Podcasts about zero trust

  Implementing Zero Trust in a complex federal environment includes protecting data. To reach this goal, CISA has updated its recommendations for Continuous Diagnostics and Mitigation program called the Data Model Document (DMD). It provides the audience with a mechanism to focus on the most recent relevant changes without having to review the document in its entirety.   Today, we sat down with three experts to unpack some of the expanded concepts.   The first challenge is understanding the variety of systems. For example,  Daniel Ane from the TSA shared that they had to report data from eighty different systems. The only time efficient way to collect this varying data is with specific tools.   There is also a matter of control. Mark Hadley from the PNL shares that much critical infrastructure is  owned by the private sector, which can limit what kind of data can be collected.   Finally, Brian Meyer from Axonius makes a practical observation. Let us say you have a set of tools that accomplish the job of accurate data collection. If one gets updated, it can throw the entire compliance process out the window.   It seems obvious that adhering to the strictures of the Data Model Management recommendations will assist in a move to Zero Trust, but administering DMD needs guidance and a data strategy that is practical.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, the plow must go deeper. Current approaches to Zeer Trust implementation can leave gaps in security. Today, we sat down with Akamai's Mike Colson to discuss the concept of combining Identity Credential Access Management with Least Permissive Trust. Setting the stage, Mike Colson details some of the challenges in the varying kinds of Zero Trust that are being applied in the Federal Government. The standard way of implementing ICM can result in assigning more resources than necessary, leading to permission creep and inflexible permission. Over provisioning: The amount of data being created is almost impossible to manage. A person may be given access to a data set they are not permitted to see. A “just in time” permission structure would help avoid that situation. Stale:  Just because a person has access to a data set on a Tuesday does not mean he has access on a Wednesday. People can leave the workforce, be reassigned, or change roles. Access must be constantly updated. Static:  Ron Popiel made the phrase, “Set it and forget it,” memorable. Unfortunately, this approach can lead to a permission structure that may limit access to key data. This may be considered under-provisioning, potentially leading to time delays in obtaining key information. Colson took the listeners through several iterations of access control, including Role-Based Access Control and Attribute-Based Access Control. On top of these old favorites, Colson discussed what may be called Context-Based Access Control, or what he calls Least Permissive Trust. Least permissive trust is a concept Colson outlined, which uses user behavior, device health, and contextual factors to grant permission dynamically. The conclusion is simple:  not all Zero Trust is created equal.

Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guests Mike Lockhart, CISO Eagleview, and Dustin Sachs, chief technologist at CyberRisk collaborative, and author of Behavioral Insights in Cybersecurity Thanks to our show sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker” All links and the video of this episode can be found on CISO Series.com      

In this episode, Mike Baker, Vice President and Global CISO at DXC Technology, says the cyber industry has been focusing on the wrong side of AI. He believes too many companies use it only to block threats instead of studying how criminals use it to scale phishing, bypass defenses, and deploy adaptive malware. Attackers are learning faster than ever, and security teams must catch up. Mike argues that defenders need to think differently and use AI as both protection and opportunity. He shares how DXC is already doing this. The company has brought autonomous AI agents into its security operations through a partnership with 7AI. These agents process alerts that used to require hours of human effort. The result is faster detection, less burnout, and more time for analysts to investigate real threats. By cutting manual work by more than eighty percent, DXC has shown how AI can make cybersecurity teams stronger, not smaller. Zero Trust remains a core part of DXC's strategy. Mike calls it a journey that never ends. It needs cultural change, constant learning, and leadership that keeps security invisible to end users. AI now plays a role here too, improving identity checks and spotting access issues in real time. Yet, he reminds us, AI still needs people in the loop for oversight and judgment. We also talk about supply chain risks. Too many companies still treat risk assessments as one-time tasks. Mike pushes for continuous monitoring and close collaboration with suppliers. He closes the conversation on a hopeful note. AI will not replace people in cybersecurity, he says. It will make their work more meaningful and more effective if used with care and common sense.

