Podcasts about zero trust

  • 877PODCASTS
  • 3,454EPISODES
  • 37mAVG DURATION
  • 1DAILY NEW EPISODE
  • Jul 18, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about zero trust

Show all podcasts related to zero trust

Latest podcast episodes about zero trust

Cyber Security Headlines
Taiwan semiconductor sector hacked, Salt Typhoon breaches National Guard, Congress ponders Stuxnet

Cyber Security Headlines

Play Episode Listen Later Jul 18, 2025 9:03


Chinese hackers use Cobalt Strike on Taiwan's semiconductor sector Salt Typhoon breaches National Guard and steals network configurations Congress considers Stuxnet to manage OT threats Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

DrZeroTrust
The Dr Zero Trust Show

DrZeroTrust

Play Episode Listen Later Jul 17, 2025 20:45


In this conversation, Dr. Chase Cunningham discusses the current state of cybersecurity, focusing on market growth, the workforce gap, the impact of data breaches, and the role of AI. He emphasizes the importance of zero trust architecture and highlights the human factors that contribute to cybersecurity risks. The discussion also covers incident trends and the need for organizations to adapt their strategies to mitigate risks effectively.TakeawaysThe cybersecurity market is projected to grow significantly, reaching $878 billion by 2034.Data breaches are becoming increasingly costly, with the healthcare sector being the most affected.Zero trust architecture is gaining traction as organizations seek to reduce breach costs.There is a significant gap in the cybersecurity workforce, with millions of unfilled positions.Despite the demand for cybersecurity professionals, many qualified individuals remain unemployed.AI is transforming the cybersecurity landscape, but it also poses new risks.Human factors remain a significant vulnerability in cybersecurity.Organizations must implement technology to mitigate risks associated with human error.The majority of cybersecurity incidents are often attributed to a small percentage of employees.Zero-Trust strategies are essential for future cybersecurity resilience.

Cyber Security Headlines
Google's AI tool finds bugs, Europol disrupts hacktivist group, SquidLoader targets Hong Kong

Cyber Security Headlines

Play Episode Listen Later Jul 17, 2025 6:29


Google says ‘Big Sleep' AI tool found bug hackers planned to use Google fixes actively exploited sandbox escape zero day in Chrome China's cyber sector amplifies Beijing's hacking of U.S. targets Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Autonomous IT
Autonomous IT, Live! Inside the Breach — Identity Hijack Response Exercise, E04

Autonomous IT

Play Episode Listen Later Jul 17, 2025 38:52


In this special live episode of Autonomous IT, Live! we walk through a high-stakes incident response drill that mimics a disturbingly realistic threat scenario: an attacker gains access to your internal tools — not by breaking in, but by logging in.Here's the setup: a user unknowingly reuses compromised credentials with the company's SSO provider. An attacker logs in, flies under the radar, and impersonates internal IT support using Slack, email, and calendar invites. Their goal? Convince employees to install a fake remote access tool—all while avoiding anyone likely to report suspicious behavior.Join Landon Miles, Tom Bowyer, and Ryan Braunstein as they:

Cyber Security Headlines
Chinese engineers at Pentagon, HazyBeacon malware, MITRE framework: AADAPT

Cyber Security Headlines

Play Episode Listen Later Jul 16, 2025 8:06


Pentagon welcomes Chinese engineers into its environment HazyBeacon: It's not a beer, but it leaves a bitter aftertaste What the world needs now is another framework Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Darknet Diaries
161: mg

Darknet Diaries

Play Episode Listen Later Jul 15, 2025 71:58


In this episode we talk with mg (https://x.com/MG), the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.Learn more about mg at: o.mg.lolSponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Cloud Security Podcast
Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI

Cloud Security Podcast

Play Episode Listen Later Jul 15, 2025 45:42


Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI modelsJoin Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.Guest Socials -⁠⁠ Amit's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Intro: The New Era of AI-Powered AppSec(03:10) Meet Amit Chita: From Founder to Field CTO at Mend.io(03:47) Defining AI-Powered Applications in 2025(05:02) AI-Native vs. AI-Powered: What's the Real Difference?(06:05) How AI is Radically Changing the SDLC: Speed, Scale, and Stricter Security(16:30) The Hidden Risk: Navigating AI Model & Data Licensing Chaos(20:50) SMB vs. Enterprise: Why Their AI Security Problems Are Different(23:00) Why Traditional Security Testing Fails Against AI Threats(26:03) Do You Need to Update Your Entire Security Program for AI?(29:14) The New DevSecOps: Keeping Developers Happy in the Age of AI(31:26) Real AI Threats: Malicious Packages & Indirect Prompt Injection(35:16) Is Regulation Coming for AI? A Look at the Current Landscape(38:00) The AI Security Toolbox: To Build or To Buy?(41:41) Fun Questions: Amit's Proudest Moment & Favorite RestaurantThank you to our episode sponsor Mend.io

