talks Daily, I speak with Adam Boynton, Senior Security Strategy Manager at Jamf, about why visibility across macOS and iOS is no longer a luxury but a necessity. Adam explains how Jamf has evolved from device management to full Apple-native security intelligence, protecting over 75,000 organizations and more than 32 million devices. He shares how attackers no longer target individual operating systems but entire ecosystems, exploiting the gaps between how Apple secures its platforms and how enterprises actually monitor them.  From real-world cases to lessons learned at Jamf's annual JNUC conference, Adam describes how telemetry provides security teams with the truth about what's really happening on their endpoints, enabling them to transition from reactive incident response to proactive defense. Our conversation covers everything from the architectural blind spots that traditional Windows-centric tools can't see to the rise of AI-driven analysis that turns complex forensic investigations into minutes-long processes. We also explore how Jamf's partnerships, such as those with Elastic, are creating an open and integrated future for enterprise security, blending deep Apple signals with cross-platform context. For anyone still clinging to the myth that macOS or iOS "just work" without attention to security, this episode is a wake-up call. Adam outlines practical advice on patching, mobile hygiene, and zero trust, while revealing how Jamf's latest innovations are quietly making the most secure way the easiest way for users. Listen to hear how Jamf is redefining modern Apple security, turning management, identity, and protection into a seamless whole, and why accurate visibility—not assumptions—is now the objective measure of cybersecurity readiness. Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

Keywordscybersecurity, technology, AI, IoT, Intel, startups, security culture, talent development, career advice  SummaryIn this episode of No Password Required, host Jack Clabby and Kayleigh Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field.  TakeawaysIoT is now referred to as the Edge in technology.Diverse teams bring unique perspectives and solutions.Experience in cybersecurity is crucial for effective team building.The startup scene in the 90s was vibrant and innovative.Understanding both biology and technology can lead to unique career paths.AI and IoT are integral to modern cybersecurity solutions.Organizations often overlook the importance of security in early project stages.Nurturing talent involves giving them interesting projects and autonomy.Young professionals should understand the hacker mentality to succeed in cybersecurity.Customer feedback is essential for developing effective security solutions.  TitlesThe Edge of Cybersecurity: Insights from Steve OrrinNavigating the Intersection of Technology and Security  Sound bites"IoT is officially called the Edge.""We're making mainframe sexy again.""Surround yourself with people smarter than you."  Chapters00:00 Introduction to Cybersecurity and the Edge01:48 Steve Orrin's Role at Intel04:51 The Evolution of Security Technology09:07 The Startup Scene in the 90s13:00 The Intersection of Biology and Technology15:52 The Importance of AI and IoT20:30 Blind Spots in Cybersecurity25:38 Nurturing Talent in Technology28:57 Advice for Young Cybersecurity Professionals32:10 Lifestyle Polygraph: Fun Questions with Steve

"SleepyDuck" uses Ethereum to keep command server alive SesameOp abuses OpenAI Assistants API Organized crime cybercrooks steal cargo Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Zero trust was once the leading cybersecurity strategy, but has it lost momentum? In this episode of Today in Tech, host Keith Shaw speaks with Morey Haber, Chief Security Advisor at BeyondTrust, about whether zero trust is failing or simply misunderstood. They explore why many companies struggle to implement zero trust effectively, the gap between intention and execution, and how vendor marketing may have added confusion to the conversation. Morey explains why identity and privileged access management are now critical, how lateral movement works during attacks, and why many AI agents are dangerously over-privileged. Topics include: The misconception that zero trust is a product How AI is reshaping the need for zero trust The role of identity in modern cybersecurity Real-world deployment challenges and mistakes Why secure-by-design is often an afterthought This episode is ideal for IT leaders, cybersecurity professionals, and anyone looking to better understand how zero trust fits into a world increasingly influenced by AI.

Send us a textWe explore how to prepare for a post‑quantum world while dealing with today's outages and social engineering risks. From zero trust on satellites to multi‑region cloud design, we share practical ways to trade brittle efficiency for real resilience.• mapping careers toward emerging security domains• zero trust for satellites and patch constraints• harvest now decrypt later and crypto agility• early adopters of quantum‑resistant algorithms• futurist methods for security decision‑making• shifting from passwords to stronger credentials• efficiency versus resilience trade‑offs in cloud• lessons from government redundancy models• attack surface, attacker and defender effectiveness• deepfakes, social engineering, and process tripwires• practical controls like rotating passcodes and dual control• resources and where to find Heather's workPick up Heather's books and reach out if you wantInspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Zero Trust isn't just about defense - it's about unlocking new capabilities across even the most legacy-heavy federal systems. When agencies move to a Zero Trust Architecture, the benefits go far beyond stronger cybersecurity. Integrating decades-old systems into a Zero Trust framework can actually centralize data, create consistency, and open new paths to modernization. This week on Feds At the Edge, Sean Phuphanich, Principal Technologist at AWS, explains how synthetic data can safely demonstrate cloud scalability in non-production environments, while Richard Breakiron, Senior Director, Strategic Initiatives, Americas Public Sector, Commvault, offers candid insight into why no single vendor has all the answers. His advice? Collaborate across agencies to tap into shared experience and proven solutions. Tune in on your favorite podcast today as we explore how Zero Trust can be both a security strategy and a powerful engine for modernization across government. Plus, learn about a free AWS assessment tool that can help your agency gauge its Zero Trust maturity and chart a clear path forward.

