POPULARITY
Categories
Send us a textWhat do street food in Vietnam, varsity football, and DMARC email authentication have in common? In this immersive episode, Joey Pinz sits down with Michael Chester for a lively conversation that connects personal transformation with global impact.
In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk's VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk's efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.Discover how machine identities now outnumber humans 80 to 1, why leaked secrets are a "hacker's buffet," and how workload identity is becoming a cornerstone of Zero Trust architecture. Whether you're a CISO, platform engineer, or just curious about the next frontier in cybersecurity, this episode offers actionable advice and a compelling vision for securing the age of AI agents.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
In this episode of Inside the Network, we sit down with Jay Chaudhry, founder and CEO of Zscaler, one of the most valuable cybersecurity companies in the world with a market cap of over $40 billion and $3 billion in ARR.Jay's journey is unlike any other. Raised in a remote Indian village with no electricity, no running water, and a two-and-a-half-mile walk to school, he went on to build five companies and pioneer the modern Zero Trust cloud security model. Zscaler, his most iconic company, was launched in 2007 with $50 million of his own capital and no VC investment - a bold bet in the middle of a market downturn, at a time when few believed enterprise security could move to the cloud.This episode is packed with powerful lessons from a founder who's played the long game. Jay talks about the mindset he carried from his early years farming with oxen, how working alongside his wife Jyoti gave him unmatched focus and alignment, and why startups should be “a foot wide and 20 feet deep.” He explains how Zscaler rewrote not just the playbook for go-to-market in security, but also the TCP/IP stack, and the early challenges of selling Zero Trust well before the term even existed. He also shares his wisdom on why most founders pivot too late when their sales motion fails. Jay provides his view of the future of cybersecurity and the Internet itself, from why the private corporate network is dying to why firewalls will eventually go the way of mainframes.Throughout it all, Jay shares a rare combination of conviction, humility, and self-discipline. Whether you're a first-time founder or running a $10 billion company, this is an absolute masterclass in how to build enduring companies and stay grounded in the process.
The Medcurity Podcast: Security | Compliance | Technology | Healthcare
In this episode, Joe Gellatly and Daniel Schwartz discuss today's most pressing security challenges—including zero trust, ransomware evolution, data loss prevention, and the risks tied to AI-powered “fast fashion” software.They share what teams can do now to stay secure without waiting for regulations to catch up.Connect with Daniel Schwartz on LinkedIn: https://www.linkedin.com/in/daniel-schwartz-cybersecurity/ Learn more about Medcurity: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA #ZeroTrust #Ransomware #DataLossPrevention #AIinHealthcare #MFA #PHISecurity
This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xerox Freeflow Core Vulnerability Horizon3.ai discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances. https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ SANS.edu Research: Darren Carstensen Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing Not all Zero Trust Network Access (ZTNA) solutions are created equal, and despite bold marketing claims, many fall short of delivering proper Zero Trust security. https://www.sans.edu/cyber-research/evaluating-zero-trust-network-access-framework-comparative-security-testing/
Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO
Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.From zero-day vulnerabilities and machine identity risks to AI-powered attacks and insider threats, Ian shares practical strategies drawn from his experience in military intelligence, offensive cyber operations, and corporate security leadership. Learn how to build resilience, translate cyber risk into business outcomes, and lead with mission-driven clarity in a threat landscape that never slows down.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, Avery Pennarun, CEO of Tailscale, joins the show to talk about the challenges of Zero Trust in the enterprise today. Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes
At Black Hat USA 2025, Danny Jenkins, CEO of ThreatLocker, shares how his team is proving that effective cybersecurity doesn't have to be overly complex. The conversation centers on a straightforward yet powerful principle: security should be simple enough to implement quickly and consistently, while still addressing the evolving needs of diverse organizations.Jenkins emphasizes that the industry has moved beyond selling “magic” solutions that promise to find every threat. Instead, customers are demanding tangible results—tools that block threats by default, simplify approvals, and make exceptions easy to manage. ThreatLocker's platform is built on this premise, enabling over 54,000 organizations worldwide to maintain a secure environment without slowing business operations.A highlight from the event is ThreatLocker's Defense Against Configurations (DAC) module. This feature performs 170 daily checks on every endpoint, aligning them with compliance frameworks like NIST and FedRAMP. It not only detects misconfigurations but also explains why they matter and how to fix them. Jenkins admits the tool even revealed gaps in ThreatLocker's own environment—issues that were resolved in minutes—proving its practical value.The discussion also touches on the company's recent FedRAMP authorization process, a rigorous journey that validates both the product's and the company's security maturity. For federal agencies and contractors, this means faster compliance with CMMC and NIST requirements. For commercial clients, it's an assurance that they're working with a partner whose internal security practices meet some of the highest standards in the industry.As ThreatLocker expands its integrations and modules, Jenkins stresses that simplicity remains the guiding principle. This is achieved through constant engagement with customers—at trade shows, in the field, and within the company's own managed services operations. By actively using their own products at scale, the team identifies friction points and smooths them out before customers encounter them.In short, the message from the booth at Black Hat is clear: effective security comes from strong fundamentals, simplified management, and a relentless focus on the user experience.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Danny Jenkins, CEO of ThreatLocker | On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Microsoft warns of high-severity flaw in hybrid Exchange deployments France's third-largest mobile operator suffers breach Dialysis company's April attack affects 900,000 people Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Montez Fitzpatrick, CISO, Navvis Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO All links and the video of this episode can be found on CISO Series.com
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Ep. 264 How Automation Is Accelerating Digital Transformation Across Federal Agencies Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In this episode of the Federal Tech Podcast, host John Gilroy interviews Nabil Amiri, Vice President of Business Development for the federal practice at NWN. The discussion introduces NWN's expanding role in helping federal agencies adopt advanced technologies, particularly artificial intelligence (AI), as part of broader digital transformation efforts. Amiri explains NWN's recent acquisition of Leverage Information, a move that brought deep federal experience—especially with defense, intelligence, and civilian agencies—into NWN's already strong commercial portfolio. This merger allows NWN to deliver robust, secure IT solutions tailored to the complexities of federal requirements such as FedRAMP, STIGs, and Zero Trust. He emphasizes that innovation and compliance can—and must—coexist in the federal space. The conversation touches on the real-world challenges federal agencies face, like outdated systems, budget cuts, workforce reductions, and tool sprawl. Amiri critiques the proliferation of “single panes of glass” in IT environments, which often complicate rather than simplify operations. NWN's strength lies in delivering visibility across systems, reducing complexity, and enabling security and automation through integrated, scalable platforms. Key themes include Zero Trust architecture, infrastructure modernization, automation, and streamlining tech procurement. NWN's flexible acquisition pathways (e.g., via GSA and SEWP contracts) make it easier for agencies to respond quickly to crises like COVID or cyberattacks. On AI, Amiri emphasizes its role in real-time data analysis to improve visibility and prevent outages, critical for mission continuity. NWN remains vendor-neutral, working with a broad ecosystem of partners to deliver best-in-class, mission-focused outcomes. Looking ahead, Amiri confidently predicts that AI will become foundational to all federal IT strategies, driving operational resilience and transformation in the next five years. The interview sets the stage for deeper dives into emerging topics like agentic AI and cloud-native strategies in future discussions.
Hackers hijacked Google's Gemini AI with a poisoned calendar invite to take over a smart home Nvidia rejects US demand for backdoors in AI chips Google says hackers stole its customers' data by breaching its Salesforce database Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
PBS confirms data breach after employee info leaked on Discord servers TSMC fires engineers over suspected semiconductor secrets theft Cloudflare on Perplexity web scraping techniques to avoid robot.txt and network blocks Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
All Hieu Minh Ngo wanted was to make money online. But when he stumbled into the dark web, he found more than just opportunity, he found a global dark market. What started as a side hustle turned into an international crime spree.Find Hieu on X: https://x.com/HHieupc.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.