Trust Issues
EP 11 - AI, identity, and the calm before the breach

Trust Issues

Play Episode Listen Later Jul 15, 2025 46:14


What does it take to stay calm in the face of constant cyber pressure—and why does that mindset matter more than ever? In this episode of Security Matters, host David Puner speaks with Den Jones, founder and CEO of 909Cyber, about his transition from enterprise chief security officer (CSO) to cybersecurity consultant. They explore what it means to lead with clarity and composure in a high-stakes environment, the realities of launching a firm in a crowded market, and how pragmatic security strategies—especially around identity, AI, and Zero Trust—can help organizations navigate AI-driven threats, talent shortages, and operational complexity. It's a candid conversation about what works and what doesn't when it comes to modern security leadership.

Cyber Security Headlines
EU age verification, train brakes vulnerability, Grok-4 jailbroken

Cyber Security Headlines

Play Episode Listen Later Jul 15, 2025 8:26


EU states to test age verification app  (Reuters) AAR pledges to start fixing 20-year old vulnerability next year (Security Week) Grok-4 jailbroken in two days (Infosecurity Magazine) DoD awards contracts for agentic AI (Reuters) eSIM vulnerability exposes billions of IoT devices (Infosecurity Magazine) UK launches Vulnerability Research Initiative (Bleeping Computer) Interlock ransomware using FileFix for malware (Bleeping Computer) Disinformation groups spoofs European journalists (The Record) Elmo gets hacked (AP News) Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Cyber Security Headlines
CitrixBleed2 urgent fix, Gemini email flaw, Louis Vuitton cyberattack

Cyber Security Headlines

Play Episode Listen Later Jul 14, 2025 8:47


CISA gives one day for Citrix Bleed 2 fix Google Gemini flaw hijacks email summaries for phishing Louis Vuitton says UK customer data stolen in cyber-attack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Cybersecurity ist Chefsache - Der Podcast!
Cyber-Sicherheit und Lieferantenmanagement: Wie viel Kontrolle ist zu viel?

Cybersecurity ist Chefsache - Der Podcast!

Play Episode Listen Later Jul 14, 2025 59:12


Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Folge begrüßt Nico Freitag die Informationssicherheitsspezialistin Katia Winkler, die in ihrer Rolle als Senior Information Security Specialist bei einer großen Versicherung täglich mit den Herausforderungen rund um Lieferkettensicherheit, regulatorischen Anforderungen und realistischen Sicherheitsansätzen konfrontiert ist.Gemeinsam sprechen sie über:Die Realität der Lieferkette: Warum gerade Start-ups und Nischenanbieter oft nicht allen Anforderungen gerecht werden – und wie Unternehmen dennoch sicher mit ihnen zusammenarbeiten können.DORA, NIS2 und der Cyber Resilience Act (CRA): Was unterscheidet diese Vorgaben? Was ist verpflichtend, was nur Papiertiger? Und warum redet niemand über den CRA, obwohl er so viele betreffen wird?Zero Trust, S-BOMs und Penetrationstests: Was davon ist sinnvoll, was wird überbewertet – und was übersehen Unternehmen regelmäßig?Die Illusion von vollständiger Kontrolle: Warum Audits, Ratings und Excel-Checklisten oft nicht halten, was sie versprechen.Vertrauen als Sicherheitsfaktor: Wie echte Zusammenarbeit mit Lieferanten gelingen kann – und warum Security mehr Mensch als Metrik ist.Ein ehrliches Gespräch über Prozesse, Verantwortung und darüber, wie man Regulatorik nicht nur überlebt, sondern sinnvoll nutzt.____________________________________________

HRM-Podcast
Cybersecurity ist Chefsache: Cyber-Sicherheit und Lieferantenmanagement: Wie viel Kontrolle ist zu viel?

HRM-Podcast

Play Episode Listen Later Jul 14, 2025 59:12


Erweitere dein Wissen über digitale Sicherheit mit „Cybersecurity ist Chefsache“.In dieser Folge begrüßt Nico Freitag die Informationssicherheitsspezialistin Katia Winkler, die in ihrer Rolle als Senior Information Security Specialist bei einer großen Versicherung täglich mit den Herausforderungen rund um Lieferkettensicherheit, regulatorischen Anforderungen und realistischen Sicherheitsansätzen konfrontiert ist.Gemeinsam sprechen sie über:Die Realität der Lieferkette: Warum gerade Start-ups und Nischenanbieter oft nicht allen Anforderungen gerecht werden – und wie Unternehmen dennoch sicher mit ihnen zusammenarbeiten können.DORA, NIS2 und der Cyber Resilience Act (CRA): Was unterscheidet diese Vorgaben? Was ist verpflichtend, was nur Papiertiger? Und warum redet niemand über den CRA, obwohl er so viele betreffen wird?Zero Trust, S-BOMs und Penetrationstests: Was davon ist sinnvoll, was wird überbewertet – und was übersehen Unternehmen regelmäßig?Die Illusion von vollständiger Kontrolle: Warum Audits, Ratings und Excel-Checklisten oft nicht halten, was sie versprechen.Vertrauen als Sicherheitsfaktor: Wie echte Zusammenarbeit mit Lieferanten gelingen kann – und warum Security mehr Mensch als Metrik ist.Ein ehrliches Gespräch über Prozesse, Verantwortung und darüber, wie man Regulatorik nicht nur überlebt, sondern sinnvoll nutzt.____________________________________________

