Podcasts about zero trust

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ejona Preci, group CISO, LINDAL Group. In this episode:  Consequence, not controls The credibility gap Defining the undefined Expanding the mandate A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

In this Brand Highlight, we talk with Denny LeCompte, CEO and Co-Founder of Portnox, about how identity and access control are changing as AI-driven agents and synthetic identities become active participants inside enterprise environments.Passwords still sit at the root of many security failures, which is why the conversation starts with the fundamentals: controlling who can access data, from where, and under what device and policy conditions. Certificate-based authentication emerges as a practical way to reduce password dependency while keeping enforcement tied to managed devices and policy compliance.The discussion then shifts to what is changing for security leaders. CISOs may feel more confident managing traditional cyber threats, but uncertainty rises quickly when AI-generated and non-human identities enter the picture. Agentic AI turns automation into an entity that touches networks and applications, making access control a first-order requirement rather than an afterthought.A clear theme emerges throughout the conversation: synthetic identities are not hypothetical. They appear anywhere autonomous agents require permissions to act, from software development to workflow automation. Applying the same discipline used for human identities, including least privilege, scope limitation, and policy enforcement, becomes essential to maintaining control as AI adoption accelerates.Note: This story contains promotional content. Learn more.GuestDenny LeCompte, CEO and Co-Founder of Portnoxhttps://www.linkedin.com/in/dennylecompte/ResourcesLearn more about Portnox: https://www.portnox.com/Are you interested in telling your story?Full Length Brand Story: https://www.studioc60.com/content-creation#fullBrand Spotlight Story: https://www.studioc60.com/content-creation#spotlightBrand Highlight Story: https://www.studioc60.com/content-creation#highlightKeywords: sean martin, denny lecompte, portnox, identity, access, zero trust, passwordless, certificates, agentic ai, synthetic identities, brand story, brand marketing, marketing podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Legion of Doom (LoD) wasn't just a “hacker group”, it captured the essence of underground hacking in the 80s/90s. BBSes, phreaking, rival crews, and the crackdowns that changed everything. From those humble beginnings came a legacy that still echoes through modern security culture today.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Rippling. Rippling is the unified platform for Global HR, Payroll, IT, and Finance. They've helped millions replace their mess of cobbled-together tools with one system designed to give leaders clarity, speed, and control. With Rippling, you can run your entire HR, IT, and Finance operations as one, or pick and choose the products that best fill the gaps in your software stack. Learn more rippling.com/darknet.This show is sponsored by Meter, the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that's built for performance and scale. Meter's full-stack solution covers everything from first site survey to ongoing support, giving you a single partner for all your connectivity needs. Go to meter.com/darknet to book a demo now!Sources Book: Masters of Deception (https://amzn.to/4q3O0gJ) Book: The Hacker Crackdown (https://amzn.to/3N4bovY)

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When cloud computing was introduced, it was quite a simple concept: leverage other people's hardware to scale easily. Not too much to manage. However, today's cloud world has metastasized. Today, federal leaders live in a world of on-prem, multiple clouds, private clouds, hybrid clouds, and even sovereign clouds. Complications arise when they are burdened with compliance requirements and staff reductions. Today, we sat down with Ryan McArthur from Zscaler to discuss how to effectively manage a cloud environment when challenged with deploying Zero Trust. He begins by sharing his experience helping federal leaders understand the inherent risks of the VPN system. Few realize that VPN technology was first introduced by Microsoft back in 1996, and then popularized with Windows 4.0, which included built-in support. Thirty-year-old technology can present severe limitations. Unfortunately, the popularity of VPN technology increased with the demands of remote computing during COVID. We are now in a situation where many enterprises have built their architecture on this dated technology. Ryan mentions that one key to juggling clouds is to focus on the applications themselves. He emphasized Zscaler's ability to securely connect users. If you want more information about Zscaler, you should attend the Zscaler Public Sector Summit in March, where you can discuss and collaborate further.

