Redefining CyberSecurity

Akamai: https://itspm.ag/akamailbwc

BlackCloak: https://itspm.ag/itspbcweb

SandboxAQ: https://itspm.ag/sandboxaq-j2en

Archer: https://itspm.ag/rsaarchweb

Dropzone AI: https://itspm.ag/dropzoneai-641

ISACA: https://itspm.ag/isaca-96808

ObjectFirst: https://itspm.ag/object-first-2gjl

Edera: https://itspm.ag/edera-434868

___________

Resources

The DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpa

Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25

___________

KEYWORDS

andrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin

17 april 2025 | 36 min

⬥GUEST⬥

Izar Tarandach, Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/

⬥HOST⬥

Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com

⬥EPISODE NOTES⬥

In this episode of Redefining CyberSecurity, host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding.

Vibe coding, as discussed by Izar and Sean, isn’t just about AI-assisted development—it’s about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It’s being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles.

Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what’s being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale.

One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today’s coding models function like junior developers—they may produce working code, but they’re also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right.

Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it’s more of a one-way zone than a true jam session between human and machine.

Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don’t trust blindly. Review it, test it, threat model it, and hold it to the same standards.

Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering.

⬥SPONSORS⬥

🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast

⬥RESOURCES⬥

Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMS

Security Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrong

Webinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a

⬥ADDITIONAL INFORMATION⬥

✨ More Redefining CyberSecurity Podcast:

Redefining CyberSecurity Podcast on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Interested in sponsoring this show with a podcast ad placement? Learn more:

Building and Securing Intelligent Workflows: Why Your AI Strategy Needs Agentic AI Threat Modeling and a Zero Trust Mindset | A Conversation with Ken Huang | Redefining CyberSecurity with Sean Martin

25 mars 2025 | 43 min

⬥GUEST⬥

Ken Huang, Co-Chair, AI Safety Working Groups at Cloud Security Alliance | On LinkedIn: https://www.linkedin.com/in/kenhuang8/

⬥HOST⬥

Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com

⬥EPISODE NOTES⬥

In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ken Huang, Co-Chair of the Cloud Security Alliance (CSA) AI Working Group and author of several books including Generative AI Security and the upcoming Agent AI: Theory and Practice. The conversation centers on what agentic AI is, how it is being implemented, and what security, development, and business leaders need to consider as adoption grows.

Agentic AI refers to systems that can autonomously plan, execute, and adapt tasks using large language models (LLMs) and integrated tools. Unlike traditional chatbots, agentic systems handle multi-step workflows, delegate tasks to specialized agents, and dynamically respond to inputs using tools like vector databases or APIs. This creates new possibilities for business automation but also introduces complex security and governance challenges.

Practical Applications and Emerging Use Cases

Ken outlines current use cases where agentic AI is being applied: startups using agentic models to support scientific research, enterprise tools like Salesforce’s AgentForce automating workflows, and internal chatbots acting as co-workers by tapping into proprietary data. As agentic AI matures, these systems may manage travel bookings, orchestrate ticketing operations, or even assist in robotic engineering—all with minimal human intervention.

Implications for Development and Security Teams

Development teams adopting agentic AI frameworks—such as AutoGen or CrewAI—must recognize that most do not come with out-of-the-box security controls. Ken emphasizes the need for SDKs that add authentication, monitoring, and access controls. For IT and security operations, agentic systems challenge traditional boundaries; agents often span across cloud environments, demanding a zero-trust mindset and dynamic policy enforcement.

Security leaders are urged to rethink their programs. Agentic systems must be validated for accuracy, reliability, and risk—especially when multiple agents operate together. Threat modeling and continuous risk assessment are no longer optional. Enterprises are encouraged to start small: deploy a single-agent system, understand the workflow, validate security controls, and scale as needed.

The Call for Collaboration and Mindset Shift

Agentic AI isn’t just a technological shift—it requires a cultural one. Huang recommends cross-functional engagement and alignment with working groups at CSA, OWASP, and other communities to build resilient frameworks and avoid duplicated effort. Zero Trust becomes more than an architecture—it becomes a guiding principle for how agentic AI is developed, deployed, and defended.

⬥SPONSORS⬥

Podcast: The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros

⬥RESOURCES⬥

BOOK | Generative AI Security: https://link.springer.com/book/10.1007/978-3-031-54252-7

BOOK | Agentic AI: Theories and Practices, to be published August by Springer: https://link.springer.com/book/9783031900259

BOOK | The Handbook of CAIO (with a business focus): https://www.amazon.com/Handbook-Chief-AI-Officers-Revolution/dp/B0DFYNXGMR

More books at Amazon, including books published by Cambridge University Press and John Wiley, etc.: https://www.amazon.com/stores/Ken-Huang/author/B0D3J7L7GN

Video Course Mentioned During this Episode: "Generative AI for Cybersecurity" video course by EC-Council with 255 people rated averaged 5 starts: https://codered.eccouncil.org/course/generative-ai-for-cybersecurity-course?logged=false

⬥ADDITIONAL INFORMATION⬥

✨ More Redefining CyberSecurity Podcast:

🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Interested in sponsoring this show with a podcast ad placement? Learn more:

Detection vs. Noise: What MITRE ATT&CK Evaluations Reveal About Your Security Tools | A Conversation with Allie Mellen | Redefining CyberSecurity with Sean Martin

17 mars 2025 | 36 min

⬥GUEST⬥

Allie Mellen, Principal Analyst, Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/

⬥HOST⬥

Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

⬥EPISODE NOTES⬥

In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.

The Role of MITRE ATT&CK Evaluations

MITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.

Mellen emphasizes that MITRE’s evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.

Alert Volume and the Cost of Security Data

One key insight from this year’s evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.

Forrester’s analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.

The Shift Toward Detection and Response Engineering

Mellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.

Detection and response should also be tightly integrated. Forrester’s research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.

Vendor Claims and the Reality of Security Tools

While many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE’s raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.

For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.

For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.

⬥SPONSORS⬥

🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast

⬥RESOURCES⬥

Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/

Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/

⬥ADDITIONAL INFORMATION⬥

✨ More Redefining CyberSecurity Podcast:

Redefining CyberSecurity Podcast on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Interested in sponsoring this show with a podcast ad placement? Learn more:

The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | A Conversation with Sarah Fluchs | Redefining CyberSecurity with Sean Martin

11 mars 2025 | 44 min

⬥GUEST⬥

Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/

⬥HOST⬥

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

⬥EPISODE NOTES⬥

The European Commission’s Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.

A Broad Scope: More Than Just Industrial Automation

Unlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA’s requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.

The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.

What the CRA Requires

The CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:

Ensure products are free from known, exploitable vulnerabilities at the time of release.
Implement security by design, considering cybersecurity from the earliest stages of product development.
Provide security patches for the product’s defined lifecycle, with a minimum of five years unless justified otherwise.
Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.
Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.

Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.

Compliance Challenges: No Detailed Checklist Yet

One of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA’s security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.

To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.

The Impact on Critical Infrastructure and Industrial Systems

While the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.

Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.

A Security Milestone: Holding Manufacturers Accountable

The CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.

Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.

For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.

The Bottom Line

The Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.

Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.

⬥SPONSORS⬥

🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast

⬥RESOURCES⬥

Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/

Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdf

A list of Sarah's blog posts to get your CRA knowledge up to speed:

1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd73

2️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c

3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d209

4️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd8900

5️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52

⬥ADDITIONAL INFORMATION⬥

✨ More Redefining CyberSecurity:

Redefining CyberSecurity Podcast on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Interested in sponsoring this show with an ad placement in the podcast? Learn more:

Hackers, Policy, and the Future of Cybersecurity: Inside The Hackers’ Almanack from DEF CON and the Franklin Project | A Conversation with Jake Braun | Redefining CyberSecurity with Sean Martin

3 mars 2025 | 41 min

⬥GUEST⬥

Jake Braun, Acting Principal Deputy National Cyber Director, The White House | On LinkedIn: https://www.linkedin.com/in/jake-braun-77372539/

⬥HOST⬥

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

⬥EPISODE NOTES⬥

Cybersecurity is often framed as a battle between attackers and defenders, but what happens when hackers take on a different role—one of informing policy, protecting critical infrastructure, and even saving lives? That’s the focus of the latest Redefining Cybersecurity podcast episode, where host Sean Martin speaks with Jake Braun, former Acting Principal Deputy National Cyber Director at the White House and current Executive Director of the Cyber Policy Initiative at the University of Chicago.

Braun discusses The Hackers’ Almanack, a project developed in partnership with DEF CON and the Franklin Project to document key cybersecurity findings that policymakers, industry leaders, and technologists should be aware of. This initiative captures some of the most pressing security challenges emerging from DEF CON’s research community and translates them into actionable insights that could drive meaningful policy change.

DEF CON, The Hackers’ Almanack, and the Franklin Project

DEF CON, one of the world’s largest hacker conferences, brings together tens of thousands of security researchers each year. While the event is known for its groundbreaking technical discoveries, Braun explains that too often, these findings fail to make their way into the hands of policymakers who need them most. That’s why The Hackers’ Almanack was created—to serve as a bridge between the security research community and decision-makers who shape regulations and national security strategies.

This effort is an extension of the Franklin Project, named after Benjamin Franklin, who embodied the intersection of science and civics. The initiative includes not only The Hackers’ Almanack but also a volunteer-driven cybersecurity support network for under-resourced water utilities, a critical infrastructure sector under increasing attack.

Ransomware: Hackers Filling the Gaps Where Governments Have Struggled

One of the most striking sections of The Hackers’ Almanack examines the state of ransomware. Despite significant government efforts to disrupt ransomware groups, attacks remain as damaging as ever. Braun highlights the work of security researcher Vangelis Stykas, who successfully infiltrated ransomware gangs—not to attack them, but to gather intelligence and warn potential victims before they were hit.

While governments have long opposed private-sector hacking in retaliation against cybercriminals, Braun raises an important question: Should independent security researchers be allowed to operate in this space if they can help prevent attacks? This isn’t just about hacktivism—it’s about whether traditional methods of law enforcement and national security are enough to combat the ransomware crisis.

AI Security: No Standards, No Rules, Just Chaos

Artificial intelligence is dominating conversations in cybersecurity, but according to Braun, the industry still hasn’t figured out how to secure AI effectively. DEF CON’s AI Village, which has been studying AI security for years, made a bold statement: AI red teaming, as it exists today, lacks clear definitions and standards. Companies are selling AI security assessments with no universally accepted benchmarks, leaving buyers to wonder what they’re really getting.

Braun argues that industry leaders, academia, and government must quickly come together to define what AI security actually means. Are we testing AI applications? The algorithms? The data sets? Without clarity, AI red teaming risks becoming little more than a marketing term, rather than a meaningful security practice.

Biohacking: The Blurry Line Between Innovation and Bioterrorism

Perhaps the most controversial section of The Hackers’ Almanack explores biohacking and its potential risks. Researchers at the Four Thieves Vinegar Collective demonstrated how AI and 3D printing could allow individuals to manufacture vaccines and medical devices at home—at a fraction of the cost of commercial options. While this raises exciting possibilities for healthcare accessibility, it also raises serious regulatory and ethical concerns.

Current laws classify unauthorized vaccine production as bioterrorism, but Braun questions whether that definition should evolve. If underserved communities have no access to life-saving treatments, should they be allowed to manufacture their own? And if so, how can regulators ensure safety without stifling innovation?

A Call to Action

The Hackers’ Almanack isn’t just a technical report—it’s a call for governments, industry leaders, and the security community to rethink how we approach cybersecurity, technology policy, and even healthcare. Braun and his team at the Franklin Project are actively recruiting volunteers, particularly those with cybersecurity expertise, to help protect vulnerable infrastructure like water utilities.

For policymakers, the message is clear: Pay attention to what the hacker community is discovering. These findings aren’t theoretical—they impact national security, public safety, and technological advancement in ways that require immediate action.

Want to learn more? Listen to the full episode and explore The Hackers’ Almanack to see how cybersecurity research is shaping the future.

⬥SPONSORS⬥

🎧 https://www.itspmagazine.com/redefining-cybersecurity-podcast

⬥RESOURCES⬥

The DEF CON 32 Hackers' Almanack: https://thehackersalmanack.com/defcon32-hackers-almanack

DEF CON Franklin Project: https://defconfranklin.com/ | On LinkedIn: https://www.linkedin.com/company/def-con-franklin/

DEF CON: https://defcon.org/

Cyber Policy Initiative: https://harris.uchicago.edu/research-impact/initiatives-partnerships/cyber-policy-initiative

⬥ADDITIONAL INFORMATION⬥

✨ More Redefining CyberSecurity:

Redefining CyberSecurity Podcast on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Interested in sponsoring this show with an ad placement in the podcast? Learn more:

The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros | Redefining CyberSecurity with Sean Martin

13 februari 2025 | 47 min

⬥GUESTS⬥

Sandy Dunn, Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State University | On Linkedin: https://www.linkedin.com/in/sandydunnciso/

Rock Lambros, CEO and founder of RockCyber | On LinkedIn | https://www.linkedin.com/in/rocklambros/

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

⬥EPISODE NOTES⬥

The rise of large language models (LLMs) has reshaped industries, bringing both opportunities and risks. The latest OWASP Top 10 for LLMs aims to help organizations understand and mitigate these risks. In a recent episode of Redefining Cybersecurity, host Sean Martin sat down with Sandy Dunn and Rock Lambros to discuss the latest updates to this essential security framework.

The OWASP Top 10 for LLMs: What It Is and Why It Matters

OWASP has long been a trusted source for security best practices, and its LLM-specific Top 10 is designed to guide organizations in identifying and addressing key vulnerabilities in AI-driven applications. This initiative has rapidly gained traction, becoming a reference point for AI security governance, testing, and implementation. Organizations developing or integrating AI solutions are now evaluating their security posture against this list, ensuring safer deployment of LLM technologies.

Key Updates for 2025

The 2025 iteration of the OWASP Top 10 for LLMs introduces refinements and new focus areas based on industry feedback. Some categories have been consolidated for clarity, while new risks have been added to reflect emerging threats.

• System Prompt Leakage (New) – Attackers may manipulate LLMs to extract system prompts, potentially revealing sensitive operational instructions and security mechanisms.

• Vector and Embedding Risks (New) – Security concerns around vector databases and embeddings, which can lead to unauthorized data exposure or manipulation.

Other notable changes include reordering certain risks based on real-world impact. Prompt Injection remains the top concern, while Sensitive Information Disclosure and Supply Chain Vulnerabilities have been elevated in priority.

The Challenge of AI Security

Unlike traditional software vulnerabilities, LLMs introduce non-deterministic behavior, making security testing more complex. Jailbreaking attacks—where adversaries bypass system safeguards through manipulative prompts—remain a persistent issue. Prompt injection attacks, where unauthorized instructions are inserted to manipulate output, are also difficult to fully eliminate.

As Dunn explains, “There’s no absolute fix. It’s an architecture issue. Until we fundamentally redesign how we build LLMs, there will always be risk.”

Beyond Compliance: A Holistic Approach to AI Security

Both Dunn and Lambros emphasize that organizations need to integrate AI security into their overall IT and cybersecurity strategy, rather than treating it as a separate issue. AI governance, supply chain integrity, and operational resilience must all be considered.

Lambros highlights the importance of risk management over rigid compliance: “Organizations have to balance innovation with security. You don’t have to lock everything down, but you need to understand where your vulnerabilities are and how they impact your business.”

Real-World Impact and Adoption

The OWASP Top 10 for LLMs has already been widely adopted, with companies incorporating it into their security frameworks. It has been translated into multiple languages and is serving as a global benchmark for AI security best practices.

Additionally, initiatives like HackerPrompt 2.0 are helping security professionals stress-test AI models in real-world scenarios. OWASP is also facilitating industry collaboration through working groups on AI governance, threat intelligence, and agentic AI security.

How to Get Involved

For those interested in contributing, OWASP provides open-access resources and welcomes participants to its AI security initiatives. Anyone can join the discussion, whether as an observer or an active contributor.

As AI becomes more ingrained in business and society, frameworks like the OWASP Top 10 for LLMs are essential for guiding responsible innovation. To learn more, listen to the full episode and explore OWASP’s latest AI security resources.

⬥SPONSORS⬥

https://www.itspmagazine.com/redefining-cybersecurity-podcast

⬥RESOURCES⬥

OWASP GenAI: https://genai.owasp.org/

Link to the 2025 version of the Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/

Getting Involved: https://genai.owasp.org/contribute/

OWASP LLM & Gen AI Security Summit at RSAC 2025: https://genai.owasp.org/event/rsa-conference-2025/

AI Threat Mind Map: https://github.com/subzer0girl2/AI-Threat-Mind-Map

Guide for Preparing and Responding to Deepfake Events: https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/

AI Security Solution Cheat Sheet Q1-2025:https://genai.owasp.org/resource/ai-security-solution-cheat-sheet-q1-2025/

HackAPrompt 2.0: https://www.hackaprompt.com/

⬥ADDITIONAL INFORMATION⬥

✨ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist on YouTube:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring this show with an ad placement in the podcast? Learn more:

Shadow IT: Securing Your Organization in a World of Unapproved Apps | A Zero Trust World Conversation with Ryan Bowman | On Location Coverage with Sean Martin and Marco Ciappelli

7 februari 2025 | 24 min

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.

In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman’s session aims to shed light on this issue and equip attendees with strategies to address it effectively.

Understanding Shadow IT and Its Risks

Bowman explains that Shadow IT is more than just an inconvenience—it’s a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.

One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.

Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.

Zero Trust as a Mindset

A recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it’s a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.

This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.

Practical Strategies to Combat Shadow IT

Bowman’s session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:

• Identifying and monitoring unauthorized applications within their organization

• Implementing policies and security controls that balance security with user needs

• Enhancing employee engagement and education to prevent unauthorized technology use

• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiency

Bowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.

Why This Session Matters

With organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman’s session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.

Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.

For those interested in staying ahead of security challenges, attending Bowman’s session on The Dangers of Shadow IT is a must.

Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Register for Zero Trust World 2025: https://itspm.ag/threat5mu1

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

The Ultimate 2025 Tech & Cybersecurity Event Guide: Where to Be | On Location Coverage with Sean Martin and Marco Ciappelli

4 februari 2025 | 12 min

Cyber Threat Research, Hands-On Labs, and a Challenge You Can’t Afford to Miss | A Zero Trust World Conversation with Kieran Human | On Location Coverage with Sean Martin and Marco Ciappelli

3 februari 2025 | 24 min

Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year’s event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.

The Growth of Zero Trust World

Now in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company’s own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.

What to Expect: Hands-On Learning and Key Discussions

One of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker’s perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.

For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there’s something to gain from these hands-on labs.

High-Profile Speakers and Industry Insights

Beyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.

One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.

Networking, Certification, and More

Zero Trust World isn’t just about education—it’s also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.

A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.

A Unique Capture the Flag Challenge

For those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event’s commitment to real-world application of cybersecurity techniques.

Join the Conversation

With so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.

Whether you’re looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you’re attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.

Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Register for Zero Trust World 2025: https://itspm.ag/threat5mu1

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital Threats | A Conversation with Fahad Mughal | Redefining CyberSecurity with Sean Martin

31 januari 2025 | 53 min

Guest: Fahad Mughal, Senior Cyber Solutions Architect - Security

On LinkedIn | https://www.linkedin.com/in/fahadmughal/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

Modern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.

The Growing Role of Cybersecurity in Railways

Railway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security.

Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.

Critical OT Systems in Railways

Mughal highlights key OT components in railways that require cybersecurity protection:

• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.

• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.

• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.

• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.

• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.

The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.

Real-World Cyber Threats in Railways

Mughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:

• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.

• 2021 Iran Railway Incident: Hackers breached Iran’s railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.

• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.

These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.

Cybersecurity Standards and Best Practices for Railways (links to resources below)

To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:

• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.

• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.

• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.

Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.

Looking Ahead: Strengthening Railway Cybersecurity

As railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.

He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.

The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it’s not a question of if railway cyber incidents will happen, but when.

To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

EN 50126: https://www.en-standard.eu/bs-en-50126-1-2017-railway-applications-the-specification-and-demonstration-of-reliability-availability-maintainability-and-safety-rams-generic-rams-process/

Be sure to share and subscribe!

___________________________

Resources

The LinkedIn Post that inspired this conversation: https://www.linkedin.com/feed/update/urn:li:activity:7264434413965328384/

IEC 62443: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards

CENELEC TS 50701: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Establishing a New Standard for Cybersecurity Professionals Worldwide: Addressing Trust, Standards, and Risk for the CISO Role | CISO Circuit Series with Heather Hinton | Michael Piacente and Sean Martin | Redefining CyberSecurity Podcast

17 januari 2025 | 42 min

About the CISO Circuit Series

Sean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests:

Heather Hinton, CISO-in-Residence, Professional Association of CISOs

On LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

____________________________

This Episode’s Sponsors

LevelBlue | https://itspm.ag/levelblue266f6c

ThreatLocker | https://itspm.ag/threatlocker-r974

___________________________

Episode Notes

In this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.

This episode addressed three critical questions shaping the modern CISO role:

How can CISOs build trust within their organizations?
What is PAC doing to elevate cybersecurity as a recognized profession?
How can CISOs prepare for increasing scrutiny and legal risks?

Building Trust: A CISO’s Key Responsibility

Heather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO’s success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.

The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.

Elevating Cybersecurity as a Recognized Profession

Michael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC’s role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC’s ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.

This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC’s advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.

Preparing for Legal Risks and Industry Challenges

The conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.

Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.

Looking Ahead

With goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.

For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel or telling your promotional story to the Redefining CyberSecurity audience?

👉 https://www.itspmagazine.com/advertise

From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity with Sean Martin

20 december 2024 | 44 min

The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process.

A Human-Centered Approach to Security

Dr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle.

The Current State of Secure Development

One key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively.

She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought.

Challenges in Adoption and Education

Dr. Fulton’s research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers’ perception that security is not their responsibility, compounded by tight deadlines and organizational pressures.

Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust’s promise of enhanced security and memory safety.

The Future of Human-Centered Security

Looking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities.

The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes.

By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices.

____________________________

Guests:

Dr. Kelsey Fulton, Assistant Professor of Computer Science at the Colorado School of Mines

Website | https://cs.mines.edu/project/fulton-kelsey/

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

View This Show's Sponsors

LevelBlue | https://itspm.ag/levelblue266f6c

ThreatLocker | https://itspm.ag/threatlocker-r974

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Kelsey Fulton Biography: https://kfulton121.github.io/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Data Security Posture Management — DSPM. What, why, when, and how: All The Insights You Need To Know | An Imperva Brand Story Conversation with Terry Ray

11 december 2024 | 50 min

In this latest episode of the Imperva Brand Story on ITSP Magazine, Sean Martin and Marco Ciappelli sit down with Terry Ray, CTO for Data Security at Imperva. Together, they discuss the pressing challenges and transformative innovations shaping the future of safeguarding information.

Unpacking Data Security Posture Management

Terry Ray introduces Data Security Posture Management (DSPM), comparing it to inspecting a home—where identifying vulnerabilities is just as important as fixing them. He emphasizes that data security requires constant vigilance, urging organizations to develop a deep understanding of their infrastructure while staying agile against emerging threats.

Moving Beyond Compliance to Real Security

The conversation highlights the often-misunderstood relationship between compliance and genuine security. While meeting regulatory requirements is necessary, Terry argues that true data protection requires a broader, risk-based approach, addressing vulnerabilities in both regulated and non-regulated systems to prepare for audits and unforeseen breaches.

The Power of Automation and Machine Learning

Terry underscores Imperva's dedication to leveraging advanced automation, AI, and machine learning technologies to process vast data sets and detect threats proactively. By adopting innovative strategies, companies can transition from reactive to proactive measures in protecting their digital ecosystems.

Fostering Collaboration and Security Awareness

A standout point from the discussion is the importance of collaboration across organizational roles—from compliance officers to database managers and security teams. By fostering a culture of continuous learning and teamwork, businesses can better allocate resources and adapt to evolving security priorities.

Embracing Security's Ever-Changing Nature

The conversation concludes with a powerful reflection on the unpredictable nature of cybersecurity. As new threats and technologies emerge, organizations must remain adaptable, forward-thinking, and prepared for the unexpected to stay ahead in an ever-changing security landscape.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]

On Linkedin | https://www.linkedin.com/in/terry-ray/

On Twitter | https://twitter.com/TerryRay_Fellow

Resources

Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Breaking Down the Complexities of Client-Side Threats and How to Stop Them | A c/side Brand Story Conversation with Simon Wijckmans

10 december 2024 | 33 min

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.

Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.

C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.

Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.

C/side’s offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.

With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.

Learn more about c/side: https://itspm.ag/c/side-t0g5

Note: This story contains promotional content. Learn more.

Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]

On LinkedIn | https://www.linkedin.com/in/wijckmans/

Resources

Learn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-side

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Rebalancing Cyber Security: Prioritizing Response and Recovery in Governance | An Australian Cyber Conference 2024 in Melbourne Conversation with Asaf Dori and Ashwin Pal | On Location Coverage with Sean Martin and Marco Ciappelli

10 december 2024 | 29 min

Guests:

Asaf Dori, Cyber Security Lead, Healthshare NSW

On LinkedIn | https://www.linkedin.com/in/adori/

Ashwin Pal, Partner – Cyber Security and Privacy Services, RSM Australia

On LinkedIn | https://www.linkedin.com/in/ashwin-pal-a1769a5/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At the AISA CyberCon 2024 in Melbourne, Sean Martin sat down with Asaf Dori and Ashwin Pal to explore the often-overlooked areas of the NIST Cybersecurity Framework: response and recovery. Both guests highlighted the critical gaps organizations face in these domains and shared practical insights on addressing them.

Asaf Dori, a cybersecurity professional in healthcare and a researcher at the University of Sydney, underscored the need for governance-driven awareness to improve response and recovery capabilities. His research revealed that while organizations invest heavily in prevention and detection, they frequently neglect robust recovery plans. He emphasized the importance of comprehensive disaster recovery exercises over isolated system-based approaches. By linking governance to practical outcomes, Dori argued that organizations could better align their strategies with business resilience.

Ashwin Pal, a partner at RSM with 26 years of experience in IT security, brought a field perspective, pointing out how recovery strategies often fail to meet business requirements. He discussed the disconnect between IT recovery metrics, such as RPOs and RTOs, and actual business needs. Pal noted that outdated assumptions about recovery timeframes and critical systems frequently result in misaligned priorities. He advocated for direct business engagement to establish recovery strategies that support operational continuity.

A key theme was the role of effective governance in fostering collaboration between IT and business stakeholders. Both speakers agreed that engaging business leaders through tabletop exercises is an essential starting point. Simulating ransomware scenarios, for instance, often exposes gaps in recovery plans, such as inaccessible continuity documents during a crisis. Such exercises, they suggested, empower CISOs to secure executive buy-in for strategic improvements.

The discussion also touched on the competitive advantages of robust cybersecurity practices. Dori noted that in some industries, such as energy, cybersecurity maturity is increasingly viewed as a differentiator in securing contracts. Pal echoed this, citing examples where certifications like ISO have become prerequisites in supply chain partnerships.

By reframing cybersecurity as a business enabler rather than a cost center, organizations can align their response and recovery strategies with broader operational goals. This shift requires CISOs and risk officers to lead conversations that translate technical requirements into business outcomes, emphasizing trust, resilience, and customer retention.

This dialogue provides actionable insights for leaders aiming to close the response and recovery gap and position cybersecurity as a strategic asset.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Theory of Saving the World: Intervention Requests and Critical Infrastructure | An Australian Cyber Conference 2024 in Melbourne Conversation with Ravi Nayyar | On Location Coverage with Sean Martin and Marco Ciappelli

10 december 2024 | 26 min

Guest: Ravi Nayyar, PhD Scholar, The University Of Sydney

On LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/

At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems.

The Cyber Zoo: Ravi Nayyar’s Research Focus

Ravi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems.

The Role of Humans in Cybersecurity

At the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world.

The Case for Stronger Cyber Laws

Ravi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security.

Global Cooperation and the Fight Against Regulatory Arbitrage

The discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide.

Incentivizing Secure Practices

Delving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem.

Closing Thoughts: Collaboration for a Safer Digital World

Sean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure.

____________________________

This Episode’s Sponsors

____________________________

Resources

The theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNrifl

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

From Melbourne to the World: Recap, Highlights and the importance of Human Connections in a Digital Connected Society | An Australian Cyber Conference 2024 in Melbourne Conversation with Akash Mittal | On Location Coverage

6 december 2024 | 13 min

Guest: Akash Mittal, Chair, Australian Information Security Association (AISA)

On LinkedIn | https://www.linkedin.com/in/akashgmittal/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Throughout the conference, one theme stood out above all: the power of community. Akash reflected on how CyberCon fosters a collective effort to strengthen Australia’s cyber resilience by uniting government, academia, and industry under one roof. From keynote presentations to impromptu hallway conversations, the conference showcased how innovation and human connection go hand in hand to address global cybersecurity challenges.