BuzzZoom
BZ112 Zero Trust Security

BuzzZoom

Play Episode Listen Later Jul 13, 2025 54:48 Transcription Available


Was bedeutet eigentlich Zero Trust Security?

Defense in Depth
Is It Even Possible to Fast-Track Your Way Into Cybersecurity?

Defense in Depth

Play Episode Listen Later Jul 10, 2025 27:03


All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian. In this episode: The experience prerequisite The bootcamp reality check The compensation conundrum The domain expertise imperative A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

Identity At The Center
#360 - Sponsor Spotlight - Trusona

Identity At The Center

Play Episode Listen Later Jul 9, 2025 53:37


This episode is sponsored by Trusona. Visit trusona.com/idac to learn more.In this episode of the Identity of the Center podcast, Jeff and Jim discuss identity verification challenges with Ori Eisen, the founder and CEO of Trusona. The conversation explores the problems surrounding help desk authentication and how Trusona's new product, ATO Protect, aims to address these issues by confirming caller identities, even in scenarios involving social engineering and advanced AI threats. Ori explains the technology behind document scanning, data triangulation, and geolocation to validate identities. The episode also includes an intriguing hack challenge for listeners to test the robustness of Trusona's solutions. Check out the detailed demo on Trusona's website and join the challenge!Timestamps00:00 Introduction and Episode Excitement01:16 Introducing the Guest: Ori Eisen from Trusona02:11 The Problem with Passwordless Authentication03:53 The Rise of Gen AI and Its Impact on Security04:51 Understanding ATO Protect and Its Importance16:10 How ATO Protect Works: A Step-by-Step Guide27:51 The Puppeteering Scam Unveiled28:24 Fingerprinting the Fraudsters29:11 Real-Time Fraud Detection Demo29:42 Challenges in Penetration Testing30:08 Combating Man-in-the-Middle Attacks30:41 The Ultimate Security Challenge33:44 Verifying Caller Identity41:24 Future Threats in Cybersecurity42:10 AI: The Double-Edged Sword49:08 Issuing the Hack Challenge52:45 Conclusion and Final ThoughtsConnect with Ori: https://www.linkedin.com/in/orieisen/Learn more about Trusona: https://www.trusona.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Trusona, Ori Eisen, Identity Verification, Help Desk Security, Service Desk, Passwordless, Authentication, KBA, Knowledge-Based Authentication, Cybersecurity, Identity and Access Management, IAM, Multi-Factor Authentication, MFA, Zero Trust, Identity Proofing#IDAC #Trusona #Passwordless #Cybersecurity #IdentityManagement #HelpDesk #ZeroTrust

DrZeroTrust
The Dr Zero Trust Show

DrZeroTrust

Play Episode Listen Later Jul 9, 2025 25:16


In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the recent ransomware attack on Marks & Spencer, the implications of Ingram Micro's investigation into a ransomware incident, and the lessons learned from major cyber attacks. He highlights the importance of cybersecurity measures, job opportunities in the field, and government initiatives aimed at improving cybersecurity. The conversation also explores the rise of sophisticated cyber threats, including deepfake scams and the activities of the hacker group Scattered Spider, concluding with insights into the future of cybersecurity.TakeawaysMarks & Spencer's ransomware attack was the result of social engineering.The attack involved impersonation of employees to reset passwords.Micro segmentation and multi-factor authentication could have mitigated the attack.Ingram Micro is investigating a ransomware attack that is affecting its operations.Lessons from past cyberattacks emphasize the need for software updates and ongoing training.Deepfake scams are becoming a significant threat.There are numerous job opportunities in the field of cybersecurity.Government funding for cybersecurity is crucial for rural hospitals.The SEC is settling with SolarWinds over cybersecurity failures.Organizations often overlook cybersecurity best practices.