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode Michael talks with guest Merill Fernando about the Zero Trust Workshop, but we also spend time talking about all things identity! Merill's final thought is pure gold, too!The only bit of news is about Azure SQL DB and how TDE key management during restore,

In this episode of Security Matters, host David Puner sits down with Yuval Moss, CyberArk's VP of Solutions for Global Strategic Partners, to explore the fast-evolving world of agentic AI and its impact on enterprise security. From rogue AI agents deleting production databases to the ethical blind spots of autonomous systems, the conversation dives deep into how identity and Zero Trust principles must evolve to keep pace. Yuval shares insights from his 25-year cybersecurity journey, including why AI agents behave more like humans than machines—and why that's both exciting and dangerous. Whether you're a security leader, technologist or curious listener, this episode offers practical guidance on managing AI agent identities, reducing risk, and preparing for the next wave of autonomous innovation.Explore more of Yuval's thinking on agentic AI and identity-first security in these recent articles:The life and death of an AI agent: Identity security lessons from the human experienceWhen AI Agents Mirror Humanity's Best Behaviors…and Worst Behaviors The Agentic AI Revolution: 5 Unexpected Security Challenges

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.The discussion covers:Why traditional IAM approaches fail for non-human identities.The importance of visibility and creating a standardized process for NHI creation.The debate around terminology: NHI vs. machine identity vs. service accounts.The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.Practical, actionable advice for getting a handle on legacy service accounts.The emerging challenge of IAM for AI and the complexities of managing agentic AI.The critical role of authorization and the future of policy-based access control.Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.Connect with Steve: https://www.linkedin.com/in/steven-rennick/ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comCHAPTER TIMESTAMPS:00:00:10 - Introduction & The Art of the Vendor Demo00:08:02 - Steve Rennick's Take on Vendor Demos00:12:39 - Formal Introduction: Steve Rennick00:14:45 - Recapping the Identiverse Squabble Game Show00:17:22 - The Hot Topic of Non-Human Identities (NHI)00:22:22 - Is NHI a Joke or a Serious Framework?00:26:41 - The Controversy Around the Term "NHI"00:30:24 - How to Simplify NHI for Practitioners00:34:06 - First Steps for Getting a Handle on NHI00:37:20 - Can Active Directory Be a System of Record for NHI?00:45:08 - Why is NHI a Hot Topic Right Now?00:51:19 - The Challenge of Cleaning Up Legacy NHIs00:58:00 - IAM for AI: Managing a New Breed of Identity01:03:33 - The Future is Authorization01:06:22 - The Zero Standing Privilege Debate01:10:39 - Favorite Dinosaurs and OutroKEYWORDS:NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we're honest, it's not really Zero Trust. So, how and why did we get here? Show notes

TP-Link urges updates for Omada gateways MuddyWater targets organizations in espionage campaign "SessionReaper" flaw exploited in Adobe Commerce Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When EDR gets knocked out Red flags in vendor theater Configuration chaos The sticker problem Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

DNS failure leads to AWS outage China accuses NSA of hacking national time center Chrome store flooded with high-risk WhatsApp automation Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

  Implementing Zero Trust in a complex federal environment includes protecting data. To reach this goal, CISA has updated its recommendations for Continuous Diagnostics and Mitigation program called the Data Model Document (DMD). It provides the audience with a mechanism to focus on the most recent relevant changes without having to review the document in its entirety.   Today, we sat down with three experts to unpack some of the expanded concepts.   The first challenge is understanding the variety of systems. For example,  Daniel Ane from the TSA shared that they had to report data from eighty different systems. The only time efficient way to collect this varying data is with specific tools.   There is also a matter of control. Mark Hadley from the PNL shares that much critical infrastructure is  owned by the private sector, which can limit what kind of data can be collected.   Finally, Brian Meyer from Axonius makes a practical observation. Let us say you have a set of tools that accomplish the job of accurate data collection. If one gets updated, it can throw the entire compliance process out the window.   It seems obvious that adhering to the strictures of the Data Model Management recommendations will assist in a move to Zero Trust, but administering DMD needs guidance and a data strategy that is practical.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, the plow must go deeper. Current approaches to Zeer Trust implementation can leave gaps in security. Today, we sat down with Akamai's Mike Colson to discuss the concept of combining Identity Credential Access Management with Least Permissive Trust. Setting the stage, Mike Colson details some of the challenges in the varying kinds of Zero Trust that are being applied in the Federal Government. The standard way of implementing ICM can result in assigning more resources than necessary, leading to permission creep and inflexible permission. Over provisioning: The amount of data being created is almost impossible to manage. A person may be given access to a data set they are not permitted to see. A “just in time” permission structure would help avoid that situation. Stale:  Just because a person has access to a data set on a Tuesday does not mean he has access on a Wednesday. People can leave the workforce, be reassigned, or change roles. Access must be constantly updated. Static:  Ron Popiel made the phrase, “Set it and forget it,” memorable. Unfortunately, this approach can lead to a permission structure that may limit access to key data. This may be considered under-provisioning, potentially leading to time delays in obtaining key information. Colson took the listeners through several iterations of access control, including Role-Based Access Control and Attribute-Based Access Control. On top of these old favorites, Colson discussed what may be called Context-Based Access Control, or what he calls Least Permissive Trust. Least permissive trust is a concept Colson outlined, which uses user behavior, device health, and contextual factors to grant permission dynamically. The conclusion is simple:  not all Zero Trust is created equal.

