Podcasts about zero trust

Active exploitation of Fortinet VPN bypass utility observed Google possibly allowing users to change default gmail address June Aflac attack resulted in data theft  Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.   Find the stories behind the headlines at CISOseries.com

Coordinated scams target MENA region Pen Test Partners accused of 'blackmail' Hackers steal record $2.7B in crypto in 2025 Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

The threat that puts you out of business probably won't look like a movie hack, it'll look like a normal email from your CEO.   In this episode of the Registered Investment Advisor Podcast, Seth Greene interviews Scott Alldridge, CEO of IP Services and bestselling author of the VisibleOps series, who explains how modern cybercrime actually works and why most small and mid-sized companies are far more vulnerable than they think. Scott shares real breach stories, including how something as simple as leaving a printer password as “1234” led to a $187,000 theft and forced a firm into a merger. He breaks down why cybersecurity is now a board-level issue, how AI is being weaponized by attackers, and what leaders need to be doing right now to protect their data, their money, and their survival.   Key Takeaways: → Most companies think “we're too small to be a target,” but attackers actively go after businesses with as few as 100 employees — and even under $1M in revenue. → Only about 1 in 7 cybersecurity breaches ever gets reported, so what you read in the news is a tiny fraction of what's actually happening. → A single weak password (like “1234” on a networked printer) can give a threat actor a doorway into your entire system. → Attackers don't smash and grab; they sit quietly for weeks or months, watch how you communicate, then imitate leadership to trigger wire transfers that look totally normal. → The “human layer” is still the biggest risk: phishing, social engineering, and reused or weak credentials are where most compromises begin.   Scott Alldridge has spent three decades on the frontlines of cyber warfare—turning escalating threats into competitive advantage for business leaders. As co-founder of the IT Process Institute and creator of the globally adopted VisibleOps framework (400,000+ copies sold), he shaped how enterprises worldwide secure and scale technology.   His Amazon bestseller, VisibleOps Cybersecurity, is the definitive roadmap for integrating Zero Trust principles into real business results. Today, as CEO of IP Services, one of America's most trusted MSSPs, Scott helps executives verify—not just trust—their cybersecurity posture.   Driven by both expertise and altruism, Scott's mission is to ensure businesses of all sizes are resilient and protected—not only to safeguard revenue, but to prevent the devastating personal and professional fallout of cyberattacks. A globally recognized thought leader with 618K+ social media followers, he leverages his platform to raise awareness, share real-world breach stories, and arm leaders with actionable strategies that save companies before it's too late.   Connect With Scott: Website: https://ipservices.com/ Instagram: https://www.instagram.com/scottalldridge1/ LinkedIn: https://www.linkedin.com/in/scott-alldridge-1a976/ FREE OFFERSText "Secure25" to 1-541-359-1269 to receive your free Visible Ops Executive Companion book and a free Penetration Scan Test (first 3 listeners only) Learn more about your ad choices. Visit megaphone.fm/adchoices

ServiceNow to acquire cybersecurity startup Armis MacSync Stealer adopts quieter installation Nissan customer data stolen in Red Hat raid Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

A manufacturer gets hit with ransomware. A hospital too. Learn how Threatlocker stops these types of attacks. This episode is brought to you by Threatlocker.SponsorsThis episode is sponsored by ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

This is part 1 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 2 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 3 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