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.

professorjrod@gmail.comCloud perimeters are fading, identities are multiplying, and threats move faster than patches. We dive into the real mechanics of securing a hybrid world—mapping cloud deployment choices, clarifying shared responsibility across SaaS, PaaS, and IaaS, and showing how Zero Trust reshapes defenses around identity, posture, and context. It's a practical tour from first principles to field-tested patterns, grounded by case studies like Capital One and SolarWinds and anchored in frameworks such as NIST SP 800-207.We start by decoding public, private, hosted private, community, and hybrid models, then connect those choices to risk: multi-tenant isolation, data flows between zones, and the observability challenges of decentralization. From there, we move into reliability engineering—high availability, geo-redundancy, disaster recovery—and the role Kubernetes plays in scaling securely, with a frank look at container pitfalls and how least privilege and image scanning reduce blast radius. Automation takes center stage with infrastructure as code, autoscaling, and software-defined networking, plus how SASE brings secure access to a remote-first workforce without bolting on more complexity.Embedded systems and IoT get a hard look: scarce memory, weak encryption, default credentials, and unpatchable firmware that turns convenience into risk. We offer a simple playbook—segment aggressively, enforce egress controls, rotate credentials, and plan device lifecycles—to stop small sensors from causing big outages. Zero Trust ties it all together: never trust, always verify; microsegment to prevent lateral movement; and evaluate every access request through identity, device health, and real-time signals. Along the way, we weave in Security+ exam-style questions so you can test your knowledge and lock in the fundamentals.If this helped you see your cloud and Zero Trust roadmap more clearly, follow the show, share it with a teammate, and leave a quick review. Got certified recently or put these controls into practice? Email professorjrod@gmail.com—we'd love to shout you out on a future episode.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Google DeepMind's AI agent finds and fixes vulnerabilities  California law lets consumers universally opt out of data sharing China-Nexus actors weaponize 'Nezha' open source tool Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

Jeremy Maldonado breaks down cybersecurity fundamentals from a real-world IT operations perspective. From phishing and social engineering to patching best practices and zero trust, Jeremy shares practical insights to help you protect your organization — starting with your own behavior.He covers:Why the human factor is still your biggest vulnerabilityThe basics of zero trust in everyday communicationSocial engineering red flags to watch forHow to think strategically about patch prioritizationWhy most orgs still struggle with timely patchingTips for human-controlled automation using the Automox consoleWhether you're new to cybersecurity or want to tighten your patching strategy, this episode gives you a tactical refresh on where to focus your attention.

Application programing interfaces, more commonly known as APIs, are the engines behind the majority of internet traffic. The pervasive and public nature of APIs have increased the attack surface of the systems and applications they are used in. In this  podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI's CERT Division, sits down with Tim Morrow, Situational Awareness Technical Manager, also with the CERT Division, to discuss emerging API security issues and the application of zero-trust architecture in securing those systems and applications.   

He started small, swiping cards, buying gift cards, and cashing out. It spiraled into a full‑blown criminal enterprise. Dozens of co‑conspirators, stacks of stolen plastic, and a lifestyle built on chaos.Meet Nathan Michael, leader of Oak Cliff Swipers.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Pantheon. Pantheon keeps your site fast, secure, and always on. That means better SEO, more conversions, and no lost sales from downtime. But this isn't just a business win; it's a developer win too. Your team gets automated workflows, isolated test environments, and zero-downtime deployments. Visit Pantheon.io, and make your website your unfair advantage.Support for this show comes from Adaptive Security. Deepfake voices on a Zoom call. AI-written phishing emails that sound exactly like your CFO. Synthetic job applicants walking through the front door. Adaptive is built to stop these attacks. They run real-time simulations, exposing your teams to what these attacks look like to test and improve your defences. Learn more at adaptivesecurity.com.

Unity vulnerability puts popular games at risk Oracle zero-day exploit patched Third-party breach claims Discord user info Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