In this episode, Mike Baker, Vice President and Global CISO at DXC Technology, says the cyber industry has been focusing on the wrong side of AI. He believes too many companies use it only to block threats instead of studying how criminals use it to scale phishing, bypass defenses, and deploy adaptive malware. Attackers are learning faster than ever, and security teams must catch up. Mike argues that defenders need to think differently and use AI as both protection and opportunity. He shares how DXC is already doing this. The company has brought autonomous AI agents into its security operations through a partnership with 7AI. These agents process alerts that used to require hours of human effort. The result is faster detection, less burnout, and more time for analysts to investigate real threats. By cutting manual work by more than eighty percent, DXC has shown how AI can make cybersecurity teams stronger, not smaller. Zero Trust remains a core part of DXC's strategy. Mike calls it a journey that never ends. It needs cultural change, constant learning, and leadership that keeps security invisible to end users. AI now plays a role here too, improving identity checks and spotting access issues in real time. Yet, he reminds us, AI still needs people in the loop for oversight and judgment. We also talk about supply chain risks. Too many companies still treat risk assessments as one-time tasks. Mike pushes for continuous monitoring and close collaboration with suppliers. He closes the conversation on a hopeful note. AI will not replace people in cybersecurity, he says. It will make their work more meaningful and more effective if used with care and common sense.

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.

He started small, swiping cards, buying gift cards, and cashing out. It spiraled into a full‑blown criminal enterprise. Dozens of co‑conspirators, stacks of stolen plastic, and a lifestyle built on chaos.Meet Nathan Michael, leader of Oak Cliff Swipers.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Pantheon. Pantheon keeps your site fast, secure, and always on. That means better SEO, more conversions, and no lost sales from downtime. But this isn't just a business win; it's a developer win too. Your team gets automated workflows, isolated test environments, and zero-downtime deployments. Visit Pantheon.io, and make your website your unfair advantage.Support for this show comes from Adaptive Security. Deepfake voices on a Zoom call. AI-written phishing emails that sound exactly like your CFO. Synthetic job applicants walking through the front door. Adaptive is built to stop these attacks. They run real-time simulations, exposing your teams to what these attacks look like to test and improve your defences. Learn more at adaptivesecurity.com.

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape. 

In 2019, Ola Bini, a Swedish programmer and privacy advocate, was arrested in Ecuador for being a Russian hacker.Find Ola on X: https://x.com/olabini. Or visit his website https://olabini.se/blog/. Or check out his non-profit https://autonomia.digital/.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Miro. AI doesn't have to be intimidating—in fact, it can help your team thrive. Miro's Innovation Workspace changes that by bringing people and AI together to turn ideas into impact, fast. Whether you're launching a new podcast, streamlining a process, or building the next big thing, Miro helps your team move quicker, collaborate better, and actually enjoy the work. Learn more at https://miro.com/.This show is sponsored by Thales. With their industry-leading platforms, you can protect critical applications, data and identities – anywhere and at scale with the highest ROI. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most – applications, data and identities. Learn more at http://thalesgroup.com/cyber.View all active sponsors.Sources https://www.eff.org/deeplinks/2019/08/ecuador-political-actors-must-step-away-ola-binis-case https://www.eff.org/deeplinks/2025/04/six-years-dangerous-misconceptions-targeting-ola-bini-and-digital-rights-ecuador https://peoplesdispatch.org/2019/04/12/ola-bini-detained-in-ecuador-for-90-days/ https://globalvoices.org/2022/10/21/ola-bini-the-cyberactivist-who-causes-panic-in-ecuador/ https://www.amnesty.org/en/latest/news/2019/09/ecuador-allanamiento-violento-pone-en-riesgo-juicio-justo-ola-bini-2/https://en.wikipedia.org/wiki/Ola_Bini