This is part 4 of a 4-part series. Randy and I were recently invited to podcast on the floor of the 2025 Cyber Winter Wonderland at the beautiful Madison Loft. My guest host of the day was host of the Great Security Debate, Brian Schneble. Enjoy the listen, and THANK YOU to CXO Forum for partnering with us to podcast at your event! Part 1 Steve Monato and Ken Sowinski of UWM Part 1’s discussion focuses on the evolving role of AI within organizations, touching on AI use cases, data security, and the necessity for clean, organized data for effective AI modeling. The panelists emphasize the shift from understanding AI to implementing and deriving business value from it. They also discuss the importance of communication between IT and business units to promote effective AI adoption, the impact of automation on employee tasks, and the future role of AI in sectors like mortgage processing. The conversation explores the balance between AI-driven automation and human oversight to ensure efficiency and address challenges associated with new AI tools. Part 2 Eric Olmstead Palo Alto Networks and Jonathan Gough of Pellera Part 2 is a discussion of the evolution and current trends in IT security and technology integration. Pellera Technologies provides a detailed overview of their global operations, focusing on AI, data cloud, and cybersecurity solutions. The discussion covers Palo Alto Networks’ advancements in security, including the integration of AI in their security platforms and the concept of Zero Trust, emphasizing its continued relevance. The conversation also explores the complexities of AI implementation, the challenges of non-human identities (NHIs), and the importance of robust security measures in a rapidly evolving tech landscape. Both companies highlight the need for innovation and vigilance in managing current and emerging security threats. Part 3 Brandon Allen and Pete Sheldon of Prophet Security Part 3 focuses on the challenges faced by Security Operations Centers (SOCs) amid a growing volume of alerts and the role of AI and machine learning in addressing these challenges. Profit Security is utilizing AI-driven platforms to enhance alert investigation and reduce false positives, allowing analysts to focus on more critical issues. The conversation delves into topics like the evolution from traditional machine learning to modern AI, the importance of context and reasoning in alert processing, and the continuous need for human oversight and expert feedback in AI systems. Additionally, the discussion touches on industry-specific issues such as the energy costs associated with running AI and compute centers, the adaptability of AI to new threat vectors, and the potential for AI to improve operational efficiency within organizations. Part 4 Björn Olson of Pellera and Henry Samson of Palo Alto Networks. Part 4 covers the evolving landscape of technology and security. The discussion covers the prevalent issues in the automotive and manufacturing industries, including underutilization of tools, data protection challenges, and the impact of technological advancements on security practices. The conversation also touches on the importance of understanding customer needs, the necessity of solving real problems, and the need to plan for future challenges like quantum computing. The roundtable aims to provide insights into balancing sales with genuine problem-solving and advancing security measures while managing financial constraints.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com

Spotify music library scraped DDoS disrupts France's postal and banking services Fake delivery websites hit holiday shoppers Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

In this episode, Kul explores the hidden human impact of zero-trust security in modern workplaces. While designed to protect systems, data, and IP, zero-trust approaches can unintentionally erode trust, psychological safety, and collaboration. Kul examines how constant monitoring can affect wellbeing, creativity, and belonging, and challenges leaders to find a better balance. This episode offers a human-centred perspective on security - one that protects organisations without sacrificing trust, autonomy, or the very people who make them thrive. Kul Mahay has over 3 decades experience in the leadership space.  He works with organisations and leaders to develop powerful cultures of high value, and performance which is built all around their people. _____________________________ ABOUT THE PODCAST SERIES During these shows, you‘ll hear Kul chatting with fellow leaders from around the world, who are recognised as being at the top of their game.  Together they‘ll explore what emotional intelligence in practice actually looks like, and the benefits it could bring to your teams. It‘s a movement to transform the way we see leadership, and to create powerful cultures where people feel seen, heard, valued and appreciated. Please join the movement and FOLLOW/SUBSCRIBE to this Podcast. FOLLOW ► https://www.linkedin.com/in/kulmahay-leadership/

President signs defense bill funding Cyber Command, Pentagon phone security Iranian APT Infy resurfaces with new malware Massive Android botnet Kimwolf launches DDoS attack Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.   Find the stories behind the headlines at CISOseries.com.

With cybercrime costs projected to reach $10.5 trillion this year, legacy security perimeters are no longer enough to protect modern enterprises. This episode breaks down the pivotal architecture trends of 2025, from the transition to identity-first Zero Trust models to the rise of quantum-resistant cryptography. Listeners will discover how to build a decentralized, AI-powered defense strategy that scales across multi-cloud environments while ensuring long-term data privacy and compliance.