S3E14: What's Trending NOW is the uncomfortable reality that healthcare's AI adoption is happening faster than its governance, often invisibly. On this episode Shahid and guest Tamer Baker, Healthcare CTO at Zscaler, map the “hidden risk” landscape (data exfiltration, copilots turning loose internal content, prompt manipulation, model poisoning), then pivot to what actually works: measure AI usage, enable safe experimentation by blocking PHI/sensitive prompts, and anchor the program in Zero Trust while layering in AI-specific controls and education. The “B-roll” after the formal close goes even further: the two dig into who holds clinical and product risk as AI becomes more autonomous, why incumbents may hesitate, how regulation (HIPAA NPRM) and defense models (CMMC) might inform healthcare, and why “orchestration” becomes the next trust battleground. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

How is artificial intelligence transforming the way businesses operate? Can cutting-edge technology be the key to scaling success? In this episode, Ephraim Ebstein, Founder and CEO of Fit Solutions, sits down to share his insights… Fit Solutions is a $30 million IT and cybersecurity firm that helps thousands of businesses increase efficiency, reduce IT costs, and protect against cyber threats. Ephraim is also the Co-Founder of AI Integrators, a venture focused on leveraging AI to streamline business operations and optimize performance. With over 15 years in the tech industry, Ephraim has a background in managed IT services, network engineering, and cybersecurity consulting. Before founding Fit Solutions, he served as Senior Systems Engineering Team Lead at All Covered, a division of Konica Minolta. He holds a Bachelor's degree in Management Information Systems and has a proven track record in scaling tech businesses while fostering a strong company culture. In this discussion, we cover: The difference between an enterprise and a medium-sized business.  How AI "employees" are transforming customer service and operational efficiency. Why company culture and leadership systems are essential to business growth. How AI and automation are reducing costs while driving revenue. Find out more about Fit Solutions and their AI initiatives by visiting their website!

NYC mayoral inauguration bans Flipper Zero and Raspberry Pi devices Crypto must now share account details with UK tax officials Finland seizes suspected cable sabotage ship  Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.  

In this New Year's episode of Life of a CISO, Dr. Eric Cole reflects on the challenges of 2025 and delivers a powerful reset framework for CISOs entering 2026. Drawing from real-world coaching, executive leadership principles, and personal experience, Dr. Cole challenges security leaders to stop thinking like technologists and start acting like true chief officers. This episode breaks down three essential pillars every world-class CISO must define: who you need to become, your single top priority, and your North Star. Dr. Cole explains why consistency, discipline, and executive alignment matter more than tools, why most CISOs struggle with focus, and how habits, planning, and accountability can rapidly transform your impact and credibility. From redefining the CISO role as a future CEO pipeline, to practical strategies like executive one-on-ones, time blocking, and choosing a guiding North Star such as Zero Trust or data protection, this episode provides a clear roadmap to leadership growth. If you want to reset your mindset, elevate your influence, and lead cybersecurity as a business function in 2026, this episode is a must-listen.  

Hackers drain millions from Unleash Protocol DarkSpectre campaigns exposed Shai-Hulud attack led Trust Wallet heist Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.

In this conversation, I break down the state of cybersecurity heading into 2025—and it's not pretty. Ransomware isn't “ramping up,” it's eating the market alive, while too many organizations are still betting their future on outdated controls, checkbox compliance, and the fantasy that perimeter security is a strategy. I call out the continued failure of traditional security models, the uncomfortable reality of high-profile vendor missteps, and the industry's habit of confusing tool sprawl with actual risk reduction.My bottom line is simple: Zero Trust isn't a buzzword; it's the only approach that aligns with how modern environments actually operate—cloud-first, identity-driven, and constantly under attack. If you want real improvement, start treating identity like the control plane, tighten your cloud and endpoint fundamentals, get serious visibility into what's connecting and what's executing, and stop pretending “prevention” alone is a plan. Initial access is going to happen—so engineer for containment and resiliency. I wrap up with practical steps you can apply immediately to harden posture and quit treating cyber defense like a yearly renewal rather than a continuous operational discipline.TakeawaysRansomware incidents surged in 2025, impacting critical infrastructure.Traditional defenses are failing to contain ransomware attacks.Using a password manager is essential for security.Cybercrime costs are projected to reach $10 trillion by 2025.Misconfigurations in cloud services are a major risk factor.Identity management is a solvable problem that needs attention.Vendors in cybersecurity are not immune to breaches.Organizations should partner with service providers for cybersecurity.Research and data should guide cybersecurity strategies.A proactive approach is necessary to mitigate cyber threats.

