Podcasts about zero trust

What if the real weakness in enterprise cybersecurity isn't the cloud or the network, but the endpoint sitting on every desk? In this episode, Klaus Oestermann, CEO of IGEL Technology, joins me at the Now and Next event in Frankfurt to discuss why he calls the endpoint the forgotten link in digital transformation. Klaus explains how decades of detect and mitigate thinking have left enterprises vulnerable, and why it is time to move toward a prevention-first security model that stops attacks before they start. He shares how IGEL's dual boot architecture allows organizations to recover thousands of devices in minutes, and why prevention-first design can deliver measurable ROI with an average 62 percent reduction in endpoint IT costs and more than 900,000 dollars in annual savings. During our conversation, Klaus also reflects on the surge in ransomware across critical sectors and why governments and enterprises alike are rethinking their endpoint strategies. He talks about how IGEL has become an essential part of modern Zero Trust frameworks, protecting sectors like healthcare, manufacturing, and public services, while partnering with leading technology providers to build stronger, integrated defenses. We also explore how those savings can be reinvested into Zero Trust, AI innovation, and new layers of defense, as well as how IGEL is helping secure critical national sectors from healthcare to manufacturing. From Audi's factory floors to government agencies, Klaus outlines a future where resilience begins at the endpoint, not the data center. Do you think enterprises are ready to make that shift? I would love to hear your thoughts after the episode. Useful Links Connect with Klaus Oestermann on LinkedIn Learn more about IGEL Follow on LinkedIn, Twitter and YouTube Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of Sharkpreneur, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the Visible Ops series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats intocompetitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott Aldridge: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/?hl=en LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ Learn more about your ad choices. Visit megaphone.fm/adchoices

BIO: Scott Alldridge is CEO of IP Services and President of the IT Process Institute, a bestselling author of the VisibleOps series, and a Certified Chief Information Security Officer.STORY: Scott's worst investment was a stake in a startup promising to deliver hot coffee by drone. Excited by the futuristic idea, he invested before the concept was proven—but the project quickly crashed when the FAA banned drone deliveries and a prototype failed spectacularly.LEARNING: Being first doesn't always mean being right. Due diligence is non-negotiable. “You don't have to jump in. Being the first with the most doesn't matter if it's a bad idea—you'll lose money anyway.”Scott Alldridge Guest profileScott Alldridge is CEO of IP Services and President of the IT Process Institute, a bestselling author of the VisibleOps series, and a Certified Chief Information Security Officer. He holds an MBA in cybersecurity and has over 30 years of experience in IT and cybersecurity leadership. Scott empowers organizations to achieve resilience through process excellence, Zero Trust, and AI-driven security.Worst investment everIf you live in the Pacific Northwest, coffee isn't just a drink; it's a way of life. Seattle is home to Starbucks, and in Oregon, coffee culture runs deep. So when Scott was pitched an idea that combined coffee and technology—delivering hot coffee via drone—he couldn't resist.The concept sounded revolutionary: push a button on your phone, and a drone drops off your piping-hot Americano right at your doorstep. It felt like the future—part Amazon innovation, part TED Talk dream.Excited, Scott invested for a 3% stake in the startup. The founders promised a caffeinated empire built on convenience and cutting-edge tech.But just three months later, the buzz wore off. The FAA issued a cease-and-desist order on all drone delivery experiments, particularly those involving liquids.And then came the final straw: the company's prototype drone spilled an entire cup of hot coffee mid-flight, grounding both the drone and Scott's hopes. The “coffee drone revolution” turned into a $10,000 lesson in wishful thinking. Delivering hot coffee by drone was never going to fly—literally.Lessons learnedBeing first doesn't always mean being right.It's tempting to jump into the next big idea, especially when it sounds exciting and visionary. However, early-stage innovation carries significant risk, especially when the concept hasn't been tested or proven.Enthusiasm can cloud judgment. Instead of investing based on a slick pitch deck or futuristic concept, it's smarter to wait until an idea is validated, tested, and compliant with regulations.Andrew's takeawaysEvery idea looks brilliant until reality—and regulation—show up.Even in large corporations, where top analysts and executives lead multi-million-dollar mergers, success isn't guaranteed. Only about 20% of them added value within three to five years.Business is hard, and due diligence is non-negotiable.Actionable adviceAlways do your due diligence. Before investing in any idea—no matter how exciting—slow down and dig deep:Validate the concept. Is there a working prototype, or just a fancy pitch?Check the regulations, especially if the business operates...