All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Welcome to Episode 417 of the Microsoft Cloud IT Pro Podcast. In this episode of the Microsoft Cloud IT Pro Podcast, Jay Leask joins Ben once more as the two of them recap their experience at Workplace Ninjas US in Dallas, Texas. They discuss conference highlights, the unique hackathon, engaging sessions, the Clippy Bucks system, and the importance of community and inclusion. The conversation also covers upcoming events, memorable attendee interactions, and new traditions for future conferences. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Jay Leask on LinkedIn Workplace Ninja’s US Follow Workplace Ninjas US on LinkedIn Workplace Ninja’s US Microsoft Zero Trust Guidance Center Microsoft Zero Trust Assessment Tool Conditional Access Ben’s YouTube video on Authentication Context and Conditional Access About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: AI, Governance & Cybersecurity Culture: Why People and Process Still Matter MostPub date: 2025-12-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity has evolved from an afterthought to a business-critical responsibility - and AI is accelerating that shift faster than most organizations are ready for. In this episode of Protect It All, host Aaron Crow sits down with Sue McTaggart, a cybersecurity leader with a software development background and more than 15 years of experience driving security transformation. Together, they explore how cybersecurity success today depends less on shiny new tools and more on culture, governance, and fundamentals done right. Sue shares her journey from developer to cybersecurity leader, offering real-world insights into embedding security thinking into everyday work - not bolting it on after something breaks. The conversation tackles the realities of AI adoption, the risks of over-automation, and why human oversight and curiosity remain essential in an increasingly automated world. You'll learn: Why technology alone can't fix cybersecurity problems How to embed a security-first mindset across teams and leadership What AI changes - and what it doesn't - in cybersecurity governance The role of Zero Trust and foundational cyber hygiene Why people, process, and accountability prevent more breaches than tools How generational shifts and curiosity shape the future of cyber careers Whether you're a security leader, technologist, or business decision-maker navigating AI adoption, this episode delivers grounded, practical wisdom for building resilience that lasts. Tune in to learn why strong cybersecurity still starts with people, not platform,s only on Protect It All. Key Moments: 01:12 Cybersecurity Evolution and Insights 03:51 "Cybersecurity Requires Culture Shift" 07:09 "Tech Failures and Curfew Challenges" 10:30 "Prioritizing Security in AI Development" 15:05 Cybersecurity's Role in Everything 19:37 "Everything is Sales" 23:54 Adapting Communication for Audiences 26:26 "Think Ahead, Stay Curious." 28:30 Tinkering and Curiosity Unleashed 31:32 "Gen Z: Redefining Work and Life." 36:17 Governing AI: Benefits and Risks 37:59 AI Needs Human Oversight 42:35 "AI's Role in Cybersecurity." 47:25 "Hackers Exploit Basic Vulnerabilities." About the guest: Sue McTaggart is a passionate educator and cybersecurity professional with a strong background in software development. Her curiosity and desire to raise awareness led her to transition from developing applications primarily in languages like Java in the early 2000s to the field of cybersecurity. Sue is dedicated to empowering others through education and strives to share her knowledge to help others better understand cybersecurity risks and solutions. She is honored and humbled by opportunities to speak about her work and continues to inspire those around her with her commitment to ongoing learning and public awareness. How to connect Sue: https://www.linkedin.com/in/sue-mctaggart-24604158/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

We were inundated with new Windows features in 2025, but which ones actually moved the needle? Fortnite isn't just back on iPhone and Android, it's available on Windows 11 on Arm, and it works great! Plus, 2 big mobile wins for Epic Games and some thoughts on the "right" way to roll out AI features.Windows 11 Best Windows 11 updates of 2025, in no particular order... Dark mode improvements to File Explorer Widgets major overhaul with separate widgets and Discovery feed Xbox Full Screen experience - especially good on handhelds, of course, but also any PC you use for gaming with a controller Click to Do (Copilot+ PC only) External fingerprint reader support for Windows Hello ESS -External/USB webcams supported by Windows Studio Effects (Copilot+ PC only) Quick Machine Recovery is the tip of a wave of new foundational features like Admin Protection, Smart App Control (updates), and more that go beyond surface-level look and feel Redesigned Start menu isn't perfect but it's a nice improvement Copilot Vision, though this type of thing may make more sense on phones AI features in Paint, Photos, Notepad, and Snipping Tool Natural language interactions like the agent in Settings, file search, and more (mostly Copilot+ PC only, but you can do this in Copilot as well) Bluetooth LE support for improved audio quality in game chat, voice calls Gaming on Windows 11 on Arm and Snapdragon X: Major steps forward, but the same issue as always Looking ahead to 2026: 26H1, Agentic features that work, potential Windows 12, and AI PCs AI An extensive new interview with Mustafa Suleyman confirms why this guy is special and how confusing it is that Copilot is so disrespected Microsoft Copilot is auto-installing on LG smart TVs and there's no way to remove it GPT-5.2 is OpenAI's answer to Gemini 3 ChatGPT Images is OpenAI's answer to Nano Banana Pro Disney invests $1 billion OpenAI, sues Google Opera Neon is now generally available for $20 per month AI is moving quick as we all know but the bigger issue may be the incessant marketing about features like agents that don't even work now Microsoft is getting pushback on forced Copilot usage, price hikes Google is expanding its use of "experiments" outside of mainstream products with things like NotebookLM, Mixboard, CC, and much more. Maybe this is the better approach: Test separately and then integrate it into existing products Oddly enough, Microsoft does have a Windows AI Lab for this kind of experimentation Many small models vs. one big LLM in the cloud Mobile Fortnite is back in the Google Play Store in the U.S. as Google plays nice Apple loses its contempt appeal, the end of "junk fees" (Apple Tax) is in sight Xbox and gaming Xbox December Update has one big update for the mobile app and one big update for Xbox Wireless Headphones There's a new Xbox Developer Direct coming in January Half-Life 3 may really be happening, but it will be a Steam Machine launch title so it could be a while Tips & picks Tip of the year: De-enshittify Windows 11 App pick of the year: Fortnite RunAs Radio this week: Zero Trust in 2026 with Michele Bustamante Brown liquor pick of the week: Lark Symphony No. 1 These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/963 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: auraframes.com/ink framer.com/design promo code WW outsystems.com/twit cachefly.com/twit