The biggest security threat isn't in the cloud, it's hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.   Impactful Moments: 00:00 - Introduction 02:00 - Varun's journey from RedLock to Endor Labs 04:00 - Why the software supply chain is broken 07:00 - AI coding assistants and insecure code risks 10:00 - The NPM self-replicating worm discovery 13:00 - Simple controls to enforce Zero Trust in code 16:00 - Pairing AI with security to prevent slop 19:00 - AI-powered security code reviews explained 22:00 - Why 88% of code goes unused 26:00 - Developer efficiency as the new security metric 29:00 - The next wave of AI-driven software threats   Links: Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Volker Wagner, Chief Information Security Officer at BASF, joins Ann on this week's episode of Afternoon Cyber Tea to  talk shop on what it really takes to defend one of the world's largest chemical companies. From his early days in auditing to leading global cyber for high-stakes industrial and research environments, Volker shares battle-tested insights on resilience, Zero Trust, and the fundamentals that never go out of style. He dives into the hard lessons learned from ransomware, the realities of third-party risk, and how AI is reshaping everything from incident response to supply chain security. Most importantly, he makes the case for why trust, communication, and culture aren't soft skills—they're survival skills for modern CISOs.  Resources:   View Volker Wagner on LinkedIn           View Ann Johnson on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/Timestamps:00:00 Introduction and Podcast Theme00:17 Defining Identity in Cybersecurity01:34 Debate: Can Non-Humans Have Identities?01:57 Guest Introduction: Shea McGrew04:15 Shea's Career Journey and Role as CTO09:28 Challenges and Rewards of Being a CTO11:41 Identity Strategy at Maricopa County14:48 Device Identity and Zero Trust Architecture29:56 Managed vs. Unmanaged Devices40:15 Understanding the NIST Framework42:52 Balancing Technology and People43:58 Training and Partner Collaboration48:03 Organizational Change Management50:40 Future of Device Identity54:40 Debating Machine Identity01:06:36 Curiosity as an Olympic Sport01:13:00 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape. 

Jeden neoverený e-mail, nepozornosť zamestnanca či zle nastavené cloudové služby môžu firmu stáť milióny. O tom, ako sa bezpečnostné riešenia prispôsobujú rôznym segmentom, akú úlohu v tom hrá distribútor a prečo je koncept „zero trust“ novým štandardom, hovorí Róbert Trunkvalter, generálny manažér spoločnosti Exclusive Networks Slovakia. „Dáta sú dnes to najcennejšie, čo firmy majú,“ hovorí R. Trunkvalter. Upozorňuje na to, že kybernetická bezpečnosť nie je univerzálnym riešením. Každé odvetvie, od výrobných podnikov cez štátne inštitúcie až po bankový sektor, má úplne iné nároky. Práve preto sa pri návrhu bezpečnostných riešení kladie dôraz na to, kde sú dáta uložené, kto k nim má prístup a či môžu opustiť územie Slovenska. Okrem samotnej technológie hrá kľúčovú úlohu aj edukácia. Exclusive Networks je zároveň certifikovaným školiacim centrom a ponúka školenia pre partnerov aj koncových zákazníkov – od predajcov až po IT technikov. „Umelá inteligencia je ako oheň – dobrý sluha, ale zlý pán,“ upozorňuje R. Trunkvalter. Vďaka AI je dnes možné v milisekundách vyhodnotiť, či napríklad IT administrátor, ktorý má nahlásenú dovolenku, sa podozrivo prihlásil do systému, alebo či e-mail prišiel účtovníčke skutočne od reálneho obchodného partnera. Viac si vypočujete v podcaste.

Zero Trust: The Future of Cybersecurity with John Kindervag In this episode, Jim Love brings in John Kindervag, a globally recognized cybersecurity expert and the 'Godfather of Zero Trust,' to discuss the fundamentals and evolution of the Zero Trust model. With over 25 years of experience, John shares his journey from installing firewalls to pioneering the Zero Trust model during his time at Forrester Research. He explains the Five-Step Methodology for implementing Zero Trust and touches on the pivotal role policies play in cybersecurity. The discussion also covers the cultural and strategic aspects of cybersecurity, offering insights for both beginners and seasoned professionals. Tune in for an engaging conversation that dives deep into protecting your organization's critical assets. 00:00 Introduction and Replay Announcement 00:43 Cybersecurity Today: Weekend Edition 01:44 Meet John Kindervag: The Godfather of Zero Trust 02:08 The Birth of Zero Trust 04:31 Forrester Research and Zero Trust Development 08:30 Implementing Zero Trust: Challenges and Successes 17:50 Risk vs. Danger in Cybersecurity 26:05 Cultural Issues in Cybersecurity 31:01 Farmers and Technology 32:06 The Importance of IT in Business 32:44 Introduction to Zero Trust Methodology 32:59 Five Steps to Implement Zero Trust 33:32 Mapping Transaction Flows 34:43 Custom Architecture for Zero Trust 35:13 Defining Policies with the Kipling Method 36:22 Monitoring and Maintaining Zero Trust 39:05 Challenges and Success Stories in Zero Trust 42:20 Microsegmentation and Protect Surfaces 45:57 AI and Zero Trust 49:40 Advice for Implementing Zero Trust 53:48 Decision-Making and Leadership in Cybersecurity 57:37 The Future of Zero Trust 59:25 Conclusion and Final Thoughts