Researchers have uncovered flaws that allow Microsoft Teams messages to be manipulated, letting hackers impersonate executives, forge notifications, and alter private chats. In this episode of Darnley's Cyber Café, we explore how these vulnerabilities work, why they exist, and how to protect yourself from deception hiding behind familiar names.For deeper insight, revisit Season 6, Episode 3: “The Teams Trap.”Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Don Yeske, a former director of national security in the cyber division at DHS, said its “groundbreaking zero trust architecture” focused on 46 capabilities.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Officer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks. The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats. For additional resources on Zero Trust + AI, visit Zscaler's Replace Legacy Systems for Better Security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google uncovers PROMPTFLUX malware CISA warns of CentOS Web Panel bug Threat group targets academics Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Ep. 281 How Zero Trust Automation Helps Federal Agencies do More with Less Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com As this interview was recorded, the federal government was in the middle of a shutdown. Hundreds of pundits have given interviews about the politics of the situation; very few have looked at the impact on cybersecurity during a phase of workforce reduction. Today, we sat down with Gary Barlet, the Public Sector CTO at Illumio, to see whether Zero Trust can help the federal government bridge this short personnel gap. Barlet begins by giving an overview of Zero Trust and automation. Rather than having human beings vet entry into federal systems, the concept is to use an automated process that reviews credentials and decides on permission. Barlet emphasizes the importance of Zero Trust in automating security tasks and maintaining operational resilience, especially with reduced staff. He continues to mention several other benefits of Zero Trust in a federal environment. Compliance:  A well-thought-out Zero Trust architecture will enable managers to collect data to demonstrate policy enforcement. Legacy: One can effectively take existing systems and "ring fence" them off. This approach creates hundreds and hundreds of rings of defense. Design:  During the interview, Gary recommends that you have a handle on the real traffic to reduce complexity. That way, when policies change, the rules can adapt to the environment. Maturity Level:  Although CISA has a maturity level for Zero Trust. Barlet distills down some of the requirements for which efforts can be applied to sensitive systems. He suggests focusing on security, not necessarily on a grade. Additionally, he addresses the challenges of managing complex, hybrid environments and the emergence of shadow AI models, stressing the need for robust policies and controls.            

Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.You can sign up for her newsletter at https://newsletter.shehackspurple.ca/SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.View all active sponsors.Books Alice and Bob Learn Secure Coding by Tanya Janca Alice and Bob Learn Application Security by Tanya Janca

For years, many businesses believed that Apple devices were inherently secure. That illusion has faded. In this episode of Tech Talks Daily, I speak with Adam Boynton, Senior Security Strategy Manager at Jamf, about why visibility across macOS and iOS is no longer a luxury but a necessity. Adam explains how Jamf has evolved from device management to full Apple-native security intelligence, protecting over 75,000 organizations and more than 32 million devices. He shares how attackers no longer target individual operating systems but entire ecosystems, exploiting the gaps between how Apple secures its platforms and how enterprises actually monitor them.  From real-world cases to lessons learned at Jamf's annual JNUC conference, Adam describes how telemetry provides security teams with the truth about what's really happening on their endpoints, enabling them to transition from reactive incident response to proactive defense. Our conversation covers everything from the architectural blind spots that traditional Windows-centric tools can't see to the rise of AI-driven analysis that turns complex forensic investigations into minutes-long processes. We also explore how Jamf's partnerships, such as those with Elastic, are creating an open and integrated future for enterprise security, blending deep Apple signals with cross-platform context. For anyone still clinging to the myth that macOS or iOS "just work" without attention to security, this episode is a wake-up call. Adam outlines practical advice on patching, mobile hygiene, and zero trust, while revealing how Jamf's latest innovations are quietly making the most secure way the easiest way for users. Listen to hear how Jamf is redefining modern Apple security, turning management, identity, and protection into a seamless whole, and why accurate visibility—not assumptions—is now the objective measure of cybersecurity readiness. Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