EChannelNews Podcast
Cybersecurity Defense Ecosystem Episode 3: AI in Code Development and Security Management

EChannelNews Podcast

Play Episode Listen Later Jul 9, 2025 46:17


Send us a textPresenters: Evgeniy Kharam, Cybersecurity Architect | Evangelist | Consultant | Advisor | Podcaster | Visionary | Speaker |Nim Nadarajah, C.CISO, Cyber Security, Compliance & Transformation Expert | Executive Board Member | Keynote Speaker Julian Lee, Publisher, Community Builder, Speaker, Channel Ecosystem Developer with a focus on cybersecurity, AI and Digital TransformationAdam Bennett, Co-Founder & CEO at SureStack CEO at Crosshair CyberThe Cybersecurity Defense Ecosystem aims to assist Managed Service Providers (MSPs) in becoming more cybersecurity-oriented amidst industry disruptions caused by AI and regulatory changes.The session focused on updates and discussions surrounding cybersecurity events, emphasizing the importance of sharing insights among Cyber Defense members. Evgeniy discussed the practical applications of emerging technologies like AI and the concept of Zero Trust, emphasizing the need for tailored security strategies. He cautioned against blindly following AI trends, noting that while vendors promote these solutions, a more cautious approach is warranted. Nim contributed by discussing the theme of resiliency at the CDO Magazine event, highlighting the cautious adoption of AI due to privacy concerns and the impending impact of quantum computing on security.The conversation also touched on the integration of AI in various sectors, including real estate and marketing, with Adam noting vulnerabilities in large language models that could pose significant data security risks. The group discussed the risks of vendor lock-in and the importance of due diligence when selecting platforms together with the security implications of machine-to-machine communication and the need for robust security measures.Click here to watch previous episodes on Cybersecurity Defense EcosystemTo learn more on Cybersecurity Defense Ecosystem, visit: https://cybersecuritydefenseecosystem.com/

Risky Business News
Sponsored: Making Zero Trust work with non-critical, crappy applications

Risky Business News

Play Episode Listen Later Jul 6, 2025 11:39


In this sponsored interview, Patrick Gray chats with the CEO of Knocknoc, Adam Pointon. They talk about the woeful state of internal enterprise networks and how many control system networks aren't appropriately segmented. Adam also explains why Knocknoc released a very simple identity aware proxy: For too long the Zero Trust “industry” has focussed on securing access to critical applications, while everything else is left behind to get owned. This is Zero Trust for crappy apps! Zero Trust for the rest of us! Show notes

Joey Pinz Discipline Conversations
#650 ITN Secure-Paul Lupo :

Joey Pinz Discipline Conversations

Play Episode Listen Later Jul 2, 2025 29:36 Transcription Available


Send us a textIs your cybersecurity vendor helping—or just selling? In this insightful conversation from IT Nation Secure 2025, Joey Pinz chats with Paul Lupo of Bitdefender about what it really takes to support Managed Service Providers (MSPs) in today's evolving threat landscape.

Paul's Security Weekly
The Value of Zero Trust - Rob Allen - BSW #402

Paul's Security Weekly

Play Episode Listen Later Jul 2, 2025 32:29


New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center's proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero Trust Endpoint Protection and how it can drive value. Rob will discuss how the ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks with ease of deployment and management. Zero Trust doesn't have to be complex. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-402

Business Security Weekly (Audio)
The Value of Zero Trust - Rob Allen - BSW #402

Business Security Weekly (Audio)

Play Episode Listen Later Jul 2, 2025 32:29


New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center's proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero Trust Endpoint Protection and how it can drive value. Rob will discuss how the ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks with ease of deployment and management. Zero Trust doesn't have to be complex. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-402

Studio 2G Podcasts
Securing the cloud: Zero trust and beyond

Studio 2G Podcasts

Play Episode Listen Later Jul 2, 2025 50:31


Federal agencies are accelerating cloud adoption, but increasingly sophisticated cyber threats and regulatory mandates require a stronger approach to security. This episode explores how agencies can enhance visibility, improve risk prioritization and strengthen zero trust strategies. Experts discuss multi-cloud security challenges, compliance with federal mandates like FedRAMP and EO 14028, and the role of automation in incident response and vulnerability management.

Business Security Weekly (Video)
The Value of Zero Trust - Rob Allen - BSW #402

Business Security Weekly (Video)

Play Episode Listen Later Jul 2, 2025 32:29


New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center's proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero Trust Endpoint Protection and how it can drive value. Rob will discuss how the ThreatLocker® Zero Trust Endpoint Protection Platform offers a unified approach to protecting users, devices, and networks with ease of deployment and management. Zero Trust doesn't have to be complex. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/bsw-402

Darknet Diaries
160: Greg

Darknet Diaries

Play Episode Listen Later Jul 1, 2025 97:59


Greg Linares (AKA Laughing Mantis) joins us to tell us about how he became the youngest hacker to be arrested in Arizona.Follow Greg on Twitter: https://x.com/Laughing_Mantis.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.This show is sponsored by Miro. AI doesn't have to be intimidating—in fact, it can help your team thrive. Miro's Innovation Workspace changes that by bringing people and AI together to turn ideas into impact, fast. Whether you're launching a new podcast, streamlining a process, or building the next big thing, Miro helps your team move quicker, collaborate better, and actually enjoy the work. Learn more at https://miro.com/.