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We are at the point where AI is almost expected in any technology offering. Today, we sat down with John Kindervag from Illumio to learn how AI can be applied to the world of federal Zero Trust. Some have characterized today's current cybersecurity situation as an arms race; some call it a whack-a-mole game. An innovative technology, such as AI, becomes popularized, and adversaries use it to improve attacks. As a result, the defenders of data must bolster their response, and they, in turn, use AI to defend. He highlights the importance of visibility, using AI to quickly parse logs, and the concept of dwell time, in which attackers can remain undetected for extended periods. To protect valuable data, Kindervag distinguishes between the attack surface and the defense surface. Although a malicious actor can instigate AI-driven attacks across any surface, sensitive information can be protected by thorough segmentation of the protected surface. During the interview, Kindervag provides tactics to manage legacy technology, fragmented data, and the critical topic of risk-averse culture.  

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft's security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He's now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft's new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It's not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher's talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-437

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-437

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Show Notes: https://securityweekly.com/esw-437

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Show Notes: https://securityweekly.com/esw-437

In today's evolving digital environment, many leaders are facing unprecedented levels of complexity. Cyber threats are escalating, regulatory demands are tightening, and organizations are expected to maintain resilience while embracing innovation. Few people understand this landscape more deeply than Scott Alldridge, CEO of IP Services, President of the IT Process Institute, and author of the globally acclaimed VisibleOps series. With more than three decades of experience guiding technical and non-technical teams alike, Scott has built a reputation for transforming complicated cybersecurity concepts into clear, actionable strategies. His people-process-technology framework has helped organizations strengthen governance, reduce risk, and build cyber-mature cultures capable of thriving in high-stakes environments.  In this episode, we discuss: How boards can elevate their cybersecurity oversight. Why organizations fail at cyber risk management, and how to fix it. Common misconceptions surrounding cybersecurity maturity. Scott's strategies for fostering ethical leadership and a security-first culture. Scott's most recent book, VisibleOps Cybersecurity, is an Amazon Best Seller and continues to influence executives, boards, and cybersecurity professionals around the world. Join us in this conversation as he breaks down the mindset and practices leaders need to stay ahead of current and future threats… You can connect with Scott and his work on his website! 