The Block Party and Beyond

One of the most talked-about moments was the renowned Block Party, a celebration that blurred the line between networking and friendship. Marco described it as a unique experience that left a lasting impression on attendees. Beyond the lively gatherings, the conference also stood out for its ability to create a space where meaningful connections and ideas flourished—whether on the exhibition floor, during panel discussions, or at informal meetups.

Looking Ahead: The Future of CyberCon

As the conference came to a close, Akash shared an exciting vision for what lies ahead. With an ethos of continuous improvement, the organizing team is committed to delivering even more impactful experiences in the years to come. Feedback from attendees will play a vital role in shaping future events, ensuring CyberCon remains at the forefront of the cybersecurity community.

Highlights from the Exhibition Hall

The buzzing exhibition hall served as the heart of CyberCon 2024, brimming with energy and engagement. Sean and Marco noted how sponsors and vendors played a pivotal role, sparking conversations about cutting-edge solutions and driving collaboration across sectors. The hall wasn’t just about showcasing products—it became a space for dialogue, exploration, and innovation.

A Legacy of Success

CyberCon 2024 was more than just a cybersecurity conference—it was a celebration of the community that makes progress possible. The dedication of volunteers and the meticulous planning behind the scenes ensured the event’s success. As Akash noted, the conference continues to evolve as a space where quality content and genuine connections take center stage.

Closing Thoughts: A United Community

As Sean, Marco, and Akash wrapped up their time at the Australian Cyber Conference 2024, they reflected on what made the event truly special: its people. The conversations, collaborations, and shared sense of purpose have set the stage for a brighter, more connected future in cybersecurity. Melbourne’s vibrant energy was the perfect backdrop for a conference that reminded us all that innovation is strongest when it’s rooted in community.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Beyond the Briefings: Exploring the Pulse of Cybersecurity Communities | A Black Hat Europe 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

5 december 2024 | 35 min

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

London as the Backdrop for Innovation and Culture

The conversation kicked off with reflections on London’s vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city’s knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It’s this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat.

Sean and Marco’s admiration for the city wasn’t just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion.

Black Hat’s Expanding Global Reach

Sean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat’s international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts.

Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force.

Celebrating Local Voices in Global Conversations

One of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat’s dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events.

The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive.

Sean and Marco’s Chemistry: Informal Yet Insightful

Beyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London’s chilly December weather. Marco’s love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions.

It’s this blend of professional insight and personal charm that makes their discussions so engaging. Whether they’re debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back.

Looking Ahead

As the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community’s stories to light remains steadfast. Whether you’re attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all.

Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

From Bytes to Rights: The Intersection of Law and Cyber Security | An Australian Cyber Conference 2024 in Melbourne Conversation with EJ Wise | On Location Coverage with Sean Martin and Marco Ciappelli

4 december 2024 | 28 min

Guest: EJ Wise, Founder & Principal, WiseLaw

On LinkedIn | https://www.linkedin.com/in/wiselaw3/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Against the energetic backdrop of Melbourne's CyberCon, hosted by ISA, the conversation dives into the global nature of technology's influence. The trio reflects on pressing topics such as privacy, cybersecurity, and the shifting landscape of cyber law, all while situated in one of Australia’s most tech-forward cities.

EJ Wise’s Journey and Perspective
EJ Wise shared her remarkable career path, starting as a member of the U.S. Air Force JAG Corps and later founding her boutique law firm in Australia in 2018. Her firsthand experience sheds light on Australia’s relatively recent introduction of comprehensive cyber laws and the ongoing need to bridge the gap between technological innovation and legislative action.

Educating Consumers: A Shared Responsibility
A key focus of the conversation was consumer awareness. EJ highlighted the critical need for industries to take responsibility for educating the public, much like banks have historically done with financial literacy. The discussion also touched on embedding technological literacy into early education, ensuring children grow up with a clear understanding of privacy and digital security.

Technology and Ethics in Tension
The group examined the ethical challenges posed by advancing technologies, especially regarding surveillance and data privacy. From facial recognition in retail spaces to the increasing capabilities of modern devices to monitor user behavior, the conversation drew thought-provoking parallels between these innovations and the history of advertising practices.

The ethical implications of such technologies go far beyond convenience, raising questions about transparency, consent, and societal norms in the digital age.

Legal Frameworks and Industry Responsibility
Marco and Sean explored the evolving role of legal frameworks in holding industry players accountable for consumer safety and privacy. EJ’s insights provided a grounded perspective on how regulatory environments are adapting—or struggling to adapt—to these challenges.

The discussion underscored a growing trend: companies must not only comply with existing laws but also anticipate and mitigate the societal impacts of their technologies.

Encouraging Dialogue and Reflection
Throughout the episode, the importance of open dialogue and introspection emerged as a recurring theme. By examining how technology shapes society and law, the discussion encouraged listeners to reflect on their digital habits and the privacy trade-offs they make in their daily lives.

Conclusion
While the conversation didn’t provide all the answers, it illuminated the complexities of the interplay between technology, law, and society. EJ, Marco, and Sean left listeners with an invitation to remain curious, question norms, and consider their role in shaping a more ethically aware digital future.

This episode captures the spirit of CyberCon 2024—sparking ideas, inspiring debate, and reinforcing the need for thoughtful engagement with the challenges of our hybrid analog-digital society.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Stranger Danger, Phishing, Instinct, and Technology: How AI and Awareness Are Shaping Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Benji Zorella and Rebecca Caldwell | On Location Coverage

4 december 2024 | 30 min

Guests:

Benji Zorella, eLearning Instructional Designer, CyberCX

On LinkedIn | https://www.linkedin.com/in/benjiz/

Rebecca Caldwell, Phishing Content Specialist, Phriendly Phishing

On LinkedIn | https://www.linkedin.com/in/bec-j-caldwell/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Kicking off the episode, Sean Martin and Marco Ciappelli highlight the uniquely local flavor of the conference. With Benji and Bec calling Melbourne home, the guests reflect on the value of attending such a prominent event in their backyard while drawing on their experiences as hosts of their own cybersecurity podcast.

Unmasking Phishing in the Digital Age

Phishing takes center stage as Benji and Bec share stories and insights about the dangers lurking behind cleverly crafted scams. Sean Martin draws a clever comparison between traditional fishing methods and the digital phishing tactics cybercriminals use today—hooking victims by exploiting their trust and curiosity.

Benji drives the conversation deeper, explaining how a person's digital footprint—especially in an age of AI-driven tools like deepfakes—can be weaponized for deception. The guests underscore the importance of remaining vigilant and minimizing the personal information we leave online, turning our digital habits into our best line of defense.

Cybersecurity Education: The First Line of Defense

Shifting gears, the group emphasizes the need to move beyond relying solely on tech-driven safeguards and focus on building a culture of cybersecurity awareness within organizations. Bec Caldwell shares actionable strategies, likening cybersecurity education to learning how to drive—starting small and gradually building confidence in spotting risks. Empowering employees to question suspicious contexts fosters not just better security, but a collaborative culture of accountability.

AI: Friend or Foe?

The role of AI emerges as a hot topic, sparking a discussion about its dual impact on cybersecurity. While AI enables sophisticated phishing attacks, it also holds the potential to strengthen defenses. The panel imagines AI tools evolving to provide real-time security nudges, similar to how cars alert drivers to potential hazards. It’s a balancing act, as AI must be wielded thoughtfully to enhance—not replace—human vigilance.

The Human Factor in Cybersecurity

Throughout the conversation, one message resonates: the enduring power of human intuition. Benji recounts a gripping story of a CEO who thwarted a highly advanced phishing attempt with a simple, old-school phone verification. This moment reinforces the idea that while tech can improve security measures, the human touch remains irreplaceable.

Future-Proofing Cybersecurity

As the episode winds down, the group reflects on thought-provoking audience questions from the conference. From AI’s impact on CISO responsibilities to how generational shifts in digital communication shape cybersecurity strategies, the guests underscore the need for adaptability as both technology and society evolve.

A Final Call to Action

Marco Ciappelli and Sean Martin wrap up with a clear takeaway for their listeners: stay curious, ask questions, and embrace skepticism online. The key to navigating today’s cyber landscape is a mix of awareness, education, and the occasional gut check—because even in a tech-driven world, the human element is our greatest asset.

____________________________

This Episode’s Sponsors

____________________________

Resources

Bytes with Bec and Benji podcast: https://www.phriendlyphishing.com/resources/podcasts

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Building Cyber Resilience Through Global Innovation, Local Community Feedback, and Regional Partnerships | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story with Jade Wilkie

4 december 2024 | 18 min

Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin and Marco Ciappelli

4 december 2024 | 27 min

Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Delinea

On LinkedIn | https://www.linkedin.com/in/josephcarson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.

The Dynamics of Engagement

The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.

Insights on Ransomware Realities

Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance.

The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.

Ethical and Strategic Considerations in Cybersecurity

The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.

Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model.

Global Trends and Local Challenges

The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.

Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.

Final Thoughts: Building a Safer Digital World

The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.

This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location Coverage with Sean Martin and Marco Ciappelli

4 december 2024 | 27 min

Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe University

On LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.

Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.

Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.

Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual’s age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.

The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.

The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad’s research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.

Listeners are encouraged to follow Ahmad’s work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Brand Story with Robert Booker, Blake Sutherland, Sidney Prasse, Josh Ladeau

4 december 2024 | 60 min

The HITRUST CyberInsurance Webinar unveiled an innovative approach to acquiring cyber insurance, highlighting a streamlined process designed to benefit organizations of all sizes and sectors. Gathering insights from industry leaders including Sean Martin, Josh Ladeau, Sidney Prasse, Robert Booker, and Blake Sutherland, the discussion centered around the HITRUST Shared Risk Facility and its value proposition for organizations seeking robust cyber insurance coverage.

Josh Ladeau, CEO of Trium, emphasized the importance of reducing volatility in the insurance market. He pointed out the challenges organizations face with traditional insurance processes, including cumbersome questionnaires and inconsistent underwriting requirements. By leveraging HITRUST certifications, the Shared Risk Facility offers a consistent, transparent, and efficient pathway for obtaining coverage, ensuring organizations can focus more on their core operations rather than administrative burdens.

Sidney Prasse, a cyber specialist at McGill and Partners, highlighted the comprehensive nature of HITRUST certifications, which provide a high level of assurance and a robust framework for organizations. Prasse elaborated on the return on investment (ROI) that organizations gain from this streamlined approach, not only in terms of competitive premiums but also through time and resource efficiencies.

Robert Booker, Chief Strategy Officer at HITRUST, elaborated on the rigorous processes involved in HITRUST certifications. He explained that these certifications require organizations to demonstrate their security maturity comprehensively, which in turn provides insurers with verified, reliable data. This reliability and transparency in security posture are critical, as they enhance the trust between insurers and insureds, making the underwriting process smoother and more accurate.

Blake Sutherland, EVP of Market Engagement at HITRUST, emphasized the importance of proactive engagement between IT security teams and finance or risk management teams within organizations. He noted that the HITRUST approach helps bridge gaps between these departments, ensuring a unified and effective strategy towards obtaining and maintaining cyber insurance coverage.

The webinar underscored that the HITRUST Shared Risk Facility is not just about easier and more efficient insurance processes; it also represents a strategic advantage in the market. Organizations that are HITRUST certified can differentiate themselves, demonstrating a high level of security and compliance that can be pivotal in securing business contracts. This differentiation is particularly crucial as businesses increasingly rely on third-party attestation to verify their security measures.

Ultimately, the HITRUST CyberInsurance Webinar showcased how strategic partnerships and innovative approaches can transform the traditional cyber insurance landscape, providing organizations with the tools they need to effectively manage risk and achieve better overall security.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Sidney Prasse, Partner, McGill & Partners

On LinkedIn | https://www.linkedin.com/in/sidney-prasse-297894aa/

Josh Ladeau, CEO, Trium Cyber

Resources

Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships (Session):

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Building a Sustainable, Predictable Cyber Insurance Market | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A McGill and Partners Short Brand Innovation Story with Ryan Griffin

3 december 2024 | 7 min

During the latest Brand Story episode recorded as part of the On Location series at HITRUST Collaborate 2024, host Sean Martin speaks with Ryan Griffin from McGill Partners about the intricacies of cyber insurance.

Ryan Griffin, who plays a key role at the cyber insurance brokerage firm McGill Partners, shares insights into the importance of cyber insurance for large and complex organizations. Griffin outlines how the company helps clients understand and quantify their cyber risks before negotiating with over 100 cyber insurers to secure coverage. This rigorous approach is crucial given the volatile nature of cyber risks.

One of the significant challenges in the field, Griffin notes, is the counterparty risk involved in contractual relationships between large organizations. He emphasizes the necessity for businesses to carry adequate insurance coverage, akin to traditional liability insurance. Griffin reflects on the market evolution where organizations now see the value in cyber insurance, which should ideally cover rare but high-impact events.

The episode also highlights the pivotal role of data in understanding and pricing cyber risks. Sean Martin brings attention to the collaboration between McGill Partners and HITRUST. HITRUST's extensive data on cybersecurity and privacy maturity provides Griffins' team with a strong foundation for tailored cyber insurance solutions. Griffin praises HITRUST’s reliable framework that has been in place since 2007-2008, saying it’s a key differentiator in the cyber insurance space.

Sean Martin also notes the ongoing evolution in how organizations approach cyber insurance. Historically, the market's response to cybersecurity certifications has been lukewarm, but there is a shift towards utilizing credible, respected frameworks in insurance solutions. HITRUST certifications, such as the R2 certification, now play a crucial role in demonstrating an organization's efforts to mitigate risk and are instrumental in securing favorable insurance terms.

Griffin further discusses the multifaceted stakeholders involved in procuring cyber insurance within organizations. He talks about the need for simplifying cyber risk management for different organizational roles, particularly the non-technical insurance buyers. Griffin emphasizes making the insurance process less intimidating by leveraging compliance and cybersecurity measures already in place.

Ryan Griffin underscores McGill Partners' mission to create a mature and sustainable risk pool, making cyber insurance predictable and reliable for their clients. The collaboration with HITRUST showcases a tangible effort towards improving trust and efficiency in the cyber insurance market. With accurate, trustworthy data, McGill Partners is dedicated to reducing insurance barriers and ensuring organizations are well-prepared to meet their cyber risk management needs.

Learn more about McGill and Partners: https://itspm.ag/mcgill-and-partners-o89w

Note: This story contains promotional content. Learn more.

Guest: Ryan Griffin, Partner, McGill and Partners

On LinkedIn | https://www.linkedin.com/in/ryanpgriffin/

Resources

Learn more and catch more stories from McGill and Partners: https://www.itspmagazine.com/directory/mcgill-and-partners

Video Podcast: Introduction to HITRUST’s Cyber Insurance Facility: https://itspm.ag/hitrusp5x6

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Irreversible Impact of Technology: The Ethical Dilemmas We Face When We Can’t Uninvent Our Creations | An Australian Cyber Conference 2024 in Melbourne Conversation with Mikko Hypponen | On Location Coverage with Sean Martin and Marco Ciappelli

30 november 2024 | 24 min

Guest: Mikko Hypponen, Chief Research Officer (CRO) at WithSecure [@WithSecure]

On LinkedIn | https://www.linkedin.com/in/hypponen/

On Twitter | https://twitter.com/mikko

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the AISA CyberCon 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Mikko Hypponen to discuss the irreversible nature of technology, the challenges it presents, and its impact on society. The discussion focused not on the event itself but on broader issues and ideas that shape our relationship with technological innovation.

The Irreversible Nature of Innovation

Mikko emphasized that once a technology is invented, it cannot be uninvented. Strong encryption was one of his key examples: it secures communication for individuals and organizations, yet it is also used by criminals to evade detection. This duality underscores the reality that every innovation carries benefits and drawbacks. Mikko noted, “Even if we wanted to get rid of strong encryption, it’s not possible. Criminals would still use it.”

The conversation also touched on artificial intelligence. Mikko highlighted how innovations build on past advancements. Decades of progress in digitizing information, developing the internet, and creating cloud infrastructure have made today’s AI capabilities possible. He reflected on how large technological revolutions often take longer than anticipated to develop but eventually surpass expectations in scope.

Technology as a Double-Edged Sword

The group explored societal challenges posed by technology, such as the impact of social media on youth and ethical questions around ransomware. Mikko pointed to the breach of the Vastamo psychotherapy center in Finland, where hackers stole sensitive patient records and demanded ransoms from both the clinic and its patients. He argued that, in some cases, paying the ransom might result in less harm, even though it contradicts the principle of not funding criminal activity.

Marco raised the issue of preparing young people for social media, comparing it to teaching a child to drive before handing over car keys. The discussion emphasized the importance of gradually introducing tools and systems while fostering understanding of their risks and responsibilities.

Building on the Past

Marco noted how foundational technologies, like the internet, enable further innovations. Mikko agreed, citing how AI’s rapid rise was made possible by decades of previous work. He stressed that each technological leap requires the groundwork laid by earlier developments, creating platforms for new ideas to flourish.

The group also discussed the limitations of regulation. For example, cryptocurrencies, built on mathematical principles, cannot be fundamentally altered by laws. Instead, regulation can only address interactions between real-world currencies and blockchain systems. Mikko observed, “Math doesn’t care about your laws and regulations.”

Closing Thoughts

The conversation underscored that innovation is inherently a trade-off. Every advancement brings both opportunities and challenges, and society must navigate these complexities thoughtfully. Mikko highlighted that while the benefits of technologies like encryption, AI, and the internet are significant, they also create new risks.

Sean, Marco, and Mikko’s discussion emphasized the importance of understanding and adapting to technological change. While we can’t control the pace of innovation, we can shape how it integrates into our lives and institutions. This ongoing dialogue remains essential as society continues to grapple with the implications of progress.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Human Factors in Cyber Security: Cultivating Cybersecurity Culture and Cyber Skills Gap | An Australian Cyber Conference 2024 in Melbourne Conversation with Leanne Ngo | On Location Coverage with Sean Martin and Marco Ciappelli

29 november 2024 | 26 min

Guest: Leanne Ngo, Associate Professor, La Trobe University

On LinkedIn | https://www.linkedin.com/in/leanne-ngo-86979042/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During AISA Cyber Con 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Dr. Leanne Ngo to discuss cyber resilience, community impact, and the role of culture in cybersecurity. Their conversation explored the intersection of technology, education, and human connection in the pursuit of a safer and more secure society.

Dr. Ngo shared her perspective on resilience, highlighting its evolving definition. While digital tools increase opportunities for connection, she emphasized that face-to-face interaction remains vital, especially for vulnerable communities. Her work in promoting cybersecurity awareness involves building trust and understanding among diverse groups, tailoring approaches to their unique needs and cultural contexts.

The discussion turned to the importance of culture in cybersecurity, with Dr. Ngo describing it as a gradual process of change driven by action and integration into everyday life. She stressed that cyber awareness—often focused on knowledge—must evolve into behavioral transformation, where secure practices become second nature both at work and in personal lives. This requires understanding the subcultures within organizations and communities and adapting strategies to resonate with their specific dynamics.

Sean also brought up the concept of belief as a cornerstone for driving cultural change. Dr. Ngo agreed, emphasizing that confidence and a growth mindset are essential in fostering resilience. Drawing on her experience as a mentor and educator, she described how instilling belief in individuals’ capacity to contribute to a secure society empowers them to take ownership of their role in cybersecurity.

The conversation explored practical ways to bridge the gap between technical solutions and human-centered approaches. Dr. Ngo highlighted her work with the Australian government’s "Stay Safe, Act Now" campaign, which focuses on localizing cybersecurity education. By adapting materials to the values and practices of various communities—such as the South Sudanese and Cambodian populations—her initiatives create relatable and impactful messaging that goes beyond surface-level translations.

Education and workforce development also emerged as key themes. Dr. Ngo underscored the importance of short, targeted training programs, like micro-credentials, in addressing the growing skills gap in cybersecurity. Such programs offer accessible pathways for individuals from all backgrounds to contribute meaningfully to the industry, supporting Australia's ambition to be the most cyber-resilient country by 2030.

Closing the discussion, Dr. Ngo reinforced that cybersecurity is fundamentally about people. By fostering empathy, understanding, and a collaborative spirit, society can build resilience not just through technology but through the collective effort of individuals who care deeply about protecting one another. This belief in human potential left an enduring impression, inspiring attendees to think beyond traditional approaches and embrace the human element at the core of cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Data Sovereignty and Security Challenges in the APAC Region: Simplifying Security with Zero Trust and AI-Driven Solutions | An Australian Cyber Conference 2024 in Melbourne Conversation with Abbas Kudrati | On Location Coverage

29 november 2024 | 24 min

Guest: Abbas Kudrati, Asia’s SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [@Microsoft]

On LinkedIn | https://www.linkedin.com/in/akudrati/

On Twitter | https://twitter.com/askudrati

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region.

Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions.

The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices.

Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use.

Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities.

The conversation concluded with a forward-looking perspective on AI’s role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Australia's Global Opportunity and Responsibility: Shaping a More Secure Region and a Safer Digital World | An Australian Cyber Conference 2024 in Melbourne Conversation with Ambassador Brendan Dowling | On Location Coverage

29 november 2024 | 16 min

Guest: Ambassador Brendan Dowling, Ambassador for Cyber Affairs and Critical Technology, DFAT

On LinkedIn | https://www.linkedin.com/in/brendan-dowling-7812b4261/

AT AU Cyber Con | https://canberra2024.cyberconference.com.au/speakers/brendan-dowling

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This conversation with Brendan Dowling gave us a glimpse into the strategies, challenges, and collaborations shaping Australia’s digital future—and reminded us all that the cyber frontier is not just a technical battlefield but a deeply human one.

The Role of a Cyber Ambassador
Dowling began by discussing the unique responsibilities of a Cyber Ambassador, a role that integrates cybersecurity into foreign policy at the highest levels. He emphasized how this position, once viewed as an innovative experiment, has become a strategic necessity for national security. As cyber threats grow increasingly complex and borderless, cyber diplomacy has emerged as a critical tool for fostering stability and trust on the global stage.

Strengthening Global Collaboration
During the discussion, Dowling highlighted the collaborative nature of Australia’s cybersecurity efforts. He explained how cooperation within government agencies and partnerships with international allies are key to staying ahead of emerging threats. These relationships enable critical information-sharing, strategic alignment, and unified responses to incidents, underscoring the interconnectedness of today’s digital ecosystem.

Navigating AI and Ethical Challenges
The conversation turned to artificial intelligence and its growing role in society. Dowling addressed the ethical considerations of AI development and deployment, stressing the importance of balancing innovation with responsibility. He described Australia’s approach to advocating for ethical design and policy frameworks that protect privacy and human rights while maximizing AI’s benefits.

Building Resilience in Critical Infrastructure
Critical infrastructure was another focal point of the discussion. Dowling acknowledged the increasing complexity of protecting vital systems, from industrial control processes to supply chains. He emphasized resilience—not only in preventing attacks but in responding swiftly and effectively when incidents occur. This approach ensures that essential services, such as energy and manufacturing, can continue to operate even under pressure.

Cultural Contexts in Cybersecurity
Dowling also reflected on the role of cultural differences in shaping cybersecurity strategies. He shared experiences from his international work, where addressing issues like online safety and disinformation often requires sensitivity to local norms and values. Tailoring cybersecurity approaches to diverse cultural contexts, he noted, is vital for fostering trust and collaboration across regions.

Conclusion:
As the conversation concluded, Dowling reaffirmed the need for continued cooperation, innovation, and cultural understanding in tackling global cyber challenges. Sean Martin and Marco Ciappelli expressed their gratitude, leaving listeners with a clear message: cybersecurity is not just a technical issue—it’s a global, ethical, and deeply human challenge that requires collective effort.

____________________________

This Episode’s Sponsors

____________________________

Resources

Australia's global opportunity and responsibility: shaping a more secure region and a safer digital world (Session): https://canberra2024.cyberconference.com.au/sessions/australias-global-opportunity-and-responsibility-shaping-a-more-secure-region-and-a-safer-digital-world

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano Bongiovanni | On Location Coverage

28 november 2024 | 25 min

Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQ

On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/

At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.

Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.

Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.

The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.

Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.

Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.

____________________________

This Episode’s Sponsors

____________________________

Resources

Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u

How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe

The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Top 10 Skills Your Security Awareness and Culture Person Must Have (With No IT or Cyber Skills in Sight) | An Australian Cyber Conference 2024 in Melbourne Conversation with Daisy Wong | On Location Coverage with Sean Martin and Marco Ciappelli

28 november 2024 | 27 min

Guest: Daisy Wong, Head of Security Awareness, Medibank

On LinkedIn | https://www.linkedin.com/in/daisywong127/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Kicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.

Daisy’s career journey, from earning a marketing degree to becoming Medibank’s Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.

The Power of Communication and Culture in Cybersecurity
Daisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today’s cyber challenges.

Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.

Breaking Barriers and Building Bridges
One of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.

She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.

Staying Ahead in an Evolving Threat Landscape
Daisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.

While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.

In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.

Cybersecurity isn’t just about systems and software—it’s about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Building Resilience in a Disruptive Digital Landscape while Being Green by Design: Addressing the Carbon Footprint in Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Sian John | On Location Coverage

27 november 2024 | 16 min

Guest: Sian John, Chief Technology Officer, NCC Group

On LinkedIn | https://www.linkedin.com/in/sian-john/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.

Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.

Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'

The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.

The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.

Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The present and future of Human-Centered Cybersecurity: Managing Risks and Fostering Digital Safety | An Australian Cyber Conference 2024 in Melbourne Conversation with Jinan Budge | On Location Coverage with Sean Martin and Marco Ciappelli

27 november 2024 | 40 min

Guest: Jinan Budge, Vice President, Principal Analyst serving Security & Risk professionals, Forrester

On LinkedIn | https://www.linkedin.com/in/jinan-budge-2898132/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Australian Cyber Conference Melbourne 2024 is a dynamic hub of innovation, bringing together top cybersecurity professionals and thought leaders to tackle the industry’s most pressing challenges. On this On Location Recording Sean Martin and Marco Ciappelli have a conversation with Jinan Budge, Vice President at Forrester Research, focusing on the vital role of human-centered security in today’s evolving landscape.

Building a Human-Centered Cybersecurity Culture

One of the central themes of the discussion was the shift from traditional security awareness programs to human risk management. Jinan Budge emphasized the need to move beyond treating people as liabilities and instead design security practices that align with individual behaviors and motivations. This evolution toward human-centered cybersecurity is essential to addressing the unique risks posed by human behavior while fostering a culture of adaptability and trust.

Collaboration Between Enterprises and Vendors

The podcast highlighted the shared responsibility between enterprises and vendors to advance security practices. Enterprises must embrace adaptive security solutions tailored to their workforce, while vendors have a pivotal role in driving innovation and educating the market. This partnership is key to creating flexible, effective solutions that meet the needs of diverse organizations, from startups to global enterprises.

Understanding the Human Element in Data Breaches

Budge introduced a framework she calls the “wheel of human element breaches,” which categorizes risks such as social engineering, human error, and insider threats. This comprehensive approach pushes the conversation beyond the common narrative of phishing attacks, encouraging organizations to adopt holistic strategies that address the root causes of human-driven vulnerabilities.

Education and Continuous Learning

Marco Ciappelli and Jinan Budge underscored the importance of integrating cybersecurity education into early learning environments. Instilling digital safety habits at a young age helps build an instinctive understanding of cybersecurity, preparing future generations for the increasingly digital workplace. This foundation ensures smoother transitions into organizational cultures where cybersecurity is second nature.

Conclusion

The discussions at the Australian Cyber Conference Melbourne 2024 illuminated the industry’s growing focus on human-centered strategies and collaboration between enterprises and vendors. These efforts underscore the importance of proactively addressing human risks and integrating cybersecurity education into every level of society. Events like this continue to shape the future, offering invaluable insights and inspiration for those dedicated to advancing the field.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Transforming Cybersecurity with Essential Eight by Building Robust Security Structures with a Default Deny Approach | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story with Jade Wilkie

27 november 2024 | 6 min

During AISA Cyber Con 2024 in Melbourne, Sean Martin connected with Jade Wilkie from ThreatLocker. Wilkie, who is currently an account executive and soon to assume a leadership role with the APAC sales team, discusses the significance of ThreatLocker’s presence at the event and their growth in the Australian market. With ThreatLocker’s APAC team attending for the first time, Wilkie emphasizes the importance of support on the ground as Australia has quickly become ThreatLocker’s second-largest market.

ThreatLocker’s approach, centered on a default deny methodology and zero trust framework, aligns well with Australia’s Essential Eight cybersecurity framework. Wilkie highlights that this strategy not only prevents unauthorized access but also reduces noise during detection and response processes. This makes the Essential 8 a solid foundation for cybersecurity, offering a straightforward and effective structure that companies can implement.

At their booth, ThreatLocker aims to raise awareness about their comprehensive offerings beyond application control, including EDR and MDR, and network control modules. Wilkie invites attendees to engage with the team to understand how ThreatLocker’s solutions can fortify their security structures.