CISO-Security Vendor Relationship Podcast
We Require 3-5 Years of Experience to Qualify for the Cyber Skills Shortage

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jul 1, 2025 37:49


All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Anne Marie Zettlemoyer, former vp of security, Activision Blizzard. In this episode SOC automation: Moving beyond alert fatigue The entry-level security talent reality Learning from security incidents without blame Evaluating security vendor viability and partnerships A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Telecom Reseller
Aviatrix and Wiz: Closing the Loop on Cloud Security, Podcast

Telecom Reseller

Play Episode Listen Later Jun 30, 2025


Podcast with Chris McHenry, VP at Aviatrix, and Doug Green, Publisher of Technology Reseller News “Wiz detects. We react and enforce.” — Chris McHenry, Aviatrix In this timely conversation, Doug Green of Technology Reseller News sits down with Chris McHenry, Vice President at Aviatrix, to explore the company's groundbreaking partnership with Wiz—and how the two are working together to solve one of the most urgent problems in enterprise IT: cloud security. Aviatrix is focused on reinventing network security for the cloud era, helping enterprises regain the controls they've lost in the transition from traditional data centers to cloud-native architectures. “CISOs consistently tell us their cloud environments feel less secure than their data centers,” McHenry notes. That's where Aviatrix steps in—by delivering Zero Trust security at the network layer, with cloud-native tools that provide perimeter protection, lateral movement control, and runtime enforcement. The conversation zeroes in on the company's recent integration with Wiz, the cloud-native application protection platform (CNAPP) that recently made headlines with its massive $30 billion acquisition by Google. According to McHenry, the partnership is more than strategic—it's foundational. “They detect attacks, we stop them,” he says, describing a “closed-loop” response system where Wiz identifies high-risk incidents and Aviatrix's Cloud Native Security Fabric automatically reacts in real time, quarantining threats and blocking malicious activity. As AI rapidly redefines the modern enterprise, McHenry explains how Aviatrix is evolving to meet the dual challenge: using AI to both secure cloud environments and enhance the performance of security operations. From custom AI-powered risk analysis to integrations with Microsoft Copilot for Security, the company is pushing innovation at both ends of the spectrum. And for the reseller community, there's even more upside. Aviatrix is proudly channel-first. “We sell almost entirely through the channel,” says McHenry, inviting partners—especially those already working with Wiz—to expand their practices with Aviatrix's complementary offerings. “This is a big opportunity to help your customers modernize cloud security without lifting and shifting legacy firewalls.” The stakes are rising, and this partnership is gaining attention for good reason. “Google's acquisition of Wiz validates just how critical cloud security is,” says McHenry. “And our integration gives organizations an immediate path to both detect and respond to threats—at scale.” This podcast is the first of a two-part series. Stay tuned for part two, where Aviatrix CEO Doug Merritt will dive deeper into the strategic vision shaping the next decade of secure cloud infrastructure. Learn more at: www.aviatrix.com  

DrZeroTrust
The Dr Zero Trust Show

DrZeroTrust

Play Episode Listen Later Jun 27, 2025 35:32


In this conversation, Dr. Zero Trust discusses various cybersecurity incidents, including the Norwegian dam hack, retail data breaches, and the challenges posed by data brokers. He emphasizes the importance of proactive security measures and the need for better regulations in the digital age. The discussion also touches on leadership changes at Cyber Command, emerging cybersecurity startups, and ethical considerations in the industry.TakeawaysThe Norwegian dam hack highlights the risks of weak passwords.Proactive security measures are essential for critical infrastructure.Data breaches in retail can affect millions of individuals.Leadership changes at Cyber Command may impact cybersecurity strategy.Data brokers operate in a regulatory gray area across states.Privacy concerns are exacerbated by the lack of federal regulations.Cybersecurity incidents in airlines can have widespread implications.The VA data breach serves as a historical lesson for cybersecurity.Emerging startups are addressing various cybersecurity challenges.Ethical considerations in cybersecurity practices are crucial.