Silver Fox targets Indian users Mustang Panda deploys ToneShell Will prompt injection ever be 'solved'? Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.

Coupang recovers laptop allegedly thrown into river Trust Wallet reports 2k+ wallets drained Sax discloses 2024 data breach Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 atztw.com.

Link to episode page To end off a tumultuous year, our final Department of Know episode of 2025 features a chat between host Rich Stroffolino and producer Steve Prentice. Join them as they chat about the biggest stories of 2025, the trends we are seeing, and what we can expect in the new year. Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com  

Rainbow Six Siege suffers breach, gamers go shopping Diesel generators and aircraft engines in high demand to power AI LastPass 2022 breach reverberates through crypto world  Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.  

In this episode of The Digital Executive, host Brian Thomas speaks with Dr. Ravi Kiran Nizampatnam, an internationally recognized expert in network security and enterprise cybersecurity architecture. With more than a decade of experience protecting mission-critical infrastructure across finance, healthcare, and media, Ravi explains how today's most dangerous attacks no longer look like breaches—but like normal, trusted activity driven by compromised identities, APIs, and supply chains.The conversation dives deep into what Zero Trust done right really means, why treating it as a product instead of an architecture leads to failure, and how organizations can minimize blast radius and contain breaches in minutes rather than months. Ravi also shares the real-world frustrations that inspired his cybersecurity patents, the gaps created by siloed security tools, and why context—not more alerts—is the missing link. Looking ahead, he outlines how AI, cloud-native systems, and regulatory pressure will reshape enterprise security, emphasizing that resilient, identity-centric architecture—not just smarter algorithms—will define the next generation of secure organizations.If you liked what you heard today, please leave us a review - Apple or Spotify. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Active exploitation of Fortinet VPN bypass utility observed Google possibly allowing users to change default gmail address June Aflac attack resulted in data theft  Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.   Find the stories behind the headlines at CISOseries.com

Coordinated scams target MENA region Pen Test Partners accused of 'blackmail' Hackers steal record $2.7B in crypto in 2025 Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of the Registered Investment Advisor Podcast, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the VisibleOps series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats into competitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/ LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ FREE OFFERSText "Secure25" to 1-541-359-1269 to receive your free Visible Ops Executive Companion book and a free Penetration Scan Test (first 3 listeners only) Learn more about your ad choices. Visit megaphone.fm/adchoices

ServiceNow to acquire cybersecurity startup Armis MacSync Stealer adopts quieter installation Nissan customer data stolen in Red Hat raid Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

A manufacturer gets hit with ransomware. A hospital too. Learn how Threatlocker stops these types of attacks. This episode is brought to you by Threatlocker.SponsorsThis episode is sponsored by ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

This is part 4 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 3 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 2 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 1 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

Spotify music library scraped DDoS disrupts France's postal and banking services Fake delivery websites hit holiday shoppers Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com

In this episode, Kul explores the hidden human impact of zero-trust security in modern workplaces. While designed to protect systems, data, and IP, zero-trust approaches can unintentionally erode trust, psychological safety, and collaboration. Kul examines how constant monitoring can affect wellbeing, creativity, and belonging, and challenges leaders to find a better balance. This episode offers a human-centred perspective on security - one that protects organisations without sacrificing trust, autonomy, or the very people who make them thrive. Kul Mahay has over 3 decades experience in the leadership space.  He works with organisations and leaders to develop powerful cultures of high value, and performance which is built all around their people. _____________________________ ABOUT THE PODCAST SERIES During these shows, you‘ll hear Kul chatting with fellow leaders from around the world, who are recognised as being at the top of their game.  Together they‘ll explore what emotional intelligence in practice actually looks like, and the benefits it could bring to your teams. It‘s a movement to transform the way we see leadership, and to create powerful cultures where people feel seen, heard, valued and appreciated. Please join the movement and FOLLOW/SUBSCRIBE to this Podcast. FOLLOW ► https://www.linkedin.com/in/kulmahay-leadership/

President signs defense bill funding Cyber Command, Pentagon phone security Iranian APT Infy resurfaces with new malware Massive Android botnet Kimwolf launches DDoS attack Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.   Find the stories behind the headlines at CISOseries.com.