The episode teases an upcoming conversation at Zero Trust World in Orlando, where Sean Martin and Jade Wilkie will further explore the event’s takeaways and discuss emerging themes and trends in the cybersecurity space. Don’t miss out on this insightful discussion that promises to deliver valuable information for strengthening cybersecurity efforts.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guests:

Jade Wilkie, Account Executive APAC, ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/

Resources

Essential Eight: https://itspm.ag/threatq55q

Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Balancing Technology and Human Awareness in Cyber Defense: Strategies for Families and Organizations | An Australian Cyber Conference 2024 in Melbourne Conversation with Jacqueline Jayne | On Location Coverage with Sean Martin and Marco Ciappelli

27 november 2024 | 29 min

Guest: Jacqueline Jayne, The Independent Cybersecurity Expert

On LinkedIn | https://www.linkedin.com/in/jacquelinejayne/

At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smict

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures.

One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management.

Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No’ to the ‘Department of K-N-O-W.’” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level.

Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats.

Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens.

The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation.

Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There’s a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It’s not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future.

____________________________

This Episode’s Sponsors

____________________________

Resources

The top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1O

Keeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xG

Security awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsL

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

From Healthcare to Cybersecurity: Leveraging Past Professions to Enhance Cybersecurity Programs | A Conversation with Gina D’Addamio | Redefining CyberSecurity with Sean Martin

26 november 2024 | 45 min

Guest: Gina D’Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]

On LinkedIn | https://www.linkedin.com/in/gina-daddamio

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D’Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.

Gina D’Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.

Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.

Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.

The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.

Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.

Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person’s overall ability to fit within the team and contribute to the organization’s goals.

This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D’Addamio’s story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst and https://itspm.ag/rogershxbp

Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/accelerating-cybersecurity-training-and-innovation-7-minutes-on-itspmagazine-from-black-hat-sector-2024-a-rogers-cybersecure-catalyst-short-brand-innovation-story-with-rushmi-hasham-and-vasu-daggupaty

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Pre-Event Coverage | Different Hats, Shared Goals: Insights and Anticipations for Conversations and Stories from Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin and Marco Ciappelli

24 november 2024 | 10 min

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this pre-event Chats on the Road episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli meet up in person and on location to discuss their excitement and expectations for the upcoming Australia Cybersecurity Conference 2024 in Melbourne. They express their enthusiasm about reuniting with the cybersecurity community and emphasize the significance of the event, which is organized by AISA and supported by notable individuals like Akash Mattel, Megan, and Abbas Kudrati.

Sean and Marco share a light-hearted opening conversation about boats and travels, setting a casual tone before diving into what they look forward to at the conference. The hosts appreciate the opportunity to connect with industry leaders and attendees, emphasizing the importance of stories in operationalizing cybersecurity in business and society.

Sean highlights the need to align technology with business processes while adhering to policies and laws on a global scale. On the other hand, Marco provides a broader perspective on the interaction between individuals, society, and technology, stressing the role of cybersecurity in protecting personal privacy and fostering human interaction — it turns out it's all about the intersection of technology and culture.

The hosts reflect on their past experiences in the cybersecurity field, with Sean sharing an anecdote about a vintage AV hat that represents his journey at Symantec rooted in the Australia. culture. This reflection underscores the value of learning from past and present experiences to shape a better future in cybersecurity.

Sean and Marco discuss the diverse sessions and interactions planned for the event, mentioning notable speakers like Joe Sullivan and Mikko Hypponen. They are particularly excited about the wide range of topics to be covered, from policy and privacy to operational strategies and the human element in cybersecurity.

As they anticipate the week ahead, Sean and Marco invite listeners to engage with them during the conference. They are eager to forge new relationships and gather stories that resonate on a global scale, underscoring the event's potential for fostering meaningful connections and enhancing cybersecurity practices worldwide.

Tune in to hear Sean and Marco's thoughts on what promises to be an exciting and informative week at the Australia Cybersecurity Conference 2024. Whether you're attending the event or staying tuned from afar, this episode sets the stage for the compelling conversations and insights to come.

____________________________

This Episode’s Sponsors

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Bridging Cybersecurity and Finance for Better Insurance Outcomes | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Google Short Brand Innovation Story with Monica Shokrai

22 november 2024 | 7 min

In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.

Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.

A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.

Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.

Another significant point is Google’s innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.

Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.

Learn more about Google Cloud: https://itspm.ag/google-pkap

Note: This story contains promotional content. Learn more.

Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]

On LinkedIn | https://www.linkedin.com/in/monicashokrai/

Resources

Learn more and catch more stories from Google: https://www.itspmagazine.com/directory/google

Simplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The 3-2-1 Rule for Cyber Resiliency | 7 Minutes on ITSPmagazine | An Apricorn Short Brand Innovation Story with Kurt Markley

21 november 2024 | 7 min

Companies, organizations and governments have massive volumes of data, and the primary focus for its security is placed on that which is stored in the cloud, but many are not following best practices of taking the extra steps necessary to ensure their backed up data is secure, complete and uncorrupted. This story is to talk about using the 3-2-1 rule for cyber resiliency (keep three copies of data, on two different formats–both encrypted, one of which is stored off-site and offline) and discuss anecdotes of what can happen when cyber resilience plans are not put in place or followed.

Data is the most important asset an organization has, whether it’s a business, organization or a government. At the same time, the frequency of cyber attacks that compromise data are increasing. Ransomware continues to be a plague, with some reports showing more than 14 publicly claimed attacks daily for the first half of 2024. Having a plan to thwart cyberattack is only part of the strategy. Equally important is how to rapidly recover and restore operations after a ransomware disruption has occurred. Share anecdote about OVHcloud data center that burned down in 2021 with backups in it – all assets destroyed and websites down for days. also might be good to mention the latest ransomware attack on University of Texas healthcare that is still not fully operational, 3 weeks after the attack and counting. it is unknown if they paid the ransom, but if they did and they’re still not operational, that goes to show how unreliable the ransomed data is. Apricorn’s own research shows that only half of U.S. respondents are conducting automatic backups to both a central repository AND a personal repository. Additionally, more than 25% of survey respondents were unable to recover all of their data successfully

If attackers are successfully breaching data and holding it for ransom, organizations have to be able to recover complete backups of their data in order to a) avoid paying the ransom and b) assure the original data needed for restoration of operations is complete and intact, which statistics show, frequently is corrupted and incomplete when ransom is paid. One of the easiest and most effective ways to rapidly restore operations after a ransomware attempt is to keep multiple copies of integrity-checked data so you can fully recover it if it’s compromised. The 3-2-1 rule is a proven cyber resilience best practice. The 3-2-1 rule calls for keeping at least three copies of your data on two different types of media, with one being encrypted and offsite. This is where Apricorn comes into play - we make the highest grade, portable data encryption products on the market. Our products are security focused - 100% software free, FIPS certified, non-Chinese chips and so many unique features such as admin AND user forced enrollment, programmable PIN lengths, brute force defense, self destruct PINS and more.

Learn more about Apricorn: https://itspm.ag/apricomebv

Note: This story contains promotional content. Learn more.

Guest: Kurt Markley, Managing Director, America's, Apricorn [@apricorn_info]

On LinkedIn | https://www.linkedin.com/in/kurt-markley-1596054/

Resources

Securing Data with Hardware Encrypted USB Drives: https://itspm.ag/apricoy0dm

Learn more and catch more stories from Apricorn: https://www.itspmagazine.com/directory/apricorn

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Cyber Heroes in Action: Delivering Advanced Security Measures for Modern Businesses | A ThreatLocker Brand Story with Danny Jenkins

20 november 2024 | 37 min

In this Brand Story episode, Marco Ciappelli and Sean Martin sit down with Danny Jenkins, CEO and co-founder of ThreatLocker, to uncover the fascinating journey and innovative approach of ThreatLocker in the cybersecurity realm. The episode sheds light on the company’s mission, the challenges it faces, and the transformative solutions it offers.

Danny Jenkins recounts the origin story of ThreatLocker, beginning with his early career in IT and his fortuitous stumble into cybersecurity. He explains how witnessing firsthand the devastating impact of ransomware led to the inception of ThreatLocker. His experience with ethical hacking and ransomware recovery highlighted a critical need for more effective IT security solutions, enabling Jenkins to spearhead the development of ThreatLocker with a central philosophy: deny by default.

ThreatLocker’s primary goal is to help organizations implement a zero trust framework by making it as simple and automated as possible. Jenkins emphasizes that effective security requires blocking untrusted software and limiting what trusted software can do. He articulates the importance of learning the intricacies of each environment ThreatLocker protects, from small businesses to massive enterprises like JetBlue. By examining each endpoint and understanding the specific software and dependencies, ThreatLocker ensures that systems remain secure without disrupting daily operations.

One of the key aspects discussed is ThreatLocker’s unique human element combined with technological innovation. Jenkins introduces the concept of their 'cyber hero' team, dedicated to providing 24/7 support. This team is crucial, especially when onboarding new clients or assisting those already affected by ransomware. This commitment to customer service underscores ThreatLocker’s philosophy of not only providing top-tier solutions but ensuring they are successfully implemented and maintained.

Jenkins also touches upon the broader industry challenges, specifically the common pitfalls enterprises fall into by relying on endpoint detection and response (EDR) systems alone. He argues that such systems are often reactive, addressing symptoms rather than root causes. ThreatLocker’s approach, focusing on proactive prevention and least privilege access, aims to mitigate vulnerabilities before they can be exploited.

Finally, Jenkins discusses the future vision for ThreatLocker, highlighting continued growth and innovation. The company’s commitment to maintaining high support levels while expanding its product offerings ensures it remains at the forefront of cybersecurity solutions. Events like Zero Trust World serve as educational opportunities for clients to deepen their understanding and enhance their security postures.

Overall, this episode provides an in-depth look at ThreatLocker’s strategic approach to cybersecurity, emphasizing the importance of proactive prevention, customer service, and continuous improvement.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Danny Jenkins, CEO of ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/

Resources

Zero Trust World Conference: https://itspm.ag/threat5mu1

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Pre Event Coverage | Unveiling Cybersecurity's Future: Joe Sullivan's Keynote Journey to Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin and Marco Ciappelli

20 november 2024 | 28 min

Guest: Joe Sulllivan, CEO at Ukraine Friends [@UkraineFriends_]

On Linkedin | https://www.linkedin.com/in/joesu11ivan/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The discussion begins with Sean and Marco humorously chatting about sunsets in California versus those on the other side of the world, as they prepare for their trip. With excitement in the air, they highlight the conference’s stellar lineup, especially keynote speaker Joe Sullivan, joining the conversation from Sydney. Already immersed in the Australian vibe, Sullivan shares his anticipation for the event and comments on the sunny weather awaiting them.

Sullivan’s career is a fascinating intersection of technology, law, and leadership. From his days as a cybercrime prosecutor to leading security efforts at Facebook and Uber, he offers a unique perspective on the evolution of cybersecurity as both a profession and a global necessity.

Joe Sullivan's Career Journey
Reflecting on his career path, Sullivan describes his journey as a "Jenga pile" built on diverse and dynamic experiences. He recalls his transition from government service to the tech industry during the dot-com boom, driven by curiosity and a hunger for new challenges. His work at companies like eBay, PayPal, and Facebook involved pioneering projects such as building security teams from scratch and shaping policies like responsible disclosure programs.

The Role of Regulation in Cybersecurity
Sullivan and the hosts delve into the crucial topic of regulation in cybersecurity. Drawing on his experiences, Sullivan underscores the disparity in resources between regulated and unregulated sectors, pointing to financial services and healthcare as examples. He advocates for smart, balanced regulations to ensure cybersecurity initiatives are well-funded and effective, emphasizing that structure is key to protecting industries and consumers alike.

Connecting with Security Professionals Globally
Through his global speaking engagements and commitment to attending conferences in full, Sullivan has gained valuable insights into the shared challenges facing security professionals worldwide. He highlights the universal nature of these challenges and the importance of collaboration across borders. His passion for fostering connections within the cybersecurity community resonates strongly in today’s interconnected world.

Humanitarian Efforts Beyond Cybersecurity
Beyond his professional endeavors, Sullivan shares his inspiring humanitarian work, particularly his efforts to support Ukraine through laptop donations. These initiatives, born from his professional network, illustrate the profound impact the cybersecurity community can have on broader global issues. By using technology to aid children’s education in conflict zones, Sullivan underscores the power of tech to bring hope and stability to those in need.

Conclusion
As the Australian Cyber Conference 2024 approaches, Joe Sullivan’s insights set a compelling tone for discussions about the future of cybersecurity. His message of resilience, adaptability, and global cooperation will undoubtedly inspire attendees. For those ready to engage and learn, Sean Martin and Marco Ciappelli warmly invite you to join them in Melbourne for this transformative event — and of course, follow them subscribing to their podcast if you cannot be there.

____________________________

This Episode’s Sponsors

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Resources

UkraineFriends: https://itspm.ag/ukrainwwmj

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

When Risk Management and Information Security Resonate with Hearts and Minds | A Conversation with Nadine Michaelides and Julie Haney | Redefining CyberSecurity with Sean Martin

20 november 2024 | 39 min

Guests:

Nadine Michaelides, CEO / VD, Anima People

On LinkedIn | https://www.linkedin.com/in/nadinemichaelides/

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

Imagine a world where employees aren't just potential risks, but the vanguard of cyber defense. A world where the human element, long considered the weakest link in security, becomes the cornerstone of an impenetrable digital fortress.

The latest episode of the Human Centered sub-series on the Redefining CyberSecurity podcast features a compelling discussion with Nadine Michaelides, a security and crime psychologist, researcher at University College London, speaker, and entrepreneur. Julie Haney co-hosts the episode with Sean Martin, discussing the critical role employees play in strengthening cybersecurity defenses.

Nadine Michaelides shares her insights on the shift from viewing employees as potential risks to recognizing them as essential components of a robust cybersecurity strategy. This approach emphasizes the importance of understanding the human element in security and integrating psychological principles to improve employee engagement and motivation. Unlike purely technical measures, human-centered cybersecurity focuses on fostering intrinsic motivation and creating a culture where security is an integral part of daily operations.

The conversation highlights the importance of moving beyond mere awareness campaigns. According to Michaelides, simply making employees aware of security risks is insufficient. Organizations must focus on creating intrinsic motivation, ensuring that employees understand and internalize the significance of their actions. This can be achieved through effective training, clear communication, and involving employees in security initiatives.

Michaelides also introduces the concept of human risk management, which involves assessing and addressing the psychological and behavioral factors that influence cybersecurity. She stresses the need for a multidisciplinary approach, incorporating insights from psychology, sociology, and organizational behavior to create comprehensive security strategies. This holistic approach helps organizations identify and mitigate risks more effectively, as it considers the diverse motivations and behaviors of employees.

Sean Martin raises an interesting point about how personal risk assessments can parallel organizational security measures. He suggests that just as individuals assess the risks associated with their actions and make informed decisions, organizations should empower employees to understand and manage their own cybersecurity risks. This empowerment can lead to more proactive and responsible security behaviors.

The discussion also touches on the significance of cultural factors in cybersecurity. Michaelides explains that security initiatives must resonate with the cultural values and norms of the workforce to be truly effective. This involves creating tailored security content that reflects the diverse backgrounds and experiences of employees, making it relevant and engaging for everyone.

Julie Haney underscores the potential of employee feedback loops in enhancing security measures. She suggests that organizations should actively seek input from employees to identify pain points and areas for improvement in their security practices. By involving employees in the development and refinement of security protocols, organizations can create a more supportive and effective security culture.

In conclusion, the episode presents a forward-thinking perspective on cybersecurity, advocating for a shift from traditional, top-down approaches to more inclusive and employee-centered strategies. By recognizing and leveraging the human element, organizations can transform their employees from potential vulnerabilities into key defenders of digital assets.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Black Hat Announces Content Lineup for Black Hat Europe 2024 | 2 Minutes on ITSPmagazine

19 november 2024 | 2 min

SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event | 2 Minutes on ITSPmagazine

18 november 2024 | 2 min

SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto.

Show highlights for 2024 included:

● Keynotes: This year’s event featured two Keynote presentations. The opening Keynote was presented by Leigh Honeywell, founder and CEO of Tall Poppy, and the second Keynote was presented by Omkhar Arasaratnam, Distinguished Engineer for Security at LinkedIn.

● Business Hall: This year’s Business Hall showcased the latest products and technologies from more than 140 of the industry’s leading cybersecurity solution providers. The Business Hall also featured areas for attendee, vendor, and community engagement through Exhibitor Booths, Arsenal, Sponsored Sessions, Bricks & Picks, and the Community Lounge.

● Summits: On Tuesday, October 22, the event featured a full day of Summit content, including the ninth annual SecTor Executive Summit, the inaugural The AI Summit at SecTor, and the ninth annual Cloud Security Summit at SecTor.

● Scholarships: As a way to introduce the next generation of security professionals to the SecTor community, SecTor awarded a total of 37 complimentary SecTor 2024 Briefings passes. Black Hat holds its own annual Student and Veteran Scholarship programs, and partners with a variety of associations on additional scholarship opportunities.

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.businesswire.com/news/home/20241030638106/en/SecTor-2024-Announces-Record-Breaking-Attendance-Following-Successful-Close-of-Toronto-Event

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Leveraging Data for Cyber Insurance to Bring Consistency and Clarity in Underwriting | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Trium Cyber Short Brand Innovation Story with Josh LaDeau

16 november 2024 | 7 min

In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages.

Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately.

Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market.

The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses.

Learn more about Trium Cyber: https://itspm.ag/hitrusi2it

Note: This story contains promotional content. Learn more.

Guest: Josh LaDeau, CEO, Trium Cyber

Resources

Learn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrust

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach | A SecTor Cybersecurity Conference Toronto 2024 Conversation withChristine Dewhurst and Dr. Thomas Lee | On Location Coverage

9 november 2024 | 27 min

First of its Kind Cyber Insurance Product Exclusively Available to HITRUST-Certified Customers | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Blake Sutherland and Robert Booker

8 november 2024 | 31 min

In this Brand Story episode, Sean Martin brings together the team from HITRUST, Robert Booker and Blake Sutherland, to discuss the topic of cyber insurance and its current state in the industry. Both guests bring a wealth of experience and insight, with Robert Booker overseeing strategy, research, and innovation at HITRUST, and Blake Sutherland serving as the EVP of Market Engagement.

A significant portion of the discussion centers around the role of cyber insurance in today's business environment. Cyber insurance is not just a safety net but a critical aspect of a complete risk management strategy. As Robert Booker points out, it’s an essential service, historically used to cover residual risk after companies have applied their own security measures. However, the market has changed considerably, with new capabilities and approaches evolving over the past several years, making it a dynamic area.

Blake Sutherland further elaborates on the issues that organizations face in acquiring cyber insurance today. The process is often cumbersome, involving extensive questionnaires and varied requirements from different underwriters. This can be particularly challenging for mid-market companies that may lack the internal resources to manage these complexities.

The episode highlights that HITRUST is addressing these challenges with their R2 certification, which provides an objective, quantifiable measure of an organization’s cybersecurity posture. This certification helps companies not only in fortifying their own security but also in streamlining the insurance acquisition process by offering a standardized measure that underwriters can rely on. According to Robert Booker, this quantified approach can make a significant difference, offering confidence to both the insured and the insurer.

Another important aspect discussed is the role of brokerage in this process. Brokers traditionally guide companies through the insurance process, and an R2 certification from HITRUST can greatly assist them in securing better terms and conditions, as it is recognized as a testament to a company's robust security posture. This can also translate into potentially lower premiums and more reliable coverage, addressing one of the largest pain points in securing cyber insurance.

The HITRUST Shared Risk Facility is made available exclusively through licensed brokers and can be accessed by any company holding an R2 certification, with plans to extend to I1 and E1 levels in the future. This facility aims to simplify the process, reduce the administrative burden on companies, and provide greater reliability in the insurance coverage.

The episode wraps up with an invitation for organizations, brokers, and underwriters to engage with HITRUST to explore these innovative solutions. It’s a call to improve the overall confidence in the insurance landscape through verified, independent measures of cybersecurity maturity, ultimately benefiting all parties involved in the cyber insurance ecosystem.

Explore how HITRUST’s R2 certification can enhance your organization's cybersecurity posture and streamline your cyber insurance process.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Resources

HITRUST 2024 Trust Report: https://itspm.ag/hitrusi2it

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Bringing a Consistent, Personable and Hands-On Approach to Compliance | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A IS Partners Short Brand Innovation Story with Ian Terry and Robert Godard

7 november 2024 | 7 min

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.

Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.

One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.

The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.

Learn more about IS Partners: https://itspm.ag/isparto2jk

Note: This story contains promotional content. Learn more.

Guests:

Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/ian-terry/

Robert Godard, Partner, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/

Resources

Learn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partners

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Future of Cybersecurity at the Australian Cyber Conference 2024, in Melbourne | A Pre-Event Conversation with Akash Mittal | On Location Coverage with Sean Martin and Marco Ciappelli

7 november 2024 | 35 min

Guest: Akash Mittal, CISO, Group Security, Sumitomo Forestry Australia

On LinkedIn | https://www.linkedin.com/in/akashgmittal/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Welcome to Melbourne for AU Cyber Con 2024
From November 26th to 28th, Melbourne will transform into the epicenter of cybersecurity as it hosts AU Cyber Con 2024. Organized by the Australian Information Security Association (AISA), the conference brings a diverse lineup of global thought leaders and innovators to the stage, all focused on shaping the next wave of cybersecurity.

Conference Highlights and Theme
The theme, "The Future is Now," reflects the urgent need for organizations and individuals alike to adapt to our rapidly changing digital landscape. Over three days, the event will feature 440+ speakers and 350 sessions, offering a deep dive into the intersection of cybersecurity, society, and technology.

Engage with Industry Leaders
This year’s lineup includes top voices in cybersecurity and beyond, like former Facebook CSO Joe Sullivan, astronaut Jose Hernandez, and security icon Mikko Hypponen. With appearances from cultural figures such as actor Kal Penn, the event will highlight the broader societal impact of cybersecurity, demonstrating how it affects everything from the arts to government policy.

Interactive Villages and Hands-On Workshops
AU Cyber Con goes beyond the stage with interactive villages like the Careers Village, Lockpicking Village, and AI Village. Here, attendees can gain hands-on experience with everything from physical security tools to AI applications and prompt injections. For those interested in personal brand-building, industry insights, or getting into the nuts and bolts of cybersecurity, these workshops offer something for everyone.

Spotlight on Sponsors and Exhibitors
With support from over 150 exhibitors, the event provides a unique opportunity for attendees to connect with leading companies and uncover the latest in cybersecurity tech. For exhibitors, it’s a valuable chance to meet professionals tackling real-world cybersecurity challenges head-on.

Fostering Global Collaboration
AU Cyber Con 2024 emphasizes the need for global teamwork to advance cybersecurity. Government representatives and international delegates will discuss strategic initiatives and regulatory advancements to strengthen cyber resilience. This gathering is the perfect platform to build connections, share ideas, and work toward a unified digital security future.

Looking Ahead: Coverage from ITSPmagazine
Sean Martin and Marco Ciappelli will be covering AU Cyber Con in real time. Join us for pre-event discussions, live updates, and post-event insights—all crafted to keep you connected to the latest innovations and collaborations shaping the future of cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/asia24

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Transforming Compliance and Revolutionizing Cybersecurity | A HITRUST Collaborate 2024 Conversation with Ryan T. Patrick | On Location Coverage with Sean Martin

31 oktober 2024 | 36 min

Guests: Ryan T. Patrick, Vice President of Adoption, HITRUST

On LinkedIn | https://www.linkedin.com/in/ryan-patrick-3699117a/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

In On Location Podcast episode, Sean Martin had a recap conversation with Ryan T. Patrick, engaging about the pivotal topics surrounding HITRUST and its Collaborate Conference. Ryan Patrick, Director of Corporate Audit and Compliance Operations at HITRUST, provided insightful commentary on HITRUST's mission and its recent initiatives to strengthen cybersecurity and compliance across various sectors. Throughout the episode, Ryan emphasized the significance of HITRUST's annual event, Collaborate. The conference serves as a central hub for customers, assessors, partners, auditors, security, and privacy professionals to share insights and build relationships.

One key discussion topic was the evolving concept of continuous assurance. Ryan highlighted how HITRUST is striving to transform annual assessments into a continuous process, enabling organizations to better manage and understand their security posture throughout the year. This shift aims to make security and compliance efforts more proactive and less burdensome.

Sean and Ryan also touched on the important role of HITRUST's Results Distribution System (RDS). This innovative system allows organizations to receive structured assessment results, which can be integrated seamlessly into GRC platforms like ServiceNow. By utilizing RDS, companies can more effectively compare vendor assessments and manage risk in a streamlined manner.

Another significant highlight from the conference was the announcement of HITRUST's first AI security certification. Set to launch in December, this certification will provide a comprehensive framework for securing AI technologies. Ryan explained that this initiative addresses the rising concerns around AI security by focusing on the controls needed to safeguard AI deployments. In addition, the certification will ensure that the underlying infrastructure supporting AI meets high-security standards.

Cyber insurance was another critical topic discussed. HITRUST's partnership with leading insurers has led to the creation of a cyber insurance product tailored for HITRUST-certified organizations. This product offers a 25% premium reduction for those who achieve HITRUST certification, potentially leading to lower premiums and higher coverage limits. Ryan noted that the product is designed to reward organizations that have demonstrated robust cybersecurity practices through their HITRUST certification.

The conversation wrapped up with a mention of HITRUST's impressive Trust Report statistics. According to Ryan, less than 1% of HITRUST-certified organizations experienced a security breach in the past two years, compared to over 50% of non-certified entities. This stark difference underscores the effectiveness of HITRUST's rigorous assessment and certification process in enhancing organizational security. Ryan’s insights during this episode illuminate the critical role HITRUST plays in advancing cybersecurity and compliance.

The initiatives discussed not only demonstrate HITRUST's commitment to innovation but also highlight practical steps organizations can take to fortify their security posture and achieve greater assurance in an increasingly interconnected world. This collaborative spirit and dedication to continuous improvement continue to set HITRUST apart as a leader in the field.

____________________________

This Episode’s Sponsors

https://itspm.ag/levelbjk57

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Guiding Organizations on the Next Steps in Their Compliance Journey | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | An A-LIGN Short Brand Innovation Story with Shreesh Bhattarai

31 oktober 2024 | 7 min

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.

A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN’s experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.

Learn more about A-LIGN: https://itspm.ag/a-lign-uz1w

Note: This story contains promotional content. Learn more.

Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]

On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/

Resources

Learn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lign

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty

24 oktober 2024 | 7 min

The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.

Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university’s national hub for cyber education. The organization’s focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.

Vasu Daggupaty explains that the Catalyst’s training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.

The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst’s Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program’s design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.

Additionally, the Catalyst’s corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada’s cybersecurity skills shortage and enhancing the nation’s defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.

Learn more about Rogers Cybersecure Catalyst: https://itspm.ag/rogershxbp

Note: This story contains promotional content. Learn more.

Guests:

Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure Catalyst

On LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/

Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure Catalyst

On LinkedIn | https://www.linkedin.com/in/vdaggupaty/

Resources

Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Effectively Managing a Growing Compliance Program While Minimizing Audit Fatigue | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Schellman Short Brand Innovation Story with Michael Parisi and Ryan Meehan

23 oktober 2024 | 7 min

Schellman, founded in 2002 as SAS 70 Solutions, was originally focused on just one audit standard; the SAS 70 (subsequently replaced by SOC 2). As the client base grew so did the request to perform other audits outside of the SAS 70. Schellman grew its offerings over the past 20+ years by identifying client needs and then determining if we have the skillset and expertise to deliver high quality work. We have always stayed true to our core strengths and expertise, which is why Schellman is the only Top 100 CPA firm that specializes in IT Audit and Cybersecurity.

Schellman provides full-spectrum cybersecurity third-party audits, assessments, and certifications. In a marketplace with growing cybersecurity compliance needs, organizations are struggling to incorporate additional framework and regulations in an efficient and effective way. At Schellman we harnesses our expertise and deep knowledge across the compliance standards to roadmap audits throughout the year that promotes the highest return on evidence collection and subject matter expert time.

By performing specific assessments in a staggered or parallel fashion, Schellman is able to collect once and test many; both in terms of information from subject matters experts and evidence from business stakeholders. The broad range of our compliance offerings, along with our combined audit approach and depth of expertise sets Schellman apart. Schellman's approach was built to provide expertise and quality work while valuing and respecting the time and stress assessments/audits place on an organization.

Learn more about Schellman: https://itspm.ag/schellman9a6v

Note: This story contains promotional content. Learn more.

Guests:

Michael Parisi, Head of Client Acquisition, Schellman [@Schellman]

On LinkedIn | https://www.linkedin.com/in/michael-parisi-4009b2261/

Ryan Meehan, Director, Schellman [@Schellman]

On LinkedIn | https://www.linkedin.com/in/ryan-meehan-cisa-cissp-ccsfp-iso-lead-cipp-71a5939

Resources

Learn more and catch more stories from Schellman: https://www.itspmagazine.com/directory/schellman

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk

22 oktober 2024 | 7 min

In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.

Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.

Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.

Note: This story contains promotional content. Learn more.

Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]

On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/

Resources

Learn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentext

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

LevelBlue Futures Report: Cyber Resilience in Retail | 7 Minutes on ITSPmagazine | A LevelBlue Short Brand Innovation Story with Theresa Lanowitz

21 oktober 2024 | 7 min

Retailers today continue to grapple with unforeseen issues as supply chain attacks become more common and vulnerabilities from third-party sources emerge as major threats.