Scott Alldridge, CEO of IP Services and author of the Visible Ops series, emphasizes the necessity of viewing cybersecurity as a growth driver rather than a cost center. He argues that the increasing sophistication of cyber threats, which now target small businesses, necessitates a shift in perspective. Aldridge highlights that organizations must recognize cybersecurity as essential for survival, framing it as revenue protection and enablement. He cites the example of MGM, which suffered a significant ransomware attack that resulted in over $140 million in losses, underscoring the urgency for businesses to prioritize cybersecurity.Aldridge discusses the importance of measurable indicators to demonstrate improvements in security posture. He advocates for regular vulnerability scanning and penetration testing, moving beyond the outdated practice of annual assessments. He notes that organizations should conduct these tests quarterly or even monthly to adapt to the evolving threat landscape. Metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) are critical for assessing the effectiveness of cybersecurity measures and ensuring timely responses to potential threats.The conversation also touches on the human factor in cybersecurity, emphasizing the need for robust training and awareness programs to mitigate risks associated with employee actions. Aldridge stresses that leadership commitment is crucial for fostering a culture of security within organizations. He advocates for a philosophical approach to cybersecurity, including the adoption of frameworks like Zero Trust, which emphasizes strict access controls and continuous monitoring.For Managed Service Providers (MSPs) and IT leaders, the episode underscores the importance of integrating cybersecurity into business strategy. By framing cybersecurity as a critical component of business continuity and reputation management, MSPs can better communicate its value to clients. The discussion also highlights the need for ongoing education and adaptation to new threats, ensuring that organizations remain resilient in the face of cyber challenges. Viewers can get free e-copy of the book, “Virtual Ops Cybersecurity” by texting SECURE25 to 541-359-1269”

____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Why do smart people still click when every instinct tells them they should pause first? That question sits at the heart of this conversation with Denny LeCompte, CEO of Portnox and a rare cybersecurity leader who brings a background in cognitive psychology to identity, trust, and human error.   It is a discussion that pulls back the curtain on the habits, shortcuts, and blind spots that shape our decisions long before a breach becomes a headline.   Denny explains why people rely on benevolence cues, confirmation biases, and loss aversion, and then shows how attackers weaponize each. He explains why training alone cannot fix human fallibility and why a different design mindset is needed if we want security people can actually live with.   Through clear examples and thought-provoking analogies, he describes how teams can build environments that remove opportunities for mistakes rather than punishing people for being human.   We also explore what Zero Trust really means beyond marketing-speak. Denny cuts through the noise and frames it as a mindset shift rather than a product category. He draws on real conversations with CISOs to explain why passwordless adoption moves slowly and why the next wave of identity risk will come from AI agents operating within networks. It is a future in which the line between human and machine identity blurs, requiring access control to evolve just as quickly.   Later, Denny shares a personal story about a mentor who influenced his views, then explains Portnox's unified access control approach as organizations retire VPNs and passwords. His main point: security only works when systems reflect human nature, removing friction and helping people make safe choices. Every policy and workflow is a decision that impacts security outcomes.   What part of Denny's perspective made you reconsider your habits?   Useful Links Connect with Denny LeCompte, CEO of Portnox Learn more about Portnox Tech Talks Daily is sponsored by Denodo    