Keywordscybersecurity, technology, AI, IoT, Intel, startups, security culture, talent development, career advice  SummaryIn this episode of No Password Required, host Jack Clabby and Kayleigh Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field.  TakeawaysIoT is now referred to as the Edge in technology.Diverse teams bring unique perspectives and solutions.Experience in cybersecurity is crucial for effective team building.The startup scene in the 90s was vibrant and innovative.Understanding both biology and technology can lead to unique career paths.AI and IoT are integral to modern cybersecurity solutions.Organizations often overlook the importance of security in early project stages.Nurturing talent involves giving them interesting projects and autonomy.Young professionals should understand the hacker mentality to succeed in cybersecurity.Customer feedback is essential for developing effective security solutions.  TitlesThe Edge of Cybersecurity: Insights from Steve OrrinNavigating the Intersection of Technology and Security  Sound bites"IoT is officially called the Edge.""We're making mainframe sexy again.""Surround yourself with people smarter than you."  Chapters00:00 Introduction to Cybersecurity and the Edge01:48 Steve Orrin's Role at Intel04:51 The Evolution of Security Technology09:07 The Startup Scene in the 90s13:00 The Intersection of Biology and Technology15:52 The Importance of AI and IoT20:30 Blind Spots in Cybersecurity25:38 Nurturing Talent in Technology28:57 Advice for Young Cybersecurity Professionals32:10 Lifestyle Polygraph: Fun Questions with Steve

"SleepyDuck" uses Ethereum to keep command server alive SesameOp abuses OpenAI Assistants API Organized crime cybercrooks steal cargo Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Zero trust was once the leading cybersecurity strategy, but has it lost momentum? In this episode of Today in Tech, host Keith Shaw speaks with Morey Haber, Chief Security Advisor at BeyondTrust, about whether zero trust is failing or simply misunderstood. They explore why many companies struggle to implement zero trust effectively, the gap between intention and execution, and how vendor marketing may have added confusion to the conversation. Morey explains why identity and privileged access management are now critical, how lateral movement works during attacks, and why many AI agents are dangerously over-privileged. Topics include: The misconception that zero trust is a product How AI is reshaping the need for zero trust The role of identity in modern cybersecurity Real-world deployment challenges and mistakes Why secure-by-design is often an afterthought This episode is ideal for IT leaders, cybersecurity professionals, and anyone looking to better understand how zero trust fits into a world increasingly influenced by AI.

Send us a textWe explore how to prepare for a post‑quantum world while dealing with today's outages and social engineering risks. From zero trust on satellites to multi‑region cloud design, we share practical ways to trade brittle efficiency for real resilience.• mapping careers toward emerging security domains• zero trust for satellites and patch constraints• harvest now decrypt later and crypto agility• early adopters of quantum‑resistant algorithms• futurist methods for security decision‑making• shifting from passwords to stronger credentials• efficiency versus resilience trade‑offs in cloud• lessons from government redundancy models• attack surface, attacker and defender effectiveness• deepfakes, social engineering, and process tripwires• practical controls like rotating passcodes and dual control• resources and where to find Heather's workPick up Heather's books and reach out if you wantInspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Zero Trust isn't just about defense - it's about unlocking new capabilities across even the most legacy-heavy federal systems. When agencies move to a Zero Trust Architecture, the benefits go far beyond stronger cybersecurity. Integrating decades-old systems into a Zero Trust framework can actually centralize data, create consistency, and open new paths to modernization. This week on Feds At the Edge, Sean Phuphanich, Principal Technologist at AWS, explains how synthetic data can safely demonstrate cloud scalability in non-production environments, while Richard Breakiron, Senior Director, Strategic Initiatives, Americas Public Sector, Commvault, offers candid insight into why no single vendor has all the answers. His advice? Collaborate across agencies to tap into shared experience and proven solutions. Tune in on your favorite podcast today as we explore how Zero Trust can be both a security strategy and a powerful engine for modernization across government. Plus, learn about a free AWS assessment tool that can help your agency gauge its Zero Trust maturity and chart a clear path forward.

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode Michael talks with guest Merill Fernando about the Zero Trust Workshop, but we also spend time talking about all things identity! Merill's final thought is pure gold, too!The only bit of news is about Azure SQL DB and how TDE key management during restore,

In this episode of Security Matters, host David Puner sits down with Yuval Moss, CyberArk's VP of Solutions for Global Strategic Partners, to explore the fast-evolving world of agentic AI and its impact on enterprise security. From rogue AI agents deleting production databases to the ethical blind spots of autonomous systems, the conversation dives deep into how identity and Zero Trust principles must evolve to keep pace. Yuval shares insights from his 25-year cybersecurity journey, including why AI agents behave more like humans than machines—and why that's both exciting and dangerous. Whether you're a security leader, technologist or curious listener, this episode offers practical guidance on managing AI agent identities, reducing risk, and preparing for the next wave of autonomous innovation.Explore more of Yuval's thinking on agentic AI and identity-first security in these recent articles:The life and death of an AI agent: Identity security lessons from the human experienceWhen AI Agents Mirror Humanity's Best Behaviors…and Worst Behaviors The Agentic AI Revolution: 5 Unexpected Security Challenges

Curious about the CCZT (Certified Cloud Security Zero Trust) certification and why it's becoming a must-have in 2025? In this episode of CyberTalks by InfosecTrain, our experts unpack everything you need to know—from exam details to real-world benefits.