Microsoft and Google among most affected as zero day exploits jump 46% Vietnamese hackers use PXA Stealer, hit 4,000 IPs and steal 200,000 passwords globally New Plague Linux malware stealthily maintains SSH access Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Join co-hosts Kat Garbis & Josh Thornton with Jamf guests, Iulia Arghir (Senior Product Manager) and Alexander Dove (Senior Sales Engineer) as they introduce and unpack the exciting details of a new feature, Network Relay. Network Relay provides a modern VPN framework, built into the OS and deployable via MDM. Rather than replacing an existing VPN all together, Network Relay can work alongside it, securing admin specified destinations, helping modernize and better secure an existing infrastructure. Network Relay preserves the native Apple device experience that users expect. Some benefits are the support for app-specific, policy-driven tunneling, authenticated based on the hardware-attested device identity, ideal for Zero Trust as well as secure remote connectivity available out of the box. Listen to the full episode to learn more! Looking to sign up and be an early Network Relay adopter? Sign up here: https://forms.office.com/r/wfWk5RmMGc Network Relay blog: https://www.jamf.com/blog/jamf-network-relay-service-mobile-secure-connectivity/
Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses significant developments in cybersecurity, including Palo Alto's $25 billion acquisition of CyberArk, the implications of rising AI threats, and the ongoing challenges posed by data breaches and ransomware. He emphasizes the need for a more robust cybersecurity framework, particularly in light of recent trends in fraud and the consolidation of the cybersecurity industry. The discussion also touches on the political influences affecting cybersecurity education and the importance of adopting Zero Trust principles.TakeawaysPalo Alto's acquisition of CyberArk is a significant move in the cybersecurity landscape.The consolidation of cybersecurity firms raises concerns about market competition.Data breaches linked to Shiny Hunters highlight vulnerabilities in CRM systems.AI is increasingly being used in sophisticated cyberattacks.The AI fraud crisis is already impacting various sectors, including government programs.Political influences are affecting hiring practices in cybersecurity education.CISA's new guidance on Zero Trust emphasizes the importance of microsegmentation.Ransomware attacks are evolving, with a notable increase in targeting the oil and gas sector.The volume of data stolen in ransomware attacks is on the rise.Cybersecurity requires continuous adaptation to emerging threats and technologies.
Today's digital entertainment ecosystem spans streaming platforms, mobile applications, gaming networks and content delivery systems—creating unprecedented opportunities and security challenges. Forward-thinking leaders are working to balance seamless user experiences with robust security frameworks in an era where digital content is ubiquitous and consumers demand instant, secure access across every device. Tune in as experts discuss how the evolution of digital entertainment platforms is transforming security paradigms, creating new business models and why protecting the modern media value chain has become a C-suite priority that extends far beyond technical considerations. Featured experts Tony Lauro, Senior Director of Security Strategy, Akamai Technologies Tina Slivka, Vice President, Consult Lead for US Telecom, Media and Technology, Kyndryl
The Cybersecurity and Infrastructure Security Agency is out with some new guidance on how agencies can adopt zero trust security architectures. CISA's latest guide focuses on a security concept called micro segmentation. It's considered critical to containing hackers and malware before they wreak havoc across networks and steal sensitive data. For more, Federal News Network's Justin Doubleday spoke with Shelley Hartsook, an Acting Associate Director in CISA cybersecurity division.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Send us a textCybersecurity expert Bob Kochan from Beyond Identity discusses the evolution of security from network defense to identity-first approaches. He shares insights on how AI is transforming security operations while creating new threat vectors, emphasizing the need for phishing-resistant authentication solutions in today's threat landscape.