Of the 1,050 C-suite and senior executives surveyed, 86% of respondents anticipate that dynamic computing will enhance operational performance within the next three years, especially in AI strategy development and leveraging sophisticated supply chains. However, 82% acknowledge the increased exposure to risk.

In this age of dynamic computing, retail organizations encounter both significant opportunities and risks. With traditional security boundaries fading and conventional security measures proving inadequate, retail leaders must adopt a comprehensive approach to ensure overall cyber resilience.

To better achieve cyber resilience in the retail industry, LevelBlue shares five specific steps that can be applied across industries, directly in response to these findings: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies.

To learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Leveraging AI for Effective Healthcare Solutions | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Walter Haydock and Steve Dufour

17 oktober 2024 | 26 min

The Emergence of Innovative Partnerships: As AI becomes increasingly integral across industries, healthcare is at the forefront of adopting these technologies to improve patient outcomes and streamline services. Sean Martin emphasizes the collaboration between StackAware and Embold Health, setting the stage for a discussion on how they leverage HITRUST to enhance healthcare solutions.

A Look into StackAware and Embold Health: Walter Haydock, founder and CEO of StackAware, shares the company's mission to support AI-driven enterprises in measuring and managing cybersecurity compliance and privacy risks. Meanwhile, Steve Dufour, Chief Security and Privacy Officer of Embold Health, describes their initiative to assess physician performance, guiding patients toward top-performing providers.

Integrating AI Responsibly: A key theme throughout the conversation is the responsible integration of generative AI into healthcare. Steve Dufour details how Embold Health developed a virtual assistant using Azure OpenAI, ensuring users receive informed healthcare recommendations without long-term storage of sensitive data.

Assessment Through Rigorous Standards: Haydock and Dufour also highlight the importance of ensuring data privacy and compliance with security standards, from conducting penetration tests to implementing HITRUST assessments. Their approach underscores the need to prioritize security throughout product development, rather than as an afterthought.

Navigating Risk and Compliance: The conversation touches on risk management and compliance, with both speakers emphasizing the importance of aligning AI initiatives with business objectives and risk tolerance. A strong risk assessment framework is essential for maintaining trust and security in AI-enabled applications.

Conclusion: This in-depth discussion not only outlines a responsible approach to incorporating AI into healthcare but also showcases the power of collaboration in driving innovation. Sean Martin concludes with a call to embrace secure, impactful technologies that enhance healthcare services and improve outcomes.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Walter Haydock, Founder and CEO, StackAware

On LinkedIn | https://www.linkedin.com/in/walter-haydock/

Steve Dufour, Chief Security & Privacy Officer, Embold Health

On LinkedIn | https://www.linkedin.com/in/swdufour/

Resources

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Unveiling AI's Impact and Challenges at SECTOR 2024 | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Helen Oakley and Larry Pesce | On Location Coverage with Sean Martin and Marco Ciappelli

10 oktober 2024 | 23 min

Guests:

Helen Oakley, Director of Secure Software Supply Chains and Secure Development, SAP

On LinkedIn | https://www.linkedin.com/in/helen-oakley

On Twitter | https://x.com/e2hln

On Instagram |https://instagram.com/e2hln

Larry Pesce, Product Security Research and Analysis Director, Finite State [@FiniteStateInc]

On LinkedIn | https://www.linkedin.com/in/larrypesce/

On Twitter | https://x.com/haxorthematrix

On Mastodon | https://infosec.exchange/@haxorthematrix

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Sean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today.

The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations.

Preventing the AI Apocalypse

One of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes.

Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components.

AI BOM: A Tool for Understanding and Compliance

The conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time.

Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts.

Engagement at the CISO Executive Summit

The speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment.

Conclusion: A Call to Be Prepared

As the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

SecTor 2024 Announces Summit Schedule | 2 Minutes on ITSPmagazine

10 oktober 2024 | 2 min

Strategies for Effective Cybersecurity Governance and Protection to Better Balance Innovation and Regulation in Cybersecurity | CISO Circuit Series with Mandy Huth and Whitney Merrill | Michael Piacente and Sean Martin | Redefining CyberSecurity Podcast

10 oktober 2024 | 48 min

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests:

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

Mandy Huth, Global CISO - VP of Cybersecurity, Kohler Co.

On LinkedIn | https://www.linkedin.com/in/mandyhuth/

Whitney Merrill, Head of Global Privacy & Data Protection Officer, Asana [@asana]

On LinkedIn | https://www.linkedin.com/in/whitney-merrill-5ab05012/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the CISO Circuit series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Michael Piacente lead an engaging discussion about the current state of cybersecurity leadership, liability, and protection. Their conversation features insights from two distinguished guests: Mandy Huth, an enterprise security leader with over 20 years of experience, and Whitney Merrill, a privacy attorney with a strong background in computer science and legal frameworks around consumer protection.

The discussion opens with an exploration of individual liability for cybersecurity leaders and broader business leadership within organizations. Whitney Merrill argues that regulators like the FTC and SEC are increasingly holding individuals accountable for security and privacy lapses. The conversation highlights notable cases where executives have faced scrutiny, emphasizing the growing expectation for tangible processes and proper security postures within organizations.

Mandy Huth underscores the importance of shared responsibility and accountability within a business, noting that security decisions are not made in isolation. She advocates for a collaborative approach where security leaders outline risks comprehensively to allow for informed decision-making across the executive team. Huth also expresses concern over the proliferation of CYA (Cover Your Ass) practices that prioritize documentation over meaningful risk mitigation, warning that this can dilute the effectiveness of security programs.

Another central theme in the episode centers on the need for standardized frameworks and a common language to articulate risk across an organization. Both guests highlight the need for clear, consistent communication of risks to build a unified understanding among all stakeholders, from the board to individual teams. Piacente and Merrill emphasize that while existing frameworks like NIST and ISO provide a foundation, there is an ongoing need to adapt these frameworks to align with industry-specific contexts and evolving regulatory expectations.

A significant takeaway from the conversation is the role of systemic risk and the potential outsized impact of seemingly minor vulnerabilities. Huth and Merrill caution against underestimating these risks and advocate for continuous improvement and adaptation of security measures. They suggest that prioritizing business-friendly security practices can help foster greater adoption and collaboration across the enterprise.

The episode concludes with reflections on the future landscape of cybersecurity regulation and practice. Whitney Merrill envisions a shift towards democratizing security, making it more accessible and achievable for small businesses through standardized, affordable solutions. Meanwhile, Huth calls for a balance between regulatory clarity and flexibility to ensure innovative small businesses can thrive without being stifled by onerous security requirements.

Overall, the conversation provides valuable insights into the complexities of cybersecurity management, emphasizing the importance of collaboration, clear communication, and adaptability in navigating modern security challenges. These discussions are essential for any business leader or security professional looking to enhance their organization's resilience against cyber threats.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

9 oktober 2024 | 24 min

Guest: Steve Wylie, Vice President, Cybersecurity Portfolio

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards.

This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies.

The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area.

Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements.

In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

HITRUST Collaborate 2024 Keynote—Industry Perspectives: Charting The Path Forward—Innovations in Security and Assurance | A Conversation with Dan Nutkis, Robert Booker, Omar Khawaja, Cliff Baker, and Andrew Hicks | On Location Coverage with Sean Martin

4 oktober 2024 | 50 min

Guests:

Dan Nutkis, Founder and Chief Executive Officer of HITRUST

On LinkedIn | https://www.linkedin.com/in/daniel-nutkis-339b93b/

Robert Booker, Chief Strategy Officer at HITRUST

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Omar Khawaja, CISO, Client at Databricks

On LinkedIn | https://www.linkedin.com/in/smallersecurity/

Cliff Baker, CEO at CORL Technologies

On LinkedIn | https://www.linkedin.com/in/cliffbaker/

Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter

On LinkedIn | https://www.linkedin.com/in/aehicks2000/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

This episode of the On Location series takes place during HITRUST Collaborate 2024 brought together leading figures in cybersecurity to share their experiences and insights. Moderated by Sean Martin, host of the Redefining CyberSecurity Podcast, the panel included Dan Nutkis, Founder and Chief Executive Officer of HITRUST; Robert Booker, Chief Strategy Officer at HITRUST and former Chief Information Security Officer at UnitedHealth Group; Omar Khawaja, CISO, Client at Databricks and former Chief Information Security Officer at Highmark Health; Cliff Baker, CEO at CORL Technologies and Managing Partner at Meditology Services; and Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter.

The session kicked off with Sean Martin highlighting the importance of collaboration and conversation within the cybersecurity community. Dan Nutkis reflected on the early beginnings of HITRUST in 2007 and discussed the initial goal of establishing a comprehensive and effective framework for security. Nutkis highlighted the organization's ongoing commitment to continuous improvement and adaptability in addressing security needs.

Omar Khawaja emphasized the need for setting high-security bars and how HITRUST has been instrumental in providing robust frameworks that simplify complex compliance requirements. He shared how Highmark Health leveraged the HITRUST certification to streamline their third-party risk management, ensuring better outcomes with fewer resources. According to Khawaja, HITRUST’s efforts in adapting to market needs and developing new assurance levels like the i1 and e1 have been vital in meeting evolving security demands.

Cliff Baker discussed the innovation driven by HITRUST in the compliance space. Baker stressed the importance of the HITRUST ecosystem, which is designed not only to meet today’s security challenges but to anticipate future needs. The assurance framework and transparency provided by HITRUST have proven essential in building and maintaining trust within the healthcare industry.

Andrew Hicks praised the rigorous QA process that HITRUST employs, which ensures that certified organizations maintain high standards of security. He emphasized how this rigorous process not only helps organizations achieve certification but also transforms their overall approach to cybersecurity.

Robert Booker spoke about the continuous curiosity and commitment required to stay ahead in cybersecurity. He highlighted how HITRUST’s data-driven approach and innovations in areas like AI and continuous monitoring are crucial in maintaining relevance and enhancing security outcomes.

Throughout the discussion, the panelists collectively underscored the importance of a robust, adaptable, and comprehensive security framework. HITRUST's continuous innovation and commitment to addressing real-world security challenges position it as a leader in the industry. The collaborative efforts of HITRUST and its community not only improve organizational security but also strengthen the overall reliability of the healthcare system.

As HITRUST continues to evolve and introduce new initiatives, it remains a pivotal player in setting high security and compliance standards. The insights shared during this episode of On Location provide a glimpse into the future of cybersecurity and the ongoing efforts to safeguard sensitive data in the healthcare sector.Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

HITRUST Achieves Major Milestone with Availability of Solution Making it Practical to Manage Third-Party (Information Security) Risk | 2 Minutes on ITSPmagazine

3 oktober 2024 | 2 min

Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 3 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin

2 oktober 2024 | 28 min

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)

On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the third and final installment of the series titled "Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals," Sean Martin continues his compelling conversation with Kush Sharma. This episode focuses on the critical aspects of team dynamics, project management, and stakeholder engagement in the realm of cybersecurity.

Kush Sharma elaborates on the importance of establishing a well-structured and communicated vision for security operations within an organization. He emphasizes the necessity of setting expectations with security teams before any major project initiation. According to Sharma, transparency is vital. Security leaders must candidly discuss with their teams that not every decision will tip in their favor, but their role is to advocate for security while being adaptable to business needs. He stresses the importance of documenting and following up on risk mitigation measures even if they aren't implemented immediately.

Sharma also sheds light on the concept of integrating business and security functions more seamlessly. He proposes not just embedding security into business but also bringing business personnel into the security fold. By having business unit members work within security teams temporarily, organizations can build a robust line of communication and mutual understanding. This cross-functional approach creates internal champions for security measures and helps significantly cut costs as internal personnel generally have lower operational costs compared to external consultants.

A significant portion of the episode revolves around the nuanced engagement with different stakeholders, particularly at the executive level. Sharma advises CISOs to view themselves as peers to other C-suite executives, prepared to defend their positions and decisions vigorously. It's crucial for CISOs to maintain this executive-level mindset and openly communicate the broader business implications of security decisions. Sharma highlights that making a business case for security and showing tangible returns on investment can secure better funding and support from the executive team, leading to more substantial investments in long-term security measures.

Sean Martin wraps up the episode by touching on the importance of storytelling in cybersecurity. By translating technical achievements and risk mitigation efforts into relatable stories, CISOs can effectively communicate the value of their work across the organization. These narratives help ensure security remains a priority in business strategies and operations, fostering an environment where security considerations are integral to planning and executing new initiatives.

In conclusion, the episode provides essential insights for current and aspiring CISOs on navigating the complexities of internal communications, leadership, and strategic planning in cybersecurity. Both Kush Sharma and Sean Martin offer practical advice and strategies that can help elevate the role of security within any organization, thereby protecting its infrastructure and supporting its growth objectives.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

HITRUST Announces Continuous Assurance through the Proven HITRUST Ecosystem | 2 Minutes on ITSPmagazine

2 oktober 2024 | 2 min

Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and Marco Ciappelli

30 september 2024 | 23 min

Guest: Sagar Bhure, Senior Security Researcher, F5 [@F5]

On LinkedIn | https://www.linkedin.com/in/sagarbhure/

At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#sagar-bhure-45119

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The authenticity of audio and visual media has become an increasingly significant concern. This episode explores this critical issue, featuring insights from Sean Martin, Marco Ciappelli, and guest Sagar Bhure, a security researcher from F5 Networks.

Sean Martin and Marco Ciappelli engage with Bhure to discuss the challenges and potential solutions related to deepfake technology. Bhure reveals intricate details about the creation and detection of deepfake images and videos. He emphasizes the constant battle between creators of deepfakes and those developing detection tools.

The conversation highlights several alarming instances where deepfakes have been used maliciously. Bhure recounts the case in 2020 where a 17-year-old student successfully fooled Twitter’s verification system with an AI-generated image of a non-existent political candidate. Another incident involved a Hong Kong firm losing $20 million due to a deepfake video impersonating the CFO during a Zoom call. These examples underline the serious implications of deepfake technology for misinformation and financial fraud.

One core discussion point centers on the challenge of distinguishing between real and artificial content. Bhure explains that the advancement in AI and hardware capabilities makes it increasingly difficult for the naked eye to differentiate between genuine and fake images. Despite this, he mentions that algorithms focusing on minute details such as skin textures, mouth movements, and audio sync can still identify deepfakes with varying degrees of success.

Marco Ciappelli raises the pertinent issue of how effective detection mechanisms can be integrated into social media platforms like Twitter, Facebook, and Instagram. Bhure suggests a 'secure by design' approach, advocating for pre-upload verification of media content. He suggests that generative AI should be regulated to prevent misuse while recognizing that artificially generated content also has beneficial applications.

The discussion shifts towards audio deepfakes, highlighting the complexity of their detection. According to Bhure, combining visual and audio detection can improve accuracy. He describes a potential method for audio verification, which involves profiling an individual’s voice over an extended period to identify any anomalies in future interactions.

Businesses are not immune to the threat of deepfakes. Bhure notes that corporate sectors, especially media outlets, financial institutions, and any industry relying on digital communication, must stay vigilant. He warns that deepfake technology can be weaponized to bypass security measures, perpetuate misinformation, and carry out sophisticated phishing attacks.

As technology forges ahead, Bhure calls for continuous improvement in detection techniques and the development of robust systems to mitigate risks associated with deepfakes. He points to his upcoming session at Sector in Toronto, where he will delve deeper into 'Hacking Deepfake Image Detection Systems with White and Black Box Attacks,' offering more comprehensive insights into combating this pressing issue.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Hacking Deepfake Image Detection System with White and Black Box Attacks: https://www.blackhat.com/sector/2024/briefings/schedule/#hacking-deepfake-image-detection-system-with-white-and-black-box-attacks-40909

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

HITRUST Announces Industry-Leading AI Security Certification | 7 Minutes on ITSPmagazine | A HITRUST Short Brand Innovation Story with Jeremy Huval

28 september 2024 | 7 min

HITRUST will launch its AI Security Certification in December 2024, addressing the unique security risks of artificial intelligence systems. As AI reshapes the cybersecurity landscape, existing control frameworks, including HITRUST CSF, do not fully address new and evolving threats. The certification offers prescriptive controls to help secure AI deployments effectively.

Targeted at AI platform and product providers, this certification is an optional extension to HITRUST CSF validated assessments. It addresses AI-specific threats alongside traditional cybersecurity risks, focusing on security practices for AI/ML deployments, including generative AI.

The certification integrates with third-party risk management (TPRM) platforms, enabling more efficient workflows for managing AI solution security. This helps organizations manage AI risk, adopt AI solutions with confidence, and reduce complexity, time, and costs.

Designed to enhance third-party AI risk management, the certification allows organizations to identify shared security responsibilities between AI providers and users. It ensures greater trust and security across AI deployments, helping businesses stay ahead of emerging AI threats.

The draft certification specification is open for public comment until October 17, 2024.

To learn more and to provide feedback visit: https://www.manula.com/manuals/hitrust/ai-security-certification-requirements-draft/1/en/topic/about

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guest: Jeremy Huval, Chief Innovation Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/jeremyhuval/

Resources

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Building Resilient Applications and APIs: The Importance of Security by Design to Ensure Data Protection | An Imperva Brand Story with Lebin Cheng

25 september 2024 | 37 min

In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.

Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.

Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.

Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.

In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/lebin/

Resources

Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Ashley Jess | On Location Coverage with Sean Martin and Marco Ciappelli

24 september 2024 | 23 min

Guest: Ashley Jess, Senior Intelligence Analyst, Intel 471 [@Intel471Inc]

At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#ashley-jess-48633

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As part of their Chats on the Road for the On Location series during SecTor in Toronto, Sean Martin and Marco Ciappelli had an engaging conversation with Ashley Jess, a Senior Threat Intelligence Analyst from Intel471.

The discussion centered on the intricacies of artificial intelligence (AI), its uses, and its abuses in the realm of cybersecurity. Ashley's upcoming presentation titled "Hello from the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation, and Scam Campaigns" sets the stage for an in-depth exploration into the dark side of AI. Ashley gives a glimpse into how AI is being utilized for nefarious purposes, highlighting the connection between generative AI and disinformation campaigns. She explains how AI has been used to create politically motivated fake graffiti, deepfake videos with celebrities, and even entirely fabricated news websites.

She emphasizes that the lowest barrier to entry for generating such content is lower than ever, making it easy for bad actors to create and spread false information swiftly. She mentions a particularly interesting case during the Olympics, where an entire propaganda movie starring a deepfake Tom Cruise was produced for political purposes. This example underscores the potential of AI to convincingly spread disinformation on a massive scale. She also points out how scam campaigns are increasingly leveraging AI, making them more believable and harder to detect.

One crucial topic Ashley touches on is the matter of responsibility in combating these threats. She discusses the need for more robust government regulations and the role of various technology vendors in detecting and preventing the misuse of AI. She highlights the importance of technologies like Web3 and blockchain for content provenance.

According to Ashley, integrating such measures into platforms used by everyday people can help mitigate the risks posed by AI-generated disinformation. Marco Ciappelli adds to this by reflecting on how easy it is to create misleading content and target vulnerable populations. He points out that ordinary citizens, who are not as vigilant or technologically savvy, are at greater risk. On this note, Sean Martin questions who should be responsible for protecting individuals and organizations from AI-based threats.

The discussion also touches on the ethical aspects of AI and its dual-use nature—where technological advancements can be both beneficial and harmful. Ashley emphasizes the need for a balanced approach that considers both the legitimate applications of AI technology and its potential for abuse. Ashley Jess is enthusiastic about her upcoming talk at SecTor where she promises to delve further into these critical issues.

The session aims to provide a realistic, frontline view of how AI is being used maliciously and to encourage more proactive measures to combat these emerging threats. For those attending SecTor, her insights promise to be both enlightening and essential.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns (Session): https://www.blackhat.com/sector/2024/briefings/schedule/#hello-from-the-dumpster-fire-real-examples-of-artificially-generated-malware-disinformation-and-scam-campaigns-41161

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Book | The Developer's Playbook for Large Language Model Security: Building Secure AI Applications | A Conversation with Steve Wilson | Redefining CyberSecurity with Sean Martin

24 september 2024 | 35 min

Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]

On LinkedIn | https://www.linkedin.com/in/wilsonsd/

On Twitter | https://x.com/virtualsteve

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin sat down with Steve Wilson, chief product officer at Exabeam, to discuss the critical topic of secure AI development. The conversation revolved around the nuances of developing and deploying large language models (LLMs) in the field of cybersecurity.

Steve Wilson's expertise lies at the intersection of AI and cybersecurity, a point he emphasized while sharing his journey from founding the Top 10 group for large language models to authoring his new book, "The Developer's Playbook for Large Language Model Security." In this insightful discussion, Wilson and Martin explore the roles of developers and product managers in ensuring the safety and security of AI systems.

One of the key themes in the conversation is the categorization of AI applications into chatbots, co-pilots, and autonomous agents. Wilson explains that while chatbots are open-ended, interacting with users on various topics, co-pilots focus on enhancing productivity within specific domains by interacting with user data. Autonomous agents are more independent, executing tasks with minimal human intervention.

Wilson brings attention to the concept of overreliance on AI models and the associated risks. Highlighting that large language models can hallucinate or produce unreliable outputs, he stresses the importance of designing systems that account for these limitations. Product managers play a crucial role here, ensuring that AI applications are built to mitigate risks and communicate their reliability to users effectively.

The discussion also touches on the importance of security guardrails and continuous monitoring. Wilson introduces the idea of using tools akin to web app firewalls (WAF) or runtime application self-protection (RASP) to keep AI models within safe operational parameters. He mentions frameworks like Nvidia's open-source project, Nemo Guardrails, which aid developers in implementing these defenses.

Moreover, the conversation highlights the significance of testing and evaluation in AI development. Wilson parallels the education and evaluation of LLMs to training and testing a human-like system, underscoring that traditional unit tests may not suffice. Instead, flexible test cases and advanced evaluation tools are necessary. Another critical aspect Wilson discusses is the need for red teaming in AI security. By rigorously testing AI systems and exploring their vulnerabilities, organizations can better prepare for real-world threats. This proactive approach is essential for maintaining robust AI applications.

Finally, Wilson shares insights from his book, including the Responsible AI Software Engineering (RAISE) framework. This comprehensive guide offers developers and product managers practical steps to integrate secure AI practices into their workflows. With an emphasis on continuous improvement and risk management, the RAISE framework serves as a valuable resource for anyone involved in AI development.

About the Book

Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models.

Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list—a feat accomplished by more than 400 industry experts—this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Book: "The Developer's Playbook for Large Language Model Security: Building Secure AI Applications": https://amzn.to/3ztWuc2

OWASP Top 10 for LLM: https://genai.owasp.org/
___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

$17M Series B Will Accelerate Growth As BlackCloak Further Strengthens Its Personal Cybersecurity Platform And Drives Innovative Products | 7 Minutes on ITSPmagazine | A BlackCloak Short Brand Innovation Story with Chris Pierson

18 september 2024 | 7 min

In 7 Minutes on ITSPmagazine, Sean Martin chats with Chris Pierson, CEO and Co-founder of BlackCloak, about their latest milestone in digital executive protection. BlackCloak, a pioneer in protecting executives, senior leaders, high-net-worth individuals, and family offices, has secured $17 million in a Series B funding round led by Baird Capital, with contributions from Blue Heron, TDF, and Tech Operators.

Chris explains that the new funds will focus on scaling the company's operations, building proprietary cybersecurity and privacy technologies, and enhancing their concierge-level services. The goal is to provide specialized protection and remediation for corporate executives, board members, and high-profile individuals, including those in their families' personal lives.

The conversation touches on the increasing need for digital executive protection against breaches, privacy risks, and identity theft. Chris highlights how recent attacks on home environments have accelerated the demand for robust digital security solutions. Investors are drawn to BlackCloak's unique approach and market potential.

Looking ahead, Chris envisions a day in the life of a protected digital executive as one where privacy enhancements and proactive, intelligence-driven alerts become standard. BlackCloak aims to make managing personal cybersecurity seamless, offering reactive support and expert advice along the way. With this fresh investment, the company is poised to capture significant growth in this critical space.

Learn more about BlackCloak:https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

BlackCloak Raises $17M Series B Funding Round to Enhance Personal Cybersecurity Protections for Corporate Executives, High Net Worth Individuals, and Family Offices: https://blackcloak.io/news-media/blackcloak-raises-17m-series-b-personal-cybersecurity-protections-corporate-executives-high-networth-individuals-family-offices/

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Critical Role of Identity in Creating Effective Ransomware Attack Defense and Broader Business Resilience Strategies | 7 Minutes on ITSPmagazine | A Semperis Short Brand Story with Simon Hodgkinson

17 september 2024 | 7 min

Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems.

Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.

The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3w

Learn more about Semperis: https://itspm.ag/semperis-1roo

Note: This story contains promotional content. Learn more.

Guest: Simon Hodgkinson, Strategic Advisor, Semperis [@SemperisTech]

On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623

Resources

Learn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperis

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli

14 september 2024 | 24 min

Guest: Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future [@RecordedFuture]

On Linkedin | https://www.linkedin.com/in/allan2

On Twitter | https://twitter.com/uuallan

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses.

The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean’s engagements.

Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations.

A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack.

The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes.

The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference.

In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics.

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle

Be sure to share and subscribe!

____________________________

Resources

The Ransomware Threat and the Resilience Imperative (Session): https://www.hitrustevents.com/event/HITRUSTCollaborate2024/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce?session=3448b1bf-3996-4945-95ed-bd957710b0ac

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

14 september 2024 | 21 min

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.

Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.

Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.

Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.

The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.

To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.

____________________________

This Episode’s Sponsors

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sboms

Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martin

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Generative AI and Large Language Model (LLM) Prompt Hacking: Exposing Systemic Vulnerabilities of LLMs to Enhance AI Security Through Innovative Red Teaming Competitions | A Conversation with Sander Schulhoff | Redefining CyberSecurity with Sean Martin

11 september 2024 | 35 min

Guest: Sander Schulhoff, CEO and Co-Founder, Learn Prompting [@learnprompting]

On LinkedIn | https://www.linkedin.com/in/sander-schulhoff/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin engages with Sander Schulhoff, CEO and Co-Founder of Learn Prompting and a researcher at the University of Maryland. The discussion focuses on the critical intersection of artificial intelligence (AI) and cybersecurity, particularly the role of prompt engineering in the evolving AI landscape. Schulhoff's extensive work in natural language processing (NLP) and deep reinforcement learning provides a robust foundation for this insightful conversation.

Prompt engineering, a vital part of AI research and development, involves creating effective input prompts that guide AI models to produce desired outputs. Schulhoff explains that the diversity of prompt techniques is vast and includes methods like the chain of thought, which helps AI articulate its reasoning steps to solve complex problems. However, the conversation highlights that there are significant security concerns that accompany these techniques.

One such concern is the vulnerability of systems when they integrate user-generated prompts with AI models, especially those prompts that can execute code or interact with external databases. Security flaws can arise when these systems are not adequately sandboxed or otherwise protected, as demonstrated by Schulhoff through real-world examples like MathGPT, a tool that was exploited to run arbitrary code by injecting malicious prompts into the AI’s input.

Schulhoff's insights into the AI Village at DEF CON underline the community's nascent but growing focus on AI security. He notes an intriguing pattern: many participants in AI-specific red teaming events were beginners, which suggests a gap in traditional red teamer familiarity with AI systems. This gap necessitates targeted education and training, something Schulhoff is actively pursuing through initiatives at Learn Prompting.

The discussion also covers the importance of studying and understanding the potential risks posed by AI models in business applications. With AI increasingly integrated into various sectors, including security, the stakes for anticipating and mitigating risks are high. Schulhoff mentions that his team is working on Hack A Prompt, a global prompt injection competition aimed at crowdsourcing diverse attack strategies. This initiative not only helps model developers understand potential vulnerabilities but also furthers the collective knowledge base necessary for building more secure AI systems.

As AI continues to intersect with various business processes and applications, the role of security becomes paramount. This episode underscores the need for collaboration between prompt engineers, security professionals, and organizations at large to ensure that AI advancements are accompanied by robust, proactive security measures. By fostering awareness and education, and through collaborative competitions like Hack A Prompt, the community can better prepare for the multifaceted challenges that AI security presents.

Top Questions Addressed

What are the key security concerns associated with prompt engineering?
How can organizations ensure the security of AI systems that integrate user-generated prompts?
What steps can be taken to bridge the knowledge gap in AI security among traditional security professionals?

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The Prompt Report: A Systematic Survey of Prompting Techniques: https://trigaten.github.io/Prompt_Survey_Site/

HackAPrompt competition: https://www.aicrowd.com/challenges/hackaprompt-2023

HackAPrompt results published in this paper "Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition EMNLP 2023": https://paper.hackaprompt.com/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Achieving Compliance in the Cloud through Continuous Controls Monitoring (CCM) | 7 Minutes on ITSPmagazine | A RegScale Short Brand Story with Travis Howerton

10 september 2024 | 7 min

With the rapid pace of cloud adoption, less time is spent ensuring that systems are built and operated effectively and with proper cyber hygiene. As a result, continuous controls monitoring (CCM) has emerged as indispensable for ensuring both security and regulatory compliance. Travis will discuss how CCM: transforms reactive security measures into a proactive stance; strengthens security protocols and embeds compliance within cloud operations; and streamlines the protection of digital assets in an ever-evolving landscape.