Patch smarter, not harder.Lieuwe Jan Koning and ON2IT Field CTO Rob Maas break down why “patch everything now” isn't a strategy, but a risk multiplier. In this session, they teach a practical patching strategy: know your assets, patch edge first, stage updates, and use Zero Trust segmentation to choke off exposure so you only patch what truly matters: fast, safely, and without outages.(00:00) - 01:11 - Intro (01:11) - - 02:28 - Reality check #1: Not everything can be patched (02:28) - - 05:02 - Reality check #2: Patches are scary (05:02) - - 08:45 - The solution: Patch in phases (08:45) - - 10:36 - How Zero Trust enables patch management (10:36) - - 11:23 - Prioritization matters (11:23) - - 14:50 - Patching tips and tricks (14:50) - - 16:21 - Guidelines for patching triage (16:21) - - 17:37 - Practical advice (17:37) - - END - Outro Key Topics Covered·       Why “patch everything immediately” fails; availability vs. security·       Staged deployments and rollback safety for crown-jewel services·       Zero Trust segmentation to reduce urgency and shrink attack surface·       Priority signals that matter: asset criticality, exposure, KEV, CVSSRelated ON2IT content & explicitly referenced resources ON2IT Zero Trust: https://on2it.net/zero-trust/ Threat Talks (site): https://threat-talks.com/ CVSS (FIRST): https://www.first.org/cvss/ CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD Click here to view the episode transcript.

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.The discussion covers:Why traditional IAM approaches fail for non-human identities.The importance of visibility and creating a standardized process for NHI creation.The debate around terminology: NHI vs. machine identity vs. service accounts.The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.Practical, actionable advice for getting a handle on legacy service accounts.The emerging challenge of IAM for AI and the complexities of managing agentic AI.The critical role of authorization and the future of policy-based access control.Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.Connect with Steve: https://www.linkedin.com/in/steven-rennick/ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comCHAPTER TIMESTAMPS:00:00:10 - Introduction & The Art of the Vendor Demo00:08:02 - Steve Rennick's Take on Vendor Demos00:12:39 - Formal Introduction: Steve Rennick00:14:45 - Recapping the Identiverse Squabble Game Show00:17:22 - The Hot Topic of Non-Human Identities (NHI)00:22:22 - Is NHI a Joke or a Serious Framework?00:26:41 - The Controversy Around the Term "NHI"00:30:24 - How to Simplify NHI for Practitioners00:34:06 - First Steps for Getting a Handle on NHI00:37:20 - Can Active Directory Be a System of Record for NHI?00:45:08 - Why is NHI a Hot Topic Right Now?00:51:19 - The Challenge of Cleaning Up Legacy NHIs00:58:00 - IAM for AI: Managing a New Breed of Identity01:03:33 - The Future is Authorization01:06:22 - The Zero Standing Privilege Debate01:10:39 - Favorite Dinosaurs and OutroKEYWORDS:NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we're honest, it's not really Zero Trust. So, how and why did we get here? Show notes

TP-Link urges updates for Omada gateways MuddyWater targets organizations in espionage campaign "SessionReaper" flaw exploited in Adobe Commerce Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

Se você acha que segurança em nuvem é só ligar um CSPM e ser feliz, neste episódio a gente mostra que a história é bem mais cabeluda e divertida. Recebemos o Leandro Venâncio para destrinchar desde responsabilidade compartilhada e Zero Trust até o que realmente funciona no dia a dia de clusters Kubernetes sob fogo cruzado. Falamos de cultura, automação e das ciladas que a gente só aprende depois de tomar uns tombos.Partimos do básico bem-feito (identidade, redes e criptografia) e avançamos para governança com políticas (Kyverno/Gatekeeper), esteira com SAST/DAST/SCA, SBOM decente e segredos administrados em KMS/External Secrets. Amarramos com observabilidade, resposta a incidentes e como priorizar risco sem virar refém de dashboards. Spoiler: custo, compliance e performance entram no mesmo bolo e não dá pra fingir que não existem.Entre as pautas, destacamos: como aplicar Zero Trust em workloads efêmeros; por que "shift left" sem operações maduras mais atrapalha que ajuda; e onde CNAPP, CSPM e admission controllers se encontram. E claro, casos reais — porque a teoria é linda, mas a produção é quem manda.#Links Importantes:- Leandro Venâncio - https://www.linkedin.com/in/leandro-venancio/- LowOps cast com Rafael Ferreira - https://www.youtube.com/live/SC6a11HClX4- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When EDR gets knocked out Red flags in vendor theater Configuration chaos The sticker problem Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