• Traditional security focused on network layers, but SaaS adoption exposed vulnerable identity systems• Zero Trust architecture must start with device-level security and extend through the entire authentication chain• AI will augment rather than replace security professionals, making systems-thinkers 10x more effective• Government agencies are often driving cybersecurity innovation faster than private industry• Security solutions must prioritize usability or users will inevitably find workarounds• Legacy MFA solutions are insufficient against modern attack methods like phishing and deepfakes• Security should be designed into systems from the start rather than bolted on as "security through configuration"• Nation-state funded threat actors have created their own innovation ecosystem rivaling private sector development• Beyond Identity offers phishing-resistant authentication that eliminates password vulnerabilitiesCheck us out at beyondidentity.com or visit us at our booth at Black Hat this year.00:00 The Entrepreneurial Spirit02:35 Passion and Problem-Solving in Startups05:12 The Evolution of Cybersecurity07:49 AI's Impact on Security10:19 The Role of Engineers in Cybersecurity12:51 AI and the Future of Cybersecurity15:16 Research and AI Tools in Cybersecurity22:05 The Impact of AI on EmploymentDigital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
Danny Jenkins is at the forefront of preventing cyberattacks, and his company Threatlocker secures millions of endpoints with 99% protection from breaches. His visionary approach to cybersecurity provides invaluable insights on emerging cyber threats, from cybergangs and phishing/deepfakes to vulnerabilities in supply chains and IoT, revolutionising cybersecurity as we know it. Danny was recently in Dublin speaking at Kaseya DattoCon and I caught up with him.Danny talks about his background, Zero Trust, legacy software and more.More about Danny Jenkins:Danny Jenkins is the CEO & Co-Founder of ThreatLocker, an Orlando-based cybersecurity firm providing zero-trust endpoint security. Danny is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on red teams and blue teams. He is dedicated to educating industry professionals about the latest cyber threats and frequently speaks on the topics of ransomware, zero trust, and zero-day vulnerabilities.Before taking the reins at ThreatLocker, Danny co-founded MXSweep, a global provider of email and internet security SaaS applications based in Dublin, Ireland, that sold exclusively through the channel. MXSweep later went on to be sold to J2.. Danny was also the CEO at Sirrustec, specialising in white labeled channel delivered email security. Sirrustec Sold to Censornet in 2014
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Scott Alldridge, a nationally recognized cybersecurity leader with over 30 years of experience transforming how organizations approach digital risk and operational excellence. As CEO of IP Services, one of the industry's most trusted cybersecurity firms, Scott has guided 150+ clients across healthcare, finance, and manufacturing toward regulatory compliance and cyber resilience.Scott is the co-founder of the IT Process Institute and visionary behind the VisibleOps methodology – a revolutionary framework that has shaped global IT standards and sold over 400,000 copies worldwide. His latest work, "VisibleOps Cybersecurity," reached Amazon bestseller status and provides the definitive roadmap for integrating Zero Trust principles with business operations.Certified as Chief Information Security Officer with an MBA in Cybersecurity and Harvard certification in Technology and Privacy, Scott bridges the gap between technical complexity and executive decision-making. His proprietary Total Control System delivers measurable business outcomes for organizations seeking operational excellence.Support the show
Chris and Hector dive into alarming cyber incidents shaking the U.S. government and military. They break down the massive National Guard network compromise by Chinese-linked group Salt Typhoon and the shocking revelation that Microsoft allowed Chinese engineers indirect access to Defense Department systems. Plus, they preview their upcoming Patreon series on the top 10 hacks of all time. Join our new Patreon! https://www.patreon.com/c/hackerandthefed Send HATF your questions at questions@hackerandthefed.com
When new technology is introduced, people may not take advantage of the advanced capabilities. The transition to a Zero Trust methodology is causing federal leaders to abandon traditional methods of compliance. Keith Busby from CMS sums up the problem nicely. Some of the systems he supports serves the needs of 150 million Americans. If they don't leverage the capabilities of the cloud, then they will never be able to move to a much more secure Zero Trust Architecture. Shane Barney from USCIS provides even more shocking numbers. He casually mentions on his log information today is as high as 20TB! In order to finance this transformation, Sanjay Koyani from the Department of Labor suggests that agencies take advantage of the Technology Modernization Fund. In fact, they got 15 million from the TMF to enable their digital transformation. Today's discussion provides ways to overcome the challenges of massive data sets by leveraging innovation in cloud management tools.