CyberTelco 2025 será el evento clave del año para repensar la ciberseguridad en las telecomunicaciones, reuniendo a asociaciones globales, reguladores y ejecutivos de alto nivel de los principales operadores de América Latina. En este nuevo episodio del podcast te contamos por qué este encuentro importa, qué temas se discutirán —desde Zero Trust hasta seguridad post-cuántica— y por qué la ciberseguridad ya no puede ser un apéndice técnico, sino una prioridad estratégica.

What does cyberwarfare really look like behind the headlines? This week, Roo sits down with Hayley Benedict, a cyber intelligence analyst at RANE, to explore the evolving world of digital conflict. From hacktivists to disinformation specialists, Hayley shares how nation states, criminals, and ideologically driven groups are blurring lines — and why data theft, disruption, and doubt remain the weapons of choice.

In this episode of The Segment, host Raghu Nandakumara sits down with Greg Mitchell, Application Administration Manager at Spokane Teachers Credit Union (STCU), for a candid, insightful look at what it really takes to drive security and innovation inside a modern, mission-driven financial institution.Greg shares how his team is building resilience from the inside out—applying zero trust principles not as a buzzword, but as a practical, culture-driven framework for protecting core systems. From his roots in school district IT to leading major modernization efforts at STCU, Greg walks us through what it means to lead with intention, assume breach, and drive results with lean teams and strong partnerships.You'll learn:Why disaster recovery isn't a one-time exercise, but a team muscle worth training How segmentation led to better cross-team relationships—not just better security The power of small wins (and small apps) to kickstart transformation Why enforcement beats perfection when it comes to securing infrastructure What zero trust really looks like in day-to-day operations—and how to start using tools you already have How STCU is approaching cloud expansion with Illumio 

“Segmentation is powerful, but complexity is the enemy of reliability. That's why resilience has to be part of the zero-trust conversation.” — Mitch Densley, Principal Solutions Architect, Opengear Mitch Densley, Principal Solutions Architect at Opengear, joined Doug Green, Publisher of Technology Reseller News, to explore why Zero Trust cannot stand alone—and how organizations can achieve true resilience with Smart Out-of-Band™ management. With deep expertise in cybersecurity and network architecture, Densley is known for turning complex security concepts into practical strategies. He frequently speaks on securing AI and GenAI environments, highlighting the unique demands of today's computing landscape. Defining Zero Trust Densley framed Zero Trust as the “evolution of defense in depth”—breaking flat networks into smaller, segmented zones to limit the blast radius of breaches or misconfigurations. “It's like shrinking a room full of tinder into smaller compartments with fireproof doors,” he explained. But he emphasized that segmentation alone increases complexity, which can compromise reliability and availability. Why Zero Trust is Only Half the Solution “When critical segments fail, access to shared services like authentication may be lost, effectively bringing everything down,” Densley said. Zero Trust reduces exposure, but without resilience, organizations remain vulnerable to outages caused by malware, insider threats, or human error. Opengear's Smart Out-of-Band Approach Opengear closes this gap with Smart Out-of-Band™ (Smart OOB), a secure management plane independent of the production network. Combined with cellular failover, Smart OOB ensures: Continuous access during outages or breaches Remote investigation, forensics, and remediation without waiting for on-site staff Logging and visibility even when the production network is unavailable “Instead of putting people in cars or planes, you remote in through Opengear and put hands on the keyboard instantly,” Densley said. Real-World Impact Densley recounted a global cybersecurity incident where Opengear customers were able to isolate compromised systems, collect forensic data, and redeploy devices remotely. For those without out-of-band access, outages stretched into days or weeks. “Getting breached happens. Rarely will you be blamed for that alone,” he noted. “It's how quickly and effectively you respond that separates the prepared from the unprepared.” Enabling SD-WAN Rollouts Opengear also simplifies SD-WAN deployments. Without out-of-band visibility, teams are left “crossing their fingers” during cutovers. With Smart OOB, engineers can make small configuration changes remotely, turning multi-day rollout challenges into minutes-long adjustments. The Bottom Line Zero Trust remains a vital pillar of security, but on its own it does not guarantee resilience. By pairing segmentation with Smart Out-of-Band management, organizations can contain threats while ensuring they can respond quickly and effectively to any outage or breach. Learn more about Opengear's approach at opengear.com.