DNS failure leads to AWS outage China accuses NSA of hacking national time center Chrome store flooded with high-risk WhatsApp automation Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.Widely known as “Dr. Zero Trust”, he's the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.Guest Bio Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.Guest Quote" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”Time stamps 01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and AdviceSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Chase on LinkedInLearn more about Demo-Force.comChase's HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse Connect with Sean on LinkedIn Don't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

Artificial intelligence (AI) is rapidly reshaping the cybersecurity landscape across Ireland. While it's unlocking new efficiencies and accelerating innovation, it's also giving cybercriminals new evasive tools to launch faster and more sophisticated attacks. Across Ireland, organisations are navigating a new era of cyber risk defined by speed, sophistication, and AI. As Dell Technologies continues to work closely with Irish businesses to modernise their digital infrastructure, it's clear that cybersecurity must evolve in tandem, as a strategic enabler of trust and resilience. Threat actors are using AI to enhance ransomware, zero-day vulnerabilities, Distributed Denial of Service (DDoS) all making advanced spear-phishing much harder to identify, outpacing conventional security measures. According to the latest Dell Technologies Innovation Catalyst Study, 84% of Irish organisations view security as a key part of their business strategy, yet many continue to struggle with balancing innovation and security. Almost all respondents (96%) admitted that integrating security into wider business strategies is proving difficult. These figures highlight that organisations must rethink their cybersecurity strategies to adopt proactive, intelligent, and resilient approaches that keep pace with the evolving threat environment. Here are five ways to stay resilient against cyber threats: 1. Adopt zero trust for AI Security As threat actors use AI to scout, steal credentials and adapt attack techniques, traditional perimeter-based defences fall short. That's why more Irish organisations are adopting a Zero Trust model built on the principle of "never trust, always verify" ensuring that every user, device, and application is continuously authenticated, regardless of location. The benefits are clear; the latest Innovation Catalyst Study revealed a 100% increase in confidence levels among Irish organisations that have adopted zero trust principles, underscoring its growing value as a security framework. By implementing zero trust principles, organisations can help reduce risk by continuously verifying every access request and implementing strict authentication processes. Using role-based access controls (RBAC) and network segmentation, organisations can minimise the risk of an attack and reduce the impact radius if an attack occurs. Zero trust is more than a security philosophy. It's a unified and adaptive strategy for identity and access management. Through a zero trust approach, organisations not only reduce their attack surface, but also strengthen their ability to detect, respond to and contain threats. 2. Reduce the attack surface In an environment where AI-powered threat actors are constantly probing for weaknesses, reducing the attack surface is a critical line of defence. Every exposed endpoint, unsecured API, or overlooked supply chain vulnerability represents an opportunity for adversaries to infiltrate systems, deploy malware and exfiltrate sensitive data. To mitigate these risks, Irish organisations should begin with assessing and understanding their attack surface and related vulnerabilities. From there, they should have a layered defence strategy focused on securing entry points and minimising exposure. This includes strengthening authentication, encrypting data, regularly testing for vulnerabilities and actively monitoring endpoints. Keeping systems patched and devices hardened further limits risks. By reducing the attack surface, organisations make themselves a harder target, thereby decreasing the likelihood of an attack. 3. Continuously detect and respond to threats AI-powered attacks are capable of mimicking legitimate behaviour and evading traditional security tools, and organisations need to combine advanced threat detection with rapid response capabilities. Leveraging AI and machine learning, organisations can monitor operational data, detect anomalies, and trigger automated responses in real time. This AI-powered threat...