1399 He's a cybersecurity powerhouse with 30+ years of leadership, a best-selling author, and the mind behind the global IT revolution that is VisibleOps. If your business values digital trust, compliance, and operational excellence… get ready to level up. Please welcome… Scott Alldridge!Website: http://www.scottalldridge.com/Social Media: https://www.instagram.com/scottalldridge1/________ Go to www.BusinessBros.biz to be a guest on the show or to find out more on how we can help you get more customers! #Businesspodcasts #smallbusinesspodcast #businessmarketingtips #businessgrowthtips #strategicthinking #businessmastery #successinbusiness #businesshacks #marketingstrategist #wealthcreators #businessstrategies #businesseducation #businesstools #businesspodcast #businessmodel #growthmarketing #businesshelp #businesssupport #salesfunnel #buildyourbusiness #podcastinglife #successgoals #wealthcreation #marketingcoach #smallbusinesstips #businessmarketing #marketingconsultant #entrepreneurtips #businessstrategy #growyourbusinessWant to create live streams like this? Check out StreamYard: https://streamyard.com/pal/d/6164371927990272
In this dynamic episode of The Segment, two of cybersecurity's biggest names reunite with host, Raghu Nandakumara, for a no-holds-barred conversation: John Kindervag, the godfather of Zero Trust, and Dr. Chase Cunningham, aka Dr. Zero Trust. What unfolds is a fast-paced, insight-packed dialogue that spans decades of hard-earned wisdom, unexpected humor, and a shared mission to demystify modern cyber defense.John and Chase reflect on the global evolution of Zero Trust—from its scrappy beginnings to its widespread adoption by Fortune 500s, military leaders, and even elder care facilities. They dive into why context-driven maps are now indispensable, how graph-based security is reshaping the cyber terrain, and where AI and automation can give defenders a real edge. Expect candid takes on the limits of SIEMs, the failure of red teaming without strategy, and why defenders need to start thinking like attackers if they want to win.There's personal reflection too—Chase shares why he was reluctant to pick up the Zero Trust torch, and John opens up about the real heart behind the strategy. With wit, war stories, and straight talk, they make a clear case: cybersecurity isn't about perfection—it's about deterrence, resilience, and knowing what truly matters. Topics Covered:The origin and global adoption of Zero Trust Why “good maps” are critical for cyber resilience Real-world applications of AI in cyber defense Why attackers often outmaneuver defenders—and how to change that The psychology of leadership in cybersecurity strategy From Chick-fil-A to Bletchley Park: the unexpected places Zero Trust shows up Chase's take on stock-picking based on breach trends (yes, really) Resources Mentioned:Think Like an Attacker by Dr. Chase Cunningham John Kindervag's Zero Trust 5-Step Model “Zero Trust Terrain & Holding the High Ground” LinkedIn Live Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com
Send us a textThe US military has issued a stark warning to all forces to operate under the assumption that their networks have been compromised by Salt Typhoon, a sophisticated threat actor with ties to the Chinese government. This breach highlights the urgency for organizations to adopt Zero Trust principles as cyber warfare becomes the new battlefield.• Zero Trust is a framework, not a single product or technology• The first tenant of Zero Trust is treating networks as already compromised• Salt Typhoon remained undetected in networks for almost a year• The threat actor targeted telecommunications, energy, and transportation infrastructure• Critical national infrastructure remains at high risk from similar focused attacks• Traditional security approaches focusing solely on perimeter defense are inadequate• Once compromised, networks may never be fully trusted again• Verification must occur upon every access request, not just initially Support the show
RKON Chief Revenue Officer, Brian Jeffords, sits down with Chief Information Security Officer, Gerard Onorato, and Director of IAM & Zero Trust, Duane Clouse, to unpack how organizations are navigating the growing complexity of Identity and Access Management. Together, they explore the challenges of managing identities across hybrid environments, diverse tools, and expanding user types—while addressing mounting regulatory pressure, evolving cyber threats, and the accelerating pace of technology.