Narva looks remote until you follow the fibers, vendors, and cloud regions that underpin modern redundancy. Using Estonia's border frictions as a case study in hybrid warfare, this article connects physical incursions, cable vulnerability, and "gray zone" pressure to enterprise realities: diversity assurances, geo-risk tagging in CMDBs, Zero Trust-by-region, and eDiscovery chain-of-custody planning. The message for security and governance teams is clear: distance is an illusion, and resilience now depends on geopolitically informed design. The post Narva May Not Be as Far Away as One Thinks: The Challenge of Cyber and Physical Borders appeared first on ComplexDiscovery.

All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Welcome to Episode 417 of the Microsoft Cloud IT Pro Podcast. In this episode of the Microsoft Cloud IT Pro Podcast, Jay Leask joins Ben once more as the two of them recap their experience at Workplace Ninjas US in Dallas, Texas. They discuss conference highlights, the unique hackathon, engaging sessions, the Clippy Bucks system, and the importance of community and inclusion. The conversation also covers upcoming events, memorable attendee interactions, and new traditions for future conferences. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Jay Leask on LinkedIn Workplace Ninja’s US Follow Workplace Ninjas US on LinkedIn Workplace Ninja’s US Microsoft Zero Trust Guidance Center Microsoft Zero Trust Assessment Tool Conditional Access Ben’s YouTube video on Authentication Context and Conditional Access About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: AI, Governance & Cybersecurity Culture: Why People and Process Still Matter MostPub date: 2025-12-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity has evolved from an afterthought to a business-critical responsibility - and AI is accelerating that shift faster than most organizations are ready for. In this episode of Protect It All, host Aaron Crow sits down with Sue McTaggart, a cybersecurity leader with a software development background and more than 15 years of experience driving security transformation. Together, they explore how cybersecurity success today depends less on shiny new tools and more on culture, governance, and fundamentals done right. Sue shares her journey from developer to cybersecurity leader, offering real-world insights into embedding security thinking into everyday work - not bolting it on after something breaks. The conversation tackles the realities of AI adoption, the risks of over-automation, and why human oversight and curiosity remain essential in an increasingly automated world. You'll learn: Why technology alone can't fix cybersecurity problems How to embed a security-first mindset across teams and leadership What AI changes - and what it doesn't - in cybersecurity governance The role of Zero Trust and foundational cyber hygiene Why people, process, and accountability prevent more breaches than tools How generational shifts and curiosity shape the future of cyber careers Whether you're a security leader, technologist, or business decision-maker navigating AI adoption, this episode delivers grounded, practical wisdom for building resilience that lasts. Tune in to learn why strong cybersecurity still starts with people, not platform,s only on Protect It All. Key Moments: 01:12 Cybersecurity Evolution and Insights 03:51 "Cybersecurity Requires Culture Shift" 07:09 "Tech Failures and Curfew Challenges" 10:30 "Prioritizing Security in AI Development" 15:05 Cybersecurity's Role in Everything 19:37 "Everything is Sales" 23:54 Adapting Communication for Audiences 26:26 "Think Ahead, Stay Curious." 28:30 Tinkering and Curiosity Unleashed 31:32 "Gen Z: Redefining Work and Life." 36:17 Governing AI: Benefits and Risks 37:59 AI Needs Human Oversight 42:35 "AI's Role in Cybersecurity." 47:25 "Hackers Exploit Basic Vulnerabilities." About the guest: Sue McTaggart is a passionate educator and cybersecurity professional with a strong background in software development. Her curiosity and desire to raise awareness led her to transition from developing applications primarily in languages like Java in the early 2000s to the field of cybersecurity. Sue is dedicated to empowering others through education and strives to share her knowledge to help others better understand cybersecurity risks and solutions. She is honored and humbled by opportunities to speak about her work and continues to inspire those around her with her commitment to ongoing learning and public awareness. How to connect Sue: https://www.linkedin.com/in/sue-mctaggart-24604158/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We are at the point where AI is almost expected in any technology offering. Today, we sat down with John Kindervag from Illumio to learn how AI can be applied to the world of federal Zero Trust. Some have characterized today's current cybersecurity situation as an arms race; some call it a whack-a-mole game. An innovative technology, such as AI, becomes popularized, and adversaries use it to improve attacks. As a result, the defenders of data must bolster their response, and they, in turn, use AI to defend. He highlights the importance of visibility, using AI to quickly parse logs, and the concept of dwell time, in which attackers can remain undetected for extended periods. To protect valuable data, Kindervag distinguishes between the attack surface and the defense surface. Although a malicious actor can instigate AI-driven attacks across any surface, sensitive information can be protected by thorough segmentation of the protected surface. During the interview, Kindervag provides tactics to manage legacy technology, fragmented data, and the critical topic of risk-averse culture.  