With systems becoming increasingly cloud-native and ephemeral, manual approaches no longer work, can’t scale, and are not timely enough to manage risk. Continuous Controls Monitoring (CCM) is needed to allow cloud adoption in highly regulated industries without sacrificing security. The speed of the cloud, AI development, and digital transformation is quickly reaching a point where human-based risk and compliance business processes cannot keep up. A modern, compliance-as-code approach is needed via CCM platforms to ensure risk and compliance processes can execute in real-time to keep pace with modern cloud technology.

Embracing compliance-as-code to allow business processes to execute at machine speed, generate self-updating paperwork, and leverage AI and mini-robot automations to validate and assess the results. Consider more sophisticated DevOps approaches leveraging CI/CD software factories to push security from code to cloud. The new CCM approach is to shift security processes left across every layer of the application lifecycle.

Learn more about RegScale: https://itspm.ag/regscaksfb

Note: This story contains promotional content. Learn more.

Guest: Travis Howerton, Co-Founder and CEO, RegScale, [@RegScale]

On LinkedIn | https://www.linkedin.com/in/travishowerton/

Resources

Learn more and catch more stories from RegScale: https://www.itspmagazine.com/directory/regscale

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Charting the Path Forward: Navigating Security and Compliance at Collaborate 2024 | A HITRUST Collaborate 2024 Conversation with Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins | On Location Coverage with Sean Martin and Marco Ciappelli

9 september 2024 | 17 min

Guests:

Leslie Jenkins, Sr. Director, Marketing, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/lsjenkins/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Steve Perkins, Chief Marketing Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/steve-perkins-1604b31/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of "On Location with Sean and Marco," Sean Martin welcomes listeners to an engaging Chats on the Road episode heading from Frisco, Texas, where he discusses Collaborate 2024—an upcoming event centered on security, risk management, and compliance programs. Sean is joined by notable industry figures, including Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins, who collectively provide a comprehensive overview of Collaborate 2024.

The discussion begins with Robert Booker sharing insights into the history and objectives of the HITRUST Collaborate conference. He explains the event's organic growth and its focus on creating a community-driven environment where participants can engage in meaningful conversations about the challenges they face in the industry.

Steve Perkins elaborates on the theme "charting the path forward," highlighting the importance of addressing recent industry events, such as significant breaches, and fostering collective efforts in assurance, risk management, and compliance. The agenda includes a variety of sessions ranging from roundtable discussions with seasoned industry professionals to focused talks on emerging trends like ransomware and workforce development.

Blake Sutherland touches on the unique aspects of cyber insurance, outlining the benefits of integrating HITRUST certifications into the insurance process to enhance risk decisions and streamline procurement. The conversation also touches on the significance of AI in the industry, as Robert Booker discusses the challenges and opportunities associated with AI governance and security. He emphasizes the need for a robust framework to ensure AI systems are secure and align with corporate governance.

Leslie Jenkins adds to the excitement by talking about the conference's location at the Dallas Cowboys' world headquarters, which promises a unique networking experience. She underscores the importance of in-person interactions and how they contribute to the event's overall value.

The episode concludes with logistical details for attendees and a collective anticipation for the upcoming event. Sean and guests express their enthusiasm for being part of a community that actively engages in shaping the future of security, risk management, and compliance. Listeners are encouraged to stay tuned for more insightful episodes and register for the event through links provided in the show notes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

AI-powered, Unified Detection and Response Platform Streamlines Cybersecurity for MSPs and IT Service Providers | 7 Minutes on ITSPmagazine | A Guardz Short Brand Innovation Story with Dor Eisner

9 september 2024 | 7 min

As cyber threats grow more sophisticated and target various aspects of businesses across digital assets and surfaces, a common practice is to increase the number of security layers a company uses, often tasked to an MSP. However, this approach has led to a new dilemma: MSPs are now dealing with managing a plethora of disparate point solutions simultaneously. These solutions generate an overwhelming amount of data, information, and alerts that demand attention. As SMBs often lack dedicated personnel and resources to handle these alerts, the task falls on MSPs. This leaves MSPs struggling to manage the flood of information effectively.

Guardz empowers MSPs and IT service providers to protect their clients effectively and efficiently, offering a unified platform with automated detection and response, which ensures digital assets, emails, endpoints, data and cloud directories are secure, allowing businesses to focus on growth. The Guardz platform is tailor-made for MSPs, simplifying cybersecurity management for SMBs and the MSPs that serve them. Leveraging the power of AI, Guardz automates threat detection and response, reducing false alerts and focusing on real threats. It provides scalable solutions for MSPs, comprehensive coverage for SMBs, and a user-friendly interface, ensuring robust protection and proactive security measures like regular vulnerability assessments and continuous monitoring.

Guardz is transforming the future of cybersecurity by streamlining security management and enhancing efficiency. By unifying disparate solutions into a single platform that unifies detection from its own security stack and automates the response utilizing AI,Guardz empowers MSPs to significantly reduce complexity and operational burdens as they secure their SMB customers. AI-driven threat detection and automated response capabilities minimize false alerts and ensure rapid remediation of threats, allowing MSPs to focus on strategic tasks rather than being overwhelmed by data. The scalability of Guardz’s solutions means that even small businesses can access enterprise-quality security, fostering a more secure business environment overall. This transformation leads to better-prepared MSPs, more resilient SMBs, and a more secure digital landscape.

Learn more about Guardz: https://itspm.ag/guardzrgig

Note: This story contains promotional content. Learn more.

Guest: Dor Eisner, CEO and Co-Founder, Guardz [@GuardzCyber]

On LinkedIn | https://www.linkedin.com/in/dor-eisner-17067744/

Resources

Learn more and catch more stories from Guardz: https://www.itspmagazine.com/directory/guardz

For a free 14 day trial of Guardz’s platform please visit https://itspm.ag/guardzgvu3.

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

How AI-Enhanced Phishing Changes the Economic Dynamics of Phishing Attacks | A Conversation with Marco Ciappelli and Fred Heiding | Redefining CyberSecurity with Sean Martin

28 augusti 2024 | 37 min

Guests:

Fred Heiding, Research Fellow, Harvard

On LinkedIn | https://www.linkedin.com/in/fheiding/

On Twitter | https://twitter.com/fredheiding

On Mastodon | https://mastodon.social/@fredheiding

On Instagram | https://www.instagram.com/fheiding/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In today's digital era, AI-enhanced phishing attacks are transforming the landscape of cybersecurity. An insightful episode of The Redefining CyberSecurity Podcast features host Sean Martin alongside ITSPmagazine co-founder Marco Ciappelli, and guest Fred Heiding, a research fellow in computer science at Harvard School of Engineering and Applied Sciences, and a fellow at the Harvard Kennedy School.

Fred Heiding shares updates on the evolution of phishing attacks using AI, highlighting both the technical facets and the societal implications. He explains how advanced language models can now automate the creation of highly realistic phishing emails, making it easier and more cost-effective for attackers to target individuals and organizations.

Heiding discusses the concept of hyper-personalization, where attackers gather granular information about their targets, such as their communication patterns and personal interests, to craft emails that seem authentic and trustworthy. This hyper-personalization poses significant challenges.

Heiding provides an example where attackers mimicked a Black Hat organizer's email, highlighting the precision and timing crucial for successful phishing. The use of open-source language models, which can be adjusted by developers to remove any built-in protections, further exacerbates the issue.

Marco Ciappelli ponders the potential solutions by leveraging AI for defensive strategies. Heiding acknowledges this is an area with promise, particularly in personalized spam filters, yet notes the inherent advantages attackers hold over defenders due to the unpatchable nature of human intuition. Defense mechanisms using AI can marginally enhance current spam filters but face limitations in practicality and widespread adoption because of people's reluctance toward continuous training and complex defense mechanisms.

Sean Martin evaluates the potential of AI in monitoring patterns of human vulnerability over time, which could redefine phishing training by focusing on specific, individualized principles. However, he also stresses the economic aspect, citing that cheaper and more efficient phishing methods increase the attack's scale and frequency, further complicating defensive strategies.

Heiding and Ciappelli both emphasize that while technological advancements provide tools for protection, they also require more personal data to be effective—a trade-off that involves significant privacy concerns. The future of online trust, according to Heiding, appears precarious. As phishing attacks become more sophisticated, the very nature of how people trust digital communications must evolve.

Overall, this episode underscores the critical need for ongoing research and dialogue in cybersecurity, focusing on balancing innovation in defense mechanisms against the ever-advancing sophistication of attacks.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Harvard Business Review article: https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams

IEEE Access article: https://ieeexplore.ieee.org/document/10466545

BSides presentation: https://bsideslv.org/talks#8WK8P3

Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/hacking-humans-using-llms-with-fredrik-heiding-devising-and-detecting-phishing-large-language-models-vs-smaller-human-models-las-vegas-black-hat-2023-event-coverage-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli

A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/a-framework-for-evaluating-national-cybersecurity-strategies-a-black-hat-usa-2024-conversation-with-fred-heiding-on-location-coverage-with-sean-martin-and-marco-ciappelli

Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli: https://itsprad.io/redefiningcybersecurity-454

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

An Introduction to CyberTech NYC Conference 2024 with Event Director Steve Corrick | On Location Coverage with Sean Martin and Marco Ciappelli

26 augusti 2024 | 22 min

Guest: Steve Corrick, Director, Cybertech New York

On LinkedIn | https://www.linkedin.com/in/stevecorrick/

On Twitter | https://x.com/scorrick

On Facebook | https://www.facebook.com/stephen.corrick

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

A Virtual Road Trip to CyberTech NYC

In a lively pre-event discussion, we embark on a metaphorical journey across the States, representing our excitement for the CyberTech NYC Conference, happening on September 5th, 2024, at the Metropolitan Pavilion in Chelsea. The idea of this "drive" is a fun nod to the interconnectedness of our virtual world and our anticipation of the event.

Event Spotlight: Why CyberTech NYC Matters

We kick things off by highlighting the significance of this event, mentioning that it starts early on September 4th with pre-event activities, leading up to the main event on the 5th. Steve Corrick, one of the key organizers, provides a behind-the-scenes look at the planning process and explains how this third edition of CyberTech NYC has become a distinctive fixture in the cyber ecosystem.

The Global and Local Impact of CyberTech

Steve takes us through the journey of CyberTech as a global series, tracing its roots from Tel Aviv to its expansion across multiple continents. What sets CyberTech NYC apart, he says, is its dual focus on both global trends and local innovation. New York City, now a burgeoning hub for tech and cybersecurity, plays host to an event that showcases local talent, startups, and established players alike.

Comprehensive Coverage of Cyber Topics

The event’s agenda is packed with content designed to tackle critical issues, such as:

Cyber Talent Initiative: Programs for everyone, from students to professionals looking to upskill.
VC and Investor Focus: The Investing in the Best initiative to help startups boost their funding.
Government and Agency Involvement: Discussions on how localities can strengthen their cyber ecosystems.
Main Stage Content: Keynotes on fake news, the role of cyber in elections, and other pressing topics.

Inclusivity and Innovation: A Diverse Speaker Lineup

We appreciate the diversity of speakers and the range of topics covered. With big names like Walmart, AWS, and various innovative startups, the event promises to offer something for everyone. Steve also explains the event’s blend of formats, including main stage panels, roundtables, and think tanks, all aimed at fostering in-depth discussions and knowledge sharing.

The Evolving Cyber Landscape

Reflecting on how cybersecurity events have evolved over the years, Steve notes the shift from niche gatherings to mainstream importance. With cyber threats becoming part of our daily lives, collaboration among countries and industries has become essential for enhancing global security.

Local Focus with Global Reach

We commend the event’s ability to balance global participation with a strong local focus. Steve agrees, emphasizing their collaboration with local and state-level initiatives in New York, further solidifying the city’s place on the global cybersecurity map.

Looking Forward to CyberTech NYC 2024

Our conversation wraps up with a sneak peek at the event’s schedule, including a Happy Cyber Hour on the evening of September 5th and additional pre-event activities on the 4th. Steve and his team are excited to connect with participants from around the globe, and we’ll be sharing more updates as CyberTech NYC 2024 approaches.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

____________________________

Follow our Cybertech NYC 2024 coverage: https://www.itspmagazine.com/cybertech-nyc-2024-cybersecurity-event-coverage-in-new-york-city

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRjdy_wDSLBwgPkM3zSeau_

Be sure to share and subscribe!

____________________________

Resources

Learn more about Cybertech NYC 2024: https://nyc.cybertechconference.com/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Recapping Black Hat 2024 and What’s Next | On Location Coverage with Sean Martin and Marco Ciappelli

20 augusti 2024 | 21 min

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of "On Location With Sean Martin and Marco Ciappelli," our hosts dive into their time at Black Hat 2024 in Las Vegas, reflecting on key takeaways and sharing what’s next on their journey. Whether you're deep into cybersecurity or just curious about the industry, this blog post offers a snapshot of what to expect from Sean and Marco.

Recapping Black Hat 2024

Marco Ciappelli
Choo, choo . . .

Sean Martin
Is that the sound of the fast train back from Vegas? Or just the rush of everything we experienced?

Marco Ciappelli
I'm still wondering why there's no train from LA to Vegas. And don't get me started on LA to San Francisco—that's another conversation entirely.

The conversation kicks off with a lighthearted nod to travel woes before shifting to the core of the episode: their reflections on Black Hat 2024. Sean and Marco bring unique perspectives, emphasizing the importance of thinking beyond cybersecurity's technical aspects to consider its broader impact on society and business.

Sean's Operational Insights
Sean Martin
I like to look at things from an operational angle—how can we take what we learn and bring it back to the business to help leaders and practitioners do what they love?

Sean’s Black Hat 2024 Recap Newsletter explores the evolution from reactive data responses to strategic enablement, AI and automation, modular cybersecurity, and the invaluable role of human insights. His focus is clear: helping businesses become more resilient and adaptable through smarter cybersecurity practices.

Marco's Societal Impact
Marco Ciappelli
Cybersecurity isn’t a destination—it’s a journey. We’re never going to be fully secure, and that’s okay. Cultures change, technology evolves, and we have to keep adapting.

Marco’s take highlights the societal implications of cybersecurity. He talk about how different fields and nations are breaking down silos to collaborate more effectively. His newsletter often reflects on the need for digital literacy across business, society, and education, emphasizing the importance of broadening our understanding of technology’s role.

Upcoming Events and Conferences
The duo is excited about their packed schedule for the rest of 2024 and beyond, including:

CyberTech New York (September 2024): Focused on policy, innovation, SecOps, AppSec, and sustainability.
OWASP AppSec San Francisco (September 2024): Covering the OWASP Top 10 for LLMs and more.
Sector in Toronto (October 2024): Offering unique coverage ideas, closely tied to Black Hat.
Did someone said that they will be back covering an APJ event, in Melbourne, before the end of the year???

Additional Ventures
They’ll also be hosting innovation panels and keynotes at a company event in New Orleans, with CES in Las Vegas and VivaTech in Paris on the horizon for 2025, blending B2B startup insights with consumer tech, all with a cybersecurity twist.

Subscribe and Stay Tuned
Marco and Sean invite you to subscribe to their newsletters and follow their podcast, "On Location," as they continue their journey around the globe—both physically and virtually—bringing fresh perspectives on business, technology, and cybersecurity. You’ll also find unique "brand stories" that highlight innovations making our world safer and more sustainable.

Stay connected, enjoy the ride, and don’t forget to subscribe to both their newsletters and the "On Location" podcast on YouTube!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Sean's Newsletter Article: https://www.linkedin.com/pulse/reflecting-black-hat-2024-operationalizing-enhanced-business-martin-ccive/

Marco's Newsletter Article: https://www.linkedin.com/pulse/my-reflections-from-itspmagazines-black-hat-usa-2024-state-ciappelli-ayglc/?trackingId=hLvuq5LqQ%2B2RHNpgDtIJlQ%3D%3D

On Location Podcast: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli

20 augusti 2024 | 24 min

Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]

On LinkedIn | https://www.linkedin.com/in/wilsonsd/

On Twitter | https://x.com/virtualsteve

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs.

The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs.

Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems.

The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss.

The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization.

Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

OWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update

Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190

OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287

Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Building Resilient Software: Secure by Design, Transparency, and Governance Remain Key Elements | A Conversation with Chris Hughes | Redefining CyberSecurity with Sean Martin

20 augusti 2024 | 37 min

Guest: Chris Hughes, President / Co-Founder, Aquia

On LinkedIn | https://www.linkedin.com/in/resilientcyber/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of The Redefining CyberSecurity Podcast, host Sean Martin connects with Chris Hughes, a seasoned author and consultant in cybersecurity. The primary focus is on the intricacies of vulnerability management and software supply chain security, particularly in an era where software pervades every aspect of modern life.

Chris Hughes emphasizes the paramount importance of understanding what is in the software we consume. Software Bill of Materials (SBOM) has emerged as a focal point, akin to ingredient lists in the food industry, highlighting the need for transparency. Hughes argues that transparency is not just about knowing the components; it extends to understanding the risks associated with those components. He illustrates his point by referencing infamous incidents like the Log4j vulnerability, which unveiled the critical gaps in our knowledge of software components.

The conversation also shifts towards the broader challenges in software supply chain security. Hughes discusses the government's push for self-attestation and the role of third-party validators in ensuring software security. While acknowledging the complexities and potential bottlenecks, he underscores the necessity for a balanced approach that combines self-attestation with external validation to foster a secure software ecosystem.

Additionally, Hughes addresses the concept of Secure by Design, advocating for practices that embed security into the software development lifecycle right from the outset. He notes the historical context of this concept, which dates back to the Ware Report, and argues for its relevance even today. Secure by Design entails building security measures inherently into products, thereby reducing the need for perpetual patching and vulnerability management.

Internal risk management within organizations also gets spotlighted. Hughes insists that organizations should maintain an inventory of the software and components they use internally, evaluate their risks, and contribute to the open-source communities they rely on. This comprehensive approach not only helps in mitigating risks but also fosters a resilient and sustainable software ecosystem.

On the topic of platform engineering, Hughes shares his insights on its potential to streamline software development processes and enhance security through standardization and governance. However, he is candid about the challenges, particularly the need to balance standardization with the diverse preferences of development teams.

As the discussion wraps up, Hughes and Martin underline the importance of focusing on contextual risk assessment in vulnerability management, rather than merely responding to static severity scores. Hughes' advocacy for a more nuanced approach to security, balancing immediate risk mitigation with longer-term strategic planning, offers listeners a thoughtful perspective on managing cybersecurity challenges.

Top Questions Addressed

How can organizations ensure transparency and security in their software supply chains?
What strategies can be implemented to address the challenges of vulnerability management?
How can platform engineering and internal governance improve software security within organizations?

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

NCF Whitepaper: https://tag-app-delivery.cncf.io/whitepapers/platforms/

CNCF Platform Maturity Model: https://tag-app-delivery.cncf.io/whitepapers/platform-eng-maturity-model/

Secure-by-Design at Google: What is the website URL for Secure-by-Design at Google?
https://research.google/pubs/secure-by-design-at-google/

Software Transparency: Supply Chain Security in an Era of a Software-Driven Society (Book): https://a.co/d/0bNaPmF

Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem: https://a.co/d/6xs5saH

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Harnessing Dark Web Insights to Understand Risks from the Attacker's Viewpoint | A Brand Story Conversation From Black Hat USA 2024 | A Resecurity Story with Christian Lees and Shawn Loveland | On Location Coverage with Sean Martin and Marco Ciappelli

19 augusti 2024 | 19 min

At Black Hat USA 2024, the spotlight is on redefining and rethinking security, as discussed in this Brand Story episode with Resecurity. Sean Martin, Christian Lees, and Shawn Loveland share the mic to explore the cutting-edge innovations shifting paradigms within the cybersecurity domain. Christian Lees and Shawn Loveland from Resecurity dive deep into the substance of their work and its impact on modern security teams. The primary focus is Resecurity's approach towards threat intelligence and how it aids organizations in proactively mitigating risks.

The discussion kicks off with an overview of Resecurity's approach to threat intelligence. Unlike conventional models that operate from within the firewall, Resecurity adopts an outside-in perspective, helping clients understand what attackers might know about their infrastructure. Shawn Loveland emphasizes this unique viewpoint by illustrating how Resecurity helps organizations identify potential breaches and vulnerabilities from the attacker's perspective, well before any threats materialize.

One intriguing point discussed by Lees and Loveland is Resecurity's comprehensive data sourcing from the dark web. Resecurity does not simply rely on common threat intel from visible websites but digs deep into exclusive, invitation-only forums and other obscure corners of the web. This meticulous venture results in a much more profound understanding of potential threats, minimizing blind spots and the risk of data inaccuracies or AI hallucinations. By drawing on diverse data sources, Resecurity promises more significant and accurate insights into the motives and methods of cybercriminals.

Moreover, Loveland highlights the technologically sophisticated tactics employed by Resecurity, combining AI to convert unstructured data into structured, actionable intelligence for security teams. This automation not only boosts efficiency but also empowers analysts to make more informed decisions swiftly. AI in Resecurity's arsenal is not a standalone entity but integrates deeply with the human-driven aspects of threat intelligence, enriching the overall analytic experience with contextual understanding and tangible evidence.

The guests also touch on Resecurity's AI capabilities, illustrating this through scenarios where AI accelerates threat detection and response. By transforming vast amounts of data into comprehensible formats, and even summarizing complex situations into actionable insights, AI significantly reduces the ordeal for security analysts while enhancing precision.

In conclusion, Resecurity’s state-of-the-art threat intelligence solutions, emphasized by the knowledgeable insights from Christian Lees and Shawn Loveland, represent a proactive and innovative approach to modern cybersecurity.

Learn more about Resecurity: https://itspm.ag/resecurb51

Note: This story contains promotional content. Learn more.

Guests:

Christian Lees, CTO, Resecurity [@RESecurity]

On LinkedIn | https://www.linkedin.com/in/christian-lees-72886b3/

Shawn Loveland, Chief Operating Officer, Resecurity [@RESecurity]

On LinkedIn | https://www.linkedin.com/in/shawn-loveland/

Resources

Learn more and catch more stories from Resecurity: https://www.itspmagazine.com/directory/resecurity

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Reflecting on Black Hat 2024: Operationalizing Cybersecurity for Enhanced Business Outcomes and Improved Resilience | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

13 augusti 2024 | 9 min

Enhancing Cyber Defense: AI Innovations and Challenges | A Black Hat USA 2024 Conversation with Rock Lambros | On Location Coverage with Sean Martin and Marco Ciappelli

13 augusti 2024 | 15 min

Guest: Rock Lambros, CEO and founder of RockCyber [@RockCyberLLC]

On LinkedIn | https://www.linkedin.com/in/rocklambros/

On Twitter | https://twitter.com/rocklambros

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In a recent On Location episode recorded at Black Hat USA 2024, Sean Martin and Rock Lambros explore the prevailing topics and critical insights from the event's AI Summit. Sitting in the media room, not on the bustling show floor, the paid dissect the impact of artificial intelligence (AI) on cybersecurity, shedding light on its multifaceted implications.

Rock Lambros, Founder and CEO of RockCyber, shares his observations about the predominance of AI in every corner of the conference. He notes how AI's presence is ubiquitous, even saturating advertisements at the airport. Lambros provides an overview of the AI Summit, highlighting the diversity of sessions ranging from high-level talks to vendor pitches. While some were mere product promotions, others provided substantial insights and valuable statistics, which Lambros is keen to share on platforms like LinkedIn.

The discussion progresses to the remark by Nvidia's CEO, Bartley Richardson, suggesting that cyber is fundamentally a data problem, and AI could be the solution. Lambros concurs with this in part but emphasizes the necessity of maintaining human oversight in the process. Martin and Lambros reflect on the potential of AI to augment cybersecurity tasks, particularly for tier one analysts. There is a focus on leveraging AI to expedite responses to threats, potentially reducing the reaction time, which currently lags significantly behind the speed of AI-driven attacks.

Lambros presents a balanced perspective, warning against the risk of reducing entry-level jobs in cybersecurity due to AI advancements, advocating instead for upskilling these professionals to handle more complex roles. The conversation touches on governance and risk management, with Lambros stressing the importance of integrating AI governance into existing frameworks without rendering AI oversight an exclusive domain for data scientists alone. He highlights the EU AI Act and Colorado AI Act as critical regulatory frameworks that emphasize this need.

Lambros also brings attention to DARPA's open-source resources aimed at securing AI, encouraging practitioners to utilize these tools. Towards the end, a poignant observation from Robert Flores, former CISO of the CIA, underscores the difficulty governments face in keeping up with AI's rapid evolution. Lambros reflects on the mixed audience at the summit, a blend of technical practitioners and policy leaders, all grasping the significant impact and challenges AI brings to the field.

The episode underscores the crucial balance between embracing technological advancements and maintaining human oversight and governance within cybersecurity. The insights shared by Rock Lambros and Sean Martin offer a nuanced perspective on the current state of AI in the field, emphasizing a collaborative approach to integrating these innovations responsibly.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Rock's LinkedIn Post: https://www.linkedin.com/posts/rocklambros_ai-cybersecurity-ciso-activity-7226988285410074626-rX3-

AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher -- https://redefiningcybersecuritypodcast.com/episodes/ai-summit-keynote-enhancing-national-security-with-ai-driven-cybersecurity-a-black-hat-usa-2024-conversation-with-dr-kathleen-fisher-on-location-coverage-with-sean-martin-and-marco-ciappelli

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Innovations in Autonomous Penetration Testing and Continuous Security Posture Management | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From Black Hat USA 2024 | A Horizon3 Brand Story with Snehal Antani

13 augusti 2024 | 7 min

In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.

Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.

A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.

Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.

Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization’s security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture’s evolution.

A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai’s rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.

The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai’s tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.

Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23

Note: This story contains promotional content. Learn more.

Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]

On LinkedIn | https://www.linkedin.com/in/snehalantani/

On Twitter | https://twitter.com/snehalantani

Resources

Learn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3ai

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Enhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco Ciappelli

13 augusti 2024 | 18 min

In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.

ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security.

One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first.

The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization’s security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden.

Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk.

One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams.

The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes.

This insightful episode underscores the importance of comprehensive, AI-driven solutions in today’s security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient.

Learn more about ArmorCode: https://itspm.ag/armorcode-n9t

Note: This story contains promotional content. Learn more.

Guest: Mark Lambert, Chief Product Officer, ArmorCode [@code_armor]

On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/

Resources

Learn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcode

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Blocking Billions to Secure the Internet | A Brand Story Conversation From Black Hat USA 2024 | A DNSfilter Story with TK Keanini | On Location Coverage with Sean Martin and Marco Ciappelli

12 augusti 2024 | 18 min

During Black Hat USA 2024 in Las Vegas, Sean Martin engages in a Brand Story conversation with TK Keanini from DNSFilter to explore the pivotal role DNSFilter plays in safeguarding networks around the world. DNSFilter operates by leveraging the Domain Name System (DNS), an essential component of the internet. As TK Keanini shares, the company's primary mission is to filter out malicious traffic and allow legitimate traffic to pass through, thereby providing an effective layer of security that is both accessible and user-friendly.

The applicability of DNSFilter spans globally, reflecting the nature of cyber threats, which are not confined by geographic borders. One critical aspect discussed is DNSFilter's ability to manage approximately 130 billion DNS requests daily, blocking between three to four billion potentially harmful requests. This impressive scale underscores the importance of DNSFilter in preventing cyberattacks and protecting users from inadvertently accessing malicious sites.

From coffee shops to large enterprises, the relevance and ease of deploying DNSFilter stand out. For businesses, the practical uses of DNSFilter are numerous.

Keanini explains that the technology is effortless to set up and can be integrated directly into various levels of IT infrastructure, including Wi-Fi routers in coffee shops and public Wi-Fi in retail settings. This straightforward setup enables even those with minimal technical expertise to implement robust cybersecurity measures easily.

The conversation also highlights DNSFilter's effectiveness in addressing global issues, such as Child Sexual Abuse Material (CSAM), reinforcing the company's commitment to making the internet safer for everyone. The firm’s blocking capabilities are not limited to phishing and ransomware; they extend to other harmful content categories, ensuring comprehensive protection.

Moreover, for Chief Information Security Officers (CISOs) and organizations with established cybersecurity programs, DNSFilter offers an invaluable addition to their security suite. With DNSFilter, policies can be set with a single click, streamlining the process for schools, businesses, and managed service providers alike. Keanini points out that this level of usability ensures that even those without extensive cybersecurity experience can effectively manage and implement necessary protections.

Additionally, Keanini emphasizes the importance of DNSFilter's role in protecting everyday users on public Wi-Fi networks and its affordability for public-use scenarios. DNSFilter's technology integrates smoothly into existing security frameworks, providing peace of mind to users and IT administrators that their networks are secure. For individuals and organizations looking to enhance their online security, DNSFilter presents a compelling solution. With its easy setup, global reach, and comprehensive protection against a wide range of cyber threats, DNSFilter stands as a vital tool in the arsenal of modern cybersecurity solutions.