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

This episode of Automate IT brings together the most meaningful conversations from 2025 – stories and insights that defined the year.From early career breakthroughs to lessons learned through repetition, these moments reveal the human side of IT work while delivering practical takeaways on automation, visibility, consistency, patching, and day-to-day problem solving.You'll hear how IT leaders built confidence, shaped better processes, and navigated increasingly complex environments. These clips capture the ideas that resonated most – and the perspectives shaping the future of modern endpoint management.In this 2025 highlights compilation, you'll learn:How IT pros approach automation and workflow consistencyReal stories behind early career growth and hard-earned lessonsWhat builds confidence in high-pressure IT environmentsPractical tactics for patching, visibility, and operational excellenceTrends driving modern endpoint management in 2025If you're an IT admin, security professional, or technology leader looking for real-world insights – this episode brings together the moments that mattered most.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It is rare to see AI applied to federal cybersecurity mandates. However, today, we will sit down with Louis Echenbaum from Color Tokens. He will unpack the concept of using AI to help federal leaders improve their ability to implement microsegmentation. We all know about Executive Order 14028 and the OMNB Memo M-22-09, which are forcing federal agencies to deploy a robust Zero Trust framework. The key components include identity and access management, asset management, continuous monitoring, and micro segmentation. During the interview, Louis Echenbaum expands on current challenges like legacy systems and visibility. For example, what happens once a malicious actor breaches a federal system? Some call this east-west traffic. The general response is to prioritize and segment data so the intruder is denied access. This concept looks good on paper, but in the real world, leaders encounter some issues. First, how can they know exactly what is on their network? This is perplexing in environments where endpoints are in areas that cannot be upgraded. Further, the move to a hybrid cloud offers varying levels of data segmentation. One system administrator may be competent with a specific cloud service provider but does not know all the details of another company. This skills gap can lead to coverage gaps and opportunities for attack. The solution Echenbaum suggests is to leverage AI to improve visibility and give leaders ways to prioritize datasets into appropriate microsegments.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: AI for AI's sake Stop selling, start protecting Stop calling everything sophisticated Least privilege, rebranded Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditional chat API platform to an AI agent platform and how security had to evolve to keep up.Yash spoke about the industry's obsession with "Zero Trust," arguing instead for a practical "Multi-Layer Trust" approach that assumes controls will fail . We dive deep into the specific architecture of securing AI agents, including the concept of a "Trust OS," dealing with new incident response definitions (is a wrong AI answer an incident?), and the critical need to secure the bridge between AI agents and customer environments .This episode is packed with actionable advice for AppSec engineers feeling overwhelmed by the speed of AI. Yash shares how his team embeds security engineers into sprint teams for real-time feedback, the importance of "AI CTFs" for security awareness, and why enabling employees with enterprise-grade AI tools is better than blocking them entirely .Questions asked:Guest Socials - Yash's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:20) Who is Yash Kosaraju? (CISO at Sendbird)(03:30) Sendbird's Pivot: From Chat API to AI Agent Platform(05:00) Balancing Speed and Security in an AI Transition(06:50) Embedding Security Engineers into AI Sprint Teams(08:20) Threats in the AI Agent World (Data & Vendor Risks)(10:50) Blind Spots: "It's Microsoft, so it must be secure"(12:00) Securing AI Agents vs. AI-Embedded Applications(13:15) The Risk of Agents Making Changes in Customer Environments(14:30) Multi-Layer Trust vs. Zero Trust (Marketing vs. Reality) (17:30) Practical Multi-Layer Security: Device, Browser, Identity, MFA(18:25) What is "Trust OS"? A Foundation for Responsible AI(20:45) Balancing Agent Security vs. Endpoint Security(24:15) AI Incident Response: When an AI Gives a Wrong Answer(29:20) Security for Platform Engineers: Enabling vs. Blocking(30:45) Providing Enterprise AI Tools (Gemini, ChatGPT, Cursor) to Employees(32:45) Building a "Security as Enabler" Culture(36:15) What Questions to Ask AI Vendors (Paying with Data?)(39:20) Personal Use of Corporate AI Accounts(43:30) Using AI to Learn AI (Gemini Conversations)(45:00) The Stress on AppSec Engineers: "I Don't Know What I'm Doing"(48:20) The AI CTF: Gamifying Security Training(50:10) Fun Questions: Outdoors, Team Building, and Indian/Korean Food

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com John Kindervag began the concept of Zero Trust; he probably did not realize the impact it would have on the technological community. Today, we look at the federal government and Zero Trust implementation from 40,000 feet. Kindervag will opine on topics such as browser security, the importance of data, and operational technology. Instead of using his technical knowledge as a cudgel, Kindervag reinforces the importance of a balanced approach in which federal leaders consider both technological and behavioral aspects of implementing Zero Trust. People with a basic understanding of Zero Trust can disregard the importance of data; he calls it the 'protect surface'. This involves identifying and securing the smallest space within the network, as well as the entire network itself. One missing link in the move to Zero Trust is Operational Technology. When looking at the Department of War, it has assets deployed all over the world. They have thousands of sensors that may or may not be part of a network. Kindervag suggests that when you have a protected surface that is a critical asset, which means it can be included in data sets. The interview ended with comments regarding the challenges of implementing zero trust, particularly the need for strong leadership and the potential of AI to enhance cybersecurity measures, while acknowledging the complexities of data classification and the evolving threat landscape. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Descubre con Mar López, CEO de Sofistic Cybersecurity (Grupo 480), cómo la IA transforma la detección proactiva de ciberataques en infraestructuras críticas de Panamá y Latam. Hablamos de retos en trabajo híbrido, Zero Trust, crecimiento del 31% en ingresos, lecciones del gobierno español y consejos clave para PyMEs: ¡no esperes al ransomware! Ideal para emprendedores que buscan cultura de seguridad real. #Ciberseguridad #IA #Sofistic​