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft's security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He's now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft's new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It's not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher's talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-437

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-437

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Show Notes: https://securityweekly.com/esw-437

In today's evolving digital environment, many leaders are facing unprecedented levels of complexity. Cyber threats are escalating, regulatory demands are tightening, and organizations are expected to maintain resilience while embracing innovation. Few people understand this landscape more deeply than Scott Alldridge, CEO of IP Services, President of the IT Process Institute, and author of the globally acclaimed VisibleOps series. With more than three decades of experience guiding technical and non-technical teams alike, Scott has built a reputation for transforming complicated cybersecurity concepts into clear, actionable strategies. His people-process-technology framework has helped organizations strengthen governance, reduce risk, and build cyber-mature cultures capable of thriving in high-stakes environments.  In this episode, we discuss: How boards can elevate their cybersecurity oversight. Why organizations fail at cyber risk management, and how to fix it. Common misconceptions surrounding cybersecurity maturity. Scott's strategies for fostering ethical leadership and a security-first culture. Scott's most recent book, VisibleOps Cybersecurity, is an Amazon Best Seller and continues to influence executives, boards, and cybersecurity professionals around the world. Join us in this conversation as he breaks down the mindset and practices leaders need to stay ahead of current and future threats… You can connect with Scott and his work on his website! 

Scott Alldridge, CEO of IP Services and author of the Visible Ops series, emphasizes the necessity of viewing cybersecurity as a growth driver rather than a cost center. He argues that the increasing sophistication of cyber threats, which now target small businesses, necessitates a shift in perspective. Aldridge highlights that organizations must recognize cybersecurity as essential for survival, framing it as revenue protection and enablement. He cites the example of MGM, which suffered a significant ransomware attack that resulted in over $140 million in losses, underscoring the urgency for businesses to prioritize cybersecurity.Aldridge discusses the importance of measurable indicators to demonstrate improvements in security posture. He advocates for regular vulnerability scanning and penetration testing, moving beyond the outdated practice of annual assessments. He notes that organizations should conduct these tests quarterly or even monthly to adapt to the evolving threat landscape. Metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) are critical for assessing the effectiveness of cybersecurity measures and ensuring timely responses to potential threats.The conversation also touches on the human factor in cybersecurity, emphasizing the need for robust training and awareness programs to mitigate risks associated with employee actions. Aldridge stresses that leadership commitment is crucial for fostering a culture of security within organizations. He advocates for a philosophical approach to cybersecurity, including the adoption of frameworks like Zero Trust, which emphasizes strict access controls and continuous monitoring.For Managed Service Providers (MSPs) and IT leaders, the episode underscores the importance of integrating cybersecurity into business strategy. By framing cybersecurity as a critical component of business continuity and reputation management, MSPs can better communicate its value to clients. The discussion also highlights the need for ongoing education and adaptation to new threats, ensuring that organizations remain resilient in the face of cyber challenges. Viewers can get free e-copy of the book, “Virtual Ops Cybersecurity” by texting SECURE25 to 541-359-1269”