Learn more about DNSFilter: https://itspm.ag/dnsfilter-1g0f

Note: This story contains promotional content. Learn more.

Guest: TK Keanini, CTO, DNSFilter [@DNSFilter]

On LinkedIn | https://www.linkedin.com/in/tkkeaninipub/

Resources

Learn more and catch more stories from DNSFilter: https://www.itspmagazine.com/directory/dnsfilter

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Evolving Landscape of Application Security | A Brand Story Conversation From Black Hat USA 2024 | An AppSOC Story with Willy Leichter | On Location Coverage with Sean Martin and Marco Ciappelli

12 augusti 2024 | 21 min

Black Hat Hacker Summer Camp: A Meeting Ground for Security Minds

As Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes.

Returning to Basics: The Unending Challenge of Security

Sean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged.

Introducing AppSoc: The New Kid on the Block

Sean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Pravin Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence.

The Importance of Prioritization and Orchestrated Remediation

Willy explains how AppSoc’s "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly.

Leveraging AI for Better Prioritization and Security Posture

The use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices.

Real-world Applications: A Day in the Life with AppSoc

Willy shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc’s efficacy in providing actionable insights promptly.

The Shift-Left Strategy and DevSecOps Collaboration

The conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams.

Conclusion

Sean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape.

Learn more about AppSOC: https://itspm.ag/appsoc-z45x

Note: This story contains promotional content. Learn more.

Guest: Willy Leichter, Chief Marketing Officer, AppSOC [@appsoc_inc]

On LinkedIn | https://www.linkedin.com/in/willyleichter/

Resources

Learn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsoc

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Cutting-Edge Mobile App Security | A Brand Story Conversation From Black Hat USA 2024 | An Appdome Story with Tom Tovar | On Location Coverage with Sean Martin and Marco Ciappelli

9 augusti 2024 | 22 min

Welcome to another insightful story from ITSPmagazine, where we bring you exclusive content directly from Hacker Summer Camp at Black Hat Las Vegas 2024. This year, Sean Martin had the pleasure of sitting down with Tom Tovar, CEO of Appdome, to explore the company’s innovative approach to mobile app security.

A Dynamic Presence at Black Hat

Black Hat 2024 is buzzing with energy, and Appdome's vibrant booth has become a focal point for many attendees. Tom credits his marketing team for creating an engaging and visually striking presence that truly reflects Appdome’s mission. A standout feature is a unique widescreen shot setup that, although not yet shared on social media, perfectly encapsulates Appdome's vision for mobile app security.

The Origin of Appdome

During the conversation, Sean Martin asked Tom to share the origin story of Appdome. Tom, who began his career as a corporate and securities lawyer during the tech boom, later transitioned to roles in security and operations at NetScreen. His journey took a pivotal turn after teaching himself to code and recognizing the need for a more efficient way to secure mobile applications. Driven by frustration with existing solutions and encouraged by a venture capitalist friend, Tom set out to create Appdome, aiming to simplify and automate mobile app security.

Revolutionizing Mobile App Security with Appdome

Appdome’s approach integrates security into the mobile app development process through machine learning, making it easier to incorporate essential functions like encryption and anti-tampering. Over time, the platform has evolved to include advanced features such as malware detection and fraud prevention. By automating these processes, Appdome reduces friction for developers and users alike, offering a streamlined path to robust mobile app security.

Embracing Generative AI for User Empowerment

A highlight of the interview was the discussion around Appdome’s adoption of Generative AI (Gen AI). This cutting-edge technology offers automated support to users facing mobile app security threats, providing real-time guidance to resolve issues independently. This not only enhances cybersecurity but also raises awareness, helping users become more informed and vigilant.

Appdome’s Expanding Influence in Cybersecurity

With over 144,000 applications utilizing its platform and more than 11,000 builds handled daily, Appdome has established itself as a leader in mobile app security. Its widespread adoption across diverse industries underscores the platform’s scalability and versatility.

Looking Ahead: The Future of Mobile App Security

Tom Tovar also shared Appdome’s vision for the future, including the introduction of AI-driven recommendations to further streamline security integration. The ultimate goal is to achieve an auto-defend capability, making mobile app security more intuitive and effortless for users worldwide.

Conclusion

This exclusive interview with Tom Tovar at Black Hat 2024 highlights how Appdome is at the forefront of mobile app security, driving innovation and automation in a rapidly evolving landscape. As mobile threats continue to grow, Appdome’s solutions will be essential in ensuring secure, seamless experiences for users everywhere.

For more insights and updates from the cybersecurity world, keep following ITSPmagazine.

Learn more about Appdome: https://itspm.ag/appdome-neuv

Note: This story contains promotional content. Learn more.

Guest: Tom Tovar, CEO, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/tom-tovar-9b8552/

Resources

Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Securing the Digital Economy: A Deep Dive into Application and API Security | A Brand Story Conversation From Black Hat USA 2024 | An Akamai Story with Rupesh Chokshi | On Location Coverage with Sean Martin and Marco Ciappelli

9 augusti 2024 | 21 min

In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment.

Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations.

The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape.

A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards.

Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem.

The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively.

The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors.

For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets.

Learn more about Akamai: https://itspm.ag/akamaievki

Note: This story contains promotional content. Learn more.

Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai [@Akamai]

On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

From Deep Fakes to Phishing: Protecting High-Profile Digital Lives and Safeguarding Personal Privacy | A Brand Story Conversation From Black Hat USA 2024 | A BlackCloak Story with Chris Pierson | On Location Coverage with Sean Martin and Marco Ciappelli

9 augusti 2024 | 31 min

In this Brand Story episode of On Location, hosts Sean Martin and Marco Ciappelli sit down with Chris Pierson, Founder and CEO of BlackCloak, a digital executive protection company. Throughout their conversation, they explore the intersection of personal privacy, digital security, and the unique challenges faced by high-profile individuals in protecting their digital lives. Chris Pierson discusses the importance of proactive measures in digital security, emphasizing the need for executives and public figures to safeguard their personal information just as rigorously as their corporate data.

The dialogue covers various critical topics, including the rising threats of deep fakes and the implications for personal and professional security. Pierson explains how these convincing digital forgeries can be used maliciously and provides strategies to identify and combat them. Additionally, the conversation delves into common cyber threats like phishing and business email compromise, with Pierson detailing practical strategies for mitigating these risks.

Pierson also highlights the evolving landscape of privacy threats and the role of education in empowering individuals to take control of their digital presence. He shares insights on balancing security with usability, pointing out the vulnerabilities that can be overlooked by even the most tech-savvy individuals. Reflecting on his experience building BlackCloak, Pierson discusses key lessons learned while developing solutions tailored to the needs of high-net-worth and high-profile clients.

The episode underscores the criticality of a tailored approach to digital security, addressing both technical defenses and user behaviors. Listeners are encouraged to think about their own digital habits and consider how they can better protect their personal information in an increasingly interconnected world.

Learn more about BlackCloak:https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Insider Insights: Cybersecurity and Collaboration | A Brand Story Conversation From Black Hat USA 2024 | A LevelBlue Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco Ciappelli

9 augusti 2024 | 20 min

Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue.

Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We’re here in Las Vegas for Black Hat USA 2024, and I’m thrilled to be joined by Theresa Lanowitz. Theresa, how are you?”

Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs.

Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.”

The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on.

Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience.

Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience.

Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they’re not, achieving cyber resilience becomes very difficult.”

The Pandemic's Impact on Cybersecurity Reflecting on the pandemic’s effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach.

Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance.

Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you’re going to be proactive rather than reactive.”

The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures.

Sean Martin: “By working with a trusted partner, you’re not giving up your creative ideas but rather ensuring they play out effectively and securely.”

The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity.

Sean Martin: “It always comes back to the people, doesn’t it?”

Conclusion The episode wraps up with Sean expressing gratitude for Theresa’s insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Balancing Integrity and Sales: The Dual Role of Field CISOs | CISO Circuit Series: Episode 5 with Black Hat USA 2024 Event Coverage | Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

9 augusti 2024 | 30 min

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guest: Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.

A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.

Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.

One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.

Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.

Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Dynamic Access Control in Modern Cloud Environments | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Artyom Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

9 augusti 2024 | 22 min

In this On Location episode Brand Story, Sean Martin speaks with Artyom Poghosyan at the Black Hat conference in Las Vegas about Britive, a cloud privileged access management platform. They explore how Britive assists medium to large enterprises in tackling identity management and security issues across multi-cloud and hybrid environments.

Sean and Artyom discuss the complexities that organizations face with cloud adoption, where traditional lift-and-shift approaches no longer suffice. Artyom outlines how the incorporation of new processes and tools, such as DevOps automation, complicates identity and access management in cloud environments. Britive's approach emphasizes the need for dynamic, scalable solutions that align with the speed and agility of cloud-based development while ensuring robust security controls.

A key focus is the balance between granting necessary access for operational efficiency and minimizing security risks from overprivileged accounts. Artyom describes Britive's method of dynamically granting and revoking access based on justified needs, ensuring that temporary elevated access is appropriately controlled and removed post-use.

Additionally, the conversation highlights the challenges of managing identities across multiple cloud platforms (AWS, GCP, Azure, etc.) and the diverse technologies used in modern enterprises. Artyom explains Britive's capability to provide a unified identity and access management approach that simplifies and secures these varied environments.

The episode also emphasizes Britive’s potential to significantly reduce the time required for onboarding DevOps engineers, streamlining the process from days to mere minutes through automation. This not only improves operational efficiency but also vastly reduces risk by limiting standing privileges, a key security vulnerability often exploited by cybercriminals.

Finally, they touch upon how Britive fits within broader organizational security strategies, particularly Zero Trust initiatives. By eliminating standing access risks and offering integration with existing security processes, Britive supports the implementation of comprehensive identity security programs that align with modern security frameworks.

Sean closes the episode by encouraging listeners to engage with Artyom and the Britive team to see how their solutions can enhance identity management and security within their organizations.

Learn more about Britive: https://itspm.ag/britive-3fa6

Note: This story contains promotional content. Learn more.

Guest: Artyom Poghosyan, Co-Founder, Britive [@britive1]

On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/

Resources

Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Coro's Modular Cybersecurity and True Platform Revolution | A Brand Story Conversation From Black Hat USA 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

8 augusti 2024 | 21 min

At Black Hat 2024 in Las Vegas, Sean Martin from On Location interviews Dror Liwer of Coro, uncovering the impressive strides Coro has made in creating a truly cohesive cybersecurity platform. This conversation reveals how Coro distinguishes itself in an industry saturated with buzzwords and inadequate solutions, particularly for smaller and mid-sized businesses.

Meeting in Vegas

Sean Martin starts the conversation by appreciating the vibrant atmosphere at the Black Hat Business Hall. The colorful Coro booth, coupled with the energetic team, sets the perfect backdrop for a discussion centered on platform innovation.

Sean Martin: "Here we are, Dror. Fantastic seeing you here in Vegas."

Dror Liwer: "It's where we meet."

The Platform Buzz

The term “platform” has become a buzzword in the cybersecurity industry. Dror explains that many companies claim to offer platforms, but these so-called platforms often result from the integration of various point solutions, which don't communicate effectively with each other.

Dror Liwer: “We built Coro as a platform and have been a platform for 10 years. It's kind of funny to see everybody now catching up and trying to pretend to be a platform.”

Dror criticizes how companies use “platform” to create market confusion, explaining that a true platform requires seamless integration, a single endpoint agent, and a unified data lake.

Defining a True Platform

Dror and Sean delve deep into what makes Coro's platform genuinely innovative. Dror emphasizes that a real platform collects and processes data across multiple modules, providing a single pane of glass for operators. He contrasts this with other solutions that merely integrate various tools, resulting in operational complexity and inefficiencies.

Dror Liwer: "A real platform is an engine that has a set of tools on top of it that work seamlessly together using a single pane of glass, a single endpoint agent, and a single data lake that shares all of the information across all of the different modules."

The Role of Data

Data integration is a cornerstone of Coro’s platform. Dror explains that each module in Coro functions as both a sensor and protector, feeding data into the system and responding to anomalies in real-time.

Dror Liwer: "The collection of data happens natively at the sensor. They feed all the data into one very large data lake."

This unified approach allows Coro to eliminate the time-critical gap between event detection and response, a significant advantage over traditional systems that often rely on multiple disparate tools.

Supporting MSPs and Mid-Market Businesses

One of Coro's key missions is to support Managed Service Providers (MSPs) and mid-market businesses, sectors that have been largely overlooked by larger cybersecurity firms. By offering a more manageable and less costly platform, Coro empowers these providers to offer comprehensive cybersecurity services without the high operational costs traditionally associated with such tasks.

Dror Liwer: “We are changing that economic equation, allowing MSPs to offer full cybersecurity solutions to their customers at an affordable price.”

Fulfilling New Requirements

Dror also sheds light on how Coro helps businesses comply with new regulatory requirements or cybersecurity mandates, often dictated by their position in the supply chain.

Dror Liwer: "When this guy comes to you and says, ‘Hey, I need to now comply with this or do that,’ this is an opportunity to tell them, ‘Don't worry. I got you covered. I have Coro for you.’”

Conclusion

Dror Liwer's insights during Black Hat 2024 highlight how Coro is not only addressing but revolutionizing the cybersecurity needs of small to mid-sized businesses and their MSP partners. By creating a true platform that reduces complexity and operational costs, Coro sets a new standard in the cybersecurity industry.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Behind the Scenes of SquareX's Exposing DEF CON Talk and Their Latest Browser Security Innovations | A Brand Story Conversation From Black Hat USA 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli

8 augusti 2024 | 20 min

In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX’s innovative approach to browser security and its relevance in today’s cybersecurity landscape.

Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.

The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.

Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.

Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.

Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.

Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/vivekramachandran/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Book | Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More | A Conversation with Evgeniy Kharam | Redefining CyberSecurity with Sean Martin

7 augusti 2024 | 28 min

Guest: Evgeniy Kharam, Co-Founder, Security Architecture [@secarchpodcast]

On LinkedIn | https://www.linkedin.com/in/ekharam/

Website | https://www.softskillstech.ca/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of The Redefining CyberSecurity Podcast, host Sean Martin speaks with Evgeniy Kharam about the essential role of soft skills in the technology and cybersecurity sectors. While many discussions in this field tend to center on hard technical skills or the latest cyber threats, this episode shifts the focus to the often-overlooked soft skills that can drive success.

Evgeniy Kharam, who is also an author and holds a key position in his company, shares insightful perspectives from his newly released book 'Architecting Success: The Art of Soft Skills in Technical Sales.' According to Evgeniy, effective communication and connection are foundational elements not just for sales engineers and teams, but for anyone working in any field, including cybersecurity. He notes that regardless of how advanced one's technical skills might be, the ability to connect with people, convey ideas clearly, and build lasting relationships is crucial.

One of the primary points that Evgeniy discusses is the changing landscape for sales engineers. He mentions that the role has evolved significantly over the years. Previously, sales engineers primarily focused on giving demos and technical presentations. Today, they are expected to be deeply involved in the sales process, understand procurement intricacies, and effectively communicate technical merits and business values. Host

Sean Martin addresses the barriers that often exist within organizational cultures, where roles are tightly defined, and stepping outside of one's designated lane can be frowned upon. Evgeniy suggests that this old-school mentality needs to shift. Everyone in a company—from engineers to marketers and beyond—is involved in sales in some way. From making a strong first impression to ensuring clear and intentional communication, soft skills can enhance every aspect of organizational interaction.

The duo also touches upon the importance of continuous self-improvement. Evgeniy advises that one of the best ways to practice soft skills is outside the workplace. Whether making a cashier smile or engaging in meaningful conversations with strangers, these efforts contribute to refining one's ability to connect and communicate effectively.

Sean Martin concludes the episode by highlighting that everyone is, in essence, always selling something—whether it's a product, a service, or simply themselves. The more refined these soft skills, the better positioned anyone will be to achieve success in their respective fields. For those interested in taking a deeper dive into this topic, Evgeniy's book is a must-read, offering practical tips and strategies to help professionals hone their soft skills and, ultimately, architect success.

About the Book

In today's crowded marketplace, technology alone isn't enough. Architecting Success equips sales professionals and anyone in tech and science to unlock their full potential through the power of soft skills.

Architecting Success: The Power of Soft Skills in Technical Sales. Connect to Sell More is a practical guide for architects, sales professionals, and anyone in the technology and science sectors to enhance their effectiveness. The book begins by exploring the historical dynamics between sales and technical teams, emphasizing how soft skills can bridge the gap between these traditionally siloed groups. It highlights how focusing on mentoring, problem-solving, listening, teamwork, and empathy can connect to increase sales.

Here is a call to action for technical sales professionals to embrace and cultivate their soft skills. By engaging and reflecting, readers can unlock their full potential and achieve personal and professional excellence in the competitive world of technical sales.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More (Book): https://amzn.to/3MVTYhT

LinkedIn Post: https://www.linkedin.com/posts/ekharam_softskilltech-new-book-activity-7223356920441585664-NGrq

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Breaking Boundaries in Cloud Security, Identity, and Privileged Access Management | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Art Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

6 augusti 2024 | 22 min

In this Brand Story episode as part of the Black Hat Event Coverage featuring Sean Martin and Marco Ciappelli, guest Art Poghosyan, co-founder of Britive, discusses the evolution and challenges of identity and access management (IAM) in the modern technological landscape. Sean and Marco engage Art in a conversation that covers everything from the significance of effective IAM for businesses to the innovative solutions Britive is bringing to the market.

Art shares the story behind the foundation of Britive and its journey from conception to a leading provider of cloud-native privileged access management solutions. He highlights the shift from static to dynamic identities, emphasizing the importance of automating and authorizing access in real time to meet the needs of modern DevOps and cloud environments.

The conversation also touches on how traditional security measures are adapting to new cloud-based infrastructures, highlighting the growing complexity and necessity for advanced IAM solutions. Marco brings in a critical perspective on the changing nature of technology and security, questioning how modern companies can sustain their operations amid rapid technological changes.

Art shares insight into the convergence of new ideas and the maturity of contemporary technologies, suggesting that today's advancements provide unique opportunities for innovative solutions. Sean and Marco steer the conversation to practical applications, with Art providing real-world examples of how Britive's technologies are being implemented by enterprises facing complex security challenges. He explains how Britive's API-first approach aids in operationalizing security without imposing on performance or user experience.

Furthermore, the episode sets the stage for an upcoming deeper conversation at the Black Hat event, where Art, Sean, and Marco will continue exploring IAM and the critical role Britive plays in shaping the industry's future. Listeners also get information on how to connect with Art and the Britive team at the event.

Learn more about Britive: https://itspm.ag/britive-3fa6

Note: This story contains promotional content. Learn more.

Guest: Art Poghosyan, Co-Founder, Britive [@britive1]

On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/

Resources

Cloud PAM: https://itspm.ag/britivxya3

Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 2 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin

5 augusti 2024 | 46 min

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)

On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.

Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.

Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.

Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.

Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.

Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.

Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Measuring Cybersecurity Success: A Holistic Approach to Protecting Businesses, Infrastructure, and Society | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

3 augusti 2024 | 9 min

AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher | On Location Coverage with Sean Martin and Marco Ciappelli

2 augusti 2024 | 25 min

Guest: Dr. Kathleen Fisher, Information Innovation Office (I2O) Director, Defense Advanced Research Projects Agency (DARPA) [@DARPA]

On LinkedIn | https://www.linkedin.com/in/kathleen-fisher-4000964/

At Black Hat | https://www.blackhat.com/us-24/summit-sessions/schedule/speakers.html#dr-kathleen-fisher-48776

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location with Sean and Marco episode, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation with Dr. Kathleen Fisher from the Defense Advanced Research Projects Agency (DARPA). The discussion centers around the upcoming Black Hat and DEF CON events, where Dr. Fisher is scheduled to deliver a keynote on the intersection of artificial intelligence (AI) and cybersecurity, with a particular focus on DARPA's ongoing initiatives and competitions.

Dr. Fisher begins by providing an overview of her background and DARPA's mission to prevent technological surprises that could undermine U.S. national security. She recounts the success of the High-Assurance Cyber Military Systems (HACMS) program, which utilized formal methods to create highly secure software for military vehicles. This program demonstrated the potential of formal methods to revolutionize cybersecurity, proving that robust software could be developed to withstand hacking attempts, even from world-class red teams.

The conversation then shifts to the AI Cyber Challenge (AICC) program, a major highlight of her upcoming keynote. AICC aims to leverage the power of AI combined with cyber reasoning systems to automatically find and fix vulnerabilities in real open-source software—an ambitious extension of DARPA's previous Cyber Grand Challenge. This competition involves collaboration with major tech companies like Google, Anthropic, OpenAI, and Microsoft, offering competitors access to state-of-the-art models to tackle real-world vulnerabilities.

Dr. Fisher emphasizes the importance of public-private collaboration in advancing cybersecurity technologies. DARPA's charter allows it to work with a diverse range of organizations, from startups to national labs, in pursuit of strategic technological advances. The episode also touches on the potential impact of cyber vulnerabilities on critical infrastructure, underscoring the need for scalable and automatic solutions to address these threats.

Listeners can anticipate Dr. Fisher highlighting these themes in her keynote, aimed at business leaders, practitioners, policymakers, and risk managers. She will outline how the audience can engage with DARPA's initiatives and contribute to the ongoing efforts to enhance national security through innovative technology solutions.

The episode promises to provide a nuanced understanding of DARPA's role in pioneering AI-driven cybersecurity advancements and offers a preview of the exciting developments to be showcased at Black Hat and DEF CON.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Keynote: Enhancing National Security with AI-Driven Cybersecurity: https://www.blackhat.com/us-24/summit-sessions/schedule/index.html#keynote--enhancing-national-security-with-ai-driven-cybersecurity-41250

AI Cyber Challenge: https://aicyberchallenge.com/

DARPA's Information Innovation Office: https://www.darpa.mil/about-us/offices/i2o?ppl=collapse

High-Assurance Cyber Military Systems (HACMS): https://www.darpa.mil/program/high-assurance-cyber-military-systems

DARPAConnect Website: https://pathfinder.theari.us/darpaconnect/home

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Spotting and Unmasking Fake LinkedIn Profiles to Avoid the Hidden Risks and Thwart LinkedIn Scams | A Conversation with Kris Rides | Redefining CyberSecurity with Sean Martin

2 augusti 2024 | 37 min

Guest: Kris Rides, Co-Founder & Chief Executive Officer, Tiro Security [@tirosecurity]

On LinkedIn | https://www.linkedin.com/in/krisrides/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin speaks with Kris Rides, founder of Tiro Security. They discuss the fascinating and somewhat unsettling topic of fake LinkedIn profiles, an issue that has become increasingly prevalent. Kris Rides, with years of experience in cybersecurity staffing and professional services, shares insights from a recent LinkedIn post that garnered significant engagement.

The discussion kicks off with Sean Martin recounting how Kris's post about a suspicious LinkedIn account with 28,000 followers caught his attention. Despite having a large number of followers, the account consistently posted irrelevant comments and lacked meaningful engagement. This anomaly prompted Kris to investigate further, leading to a broader conversation about the implications and dangers of fake profiles on professional networking sites.

One key takeaway from their conversation is the motivational factors behind creating fake profiles. Kris highlights a range of activities from promoting scams and fake job offers to phishing attempts and even cyber reconnaissance. Fake accounts might seek to gather personal information through seemingly legitimate contact requests or endorsements, which could then be used for nefarious purposes. Kris explains that fake profiles often masquerade as legitimate individuals or companies, which makes them hard to identify at a glance. He recounts instances where Endorsements were used as a tool by these profiles to build credibility. In one case, a fake profile had numerous endorsements from a marketing tool, unbeknownst to the people doing the endorsing. This exploitation of LinkedIn's features underscores the complexity of detecting inauthentic activities. The episode also touches on the sophisticated techniques used to enhance the legitimacy of fake profiles.

Kris shares how these profiles sometimes share resumes and job offers to build trust within the LinkedIn community. Sean and Kris debate the ultimate end-goals of these activities, including using amassed information for large-scale phishing or vishing campaigns, perpetrating job offer scams, and scraping data for fraudulent purposes.

For professionals and companies, the conversation provides crucial advice: maintaining vigilance and conducting regular checks on connections and endorsements can help mitigate risks. Both speakers emphasize the importance of trust but verify, suggesting that users report suspicious activities to LinkedIn and engage cautiously with unsolicited requests.

In summary, the episode explores how fake LinkedIn profiles represent a growing concern, affecting both individuals and organizations. Through their shared experiences and insights, Sean Martin and Kris Rides bring valuable awareness to this issue, encouraging proactive measures to safeguard personal and professional information in the digital age.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Post: https://www.linkedin.com/posts/krisrides_ive-reported-this-so-im-unsure-how-long-activity-7211061069274914817-aN43/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Reconstructing the Organizational and Social Structure of a Ransomware Gang | A Black Hat USA 2024 Conversation with L Jean Camp and Dalya Manatova | On Location Coverage with Sean Martin and Marco Ciappelli

1 augusti 2024 | 24 min

Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli

1 augusti 2024 | 24 min

Guests:

Vas Mavroudis, Principal Research Scientist, The Alan Turing Institute

Website | https://mavroud.is/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757

Jamie Gawith, Assistant Professor of Electrical Engineering, University of Bath

On LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.

Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.

The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.

Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.

Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.

Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.

Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.

Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.

Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.

Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Deep Backdoors in Deep Reinforcement Learning Agents: https://www.blackhat.com/us-24/briefings/schedule/index.html#deep-backdoors-in-deep-reinforcement-learning-agents-39550

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Traceability in Cyber Security: Lessons Learned from the Medical Sector | A Conversation with Kostas Papapanagiotou | Redefining CyberSecurity with Sean Martin

1 augusti 2024 | 29 min

Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.

On LinkedIn | https://www.linkedin.com/in/kpapapan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

Cybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.

No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.

Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.

Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.

Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.

The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.

This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.

___________________________

Sponsors

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Traceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

From Zero Trust to AI and now Platformization and Consolidation: Debunking Cybersecurity Buzzwords | A Brand Story Conversation From Black Hat USA 2024 | A Coro Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

30 juli 2024 | 25 min

Join the On Location Podcast co-hosts, Sean Martin and Marco Ciappelli, as they kick off an engaging conversation with Dror Liwer, Co-Founder of Coro, discussing SMB cybersecurity and preparations for Black Hat 2024.

Dror emphasizes Coro’s excitement about participating in Black Hat for the second year, where they will be showcasing their offerings at booth 4734. He contrasts Black Hat with other conferences, noting its unique focus on cybersecurity practitioners and those who carry the weight of their organizations' security.

Throughout the discussion, Dror tackles the buzzwords and trends in the cybersecurity industry. This year, the buzzword is "platform," and Dror provides insight into what truly constitutes a cybersecurity platform. He distinguishes between various types of platforms, such as those built from multiple vendors, internally developed ones like Cisco and Palo Alto, and Coro's own from-the-ground-up modular platform. He also discusses the advantages of a unified and seamless approach to cybersecurity.

The conversation covers the practical benefits of Coro’s platform for service providers and end customers. Dror mentions how Coro simplifies cybersecurity by allowing easy onboarding and flexible licensing. He highlights Coro’s data governance capabilities and modular design, which enable users to scale their security needs up or down efficiently.

Dror also teases his upcoming talk at Black Hat, titled “Platformization, Consolidation, and Other Buzzwords Debunked,” promising a comprehensive framework to help organizations evaluate and select the right cybersecurity platforms for their needs.

The episode closes with Sean and Marco expressing their enthusiasm for continuing the conversation at Black Hat and encouraging listeners to connect with Coro’s energetic team. They also invite the audience to stay tuned for more updates and insights from the event.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott | Redefining CyberSecurity with Sean Martin

29 juli 2024 | 38 min

Guest: Allyn Stott, Senior Staff Engineer, meoward.co

On LinkedIn | https://www.linkedin.com/in/whyallyn

On Twitter | https://x.com/whyallyn

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.

Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.

In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.

Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.

The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.

For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.

In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Breaking the Password Barrier: An Expert Guide to Multi-Factor Authentication and the Rise of Passwordless Security | A Conversation with Theodore Heiman | Redefining CyberSecurity with Sean Martin

27 juli 2024 | 38 min

Guest: Theodore Heiman, CEO, CISO Guru

On LinkedIn | https://www.linkedin.com/in/tedheiman

On Twitter | https://x.com/tedrheiman

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Ted Heiman, CEO of the cybersecurity practice CISO Guru, in an insightful conversation about the complexities and evolving landscape of password management and multi-factor authentication (MFA). Sean Martin introduces the session by highlighting the challenges practitioners and leaders face in building security programs that enable organizations to achieve their objectives securely.

The discussion quickly steers towards the main topic - the evolution of passwords, the role of password managers, and the critical implementation of MFA. Ted Heiman shares his extensive experience from over 25 years in the cybersecurity industry, observing that passwords are a relic from a time when networks were isolated and less complex. As organizations have grown and interconnected, the weaknesses of static passwords have become more apparent. Heiman notes a striking statistic: 75 to 80 percent of breaches occur due to compromised static passwords.