Cyber Security Headlines
Iranian-backed spearphishing campaign, Microsoft Outlook fix, Glasgow suffers cyberattack

Cyber Security Headlines

Play Episode Listen Later Jun 27, 2025 8:38


Iranian-backed spearphishing campaign seeks out cybersecurity experts Microsoft fixes Outlook bug causing crashes when opening emails Glasgow City Council suffers cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Cyber Security Headlines
Week in Review: Qilin adds lawyers, Iranian spearphishing campaign, Microsoft Direct Send hack

Cyber Security Headlines

Play Episode Listen Later Jun 27, 2025 25:11


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures. Check out Bil's page, KillSwitchAdvisory. Thanks to our show sponsor, ThreatLocker Alert fatigue, false positives, analyst burnout—you know the drill. What if you could stop threats before they run? ThreatLocker gives CISOs what they've been asking for: real control at the execution layer. Only approved apps, scripts, and executables run. Period. Known-good is enforced. Everything else? Denied by default. Ringfencing and storage control keep even trusted tools in their lane—so PowerShell doesn't become a weapon. And yes—it works at scale. Granular policies. Fast rollout. Built for modern infrastructure. You don't need more alerts. You need fewer chances for malware to make a move. ThreatLocker helps you flip the model—from detect-and-respond… to deny-and-verify. Go to ThreatLocker.com/CISO to schedule your free demo and close the last gap in your Zero Trust strategy, before it's exploited. All links and the video of this episode can be found on CISO Series.com  

Trust Issues
EP 10 - A new identity crisis: governance in the AI age

Trust Issues

Play Episode Listen Later Jun 26, 2025 36:20


In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.Listeners will learn:Why legacy identity governance models are breaking under cloud scaleHow AI agents are reshaping entitlement management and threat detectionWhat organizations must do to secure non-human identities and interlinked dependenciesWhy time-to-value and outcome-driven metrics are essential for modern IGA successWhether you're a CISO, identity architect, or security strategist, this episode delivers actionable guidance for navigating the evolving identity security landscape.

Cyber Security Headlines
Patient death linked to ransomware, BreachForums busted again, nOAuth vulnerability

Cyber Security Headlines

Play Episode Listen Later Jun 26, 2025 8:29


NHS confirms patient death linked to ransomware attack BreachForums busted again Thousands of SaaS apps still vulnerable to nOAuth Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Cyber Security Headlines
70 Microsoft Exchange servers targeted, Apple, Netflix, Microsoft sites hacked, data breach hits Aflac

Cyber Security Headlines

Play Episode Listen Later Jun 25, 2025 7:34


Hackers target over 70 Microsoft Exchange servers to steal credentials via keyloggers Apple, Netflix, Microsoft sites ‘hacked' for tech support scams The 2022 initiative by Cloudflare, CrowdStrike and Ping Identity provided cybersecurity support to critical infrastructure sectors seen as potential targets of Russia-linked attacks Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Feds At The Edge by FedInsider
Ep. 206 Dynamic Security: Central to Achieving Zero Trust

Feds At The Edge by FedInsider

Play Episode Listen Later Jun 25, 2025 61:44


As cyber threats grow more sophisticated, federal agencies need security that can think on its feet.    This week on Feds At The Edge, we explore how agencies are evolving toward Zero Trust by implementing dynamic security—a flexible approach that adjusts access and authentication in real time based on context and behavior.      Justin Chin, Director of the Government Solutions Segment at Ping Identity, opens with a relatable example: when your bank flags suspicious login activity and adds a second layer of authentication. That adaptive friction is dynamic security in action.    Federal agencies face unique challenges based on their IT architectures. Paul Blahusch, CISO at Dept of Labor, explains how a centralized system allows broad, consistent policy enforcement. In contrast, Elizabeth Schweinsberg, Sr. Technical Advisor for CMS, shares how her agency's federated model requires a more tailored approach to dynamic security.    Tune in on your favorite podcast platform today for insights into the different paths agencies are taking, why enterprise structure matters, and how collaboration is key to building secure, adaptive systems that support the Zero Trust journey.          =  

Cyber Security Headlines
Retaliatory Iranian cyberattacks, steel giant confirms breach, ransomware hits healthcare system again

Cyber Security Headlines

Play Episode Listen Later Jun 24, 2025 8:31


DHS warns of retaliatory Iranian cyberattacks Steel giant Nucor confirms breach Ransomware hits healthcare system again Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

The CyberWire
Iran's digital retaliation looms.

The CyberWire

Play Episode Listen Later Jun 23, 2025 36:38


US warns of heightened risk of Iranian cyberattacks. Cyber warfare has become central to Israel and Iran's strategies. Oxford City Council discloses data breach. Europe aiming for digital sovereignty. Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang. RapperBot pivoting to attack DVRs. A picture worth a thousand wallets. New Zealand's public sector bolsters cyber defenses. On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. And a cyberattack spoils Russia's dairy flow. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. Hear the full conversation ⁠here⁠. Find resources below to learn more about the topic Imran discusses. For additional information: Zero Trust, More Confidence Zero Trust: Translating Results into Action Selected Reading US Warns of Heightened Risk of Iranian Cyber-Attacks After Military Strikes (Infosecurity Magazine)  Bank hacks, internet shutdowns and crypto heists: Here's how the war between Israel and Iran is playing out in cyberspace (Politico) Oxford City Council suffers breach exposing two decades of data (Bleeping Computer)  Europeans seek 'digital sovereignty' as US tech firms embrace Trump (Reuters) Data of more than 740,000 stolen in ransomware attack on Michigan hospital network (The Record)  RapperBot Attacking DVRs to Gain Access Over Surveillance Cameras to Record Video (Cyber Security News)  CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call (GB Hackers) NZ NCSC mandates minimum cybersecurity baseline for public sector agencies, sets October deadline (Industrial Cyber) Russian dairy supply disrupted by cyberattack on animal certification system (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Resilient Cyber
Resilient Cyber w/ Bob Ritchie - Securing Federal & Defense Digital Modernization

Resilient Cyber

Play Episode Listen Later Jun 23, 2025 40:58


In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI.Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side.We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front.We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled.The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success?We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more.Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO.I've known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!