Inside Zero Trust: John Kindervag and the Evolution of Cybersecurity In this episode of Cybersecurity Today: Weekend Edition, host Jim Love speaks with John Kindervag, the pioneer behind the Zero Trust model of cybersecurity. With over 25 years of industry experience, John delves into how the concept originated from his early work with firewalls, advocating for a system where no packet is trusted by default. He discusses the fundamental principles of Zero Trust, including defining protect surfaces, mapping transaction flows, and implementing microsegmentation. The conversation also touches on overcoming cultural and organizational challenges in cybersecurity, the inadequacies of traditional risk models, and adapting Zero Trust methodologies in the evolving landscape, including AI. Through thoughtful discourse and practical insights, John underscores the importance of strategic and tactical implementations in building resilient and secure systems. 00:00 Introduction to Cybersecurity Today 00:25 Meet John Kindervag: The Godfather of Zero Trust 01:50 The Birth of Zero Trust 04:08 Challenges and Evolution of Zero Trust 06:03 From Forrester to Practical Implementations 11:40 The Concept of Protect Surfaces 17:30 Risk vs. Danger in Cybersecurity 30:54 Farmers and Technology 31:48 The Importance of IT in Business 32:26 Introduction to Zero Trust 32:41 Five Steps to Zero Trust 33:14 Mapping Transaction Flows 34:25 Custom Architecture for Zero Trust 34:55 Defining Policies with the Kipling Method 36:04 Monitoring and Maintaining Zero Trust 36:28 The Concept of Anti-Fragile Systems 38:47 Challenges and Success Stories in Zero Trust 42:02 Microsegmentation and Protect Surfaces 45:39 AI and Zero Trust 49:22 Advice for Implementing Zero Trust 50:37 Military Insights and Decision Making 57:19 The Future of Zero Trust 59:07 Conclusion and Final Thoughts

“We eliminate CapEx, embed Zero Trust by default, and lower TCO by 30–40%.” — Niraj Singh, Chief Business Development Officer, Nile Niraj Singh, Chief Business Development Officer at Nile, joined Doug Green, Publisher of Technology Reseller News, to discuss how Nile is redefining enterprise networking with a consumption-based, AI-driven model built for telcos and MSPs. Unlike legacy vendors that sell hardware, licenses, and bolt-on security, Nile delivers Networking-as-a-Service (NaaS) with: 100% OpEx, no CapEx — fully consumption-based pricing Campus Zero Trust built in — isolating every user, device, and app to stop malware propagation AI-native automation — real-time telemetry, anomaly detection, and self-healing networks Lifecycle management included — upgrades, patches, and RMAs fully covered Nile backs its model with a four-nines SLA and money-back guarantee, a rare commitment in enterprise networking. For telcos and MSPs, the impact is significant: Reduced churn by embedding in-building networks alongside connectivity Higher margins thanks to lower TCO (30–40% savings over five years) New revenue streams through bundled, end-to-end secure services Improved NPS with guaranteed reliability and simplified operations “Telcos often compete on commodity connectivity. By partnering with Nile, they can deliver end-to-end SLAs, differentiate services, and retain customers,” Singh explained. Learn more at nilesecure.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is CISO Series reporter and CISO herself, Hadas Cassorla. In this episode: Security poverty line excludes SMBs  Skills gap and channel dynamics slow SMB security adoption The startup disadvantage cycle Technology adoption flows from enterprise complexity to market simplification Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