  Implementing Zero Trust in a complex federal environment includes protecting data. To reach this goal, CISA has updated its recommendations for Continuous Diagnostics and Mitigation program called the Data Model Document (DMD). It provides the audience with a mechanism to focus on the most recent relevant changes without having to review the document in its entirety.   Today, we sat down with three experts to unpack some of the expanded concepts.   The first challenge is understanding the variety of systems. For example,  Daniel Ane from the TSA shared that they had to report data from eighty different systems. The only time efficient way to collect this varying data is with specific tools.   There is also a matter of control. Mark Hadley from the PNL shares that much critical infrastructure is  owned by the private sector, which can limit what kind of data can be collected.   Finally, Brian Meyer from Axonius makes a practical observation. Let us say you have a set of tools that accomplish the job of accurate data collection. If one gets updated, it can throw the entire compliance process out the window.   It seems obvious that adhering to the strictures of the Data Model Management recommendations will assist in a move to Zero Trust, but administering DMD needs guidance and a data strategy that is practical.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, the plow must go deeper. Current approaches to Zeer Trust implementation can leave gaps in security. Today, we sat down with Akamai's Mike Colson to discuss the concept of combining Identity Credential Access Management with Least Permissive Trust. Setting the stage, Mike Colson details some of the challenges in the varying kinds of Zero Trust that are being applied in the Federal Government. The standard way of implementing ICM can result in assigning more resources than necessary, leading to permission creep and inflexible permission. Over provisioning: The amount of data being created is almost impossible to manage. A person may be given access to a data set they are not permitted to see. A “just in time” permission structure would help avoid that situation. Stale:  Just because a person has access to a data set on a Tuesday does not mean he has access on a Wednesday. People can leave the workforce, be reassigned, or change roles. Access must be constantly updated. Static:  Ron Popiel made the phrase, “Set it and forget it,” memorable. Unfortunately, this approach can lead to a permission structure that may limit access to key data. This may be considered under-provisioning, potentially leading to time delays in obtaining key information. Colson took the listeners through several iterations of access control, including Role-Based Access Control and Attribute-Based Access Control. On top of these old favorites, Colson discussed what may be called Context-Based Access Control, or what he calls Least Permissive Trust. Least permissive trust is a concept Colson outlined, which uses user behavior, device health, and contextual factors to grant permission dynamically. The conclusion is simple:  not all Zero Trust is created equal.

Technology is evolving faster than ever, and with that acceleration comes the question of whether we're using it to make the world better or simply faster. As automation, AI, and cybersecurity shape the future of work and life, leaders are reexamining how innovation can drive not just profit, but progress. Michigan, once the cradle of the industrial revolution, is once again emerging as a hub for digital transformation and inclusive growth. It's a powerful example of how technology for good can align innovation with community impact.So, what does it really take to build technology that uplifts people, doesn't replace them, and strengthens the middle class in a rapidly changing world?In this first installment of a three-part series on DisruptED, host Ron J. Stefanski sits down with Dug Song, co-founder of Duo Security, who now channels his focus into philanthropy and community innovation through his family foundation in Detroit. Together, they explore how Detroit's innovation legacy and his own unconventional journey from hacker to entrepreneur shape his belief that technology for good can (and must) be a bridge between innovation and impact.In this episode, Dug and Ron discuss:Early Curiosity and Innovation: How a childhood surrounded by entrepreneurship and technology led Dug from early hacking to building security systems for the University of Michigan.Building a Unicorn: The founding of Duo Security, Michigan's first unicorn, and how Dug's approach to ethical hacking and scalable tech reshaped enterprise security.Technology as a Great Equalizer: Why Dug believes technology can rebuild the middle class, uplift communities, and redefine Michigan's role in global innovation.Dug Song is a cybersecurity entrepreneur and investor best known as the co-founder and former CEO of Duo Security — Michigan's first tech unicorn, acquired by Cisco — where he later served as Chief Strategy Officer for Cisco Security. With deep expertise in Zero Trust architecture, SaaS growth, and enterprise security innovation, he has helped shape national strategies for emerging technologies through his work with the U.S. Department of Commerce's National Advisory Council on Innovation & Entrepreneurship. Today, as founder of Song United and co-founder of the Song Foundation and Michigan Founders Fund, he advances inclusive entrepreneurship and “technology for good” initiatives across Michigan and beyond.

Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guests Mike Lockhart, CISO Eagleview, and Dustin Sachs, chief technologist at CyberRisk collaborative, and author of Behavioral Insights in Cybersecurity Thanks to our show sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker” All links and the video of this episode can be found on CISO Series.com      

In this episode, Mike Baker, Vice President and Global CISO at DXC Technology, says the cyber industry has been focusing on the wrong side of AI. He believes too many companies use it only to block threats instead of studying how criminals use it to scale phishing, bypass defenses, and deploy adaptive malware. Attackers are learning faster than ever, and security teams must catch up. Mike argues that defenders need to think differently and use AI as both protection and opportunity. He shares how DXC is already doing this. The company has brought autonomous AI agents into its security operations through a partnership with 7AI. These agents process alerts that used to require hours of human effort. The result is faster detection, less burnout, and more time for analysts to investigate real threats. By cutting manual work by more than eighty percent, DXC has shown how AI can make cybersecurity teams stronger, not smaller. Zero Trust remains a core part of DXC's strategy. Mike calls it a journey that never ends. It needs cultural change, constant learning, and leadership that keeps security invisible to end users. AI now plays a role here too, improving identity checks and spotting access issues in real time. Yet, he reminds us, AI still needs people in the loop for oversight and judgment. We also talk about supply chain risks. Too many companies still treat risk assessments as one-time tasks. Mike pushes for continuous monitoring and close collaboration with suppliers. He closes the conversation on a hopeful note. AI will not replace people in cybersecurity, he says. It will make their work more meaningful and more effective if used with care and common sense.

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.

professorjrod@gmail.comCloud perimeters are fading, identities are multiplying, and threats move faster than patches. We dive into the real mechanics of securing a hybrid world—mapping cloud deployment choices, clarifying shared responsibility across SaaS, PaaS, and IaaS, and showing how Zero Trust reshapes defenses around identity, posture, and context. It's a practical tour from first principles to field-tested patterns, grounded by case studies like Capital One and SolarWinds and anchored in frameworks such as NIST SP 800-207.We start by decoding public, private, hosted private, community, and hybrid models, then connect those choices to risk: multi-tenant isolation, data flows between zones, and the observability challenges of decentralization. From there, we move into reliability engineering—high availability, geo-redundancy, disaster recovery—and the role Kubernetes plays in scaling securely, with a frank look at container pitfalls and how least privilege and image scanning reduce blast radius. Automation takes center stage with infrastructure as code, autoscaling, and software-defined networking, plus how SASE brings secure access to a remote-first workforce without bolting on more complexity.Embedded systems and IoT get a hard look: scarce memory, weak encryption, default credentials, and unpatchable firmware that turns convenience into risk. We offer a simple playbook—segment aggressively, enforce egress controls, rotate credentials, and plan device lifecycles—to stop small sensors from causing big outages. Zero Trust ties it all together: never trust, always verify; microsegment to prevent lateral movement; and evaluate every access request through identity, device health, and real-time signals. Along the way, we weave in Security+ exam-style questions so you can test your knowledge and lock in the fundamentals.If this helped you see your cloud and Zero Trust roadmap more clearly, follow the show, share it with a teammate, and leave a quick review. Got certified recently or put these controls into practice? Email professorjrod@gmail.com—we'd love to shout you out on a future episode.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Google DeepMind's AI agent finds and fixes vulnerabilities  California law lets consumers universally opt out of data sharing China-Nexus actors weaponize 'Nezha' open source tool Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

Jeremy Maldonado breaks down cybersecurity fundamentals from a real-world IT operations perspective. From phishing and social engineering to patching best practices and zero trust, Jeremy shares practical insights to help you protect your organization — starting with your own behavior.He covers:Why the human factor is still your biggest vulnerabilityThe basics of zero trust in everyday communicationSocial engineering red flags to watch forHow to think strategically about patch prioritizationWhy most orgs still struggle with timely patchingTips for human-controlled automation using the Automox consoleWhether you're new to cybersecurity or want to tighten your patching strategy, this episode gives you a tactical refresh on where to focus your attention.

Jamie Crotts, CIO of the House of Representatives, details how a zero-trust assessment reshaped a three-year internal technology roadmap, while securing a nationwide enterprise of over 900 district offices with consistent, user-friendly access. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Application programing interfaces, more commonly known as APIs, are the engines behind the majority of internet traffic. The pervasive and public nature of APIs have increased the attack surface of the systems and applications they are used in. In this  podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI's CERT Division, sits down with Tim Morrow, Situational Awareness Technical Manager, also with the CERT Division, to discuss emerging API security issues and the application of zero-trust architecture in securing those systems and applications.   