The conversation examines the history of passwords, starting as simple, memorable phrases and evolving into complex strings with mandatory special characters, numbers, and capitalization. This complexity, while intended to increase security, often leads users to write down passwords or repeat them across multiple platforms, introducing significant security risks. Solutions like password managers arose to mitigate these issues, but as Heiman highlights, they tend to centralize risk, making a single point of failure an attractive target for attackers.

The discussion shifts to MFA, which Heiman regards as a substantial improvement over static passwords. He illustrates the concept by comparing it to ATM use, which combines something you have (a bank card) and something you know (a PIN). Applying this to cybersecurity, MFA typically involves an additional step, such as an SMS code or biometric verification, significantly reducing the possibility of unauthorized access.

Looking forward, both Heiman and Martin consider the promise of passwordless systems and continuous authentication. These technologies utilize a combination of biometrics and behavioral analysis to constantly verify user identity without the need for repetitive password entries. This approach aligns with the principles of zero-trust architecture, which assumes that no entity, inside or outside the organization, can be inherently trusted. Heiman stresses that transitioning to these advanced authentication methods should be a priority for organizations seeking to enhance their security posture. However, he acknowledges the challenges, especially concerning legacy systems and human behaviors, emphasizing the importance of a phased and managed risk approach.

For listeners involved in cybersecurity, Heiman’s insights provide valuable guidance on navigating the intricate dynamics of password management and embracing more secure, advanced authentication mechanisms.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

A Deep Dive into SquareX | A Short Brand Story from Black Hat USA 2024 | A SquareX Story with Chief Architect Jeswin Mathai | On Location Coverage with Sean Martin and Marco Ciappelli

26 juli 2024 | 23 min

Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event.

Getting Ready for Black Hat 2024

The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.

Introducing Jeswin Mathai and SquareX

Jeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.

The Birth of SquareX

Sean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.

Addressing Security Gaps

Jeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.

Innovative Security Solutions

SquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.

A Scalable and Privacy-Safe Solution

Marco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.

Real-World Use Cases

To illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.

Looking Ahead to Black Hat and DEF CON

The discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions.

Conclusion

In conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/jeswinmathai/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Is Defense Winning? | A Black Hat USA 2024 Conversation with Jason Healey | On Location Coverage with Sean Martin and Marco Ciappelli

26 juli 2024 | 25 min

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia]

On LinkedIn | https://www.linkedin.com/in/jasonhealey/

At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Opening Remarks:

Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey.

Meet the Expert:

Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead.

The Role of Defense in Cybersecurity:

Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference.

Shifting the Balance:

Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes.

Economic Costs and Broader Impacts:

Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities.

Community and Collaboration:

Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session.

Looking Forward:

As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity.

Conclusion:

Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity.

For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Is Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

From Signatures to Behavior: RAD Security's Recognized Innovations for Cloud Threat Detection and Response | A Brand Story Conversation From Black Hat USA 2024 | A RAD Security Story with Brooke Motta

26 juli 2024 | 7 min

In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).

The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.

The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.

Key Points Discussed:

Behavioral Detection vs. Signature-Based Methods:
- Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities.
Enhanced Capabilities for Real-Time Response:
- The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation.
Recognition and Impact:
- RAD Security’s innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position.
Supply Chain Security:
- Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security’s verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability.
Future of Cloud Security:
- As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats.

RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.

For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.

Learn more about RAD Security: https://itspm.ag/radsec-l33tz

Note: This story contains promotional content. Learn more.

Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]

On LinkedIn | https://www.linkedin.com/in/brookemotta/

On Twitter | https://x.com/brookelynz1

Resources

A Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4bi

Open Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kro

Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Achieving Cybersecurity Velocity: The Role of Culture and Leadership for Operational Excellence | A Conversation with Kim Jones | Redefining CyberSecurity with Sean Martin

26 juli 2024 | 43 min

Guest: Kim Jones, Director, Intuit [@Intuit]

On LinkedIn | https://www.linkedin.com/in/kimjones-cism/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin explores the importance of achieving velocity in cybersecurity operations with Kim Jones, a seasoned leader with nearly four decades of experience in intelligence, security, and risk.

Jones, who has served in various roles such as Army Intel Officer, CISO, and most recently, in Performance Acceleration at Intuit, brings a wealth of knowledge to the table. Jones stresses that cultural alignment is crucial for cybersecurity teams to move faster without compromising security. He highlights the importance of leaders setting clear priorities and fostering an environment where team members feel comfortable raising conflicts and collaborating to find solutions. “A good leader is going to push the organization 5 percent beyond what it thinks it can do,” says Jones, emphasizing the necessity of pushing teams beyond their perceived limits while ensuring they work cohesively.

One of the key takeaways from the discussion is Jones' analogy of velocity: “Velocity implies taking that motion in a given appropriate direction,” he explains. For Jones, mere motion is insufficient if it lacks direction. He believes that enterprises must align their resources toward a common goal to achieve true velocity, minimizing internal friction and inefficiencies along the way. Effective leadership, according to Jones, plays a pivotal role in this alignment. He argues that leaders need to create a culture where collaboration and conflict resolution are normalized practices. “Not every leader has to be charismatic, but every leader has to lead and set the tone,” Jones notes, adding that consistent and principled leadership is more impactful than charisma alone. Jones also touches on the real-world repercussions of failing to balance velocity with cultural alignment.

Drawing from his extensive career, he shares that misalignment often leads to burnout and inefficiencies. He underscores the importance of leaders making time for their peers and team members, noting, “Inaction is as reckless as acting without thought.” Jones advises that prioritizing responses and maintaining open communication channels can significantly enhance team effectiveness. For organizations aiming to boost their cybersecurity operations, Jones' insights offer a valuable roadmap. By focusing on cultural alignment, setting clear priorities, and encouraging effective leadership, businesses can achieve the velocity needed to thrive. Jones' approach underscores that achieving velocity isn't about making things move faster in disarray but rather about coordinated and purposeful acceleration toward shared goals.

Top Questions Addressed

How can organizations achieve velocity in their cybersecurity operations?
Why is cultural alignment important for achieving velocity?
What role does effective leadership play in achieving cybersecurity velocity?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Resource: https://www.linkedin.com/posts/kimjones-cism_velocity-simplified-activity-7201763704848175104-sprZ/

Velocity, Simplified (Blog Post): https://www.security2cents.com/post/velocity-simplified

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli

25 juli 2024 | 25 min

Guest: Fred Heiding, Research Fellow, Harvard

On LinkedIn | https://www.linkedin.com/in/fheiding/

On Twitter | https://twitter.com/fredheiding

On Mastodon | https://mastodon.social/@fredheiding

On Instagram | https://www.instagram.com/fheiding/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats.

Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide.

Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations.

A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time.

Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion.

The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share.

Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session):

Fred Heiding | Research Fellow, Harvard

Alex O'Neill | Independet

Lachlan Price | Research Assistant, Harvard

Eric Rosenbach | Senior Lecturer in Public Policy, Harvard

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

A Multilateral Framework for Evaluating National Cybersecurity Strategies: https://www.blackhat.com/us-24/briefings/schedule/#a-multilateral-framework-for-evaluating-national-cybersecurity-strategies-40879

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

24 juli 2024 | 29 min

Sevco Sets a New Standard for Vulnerability Risk Prioritization with the Launch of New Exposure Management Capabilities | 7 Minutes on ITSPmagazine | A Sevco Brand Story with J.J. Guy

24 juli 2024 | 7 min

Last month, Sevco unveiled new capabilities in the Sevco platform to help manage and remediate risks for a new asset class – software vulnerabilities (think CVEs) and environmental vulnerabilities (think missing security tools, EOL systems, and IT hygiene issues). Sevco’s exposure management capabilities centralize known and surface previously unknown vulnerabilities in one place, prioritize the most critical issues across the environment (based on technical severity and nearly unlimited business context derived from Sevco’s asset intelligence), automate the remediation to fix priority issues and validate that remediation efforts are completed. With the help of these new capabilities in the Sevco platform, CISOs gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren't.

Why does this matter: The systems that typically track and report CVEs, don’t report on vulnerabilities in categories such as cloud, identity, system misconfigurations, and more. Those have to be uncovered from data found within different (typically siloed) tools. This visibility issue has caused CISOs to drown in vulnerabilities without the ability to identify the ones that present the highest risk to an organization. With asset intelligence as the foundation, the Sevco platform’s exposure management capabilities help CISOs and security teams solve this challenge by proactively prioritizing, automating, and validating the remediation of all types of exposures, including software and environmental vulnerabilities. Additionally, the Sevco platform validates the successful completion of vulnerability remediation when it’s observed on the asset itself, not just when a ticket is closed. This enables Sevco to highlight actionable metrics that allow CISOs to see what’s working and what’s not working in their remediation programs and break down cross-department silos that can cause visibility issues in the first place.

How does it work: Sevco's approach to vulnerability prioritization differs from existing tools because the Sevco platform integrates with existing security tools to aggregate, correlate, and deduplicate the data in those sources to surface important context and assess the risk and business impact for each asset. With this knowledge, Sevco can automatically detect and proactively alert an organization’s security team to vulnerabilities in their environment, including software vulnerabilities (CVEs), missing or misconfigured security controls (security gaps), and IT hygiene issues (unpatched devices and shadow IT). Additionally, Sevco helps to prioritize the CVEs, missing endpoint agents, and other IT hygiene vulnerabilities so our customers are always working on the highest risk issues first based on their specific business needs. Sevco's remediation management workflow helps to reduce risk dramatically with automation, key integrations that allow for collaboration and visibility across IT and security teams, and validation that remediation happened -- no matter the ticket status. Additionally, Sevco provides reports on remediation metrics that arm CISOs with the knowledge needed to understand the utilization of specific IT and security teams.

Learn more about Sevco: https://itspm.ag/sevco250d8e

Note: This story contains promotional content. Learn more.

Guest: J.J. Guy, CEO and Co-Founder, Sevco

On LinkedIn | https://www.linkedin.com/in/jjguy/

On Twitter | https://x.com/jjguy?lang=en

Resources

State of the Cybersecurity Attack Surface (June 2024 Report): https://itspm.ag/sevco-l9bl

Learn more and catch more stories from Sevco: https://www.itspmagazine.com/directory/sevco

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Revolutionizing Data Privacy and Information Security Compliance: Latest Findings from the ‘State of Information Security’ Report | A ISMS.online Brand Story with Luke Dash

23 juli 2024 | 7 min

2024 AppDome and OWASP Mobile Consumer Cyber Security Survey | A Brand Story Conversation From OWASP AppSec Global Lisbon 2024 | An AppDome Brand Story with Brian Reed and Chris Roeckl | On Location Coverage with Sean Martin and Marco Ciappelli

20 juli 2024 | 23 min

In the latest Brand Story episode, host Sean Martin chats with Brian Reed, Mobile Security Evangelist, and Chris Roeckl, Chief Product Officer at AppDome, during the OWASP Global AppSec event in Lisbon. The episode dives into pivotal aspects of mobile app security and consumer expectations.

Brian Reed articulates how AppDome collaborates with OWASP to tackle mobile app security challenges. He underscores the significant role consumers play in these endeavors. According to AppDome's annual survey, consumer feedback is indispensable, revealing that a staggering 97% of consumers would abandon a brand after an insecure app experience, while 95% would advocate for a brand offering a secure experience. This highlights the stark consequences of neglecting mobile security.

Chris Roeckl elaborates on how AppDome’s annual survey, spanning four years, has amassed data from over 120,000 consumers across 12 countries. This wealth of information provides a clear trend: consumers increasingly prioritize security, particularly in banking, e-wallet, healthcare, and retail apps. Interestingly, while social media is not at the forefront of security concerns, it is rapidly becoming a focus area as users grow more conscious of account security and privacy.

The discussion brings to light how brands can effectively communicate their security protocols to consumers. Reed and Roeckl suggest transparency through dedicated web pages, direct email outreach, and in-app notifications. This communication helps build trust and reassures consumers that their security concerns are being addressed.

The conversation also touches on the integration of security into the development lifecycle. Developers often face the challenge of ensuring robust security without compromising the user experience. Reed mentions the importance of making security processes seamless and non-invasive for developers. By leveraging machine learning and AI, AppDome aims to automate many security tasks, allowing developers to focus on creating innovative, user-friendly applications.

Moreover, Roeckl points out that a holistic approach is essential. This means incorporating input from various teams within an organization - from product leaders focusing on user engagement to engineers ensuring crash-free applications and cybersecurity teams safeguarding data integrity. This collaborative effort ensures that the final product not only meets but exceeds consumer expectations.

The insights shared in the episode are a call to action for businesses to prioritize mobile security. With six billion humans using mobile apps globally, the stakes are higher than ever. Brands must recognize the direct correlation between secure mobile experiences and customer loyalty. By investing in robust security measures and effectively communicating these efforts, businesses can foster a secure and trustworthy environment for their users.

Listeners are encouraged to download the full AppDome report for a deeper understanding of consumer attitudes towards mobile app security. This empathetic report offers valuable insights that can help developers, product managers, and cybersecurity teams align their strategies with consumer expectations, ultimately leading to safer and more secure mobile applications.

Learn more about Appdome: https://itspm.ag/appdome-neuv

Note: This story contains promotional content. Learn more.

Guests:

Brian Reed, SVP AppSec & Mobile Defense, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/briancreed/

Chris Roeckl, Chief Product Officer, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/croeckl/

Resources

Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Building a CISO Office: Mastering Enterprise Risk Management and Aligning Cybersecurity with Business Goals | Part 1 of 3 | A Conversation with Kush Sharma | Redefining CyberSecurity with Sean Martin

20 juli 2024 | 46 min

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)

On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode — Part 1 of 3 Parts — of the Redefining CyberSecurity Podcast on ITSPmagazine, host Sean Martin dives into a comprehensive discussion with Kush Sharma, a distinguished leader with vast experience across Accenture, Deloitte, the City of Toronto, and CP Rail. The conversation explores the intricacies of building a Chief Information Security Officer (CISO) office from the ground up, offering invaluable insights for current and aspiring CISOs.

Kush Sharma emphasizes the multifaceted role of a CISO, particularly the distinct challenges faced when establishing a cybersecurity program in various organizational contexts—government, private sector, and consulting firms. He points out that in governmental environments, the focus is typically on how to benefit citizens or internal staff while operating under tight scrutiny and budget constraints. In contrast, consulting and private sectors prioritize efficiency, quick deployment, and direct benefits to the organization.

A significant part of the discussion centers on enterprise risk management. Sharma highlights the importance of aligning cybersecurity initiatives with organizational objectives. From mergers and acquisitions (M&A) to digital transformations, CISOs must ensure that their strategies mitigate risk while supporting the broader business goals. Kush Sharma advises that during such major projects, security measures need to be integrated from the ground up, focusing on things like role-based access and the segmentation of business processes.

Additionally, the challenges of engaging with governmental bodies are explored in depth. Sharma explains the extensive bureaucratic processes and the need for consensus-building, which often lead to significant delays. Understanding these processes allows for better navigation and more efficient outcomes. Sharma also brings out the importance of understanding and acting upon business processes when integrating cybersecurity measures. For instance, in large-scale ERP implementations, it is crucial to map out detailed roles and ensure that security provisions are applied consistently across all integrated systems. By focusing on the distinct roles within these processes, such as AP clerks or accounting managers, CISOs can develop more granular and effective security measures.

The episode underscores that success in building a CISO office lies in strategic alignment, efficient resource allocation, and thorough understanding of both technical and business processes. For cybersecurity leaders, this conversation with Kush Sharma offers crucial guidance and real-world examples to help navigate their complex roles effectively. Be sure to listen to the episode for a deeper dive into these topics and more. And, stay tuned for Parts 2 and 3 for even more goodness from Sean and Kush.

Top Questions Addressed

What are the complexities of establishing a CISO office from scratch?
How do the requirements and focus differ when establishing a cybersecurity program in governmental versus private sectors?
What is the approach to managing enterprise risk during digital transformations and mergers & acquisitions (M&A)?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Dodging the Ball and ways for CISOs to avoid Liability: Essential Strategies for CISOs | A Black Hat USA 2024 Conversation with Jess Nall | On Location Coverage with Sean Martin and Marco Ciappelli

17 juli 2024 | 22 min

Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie]

On LinkedIn | https://www.linkedin.com/in/jess-nall/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As the countdown to Black Hat 2024 begins, ITSP Magazine’s “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today.

The Dodgeball Analogy: Setting the Stage

The conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges.

Legacy Technology vs. Modern Cybersecurity

Drawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today’s cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually.

ITSP Magazine’s Milestone and Black Hat Connections

This episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication’s mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration.

Introducing Jess Nall: Expertise and Experience

Jess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles.

The Internet’s Troubled History and Its Impact

Marco steers the conversation towards the Internet’s troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes.

The Perfect Storm: AI and Cybersecurity

The discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever.

Regulation and Legislation: A Critical Examination

Marco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively.

Looking Ahead: Black Hat 2024

As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall’s presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles.

Stay Tuned with ITSP Magazine

Sean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Beyond Traditional Pen Testing for Continuous Risk Assessment | A Brand Story Conversation From RSA Conference 2024 | A Hadrian Story with Rogier Fischer | On Location Coverage with Sean Martin and Marco Ciappelli

16 juli 2024 | 27 min

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing.

Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities.

One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments.

Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation.

In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker’s perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape.

Top Questions Addressed

What drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill?
How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments?
How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation?

Learn more about Hadrian: https://itspm.ag/hadrian-5ei

Note: This story contains promotional content. Learn more.

Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity]

On LinkedIn | https://www.linkedin.com/in/rogierfischer/

Resources

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Book | Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success | A Conversation with Authors Tyler Wall and Jarrett Rodrick | Redefining CyberSecurity with Sean Martin

16 juli 2024 | 30 min

Guests:

Tyler Wall, CEO, Cyber NOW Education

On LinkedIn | https://www.linkedin.com/in/tylerewall

On YouTube | https://www.youtube.com/@cybernoweducation

Jarrett Rodrick, Sr. Manager, Threat Management at Omnissa [@WeAreOmnissa]

On LinkedIn | https://www.linkedin.com/in/jarrett-rodrick/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In the latest episode of Redefining CyberSecurity, host Sean Martin converses with Tyler Wall and Jarrett Rodrick, co-authors of "Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success." The discussion dives into the essential aspects of starting and advancing a career as a Security Operations Center (SOC) analyst, shedding light on the realities and opportunities within the cybersecurity landscape.

Tyler Wall, a full-time cybersecurity professional and founder of CyberNow Education, highlights that entering the SOC analyst role doesn't necessarily require a college degree. Wall emphasizes the importance of certifications like Security+ and Network+, combined with real-world IT experience. The discussion points out that many successful SOC analysts have transitioned from desktop support roles or other IT positions, using these pathways to gain relevant experience and knowledge.

Jarrett Rodrick, formerly a SOC lead at VMware and now overseeing multiple security teams at Omnissa, underscores that this field values practical skills and continuous learning. Rodrick's own journey from combat soldier to SOC manager exemplifies the diverse backgrounds from which professionals can emerge. He points out that, during the COVID-19 pandemic, the cybersecurity job market was robust, but now there is fiercer competition with many qualified candidates vying for roles.

Wall and Rodrick discuss the structure of their book, which includes five real-world stories from various SOC analysts. These stories serve to inspire and provide practical insights into the everyday challenges and rewards of the role. The book also covers the technical and non-technical skills necessary for SOC analysts, such as curiosity, the ability to delve into rabbit holes of information, and a thorough understanding of cloud security.

Networking and community involvement are vital for career growth, as highlighted by Wall. He advises aspiring SOC analysts to join groups like DEF CON, 2600, and online communities such as Black Hills Information Security to build connections and gain industry insights. Blogging about one's learning journey and challenges can also attract attention and establish a professional network.

The conversation also touches upon the future of the SOC analyst role, particularly in light of advancements in automation. Rodrick notes that while automation will handle some of the more mundane tasks, it will never completely replace human analysts. These tools are designed to enhance efficiency and allow analysts to focus on more complex and strategic issues. Wall adds that having a background or education in cloud security is increasingly important as more companies migrate to cloud environments.

In summary, the episode provides a comprehensive overview of the SOC analyst career path, highlighting the need for practical skills, continuous learning, and community engagement. Wall and Rodrick's insights and recommendations serve as a valuable guide for anyone looking to enter or advance in this critical cybersecurity role. Their book, "Jump-start Your SOC Analyst Career," is a testament to their commitment to supporting the next generation of SOC analysts and promoting a secure digital world.

Key Questions Addressed

How can one get started as a SOC analyst?
What skills are necessary for a SOC analyst?
How is automation impacting the SOC analyst role?

About the Book

The frontlines of cybersecurity operations include many unfilled jobs and exciting career opportunities.A transition to a security operations center (SOC) analyst position could be the start of a new path for you. Learn to actively analyze threats, protect your enterprise from harm, and kick-start your road to cybersecurity success with this one-of-a-kind book.

Authors Tyler E. Wall and Jarrett W. Rodrick carefully and expertly share real-world insights and practical tips in Jump-start Your SOC Analyst Career. The lessons revealed equip you for interview preparation, tackling day one on the job, and setting long-term development goals.This book highlights personal stories from five SOC professionals at various career levels with keen advice that is immediately applicable to your own journey. The gems of knowledge shared in this book provide you with a notable advantage for entering this dynamic field of work.

The recent surplus in demand for SOC analysts makes Jump-start Your SOC Analyst Career a must-have for aspiring tech professionals and long-time veterans alike. Recent industry developments such as using the cloud and security automation are broken down in concise,understandable ways, to name a few. The rapidly changing world of cybersecurity requires innovation and fresh eyes, and this book is your roadmap to success.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success - 2nd Edition (Book): https://amzn.to/3MRUFbW

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Punch Cards, Steam Engines, 48 Volt Batteries, Platform Engineering, and the AI Revolution: The Ongoing Evolution of Language-Based Software Development | An OWASP AppSec Global Lisbon 2024 Conversation with Oleg Shanyuk | On Location Coverage

10 juli 2024 | 38 min

Guest: Oleg Shanyuk, Platform Security, Delivery Hero [@deliveryherocom]

On LinkedIn | https://www.linkedin.com/in/oleg-shanyuk/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location episode, Sean Martin discusses the complexities of application security (AppSec) and the challenges surrounding the integration of artificial intelligence (AI) with Oleg Shanyuk at the OWASP Global AppSec Global conference in Lisbon. The conversation delves into various aspects of AppSec, DevSecOps, and the broader scope of securing both web and mobile applications, as well as the cloud and container environments that underpin them.

One of the core topics Martin and Shanyuk explore is the pervasive influence of AI across different sectors. AI's application in coding, for instance, can significantly expedite the development process. However, as Sean Martin highlights, AI-generated code may lack the human intuition and contextual understanding crucial for error mitigation. This necessitates deeper and more intricate code reviews by human developers, reinforcing the symbiotic relationship between human expertise and AI efficiency.

Shanyuk shares insightful anecdotes about the history and evolution of programming languages and how AI's rise is reminiscent of past technological shifts. He references the advancement from physical punch cards to assembly languages and human-readable code, drawing parallels to the current AI boom. Shanyuk stresses the importance of learning from past technological evolutions to better understand and leverage AI's full potential in modern development environments.

The conversation also explores the practical applications of AI in fields beyond straightforward coding. Shanyuk discusses the evolution of automotive batteries from 12 volts to 48 volts, paralleling this shift with how AI can optimize various processes in different industries. This evolution demonstrates the potential of technology to drive efficiencies and reduce costs, emphasizing the need for ongoing innovation and adaptation.

Martin further navigates the discussion towards platform engineering, contrasting its benefits of consistency and control with the precision and customization needed for specific tasks. The ongoing debate encapsulates the broader dialogue within the tech community about finding the right balance between standardization and flexibility. Shanyuk's perspective offers valuable insights into how industries can leverage AI and platform engineering principles to achieve both operational efficiency and specialized functionality.

The episode concludes with forward-looking reflections on the future of AI-driven models and their potential to transcend the limitations of human language and traditional coding paradigms. The thoughtful dialogue between Martin and Shanyuk leaves listeners with a deeper appreciation of the challenges and opportunities within the realm of AI and AppSec, encouraging continued exploration and discourse in these rapidly evolving fields.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Bret Victor: https://worrydream.com/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Young Frankenstein (or is it Frankenstream or Frankenscheme?) and the AI Revolution | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

4 juli 2024 | 4 min

From Theory to Process to Practice: Cracking Mobile and IoT Security and Vulnerability Management | An OWASP AppSec Global Lisbon 2024 Conversation with Abraham Aranguren | On Location Coverage with Sean Martin and Marco Ciappelli

28 juni 2024 | 33 min

Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]

On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.

Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.

A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.

Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.

Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.

For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

LeaveHomeSafe Pentest Report: https://7asecurity.com/reports/pentest-report-leavehomesafe.pdf

CoverDrop Pentest Report: https://7asecurity.com/reports/pentest-report-coverdrop.pdf

Why You Need a Pentest: https://www.youtube.com/watch?v=oBVTlKrLw-k

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Book | Cybersecurity Law Fundamentals | Defining 'Reasonable Cybersecurity': A Legal Perspective | A Conversation with Author, Jim Dempsey | Redefining CyberSecurity and Society with Sean Martin and Marco Ciappelli

28 juni 2024 | 47 min

Guest: Jim Dempsey, Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance [@FSIStanford]; Lecturer, UC Berkeley Law School [@BerkeleyLaw]

On LinkedIn | https://www.linkedin.com/in/james-dempsey-8a10a623/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

___________________________

Episode Notes

Join Sean Martin and Marco Ciappelli for a dynamic discussion with Jim Dempsey as they unearth critical insights into the rapidly evolving field of cybersecurity law. Jim Dempsey, who teaches cybersecurity law at UC California Berkeley Law School and serves as Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, shares his extensive knowledge and experience on the subject, providing a wealth of information on the intricacies and developments within this legal domain.

Cybersecurity law is a relatively new but increasingly important area of the legal landscape. As Dempsey pointed out, the field is continually evolving, with significant strides made over the past few years in response to the growing complexity and frequency of cyber threats. One key aspect highlighted was the concept of 'reasonable cybersecurity'—a standard that demands organizations implement adequate security measures, not necessarily perfect ones, to protect against breaches and other cyber incidents. This concept parallels other industries where safety standards are continually refined and enforced.

The conversation also delved into the historical context of cybersecurity law, referencing the Computer Fraud and Abuse Act of 1986, which initially aimed to combat unauthorized access and exploitation of computer systems. Dempsey provided an enlightening historical perspective on how traditional laws have been adapted to the digital age, emphasizing the role of common law and the evolution of legal principles to meet the challenges posed by technology.

One of the pivotal points of discussion was the shift in liability for cybersecurity failures. The Biden administration's National Cybersecurity Strategy of 2023 marks a significant departure from previous policies by advocating for holding software developers accountable for the security of their products, rather than placing the entire burden on end-users. This approach aims to incentivize higher standards of software development and greater accountability within the industry.

The discussion also touched on the importance of corporate governance in cybersecurity. With new regulations from bodies like the Securities and Exchange Commission (SEC), companies are now required to disclose material cybersecurity incidents, thus emphasizing the need for collaboration between cybersecurity teams and legal departments to navigate these requirements effectively.

Overall, the episode underscored the multifaceted nature of cybersecurity law, implicating not just legal frameworks but also technological standards, corporate policies, and international relations. Dempsey's insights elucidated how cybersecurity law is becoming ever more integral to various aspects of society and governance, marking its transition from a peripheral concern to a central pillar in protecting digital infrastructure and information integrity. This ongoing evolution makes it clear that cybersecurity law will continue to be a critical area of focus for legal professionals, policymakers, and businesses alike.

Top Questions Addressed

What is the importance of defining 'reasonable cybersecurity,' and how is this standard evolving?
How has the shift in legal liability for cybersecurity incidents, particularly under the Biden administration, impacted the software industry?
In what ways are historical legal principles, like those from the Computer Fraud and Abuse Act, being adapted to meet modern cybersecurity challenges?

About the Book

First published in 2021, Cybersecurity Law Fundamentals has been completely revised and updated.

U.S. cybersecurity law is rapidly changing. Since 2021, there have been major Supreme Court decisions interpreting the federal computer crime law and deeply affecting the principles of standing in data breach cases. The Securities and Exchange Commission has adopted new rules for publicly traded companies on cyber incident disclosure. The Federal Trade Commission revised its cybersecurity rules under the Gramm-Leach-Bliley Act and set out new expectations for all businesses collecting personal information. Sector-by-sector, federal regulators have issued binding cybersecurity rules for critical infrastructure, while a majority of states have adopted their own laws requiring reasonable cybersecurity controls. Executive orders have set in motion new requirements for federal contractors.

All these changes and many more are addressed in the second edition of Cybersecurity Law Fundamentals, published April, 2024. The second edition is co-authored by John P. Carlin, partner at Paul Weiss and former long-time senior official of the U.S. Justice Department, where he was one of the architects of current U.S. cybersecurity policy.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Cybersecurity Law Fundamentals (Book): https://cybersecuritylawfundamentals.com/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Is Your App Security Culture Leaving Out the Basics? | A Brand Story Conversation From OWASP AppSec Global Lisbon 2024 | A Phoenix Security Story with Francesco Cipollone | On Location Coverage with Sean Martin and Marco Ciappelli

28 juni 2024 | 18 min

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.