In this episode of Security Matters, host David Puner speaks with Andy Parsons, CyberArk's Director of EMEA Financial Services and Insurance, whose career spans from the British Army to CISO and CTO roles in global financial institutions. Andy shares hard-earned lessons on leadership, risk management, and the evolving cybersecurity landscape in banking—from insider threats to machine identity governance and the rise of agentic AI.Discover why “you can't secure what you can't see,” how manual processes fail at scale, and why treating machine identities as “first-class citizens” is no longer optional. Andy also explores the privileged access paradox, dynamic access management, and how AI is reshaping compliance, trading, and operational resilience.Whether you're a security leader, technologist, or financial executive, this episode offers strategic insights and practical steps to future-proof your organization in an era of accelerating digital risk.

Hosts: Mark Smith, Meg Smith

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

France fines Google and Shein over cookie misconduct CISA adds more TP-Link routers flaws to its KEV catalog World's largest sports piracy site shut down Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ray Espinoza, vp of information security, Elite Technology Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com    

Fintech foils bank heist NotDoor backdoor Salesloft-Drift impact continues drifting Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

'2.5 billion Gmail users at risk'? Entirely false, says Google Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Jaguar Land Rover says cyberattack ‘severely disrupted' production Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, a company becomes so large that it is difficult to be specific about how it can help any organization, especially one as vast as the federal government. Today, we sit down with Ron Bushar, Chief Information Security Officer & Managing Director – Google Public Sector. We address many of the significant concerns federal technology leaders have regarding topics such as cloud-native, edge computing, and Zero Trust. This is a rudimentary overview of working with Google Public Sector. If you would like to connect in more detail, you can attend the free Google Public Sector event in late October. The focus will be on the investments Google Public Sector has made in AI and security. Ron Bushar begins the discussion by highlighting the benefits of transitioning to cloud-native applications. Modern applications demand availability anytime and anywhere. Emphasizing applications that can leverage the cloud provides scalability and security that are often lacking in older systems. Furthermore, when one combines cloud-native with AI, the result is a lighter-weight platform that can be used worldwide to support missions. This “anywhere” concept encompasses areas of the world that require remote access, which is increasingly referred to as edge computing. Google has provided international access since its early years, and it has the capability that can allow federal technology to be connected at the edge. Most federal security conversations today involve the concept of Zero Trust. Ron Bushar makes the point that Google was a pioneer in Zero Trust. Listen to the interview to hear about ·      70% discount ·      Agentic AI ·      Hardening of Google   ·      Gemini and federal applications Even better, attend the Google Public Sector event on October 29, 2025. 

In 2019, Ola Bini, a Swedish programmer and privacy advocate, was arrested in Ecuador for being a Russian hacker.Find Ola on X: https://x.com/olabini. Or visit his website https://olabini.se/blog/. Or check out his non-profit https://autonomia.digital/.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Miro. AI doesn't have to be intimidating—in fact, it can help your team thrive. Miro's Innovation Workspace changes that by bringing people and AI together to turn ideas into impact, fast. Whether you're launching a new podcast, streamlining a process, or building the next big thing, Miro helps your team move quicker, collaborate better, and actually enjoy the work. Learn more at https://miro.com/.This show is sponsored by Thales. With their industry-leading platforms, you can protect critical applications, data and identities – anywhere and at scale with the highest ROI. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most – applications, data and identities. Learn more at http://thalesgroup.com/cyber.View all active sponsors.Sources https://www.eff.org/deeplinks/2019/08/ecuador-political-actors-must-step-away-ola-binis-case https://www.eff.org/deeplinks/2025/04/six-years-dangerous-misconceptions-targeting-ola-bini-and-digital-rights-ecuador https://peoplesdispatch.org/2019/04/12/ola-bini-detained-in-ecuador-for-90-days/ https://globalvoices.org/2022/10/21/ola-bini-the-cyberactivist-who-causes-panic-in-ecuador/ https://www.amnesty.org/en/latest/news/2019/09/ecuador-allanamiento-violento-pone-en-riesgo-juicio-justo-ola-bini-2/https://en.wikipedia.org/wiki/Ola_Bini