____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Why do smart people still click when every instinct tells them they should pause first? That question sits at the heart of this conversation with Denny LeCompte, CEO of Portnox and a rare cybersecurity leader who brings a background in cognitive psychology to identity, trust, and human error.   It is a discussion that pulls back the curtain on the habits, shortcuts, and blind spots that shape our decisions long before a breach becomes a headline.   Denny explains why people rely on benevolence cues, confirmation biases, and loss aversion, and then shows how attackers weaponize each. He explains why training alone cannot fix human fallibility and why a different design mindset is needed if we want security people can actually live with.   Through clear examples and thought-provoking analogies, he describes how teams can build environments that remove opportunities for mistakes rather than punishing people for being human.   We also explore what Zero Trust really means beyond marketing-speak. Denny cuts through the noise and frames it as a mindset shift rather than a product category. He draws on real conversations with CISOs to explain why passwordless adoption moves slowly and why the next wave of identity risk will come from AI agents operating within networks. It is a future in which the line between human and machine identity blurs, requiring access control to evolve just as quickly.   Later, Denny shares a personal story about a mentor who influenced his views, then explains Portnox's unified access control approach as organizations retire VPNs and passwords. His main point: security only works when systems reflect human nature, removing friction and helping people make safe choices. Every policy and workflow is a decision that impacts security outcomes.   What part of Denny's perspective made you reconsider your habits?   Useful Links Connect with Denny LeCompte, CEO of Portnox Learn more about Portnox Tech Talks Daily is sponsored by Denodo    

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: AI for AI's sake Stop selling, start protecting Stop calling everything sophisticated Least privilege, rebranded Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditional chat API platform to an AI agent platform and how security had to evolve to keep up.Yash spoke about the industry's obsession with "Zero Trust," arguing instead for a practical "Multi-Layer Trust" approach that assumes controls will fail . We dive deep into the specific architecture of securing AI agents, including the concept of a "Trust OS," dealing with new incident response definitions (is a wrong AI answer an incident?), and the critical need to secure the bridge between AI agents and customer environments .This episode is packed with actionable advice for AppSec engineers feeling overwhelmed by the speed of AI. Yash shares how his team embeds security engineers into sprint teams for real-time feedback, the importance of "AI CTFs" for security awareness, and why enabling employees with enterprise-grade AI tools is better than blocking them entirely .Questions asked:Guest Socials - Yash's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:20) Who is Yash Kosaraju? (CISO at Sendbird)(03:30) Sendbird's Pivot: From Chat API to AI Agent Platform(05:00) Balancing Speed and Security in an AI Transition(06:50) Embedding Security Engineers into AI Sprint Teams(08:20) Threats in the AI Agent World (Data & Vendor Risks)(10:50) Blind Spots: "It's Microsoft, so it must be secure"(12:00) Securing AI Agents vs. AI-Embedded Applications(13:15) The Risk of Agents Making Changes in Customer Environments(14:30) Multi-Layer Trust vs. Zero Trust (Marketing vs. Reality) (17:30) Practical Multi-Layer Security: Device, Browser, Identity, MFA(18:25) What is "Trust OS"? A Foundation for Responsible AI(20:45) Balancing Agent Security vs. Endpoint Security(24:15) AI Incident Response: When an AI Gives a Wrong Answer(29:20) Security for Platform Engineers: Enabling vs. Blocking(30:45) Providing Enterprise AI Tools (Gemini, ChatGPT, Cursor) to Employees(32:45) Building a "Security as Enabler" Culture(36:15) What Questions to Ask AI Vendors (Paying with Data?)(39:20) Personal Use of Corporate AI Accounts(43:30) Using AI to Learn AI (Gemini Conversations)(45:00) The Stress on AppSec Engineers: "I Don't Know What I'm Doing"(48:20) The AI CTF: Gamifying Security Training(50:10) Fun Questions: Outdoors, Team Building, and Indian/Korean Food