Aviatrix survey reveals only 8% of enterprises have effective Zero Trust — and why network security needs to catch up “Without all three legs, you don't have a stool — therefore, you don't really have Zero Trust.” — Doug Merritt, CEO, Aviatrix In a revealing interview with Technology Reseller News, Aviatrix CEO Doug Merritt joins publisher Doug Green to spotlight the cloud security gap most enterprises don't yet realize they have — and what Aviatrix is doing to solve it. Drawing on a just-released survey of 403 U.S. IT professionals, Merritt paints a sobering picture: only 8% of respondents believe they have an effective Zero Trust security stance in the cloud. While identity and endpoint protections have advanced, the third critical leg — network security — is largely missing. That gap, says Merritt, is what Aviatrix is closing with its Cloud Native Security Fabric (CNSF). Founded by a pioneering female Cisco engineer, Aviatrix brings deep roots in software-defined networking and cloud infrastructure. Today, the company is evolving into a cloud security leader by embedding inline network protection that adapts to cloud-native realities: atomized perimeters, ephemeral workloads, and increasingly complex DevOps pipelines. “The internet is now the enterprise network,” Merritt explains. “Your perimeter isn't five data centers — it's tens of thousands of ephemeral endpoints, APIs, and SaaS services.” Key insights from the podcast include: Why CNSF matters: CNSF forms the third leg of a Zero Trust framework alongside identity and endpoint security — bringing visibility, enforcement, and micro/macrosegmentation into cloud network traffic. Alarming survey findings: 2 out of 3 enterprises struggle with deploying cloud firewalls, over 50% cite visibility blind spots, and 85% report difficulties securing DevOps pipelines. Cloud threats on the rise: The shift to agentic AI and increasingly automated cyber threats make it essential to monitor east-west and egress traffic within the cloud — stopping lateral movement and command-and-control attacks before they spread. Channel opportunity: Aviatrix offers a partner-friendly CNSF solution that complements existing tools like CrowdStrike, Zscaler, Wiz, and cloud-native firewalls — with modular deployment, flexible integration, and a well-designed partner program. For organizations seeking to close their cloud network security blind spots, Aviatrix provides a free Network Security Blind Spot Assessment. And for those wanting to dig deeper, the full survey is available at aviatrix.com/resources. Learn more: https://aviatrix.com
Chinese hackers use Cobalt Strike on Taiwan's semiconductor sector Salt Typhoon breaches National Guard and steals network configurations Congress considers Stuxnet to manage OT threats Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Cyrus Tibbs, CISO, PennyMac Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Pro-Russian Hackers, scam lords, and ransomware gangs face global justice. Louis Vuitton ties customer data breaches to a single cyber incident. The White House is developing a “Zero Trust 2.0” cybersecurity strategy. OVERSTEP malware targets outdated SonicWall Secure Mobile Access (SMA) devices. An Australian political party suffers a massive ransomware breach. Our guest Jacob Oakley speaks with T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. An Italian YouTuber faces a retro reckoning. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Jacob Oakley joins us from today's episode of T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. He and Maria discuss space cybersecurity. Selected Reading Global operation targets NoName057(16) pro-Russian cybercrime network - The offenders targeted Ukraine and supporting countries, including many EU Member States (Europol) Cambodia makes 1,000 arrests in latest crackdown on cybercrime (NBC News) Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy (US Department of Justice) Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies (The Record) Louis Vuitton says regional data breaches tied to same cyberattack (Bleeping Computer) Trump admin focuses on ‘zero trust 2.0,' cybersecurity efficiencies (Federal News Network) SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware (Bleeping Computer) Clive Palmer's political parties suffer data breach affecting 'all emails ... documents and records' (Crikey) YouTuber faces jail time for showing off Android-based gaming handhelds (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this conversation, Dr. Chase Cunningham discusses the current state of cybersecurity, focusing on market growth, the workforce gap, the impact of data breaches, and the role of AI. He emphasizes the importance of zero trust architecture and highlights the human factors that contribute to cybersecurity risks. The discussion also covers incident trends and the need for organizations to adapt their strategies to mitigate risks effectively.TakeawaysThe cybersecurity market is projected to grow significantly, reaching $878 billion by 2034.Data breaches are becoming increasingly costly, with the healthcare sector being the most affected.Zero trust architecture is gaining traction as organizations seek to reduce breach costs.There is a significant gap in the cybersecurity workforce, with millions of unfilled positions.Despite the demand for cybersecurity professionals, many qualified individuals remain unemployed.AI is transforming the cybersecurity landscape, but it also poses new risks.Human factors remain a significant vulnerability in cybersecurity.Organizations must implement technology to mitigate risks associated with human error.The majority of cybersecurity incidents are often attributed to a small percentage of employees.Zero-Trust strategies are essential for future cybersecurity resilience.