Cyber Security Headlines
CMS retailer report, Aflac investigates activity, Russian dairy cyberattack

Cyber Security Headlines

Play Episode Listen Later Jun 23, 2025 7:10


CMC officially points finger at Scattered Spider for Marks & Spencer and Co-op attacks Aflac investigating suspicious activity on its U.S. network Russian dairy producers suffer cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

DrZeroTrust
The Dr Zero Trust Show

DrZeroTrust

Play Episode Listen Later Jun 20, 2025 18:21


In this episode, Dr. Zero Trust discusses a record-breaking data breach involving 16 billion exposed passwords, the implications of cyber warfare in current geopolitical conflicts, and the challenges surrounding digital sovereignty in Europe. The conversation highlights the need for better cybersecurity practices and the evolving nature of warfare in the digital age.Takeaways16 billion passwords exposed in a massive data breach.The data breach raises questions about the accuracy of reported figures.Cybercriminals are shifting tactics, using info stealers and malware.The future of warfare involves cyber operations combined with kinetic actions.Deep fakes and manipulated media are becoming prevalent in conflicts.Cybersecurity measures like MFA and strong passwords are essential.Legislators are often unaware of the complexities of cybersecurity.Digital sovereignty claims in Europe are questionable due to reliance on US companies.The intersection of cyber and traditional warfare is increasingly blurred.Public awareness of cybersecurity threats is crucial for national security.

ITSPmagazine | Technology. Cybersecurity. Society
What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human Problem | A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 15, 2025 9:59


What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]

Cyber Briefing
June 13, 2025 - Cyber Briefing

Cyber Briefing

Play Episode Listen Later Jun 13, 2025 12:42


If you like what you hear, please subscribe, leave us a review and tell a friend!

Defense in Depth
Has the Shared Security Model for SaaS Shifted?

Defense in Depth

Play Episode Listen Later Jun 12, 2025 28:55


All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency   Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Jamf After Dark
Jamf Revolutionising Apple Enterprise IT in India : IDC in conversation with Liz Benz, Ben Oxnam, and Chiranjeev TK

Jamf After Dark

Play Episode Listen Later Jun 12, 2025 33:35


Welcome to a special episode of Jamf After Dark showcasing a recent discussion recorded by IDC India.  Discover how Jamf is revolutionising Apple enterprise IT in India in this exclusive conversation.  Featuring insights from Liz Benz - Chief Sales Officer, Jamf, Ben Oxnam - Senior VP and GM, EMEIA, Jamf, and Chiranjeev TK - Country Head, Jamf India, this dialogue explores the evolving landscape of enterprise device management, security, and Apple adoption across Indian businesses. Learn how Jamf is enabling organizations to: Seamlessly manage Apple devices at scale Strengthen endpoint security with Zero Trust principles Empower IT teams for a modern, mobile-first workforce Navigate the unique challenges and opportunities in the Indian enterprise ecosystem Whether you're a CIO, IT leader, or enterprise strategist, this session offers valuable perspectives on how Jamf and Apple are shaping the future of secure, scalable IT in India

DrZeroTrust
An honest conversation from the Gartner Event

DrZeroTrust

Play Episode Listen Later Jun 12, 2025 32:50


In this conversation, Dr. Chase Cunningham and Eric Krohn discuss the evolving landscape of cybersecurity, particularly focusing on the impact of AI and Zero Trust principles. They explore the challenges small and medium businesses face in adopting new technologies, the importance of risk management, and the need for a collaborative approach between technology and business strategies. The discussion also touches on the recent funding trends in cybersecurity startups and the role of AI in enhancing security measures while addressing the human element in cybersecurity practices.TakeawaysThe AI boom is reshaping the cybersecurity landscape.Zero Trust is becoming a standard practice in security.Risk management strategies must evolve with technology.AI can enhance cybersecurity but requires careful implementation.Small and medium businesses face unique challenges in cybersecurity.Funding for cybersecurity startups is on the rise.Collaboration between tech and business is essential for success.AI can help simplify complex cybersecurity processes.Understanding the human element is crucial in cybersecurity.The future of cybersecurity will be driven by innovation and adaptability.