He started small, swiping cards, buying gift cards, and cashing out. It spiraled into a full‑blown criminal enterprise. Dozens of co‑conspirators, stacks of stolen plastic, and a lifestyle built on chaos.Meet Nathan Michael, leader of Oak Cliff Swipers.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Pantheon. Pantheon keeps your site fast, secure, and always on. That means better SEO, more conversions, and no lost sales from downtime. But this isn't just a business win; it's a developer win too. Your team gets automated workflows, isolated test environments, and zero-downtime deployments. Visit Pantheon.io, and make your website your unfair advantage.Support for this show comes from Adaptive Security. Deepfake voices on a Zoom call. AI-written phishing emails that sound exactly like your CFO. Synthetic job applicants walking through the front door. Adaptive is built to stop these attacks. They run real-time simulations, exposing your teams to what these attacks look like to test and improve your defences. Learn more at adaptivesecurity.com.

Unity vulnerability puts popular games at risk Oracle zero-day exploit patched Third-party breach claims Discord user info Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

The biggest security threat isn't in the cloud, it's hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.   Impactful Moments: 00:00 - Introduction 02:00 - Varun's journey from RedLock to Endor Labs 04:00 - Why the software supply chain is broken 07:00 - AI coding assistants and insecure code risks 10:00 - The NPM self-replicating worm discovery 13:00 - Simple controls to enforce Zero Trust in code 16:00 - Pairing AI with security to prevent slop 19:00 - AI-powered security code reviews explained 22:00 - Why 88% of code goes unused 26:00 - Developer efficiency as the new security metric 29:00 - The next wave of AI-driven software threats   Links: Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Volker Wagner, Chief Information Security Officer at BASF, joins Ann on this week's episode of Afternoon Cyber Tea to  talk shop on what it really takes to defend one of the world's largest chemical companies. From his early days in auditing to leading global cyber for high-stakes industrial and research environments, Volker shares battle-tested insights on resilience, Zero Trust, and the fundamentals that never go out of style. He dives into the hard lessons learned from ransomware, the realities of third-party risk, and how AI is reshaping everything from incident response to supply chain security. Most importantly, he makes the case for why trust, communication, and culture aren't soft skills—they're survival skills for modern CISOs.  Resources:   View Volker Wagner on LinkedIn           View Ann Johnson on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/Timestamps:00:00 Introduction and Podcast Theme00:17 Defining Identity in Cybersecurity01:34 Debate: Can Non-Humans Have Identities?01:57 Guest Introduction: Shea McGrew04:15 Shea's Career Journey and Role as CTO09:28 Challenges and Rewards of Being a CTO11:41 Identity Strategy at Maricopa County14:48 Device Identity and Zero Trust Architecture29:56 Managed vs. Unmanaged Devices40:15 Understanding the NIST Framework42:52 Balancing Technology and People43:58 Training and Partner Collaboration48:03 Organizational Change Management50:40 Future of Device Identity54:40 Debating Machine Identity01:06:36 Curiosity as an Olympic Sport01:13:00 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape. 

In 2019, Ola Bini, a Swedish programmer and privacy advocate, was arrested in Ecuador for being a Russian hacker.Find Ola on X: https://x.com/olabini. Or visit his website https://olabini.se/blog/. Or check out his non-profit https://autonomia.digital/.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Miro. AI doesn't have to be intimidating—in fact, it can help your team thrive. Miro's Innovation Workspace changes that by bringing people and AI together to turn ideas into impact, fast. Whether you're launching a new podcast, streamlining a process, or building the next big thing, Miro helps your team move quicker, collaborate better, and actually enjoy the work. Learn more at https://miro.com/.This show is sponsored by Thales. With their industry-leading platforms, you can protect critical applications, data and identities – anywhere and at scale with the highest ROI. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most – applications, data and identities. Learn more at http://thalesgroup.com/cyber.View all active sponsors.Sources https://www.eff.org/deeplinks/2019/08/ecuador-political-actors-must-step-away-ola-binis-case https://www.eff.org/deeplinks/2025/04/six-years-dangerous-misconceptions-targeting-ola-bini-and-digital-rights-ecuador https://peoplesdispatch.org/2019/04/12/ola-bini-detained-in-ecuador-for-90-days/ https://globalvoices.org/2022/10/21/ola-bini-the-cyberactivist-who-causes-panic-in-ecuador/ https://www.amnesty.org/en/latest/news/2019/09/ecuador-allanamiento-violento-pone-en-riesgo-juicio-justo-ola-bini-2/https://en.wikipedia.org/wiki/Ola_Bini