Cyber threats aren't evolving, they're accelerating.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The good news is that federal security measures are preventing successful attacks; the bad news is that adversaries are examining every nook and cranny of a federal system and increasingly targeting the browser itself as an attack vector. During the interview, Scott "Monty" Montgomery gives a quick overview of Enterprise Browsers and Secure Enterprise Browsers.  After all, browsers have been around since 1994. It may be the only application ubiquitous on home-based machines and in enterprise systems. They were not designed for security; they were intended to open the internet to the World Wide Web, full of images, links, and audio. Malicious actors did not have to focus on an app with limited use; by targeting a browser, they have almost unlimited targets to attack. Montgomery mentions the increase in browser-based attacks. In fact, they increased by 198% in the second half of 2023. Scott explains that phishing persists because people are curious or fearful, leading them to click on malicious links. A Secure Enterprise Browser can help prevent many common phishing exploits. Additionally, an SEB can support policies and controls. This means that an SEB fits completely with any current Zero Trust initiatives across all agencies. Beyond that, SEBs can be configured to manage legacy systems and even operate in low-bandwidth environments.  

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Yuriy Tsibere from ThreatLocker to discuss an essential topic for cybersecurity leaders: Defense Against Configurations (DAC). With a focus on the significant risks posed by misconfigurations, Yuriy shares insights on how ThreatLocker's new DAC tool helps organizations identify and rectify vulnerabilities in OS configurations, ensuring a higher degree of security. They explore the critical role of maintaining proper endpoint configurations, Zero Trust principles, and how DAC seamlessly integrates into ThreatLocker's platform to provide real-time monitoring and reporting. Yuriy also touches on how DAC supports various security frameworks and compliance standards, making it a valuable asset for any organization aiming to enhance its cybersecurity posture. Big Thanks to Threatlocker for supporting this episode. Register to attend Zero Trust World 2026: https://ztw.com/?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=dac_yuriy_q4_25&utm_content=dac_yuriy-&utm_term=video Use discount code ZTWCISOTRADECRAFT26 for $200 off

Why do entire organisations invest millions building resilient data centres yet leave their endpoints exposed to outages that can last days? That question kept coming back to me during my conversation with James Millington of IGEL at the Now and Next event, because it highlights a gap that most IT leaders still underestimate. James walked me through the reality he sees every day. Companies have high availability strategies for their servers, cloud platforms, and networks, yet the devices workers rely on remain the weakest point. When ransomware or system failure hits, the response often involves scrambling for spare laptops, calling suppliers, and hoping inventory exists. As James pointed out in our chat, many firms quietly rely on a handful of unused machines sitting in a cupboard. That approach might have worked a decade ago, but today's threat landscape exposes every delay. Our discussion centred on IGEL's dual boot approach, a fresh way to recover access within minutes by placing IGEL OS alongside Windows on the same device. Instead of waiting hours or even weeks to rebuild machines, organisations can simply switch to a secure environment that restores access to cloud apps, collaboration tools, and virtual desktops. James shared stories of analysts admitting no comparable solution exists, and of customers having light bulb moments as they calculated the true cost of endpoint recovery. The theme running underneath it all was simple. You cannot coordinate your crisis response unless your people have a working device in their hands. Everything else depends on that. This episode also reflects a wider shift in how organisations think about resilience. Leaders are beginning to question old assumptions about failover, preparation, and what it takes to keep people productive when attacks or outages strike. The conversations I heard throughout Now and Next showed that businesses are realising the endpoint is no longer a peripheral concern. It is the gateway to every service that keeps a company running. When that gateway fails, everything slows. James also shared lighter moments from his journey. His career began as a DJ, something he has circled back to at IGEL events, and it was fascinating hearing how skills from that era still show up in his approach to communication and timing. It reminded me how varied experiences shape the leaders driving today's conversations around security, SaaS evolution, Zero Trust, and the growing overlap between IT and operational technology. So here is my question for you. As cyber risks rise and downtime becomes harder to tolerate, how ready do you feel for the disruption that begins at the endpoint? I would love to hear your thoughts. Tech Talks Daily is Sponsored by NordLayer: Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.

Dr. Cunningham created the influential Zero Trust Extended (ZTX) Framework at Forrester Research, playing a key role in accelerating global adoption of Zero Trust principles across industries and governments worldwide.

Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.You can sign up for her newsletter at https://newsletter.shehackspurple.ca/SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.View all active sponsors.Books Alice and Bob Learn Secure Coding by Tanya Janca Alice and Bob Learn Application Security by Tanya Janca