Feds At The Edge by FedInsider
Ep. 204 Harnessing Automation to Reach Zero Trust

Feds At The Edge by FedInsider

Play Episode Listen Later Jun 12, 2025 56:39


Everyone knows automation is powerful, but it's also a double-edged sword.   This week on Feds At The Edge, we speak with cybersecurity experts who share how to securely align automation with Zero Trust principles. We spend the hour diving to importance of shared responsibility models, protecting critical surfaces, and using automation to enhance observability and control, especially in cloud environments.  Michael Hardee, Chief Architect for Red Hat, shares insights on how automation can reduce social engineering risks by eliminating human override. While Don Yeske, Director, National Security Cyber Division at DHS, highlights how AI can uncover vulnerabilities in outdated enterprise architectures, including a recent zero-day attack.  Both experts emphasize the “human-in-the-loop" approach, agreeing that automation should augment, not replace, human insight. As Michael Hardee reminds us, “automation is not a license for us to check out.”   Tune in on your favorite podcast platform today!         

Trust Issues
EP 9 - J&J's former CISO on trust, identity, and the future of cybersecurity

Trust Issues

Play Episode Listen Later Jun 11, 2025 41:31


In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.

GovCast
AWS Summit 2025: Innovation Accelerates IT Delivery at DOD

GovCast

Play Episode Listen Later Jun 11, 2025 11:56


Technology and software development can take years to field capabilities that may no longer meet mission needs once they reach the finish line. Some department compliance practices can add 12-18 months for authorization. At the AWS Summit in Washington, D.C., Marine Corps Community Services Digital Program Manager David Raley said that his office is accelerating the development and approval processes for mission capability. Raley highlighted solutions like AWS GovCloud and a certified DevSecOps platform that help reduce authorization times from a year to 15 minutes. Raley also talked about the ways DOD is advancing zero trust implementation and security in cloud-native environments.

CISO-Security Vendor Relationship Podcast
Aside From Text, Images, and Videos, GenAI Can't Fool Me (Live in Boston)

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jun 10, 2025 46:53


All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler's scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.

The Segment: A Zero Trust Leadership Podcast
Resilience Over Prevention: Cybersecurity Insights with Dr. Larry Ponemon

The Segment: A Zero Trust Leadership Podcast

Play Episode Listen Later Jun 10, 2025 39:11


In this episode of The Segment, we dive deep into the critical intersection of cybersecurity, resilience, and organizational strategy with the renowned Dr. Larry Ponemon, founder of the Ponemon Institute and a pioneer in privacy and security research. With over 20 years of groundbreaking studies, including the IBM Cost of a Data Breach Report and the Global Cost of Ransomware Study, Dr. Ponemon shares valuable insights into the evolving cyber threat landscape and what businesses can do to stay ahead.We also talk about: The origins and evolution of the Ponemon Institute's research.Why prevention isn't enough, emphasizing containment and resilience in cybersecurity.The rising costs of data breaches and attackers' growing focus on disrupting operational resilience.How organizations can leverage research data to secure leadership buy-in and develop effective strategies.The importance of Zero Trust frameworks in addressing modern security challenges.The role of robust leadership, strategic planning, and redundancy in enhancing resilience.The evolving responsibilities of CISOs and unifying accountability within organizations.Emerging trends like artificial intelligence and global contributions to cybersecurity innovation.Metrics for measuring the effectiveness of security controls.The Global Cost of Ransomware Report: https://www.illumio.com/resource-center/cost-of-ransomware  Listening Notes:[2:30 - 6:00] Advice for Mitigating Ransomware Risks[6:00 - 11:00] Role of Zero Trust in Security[11:00 - 16:00] Accountability in Security Strategies[16:00 - 21:00]  Research Wishlist: Metrics and Trust[21:00 - 25:00] Long-Term Industry ObservationsTune in to learn how to shift from a prevention mindset to one of resilience and adaptability in an ever-changing digital world!

The Data Center Frontier Show
DCIM (Data Center Infrastructure Management) and its Role in Data Center Security

The Data Center Frontier Show

Play Episode Listen Later Jun 10, 2025 17:25


Explore the critical intersection of Data Center Infrastructure Management (DCIM), Common Data Center Security issues and Zero Trust Architecture (ZTA) with a special focus on how our innovative OpenData solution can help. As data centers face increasing security threats and regulatory pressures, understanding how to effectively integrate DCIM into a Zero Trust framework is essential for safeguarding operations and ensuring compliance.

Darknet Diaries
159: Vastaamo

Darknet Diaries

Play Episode Listen Later Jun 3, 2025 51:06


Joe Tidy investigates what may be the cruelest and most disturbing cyber attack in history. A breach so invasive it blurred the line between digital crime and psychological torture. This story might make your skin crawl.Get more from Joe linktr.ee/joetidy.Get the book Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet (https://amzn.to/3He7GNs).SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.