Google says ‘Big Sleep' AI tool found bug hackers planned to use Google fixes actively exploited sandbox escape zero day in Chrome China's cyber sector amplifies Beijing's hacking of U.S. targets Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
In this special live episode of Autonomous IT, Live! we walk through a high-stakes incident response drill that mimics a disturbingly realistic threat scenario: an attacker gains access to your internal tools — not by breaking in, but by logging in.Here's the setup: a user unknowingly reuses compromised credentials with the company's SSO provider. An attacker logs in, flies under the radar, and impersonates internal IT support using Slack, email, and calendar invites. Their goal? Convince employees to install a fake remote access tool—all while avoiding anyone likely to report suspicious behavior.Join Landon Miles, Tom Bowyer, and Ryan Braunstein as they:
Pentagon welcomes Chinese engineers into its environment HazyBeacon: It's not a beer, but it leaves a bitter aftertaste What the world needs now is another framework Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
In this episode we talk with mg (https://x.com/MG), the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities.Learn more about mg at: o.mg.lolSponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI modelsJoin Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.Guest Socials - Amit's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Intro: The New Era of AI-Powered AppSec(03:10) Meet Amit Chita: From Founder to Field CTO at Mend.io(03:47) Defining AI-Powered Applications in 2025(05:02) AI-Native vs. AI-Powered: What's the Real Difference?(06:05) How AI is Radically Changing the SDLC: Speed, Scale, and Stricter Security(16:30) The Hidden Risk: Navigating AI Model & Data Licensing Chaos(20:50) SMB vs. Enterprise: Why Their AI Security Problems Are Different(23:00) Why Traditional Security Testing Fails Against AI Threats(26:03) Do You Need to Update Your Entire Security Program for AI?(29:14) The New DevSecOps: Keeping Developers Happy in the Age of AI(31:26) Real AI Threats: Malicious Packages & Indirect Prompt Injection(35:16) Is Regulation Coming for AI? A Look at the Current Landscape(38:00) The AI Security Toolbox: To Build or To Buy?(41:41) Fun Questions: Amit's Proudest Moment & Favorite RestaurantThank you to our episode sponsor Mend.io
What does it take to stay calm in the face of constant cyber pressure—and why does that mindset matter more than ever? In this episode of Security Matters, host David Puner speaks with Den Jones, founder and CEO of 909Cyber, about his transition from enterprise chief security officer (CSO) to cybersecurity consultant. They explore what it means to lead with clarity and composure in a high-stakes environment, the realities of launching a firm in a crowded market, and how pragmatic security strategies—especially around identity, AI, and Zero Trust—can help organizations navigate AI-driven threats, talent shortages, and operational complexity. It's a candid conversation about what works and what doesn't when it comes to modern security leadership.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian. In this episode: The experience prerequisite The bootcamp reality check The compensation conundrum The domain expertise imperative A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Send us a textIs your cybersecurity vendor helping—or just selling? In this insightful conversation from IT Nation Secure 2025, Joey Pinz chats with Paul Lupo of Bitdefender about what it really takes to support Managed Service Providers (MSPs) in today's evolving threat landscape.
Greg Linares (AKA Laughing Mantis) joins us to tell us about how he became the youngest hacker to be arrested in Arizona.Follow Greg on Twitter: https://x.com/Laughing_Mantis.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.This show is sponsored by Red Canary. Red Canary is a leading provider of Managed Detection and Response (MDR), helping nearly 1,000 organizations detect and stop threats before they cause harm. With a focus on accuracy across identities, endpoints, and cloud, we deliver trusted security operations and a world-class customer experience. Learn more at redcanary.com.This show is sponsored by Miro. AI doesn't have to be intimidating—in fact, it can help your team thrive. Miro's Innovation Workspace changes that by bringing people and AI together to turn ideas into impact, fast. Whether you're launching a new podcast, streamlining a process, or building the next big thing, Miro helps your team move quicker, collaborate better, and actually enjoy the work. Learn more at https://miro.com/.