LegalPwn technique hides LLMs prompts inside contract legalese Maryland Transit investigating cyberattack Hacker attempts to forge his way into Spanish university Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Velociraptor forensic tool used for C2 tunneling City of Baltimore gets socially engineered to the tune of $1.5 million Ransomware gang takedowns create more smaller groups Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Welcome to Episode 409 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott explore the configuration decisions tenant administrators face when preparing their Microsoft 365 environment for Copilot deployment. They dive into the key questions every IT professional should be asking: How do you identify and remediate oversharing in SharePoint sites before Copilot can access that content? What governance controls should be in place to prevent sensitive data from being discoverable through organization-wide search? The hosts examine practical tools for identifying high-risk sites and content, how to control which sites appear in Copilot results, and other configuration options that allow you to optimize how Copilot processes organizational content. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Data, Privacy, and Security for Microsoft 365 Copilot Apply principles of Zero Trust to Microsoft 365 Copilot Get started with data explorer Data access governance reports for SharePoint sites Semantic indexing for Microsoft 365 Copilot Restrict discovery of SharePoint sites and content A glimpse into the future of file sharing in Microsoft 365 About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

Send us a textWhat do street food in Vietnam, varsity football, and DMARC email authentication have in common? In this immersive episode, Joey Pinz sits down with Michael Chester for a lively conversation that connects personal transformation with global impact.

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk's VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk's efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.Discover how machine identities now outnumber humans 80 to 1, why leaked secrets are a "hacker's buffet," and how workload identity is becoming a cornerstone of Zero Trust architecture. Whether you're a CISO, platform engineer, or just curious about the next frontier in cybersecurity, this episode offers actionable advice and a compelling vision for securing the age of AI agents.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

In this episode of Inside the Network, we sit down with Jay Chaudhry, founder and CEO of Zscaler, one of the most valuable cybersecurity companies in the world with a market cap of over $40 billion and $3 billion in ARR.Jay's journey is unlike any other. Raised in a remote Indian village with no electricity, no running water, and a two-and-a-half-mile walk to school, he went on to build five companies and pioneer the modern Zero Trust cloud security model. Zscaler, his most iconic company, was launched in 2007 with $50 million of his own capital and no VC investment - a bold bet in the middle of a market downturn, at a time when few believed enterprise security could move to the cloud.This episode is packed with powerful lessons from a founder who's played the long game. Jay talks about the mindset he carried from his early years farming with oxen, how working alongside his wife Jyoti gave him unmatched focus and alignment, and why startups should be “a foot wide and 20 feet deep.” He explains how Zscaler rewrote not just the playbook for go-to-market in security, but also the TCP/IP stack, and the early challenges of selling Zero Trust well before the term even existed. He also shares his wisdom on why most founders pivot too late when their sales motion fails. Jay provides his view of the future of cybersecurity and the Internet itself, from why the private corporate network is dying to why firewalls will eventually go the way of mainframes.Throughout it all, Jay shares a rare combination of conviction, humility, and self-discipline. Whether you're a first-time founder or running a $10 billion company, this is an absolute masterclass in how to build enduring companies and stay grounded in the process.

In this episode, Joe Gellatly and Daniel Schwartz discuss today's most pressing security challenges—including zero trust, ransomware evolution, data loss prevention, and the risks tied to AI-powered “fast fashion” software.They share what teams can do now to stay secure without waiting for regulations to catch up.Connect with Daniel Schwartz on LinkedIn: https://www.linkedin.com/in/daniel-schwartz-cybersecurity/ Learn more about Medcurity: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #ZeroTrust #Ransomware #DataLossPrevention #AIinHealthcare #MFA #PHISecurity

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xerox Freeflow Core Vulnerability Horizon3.ai discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances. https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ SANS.edu Research: Darren Carstensen Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing Not all Zero Trust Network Access (ZTNA) solutions are created equal, and despite bold marketing claims, many fall short of delivering proper Zero Trust security. https://www.sans.edu/cyber-research/evaluating-zero-trust-network-access-framework-comparative-security-testing/

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode:  Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO  

Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

All Hieu Minh Ngo wanted was to make money online. But when he stumbled into the dark web, he found more than just opportunity, he found a global dark market. What started as a side hustle turned into an international crime spree.Find Hieu on X: https://x.com/HHieupc.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.

In this episode we talk with mg (https://x.com/MG), the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.Learn more about mg at: o.mg.lolSponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.