The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.

The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.

A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.

Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.

The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.

Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v

Note: This story contains promotional content. Learn more.

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

Resources

Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Prioritizing Cyber Resilience for your Business | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A LevelBlue Brand Story with Theresa Lanowitz

27 juni 2024 | 7 min

We are in the era of dynamic computing – and while that gives way to innovation, it also escalates the risks every business faces. Computing no longer occurs solely within the perimeter, and cybersecurity threats are increasingly more sophisticated. In fact, organizations today operate in a climate where entire systems can be taken offline in just a few short hours – and leaders need to be prepared for recovery from an interruption to the networks, systems, or data that underpin their business. With the advent and proliferation of new technologies, there is more pressure than ever to secure organizations’ computing. Ultimately, the evolution of computing has forced businesses into a paradox of innovation and risk. They must balance technology with security and business resilience, which requires a new way of thinking.

Conduct a thorough assessment of risk areas to understand the barriers across your IT estate.
Assess your organization’s dynamic computing initiatives and design security measures from the outset of implementation to ensure compliance and mitigate future risks.
Allocate resources strategically to align cybersecurity initiatives with business objectives across silos.
Forge partnerships with external collaborators to augment your organization’s security expertise.
Regularly adapt your approach to meet the demands of an evolving computing landscape and expanding attack surface.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Winning Buy-In: Mastering the Art of Communicating (the Value of) Security (Culture) to Management | An OWASP AppSec Global Lisbon 2024 Conversation with Ida Hameete | On Location Coverage with Sean Martin and Marco Ciappelli

27 juni 2024 | 23 min

Guest:

Ida Hameete, Application Security Consultant, Zenrosi

On LinkedIn | https://www.linkedin.com/in/idahameete/

____________________________

Host:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

Join Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.

Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.

Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.

The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.

Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.

Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.

Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

Ida's Session: https://owaspglobalappseclisbon2024.sched.com/event/1VdB4/winning-buy-in-mastering-the-art-of-communicating-security-to-management

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Cybersecurity as a Profit Center: Transforming Risk into Opportunity | A Conversation with Robert Fernandes | Redefining CyberSecurity with Sean Martin

24 juni 2024 | 32 min

Guest: Robert Fernandes, Chief Information Security Officer, The Investment Center, Inc.

On LinkedIn | https://www.linkedin.com/in/robert-fernandes-cybersecurity/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a compelling conversation with Robert Fernandes, CISO at the Investment Center, a financial service provider based in New Jersey. Together, they delve into the concept of viewing cybersecurity not merely as a cost center but as a profit center. This innovative perspective is fundamentally altering how businesses approach their cybersecurity investments.

Sean Martin opens the discussion by addressing the evolving landscape of cybersecurity. He highlights how traditional views of cybersecurity — such as those held for an insurance policy — are outdated. Robert Fernandes agrees and emphasizes that times have changed; there's a growing need for businesses to leverage their cybersecurity posture as a competitive advantage. He advocates for the proactive use of a robust cybersecurity program to attract clients and secure trust, much like other marketing strategies.

Drawing parallels from various industries, Fernandes notes that grocery stores and restaurants don't just sell food; they sell safe and high-quality food experiences. Similarly, automobile manufacturers sell not just vehicles but also safety and comfort. In the same vein, cybersecurity should be seen as an integral part of the product, enhancing its value and appeal to customers. For Fernandes, this shift in thinking can transform a company's cybersecurity program from a necessary expense into a key marketing asset.

Fernandes also discusses the importance of breaking down silos within organizations. Effective communication between different departments, such as marketing, operations, and cybersecurity, can lead to a more cohesive strategy where cybersecurity is embedded in the company's culture and operations. This integration can significantly enhance the company's security posture, making it a selling point rather than an afterthought.

One particularly intriguing point Fernandes makes is the role of education in shifting perceptions about cybersecurity. He stresses the need to inform and educate stakeholders - from end-users to executives - about the importance of cybersecurity. By moving past buzzwords and misconceptions, businesses can better understand and articulate the value of their cybersecurity measures to clients and partners. Martin and Fernandes also touch on the role of cyber insurance in conveying trust. A robust cyber insurance policy can serve as a testament to the company's strong security posture, further building client confidence.

Ultimately, the conversation underscores that by rethinking cybersecurity - from product design to marketing and beyond - businesses can realize substantial benefits. This episode is a must-listen for business leaders looking to turn their cybersecurity efforts into a profitable and strategic advantage.

Top Questions Addressed

How can businesses transform cybersecurity from a cost center to a profit center?
What are the benefits of breaking down organizational silos in cybersecurity strategy?
How does educating stakeholders affect the perception and effectiveness of cybersecurity?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Post: https://www.linkedin.com/pulse/cybersecurity-profit-center-transforming-risk-robert-fernandes-uskwe

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Demystifying Microsegmentation | 7 Minutes on ITSPmagazine | A Zero Networks Brand Story with Benny Lakunishok

21 juni 2024 | 7 min

Earlier this year, the NSA released updated zero-trust guidance in which microsegmentation is listed as a daunting, advanced endeavor, only suitable to the most mature organizations. Zero Networks is committed to challenging this sentiment. While some may hesitate, thinking microsegmentation is beyond their reach, we urge organizations to reconsider. Waiting is not an option when it comes to securing your network against evolving threats. By prioritizing microsegmentation, you're taking a proactive stance against unauthorized lateral movement, thwarting advanced attacks, and effectively blocking ransomware. Zero Networks has helped organizations of all sizes, maturity, and complexity levels to deploy our radically simple microsegmentation solution in a click, without breaking anything, and with little to no effort.

As ransomware attacks double, microsegmentation has been hailed by Gartner, Forrester, the NSA, and leading security trade media outlets, as the most promising solution for halting lateral movement and satisfying zero trust guidelines. You can’t have a zero trust architecture without microsegmentation – but you also need to implement a solution quickly, without breaking anything, and without extensive costs and complexities. Zero Networks offers exactly this solution. Zero Networks' microsegmentation solution locks down lateral movement, effectively stranding hackers and preventing them from spreading ransomware. For an added layer of security, we apply MFA authentication to the network layer, allowing organizations to protect assets that could not be easily protected by MFA before: legacy applications, databases, OT/IoT devices, mainframes, on-prem VMs, and IaaS VMs. Our just-in-time MFA also applies an additional layer of security to privileged remote admin protocols like RDP, SSH, and WinRM – commonly exploited by attackers. This also supports organizations with compliance needs. “Never trust, always verify” comes automatically with Zero Networks.

Zero Networks' microsegmentation solution provides agentless, automated, and multi-factor authentication (MFA) powered architecture. By monitoring and learning all network connections over a 30-day period, Zero Networks creates precise firewall rules that are centrally applied to all assets. This agentless architecture ensures that every asset, whether on-premises or in the cloud, including OT/IoT devices, is segmented without disrupting normal operations. One of the key challenges with traditional microsegmentation solutions is their complexity and associated costs. Forrester highlights the difficulty in quantifying the business benefits of microsegmentation due to its indirect impact on productivity and user experience. A global independent investment bank, Evercore, was undergoing the major challenge of effectively responding to an incident when a workstation was compromised, and a threat actor was able to gain access to their network to move laterally. They had firewalls, whitelists, blacklists and other measures that could slow them down but nothing that could immediately shut them down. Chris Turek, CIO of Evercore, said “Zero Networks is creating a new sphere of security capabilities.

See the platform for yourself - reach out to us at zeronetworks.com for a demo.

Learn more about Zero Networks: https://itspm.ag/zeronet-al2d2

Note: This story contains promotional content. Learn more.

Guest: Benny Lakunishok, Co-Founder and CEO, Zero Networks [@ZeroNetworks]

On LinkedIn | https://www.linkedin.com/in/bennyl/

On Twitter | https://x.com/lakunishok

Resources

Learn more and catch more stories from Zero Networks: www.itspmagazine.com/directory/zero-networks

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

AI Development: Can Ethics Keep Up with Innovation? | A Conversation with Aric Perminter, Pam Kamath, Darrell Hawkins, and Taiye Lambo | Redefining CyberSecurity with Sean Martin

21 juni 2024 | 66 min

Guests:

Taiye Lambo, Founder of Holistic Information Security Practitioner Institute (HISPI), Founder and Chief Technology Officer of CloudeAssurance, Inc.

On LinkedIn | https://www.linkedin.com/in/taiyelambo/

Pam Kamath, Founder, Adaptive.AI

On LinkedIn | https://www.linkedin.com/in/pamkamath/

Aric Perminter, CEO, Lynx Technology Partners, LLC.

On LinkedIn | https://www.linkedin.com/in/aricperminter/

Darrel Hawkins, Cyber Chief Technology Officer, Otis Elevator Co.

On LinkedIn | https://www.linkedin.com/in/darrellhawkinscissp/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

The latest episode of Redefining CyberSecurity Podcast brought together a distinguished panel of experts to delve into the intricacies of artificial intelligence, its benefits, and its risks. Hosted by Sean Martin, the panel included Aric Perminter, Founder and Chairman of Lynx Technology Partners; Pam Kamath, Founder of Adaptive AI; Darrell Hawkins, an IT industry veteran with extensive experience in cybersecurity; and Taiye Lambo, who established the Holistic Information Security Practitioner Institute in Atlanta, Georgia. One of the primary topics discussed was the pervasive influence of AI in various industries, particularly the dichotomy between generative AI and traditional AI.

Pam Kamath highlighted the overlooked capabilities of traditional AI in fields like healthcare, which already show significant advancements in areas such as radiology. This underscores the point that while generative AI, epitomized by models like ChatGPT, garners much of the public's attention, traditional AI applications continue to evolve and solve complex problems efficiently.

Darrell Hawkins brought a commercial perspective into the discourse, emphasizing the balancing act between leveraging AI for profitability versus ensuring societal safety. The key takeaway was that AI's role in enhancing productivity and creating new opportunities is undeniable, yet it is imperative to remain vigilant about its societal implications, such as privacy concerns and job displacement.

Taiye Lambo shared insights from his experience with AI's practical applications in cyber operations. He underscored the diversity of AI's utility, from improving threat intelligence to automating secure responses, demonstrating its potential to transform cybersecurity protocols dramatically. Lambo also provided a thought-provoking view on privacy, suggesting that with the integration of AI into daily operations, the traditional concept of privacy might inevitably evolve or even diminish.

Aric Perminter, focusing on sales and operational efficiencies, shared his insights on how AI-driven analytics can profoundly impact sales strategies, enhancing proposal effectiveness and positioning high-value services. This reflects AI’s broader potential to revolutionize internal business processes, making organizations nimbler and more data-driven. A common thread throughout the discussion was the emphasis on learning from past technological advances, like the adoption of cloud services, to guide AI implementation.

Sean Martin and the panelists agreed that clear use cases and identified outcomes remain critical to leveraging AI effectively while managing risks thoughtfully. In doing so, organizations can harness AI's strengths without repeating past mistakes. Ultimately, the episode revealed that the journey with AI entails navigating both opportunities and risks. By focusing on practical applications and maintaining a vigilant eye on ethical and societal concerns, businesses and individuals can find a balanced approach to integrating AI into their ecosystems. This nuanced conversation serves as a valuable guide for anyone looking to understand and leverage the power of AI in a meaningful and responsible way.

Top Questions Addressed

Why do we need a special view on AI compared to data and applications?
How is AI being integrated into various industries and what are the implications?
What are the risks and opportunities associated with AI adoption?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Beyond the hype: Capturing the potential of AI and gen AI in tech, media, and telecom: https://www.mckinsey.com/~/media/mckinsey/industries/technology%20media%20and%20telecommunications/high%20tech/our%20insights/beyond%20the%20hype%20capturing%20the%20potential%20of%20ai%20and%20gen%20ai%20in%20tmt/beyond-the-hype-capturing-the-potential-of-ai-and-gen-ai-in-tmt.pdf

AI Summit Roundtable Topics Summary: https://watech.wa.gov/sites/default/files/2024-04/AI%20Summit%20roundtable%20summaries.pdf

Washington State IT Industry Forum & AI Summit: https://watech.wa.gov/washington-state-it-industry-forum-ai-summit

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Hurricanes, Hacktivists, & HPCs: Building Resilience for the Compute Era | A Conversation With Dr. Melanie Garson and Sean Martin | Redefining Society with Marco Ciappelli

19 juni 2024 | 37 min

Guests: ✨

Dr. Melanie Garson, Cyber Policy & Tech Geopolitics Lead, Tony Blair Institute for Global Change [@InstituteGC]

On LinkedIn | https://www.linkedin.com/in/melaniegarson/

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
_____________________________

This Episode’s Sponsors

BlackCloak 👉 https://itspm.ag/itspbcweb

Bugcrowd 👉 https://itspm.ag/itspbgcweb

_____________________________

Episode Introduction

In an era where technology is the backbone of society, resilience in the face of cyber threats, natural disasters, and geopolitical strife is paramount. This was the focal point of the discussion between Sean Martin, Marco Ciappelli, and Dr. Melanie Garson in their recent conversation on "Hurricanes, Hacktivists, & HPCs: Building Resilience for the Compute Era."

Dr. Melanie Garson, the Cyber and Tech Geopolitics Lead at the Tony Blair Institute for Global Change and Associate Professor at University College London, brings a wealth of expertise to the topic. Her work revolves around understanding how new and disruptive technologies like cyber warfare, brain-computer interfaces, and genetic engineering affect global stability. This episode delves into her insights on the evolving landscape of cyber resilience and the steps needed to brace for future challenges.

The conversation begins with an exploration of how legacy infrastructure poses a significant risk to our digital and physical security. Dr. Garson emphasizes the importance of addressing these foundational elements, noting examples like the 2006 earthquake in Taiwan, which disrupted 22 communication cables. She warns of the potential catastrophes linked to outdated infrastructure and underscores the need for modernization and robust protection against not just cyberattacks but physical disruptions as well.

The geopolitical aspect of technology is another critical element discussed. Dr. Garson highlights the role of private companies like Microsoft and Amazon in global conflicts, noting the effects seen during the Russia-Ukraine conflict where cloud services played a pivotal role in preserving data. This involvement signals a shift in how we understand power dynamics and control over critical technologies and raises questions about the responsibilities and decision-making processes of these tech giants. Furthermore, the discussion covers the intersection of emergency situations and technological dependencies.

Using real-world instances like the hurricane in West Africa that knocked out major cables, Marco Ciappelli and Sean Martin emphasize how such events lead to significant economic impacts, illustrating how interconnected and vulnerable our systems are. Dr. Garson also touches upon the evolving nature of warfare, especially with the advent of electromagnetic spectrum manipulation and the reliance on GPS technologies. She notes the increasing use of electromagnetic interference for strategic advantage, a trend seen in ongoing global conflicts. The idea of compute diplomacy—ensuring countries have the sustainable computational power needed to remain competitive and secure—resonates strongly throughout their dialogue.

The conversation wrapped with a powerful call to action: the need for both public and private sectors to address vulnerabilities throughout the entire tech stack, not just the application layer. This holistic approach is essential to safeguarding our digital infrastructure against a multitude of threats.

In conclusion, building resilience in the compute era requires a multi-faceted approach that integrates robust cyber defense, modernized infrastructure, and a keen understanding of the geopolitical landscape. The insights shared by Dr. Melanie Garson underscore the importance of proactive measures and collaborative efforts in securing our interconnected world. This episode serves as a crucial reminder that as technology advances, so must our strategies to protect against emerging threats.

Top Questions Addressed

What are the biggest threats to our current digital infrastructure and how can we address them?
How do geopolitical dynamics and private tech companies influence global cyber resilience?
What role does emerging technology play in modern warfare and how should we prepare for it?

_____________________________

Resources

Hurricanes, Hacktivists & HPCs: Building Resilience for the Compute Era (Session): https://www.ukcyberweek.co.uk/uk-cyber-week-2024-agenda/hurricanes-hacktivists-hpcs-building-resilience-for-the-compute-era

The State of Access to Compute Index 2023: https://www.institute.global/insights/tech-and-digitalisation/state-of-compute-access-how-to-bridge-the-new-digital-divide

UK Cyber Week Expo & Conference: https://www.ukcyberweek.co.uk/

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web | An OWASP AppSec Global Lisbon 2024 Conversation with Soheil Khodayari | On Location Coverage with Sean Martin and Marco Ciappelli

19 juni 2024 | 17 min

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]

On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/

On Twitter | https://x.com/Soheil__K

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.

They dive into Soheil’s background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.

The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.

As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.

The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.

Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.

Top Questions Addressed

What are request forgery attacks and how have they evolved over time?
How do modern browsers and applications handle security against these attacks?
What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VdAy/in-the-same-site-we-trust-navigating-the-landscape-of-client-side-request-hijacking-on-the-web

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

It's Just Software, What Could Possibly Go Wrong? Exploring Deterministic GenAI and AI Trust Cards | An OWASP AppSec Global Lisbon 2024 Conversation with Isabel Praça, Dinis Cruz, and Rob van der Veer | On Location Coverage

19 juni 2024 | 34 min

Guests:

Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do Porto

On LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icp

Dinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]

On LinkedIn | https://www.linkedin.com/in/diniscruz/

On Twitter | https://twitter.com/DinisCruz

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruz

Rob van der Veer, Senior director at Software Improvement Group [@sig_eu]

On Linkedin | https://www.linkedin.com/in/robvanderveer/

On Twitter | https://twitter.com/robvanderveer

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/rob_van_der_veer.1tkia1sy

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin embarks on a solo adventure to discuss the upcoming OWASP AppSec Global conference in Lisbon. He is joined by three distinguished guests: Isabel Praça, a professor and AI researcher; Dinis Cruz, an AppSec professional and startup founder; and Rob van der Veer, a software improvement consultant and AI standards pioneer.

The episode kicks off with introductions and a light-hearted comment about Sean’s co-host, Marco Ciappelli, who is more of a psychology enthusiast while Sean delves into the technical aspects. Sean expresses his enthusiasm for the OWASP organization and its impactful projects, programs, and people.

Each guest contributes unique insights into their work and their upcoming presentations at the conference. Isabel Praça, from the Polytechnic of Porto, shares her journey in AI and cybersecurity, emphasizing her collaboration with the European Union Agency for Cybersecurity (ENISA) on AI security and cybersecurity skills frameworks. She underscores the importance of interdisciplinary expertise in AI and cybersecurity and discusses her concept of "trust cards" for AI, which aim to provide a comprehensive evaluation of AI models beyond traditional metrics.

Dinis Cruz, a longstanding member of OWASP with extensive experience in AppSec, brings attention to the challenges and opportunities presented by AI in scaling application security. He discusses the importance of a deterministic approach to AI outputs and provenance, advocating for a blend of traditional AppSec practices with new AI-driven capabilities to better understand and secure applications.

Rob van der Veer, founder of the OpenCRE team and a veteran in AI, elaborates on the integration of multiple security standards and the essential need for collaboration between software engineers and data scientists. He shares his perspective on AI’s role in security, highlighting the pitfalls and biases associated with AI models and the necessity of applying established security principles to AI development.

Throughout the episode, the conversation touches on the complexities of trust, the evolving landscape of AI and cybersecurity, and the imperative for ongoing collaboration and education among professionals in both fields. Sean wraps up the episode with a call to action for data scientists and AppSec professionals to join the conference, either in person or through recordings, to foster a deeper understanding and collective advancement in AI-enabled application security.

Listeners are encouraged to attend the OWASP AppSec Global conference in Lisbon, where they can expect not only insightful sessions but also vibrant discussions and networking opportunities in a picturesque setting.

Key Questions Addressed

What roles and expertise are needed to effectively address AI and cybersecurity challenges?
How does AI bring new dimensions to application security and what traditional methods remain relevant?
Why is it important for data scientists and cybersecurity professionals to collaborate?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Trust Cards for AI (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaD/trust-cards-for-ai

Deterministic GenAI Outputs with Provenance (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaO/deterministic-genai-outputs-with-provenance

AI is just software, what could possibly go wrong? (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaI/ai-is-just-software-what-could-possibly-go-wrong

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Deepfakes, Publicity Rights, and the ELVIS Act: The Intersection of Intellectual Property, AI, and Your Likeness | A Conversation with JC Heinbockel | Redefining CyberSecurity with Sean Martin

18 juni 2024 | 40 min

Guest: JC Heinbockel, Associate, Seyfarth Shaw LLP

On LinkedIn | https://www.linkedin.com/in/j-c-heinbockel-6563996a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode of Redefining CyberSecurity, Sean Martin delves into an intriguing conversation with JC Heinbockel, an intellectual property lawyer specializing in brand protection. The episode primarily focused on the intersection of the ELVIS Act and rights of publicity in the age of AI.

The discussion kicked off with JC Heinbockel providing a primer on intellectual property and the rights of publicity. He explained that while intellectual property encompasses discrete categories such as copyrights, patents, and trademarks, the right of publicity is more nuanced and often intertwined with personal privacy rights. Essentially, the right of publicity allows individuals to exploit their likenesses for commercial purposes or prevent others from doing so without permission. Heinbockel emphasized that the right of publicity is particularly relevant to celebrities and public figures whose likenesses hold significant market value. However, with the advent of generative AI and deepfake technology, protecting one's likeness has become more complicated.

The new ELVIS Act in Tennessee is designed to address these challenges by extending the right of publicity to include voices and by explicitly targeting the misuse of likenesses through deepfake technology. The episode also touched on various instances where deepfake technology has already led to unauthorized use of celebrity likenesses. JC Heinbockel cited examples like deepfake ads featuring Clint Eastwood and Tom Hanks, highlighting the legal and ethical complications these technologies introduce.

The Elvis Act serves as a legislative response to these advancements, aiming to protect individuals' likenesses from unauthorized commercial exploitation. For business leaders and security professionals, the conversation underscored the imperative need to develop robust AI policies, especially within marketing and advertising departments. Heinbockel urged organizations to carefully navigate the use of AI in creating content, as both the input and output of AI-generated material need to be scrutinized for compliance with existing laws and ethical standards. Moreover, the potential pitfalls of using generative AI extend beyond marketing to areas such as customer support and even internal operations.

Heinbockel warned of the risks associated with using AI platforms that might inadvertently disclose confidential information or generate legally dubious content. He emphasized the necessity of setting strict guidelines and having comprehensive policies in place to mitigate these risks.

The episode concluded with a call to action for companies to be proactive in understanding the implications of using AI and to plan accordingly. By doing so, they can better navigate the complex legal landscape surrounding intellectual property and publicity rights in the digital age. This timely discussion with JC Heinbockel highlights not just the challenges but also the opportunities for businesses to adapt and thrive in this evolving technological environment.

Top Questions Addressed

What are the rights of publicity, and how do they relate to intellectual property laws?
How does the ELVIS Act in Tennessee address the challenges posed by deepfake technology?
What should businesses be aware of when using AI to ensure they are compliant with legal and ethical standards?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The Gadgets, Gigabytes, & Goodwill Blog: https://www.gadgetsgigabytesandgoodwill.com/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

The Focus on Community and Empathy-Driven Culture Behind BlackCloak's Success in Attracting Passionate Professionals | A BlackCloak Brand Story with Chris Pierson, Matt Covington, and Ryan Black

17 juni 2024 | 38 min

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company’s dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.

The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak’s unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.

Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.

Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.

The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.

Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guests:

Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Ryan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]

On LinkedIn | https://www.linkedin.com/in/ryancblack/

Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]

On LinkedIn | https://www.linkedin.com/in/mecovington/

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

BlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5z

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Practical Privacy by Design - Building Secure Applications that Respect Privacy | An OWASP AppSec Global Lisbon 2024 Conversation with Kim Wuyts and Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

14 juni 2024 | 32 min

Guests:

Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]

On LinkedIn | https://www.linkedin.com/in/kwuyts/

On Twitter | https://twitter.com/Wuytski

On Mastodon | https://mastodon.social/@kimw

Avi Douglen, CEO / Board of Directors, Bounce Security & OWASP

On LinkedIn | https://www.linkedin.com/in/avidouglen/

On Twitter | https://twitter.com/sec_tigger

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.

Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.

Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.

Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.

Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.

The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Training: https://lisbon.globalappsec.org/trainings/#sku_PPBD

Threat modeling manifesto: https://www.threatmodelingmanifesto.org/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Application Security: Standards, UI, Identity, Access, Cryptography, Process, and More | An OWASP AppSec Global Lisbon 2024 Conversation with Jim Manico | On Location Coverage with Sean Martin and Marco Ciappelli

14 juni 2024 | 32 min

Guest: Jim Manico, Founder and Secure Coding Educator, Manicode Security

On LinkedIn | https://www.linkedin.com/in/jmanico/

On Twitter | https://x.com/manicode

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin engages in a compelling discussion with Jim Manico about the current landscape of application security. Jim, a notable leader in the field, delves into several critical topics surrounding application security and its evolving challenges.

The conversation opens by touching on the significant influence of artificial intelligence (AI) on application security, suggesting a future episode dedicated entirely to exploring this complex topic. They then shift focus to the necessity of having a formalized approach when dealing with security vulnerabilities. Jim underscores the importance of planning and preparation before tackling security threats, emphasizing that structured processes lead to more effective management of potential issues.

A significant portion of the dialogue explores the challenges associated with identifying and managing vulnerable or outdated libraries within codebases. Jim and Sean discuss how modern development practices often lead to the incorporation of various libraries, each of which can introduce potential security risks if not properly maintained. The intricacies of keeping these libraries updated to prevent vulnerabilities are highlighted, including the frequent necessity of updating or replacing libraries to ensure robust security.

Jim also touches upon the noise generated by automated security findings, which can overwhelm development teams with alerts and potential issues. He stresses the value of effectively prioritizing and addressing these findings to ensure that the most critical vulnerabilities are tackled promptly, reducing the risk of exploitation.

Throughout the episode, Jim and Sean highlight the balance that must be struck between developing new features and maintaining a secure, resilient application environment. Ensuring that security is integrated into the development lifecycle rather than being an afterthought is a recurring theme in their discussion.

This engaging episode provides listeners with a deep dive into the strategic and tactical aspects of application security, offering valuable insights and practical advice on navigating the often complex and ever-evolving security landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Training: https://lisbon.globalappsec.org/trainings/#sku_ASTJM

OWASP ASVS: https://github.com/OWASP/ASVS/tree/master/5.0/en

OWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Decoding Human-Centered Cybersecurity with Security Attitudes | A Conversation with Julie Haney and Dr. Cori Faklaris | Redefining CyberSecurity with Sean Martin

13 juni 2024 | 49 min

Guests:

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

Dr. Cori Faklaris, Assistant Professor, University of North Carolina at Charlotte [@unccharlotte], Director, Security and Privacy Experiences (SPEX) research group [@SPEX_lab]

On LinkedIn | https://www.linkedin.com/in/corifaklaris/

On Twitter | https://twitter.com/heycori

On Mastodon | https://hci.social/@Heycori

On Facebook | https://www.facebook.com/heycori

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney welcomed Dr. Cori Faklaris, an assistant professor at the University of North Carolina, Charlotte, to discuss the intricate relationship between human-centered research and cybersecurity. Dr. Faklaris, who leads the Security and Privacy Experience Research Group at the university, shared valuable insights on the intersection of human behavior and security practices.

The episode delved into Dr. Faklaris' extensive research on security attitudes and behaviors. She introduced the Security Attitudes (SA) scales, particularly the SA-6 and SA-13, which are tools designed to measure people's security attitudes. These scales provide a reliable and valid means to gauge individuals' perspectives on cybersecurity, which can be critical for organizations looking to enhance their security training programs. By regularly measuring security attitudes before and after training, organizations can assess the effectiveness of their initiatives and identify areas for improvement. Dr. Faklaris emphasized the importance of considering not just attitudes but also social norms and perceived behavioral control when examining security behaviors.

A significant portion of the discussion centered around the challenges posed by smishing—phishing attacks conducted via SMS. Dr. Faklaris highlighted that younger people and college students are particularly vulnerable to such attacks. Her research indicates that demographic factors can influence susceptibility to smishing, underscoring the need for targeted awareness campaigns and tailored security measures.

The episode also touched on the broader implications of trust and usability in communication systems, with Dr. Faklaris stressing the importance of clear and trustworthy communication channels to prevent user fatigue and mistrust. In addition to her academic endeavors, Dr. Faklaris is spearheading a new cybersecurity clinic at UNC Charlotte. This initiative aims to support local organizations, particularly small businesses and non-profits, by providing them with valuable cybersecurity guidance and services free of charge. The clinic, which will involve student teams working on real-world problems, seeks to bridge the gap between academic research and practical application while fostering community engagement and providing hands-on experience to students.

The episode serves as a treasure trove of insights for security leaders and practitioners, offering practical advice on enhancing security training and awareness programs. By leveraging research-backed methods and fostering community partnerships, organizations can better navigate the complex human factors that influence cybersecurity practices. Dr. Faklaris' work serves as a powerful reminder of the critical role human-centered approaches play in building robust and effective security frameworks.

Top Questions Addressed

How can you measure security attitudes?
What is smishing and why are younger people more vulnerable to it?
How can organizations utilize human-centered research to enhance their security training programs?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

The Present and Future of Cybersecurity Culture | An Infosecurity Europe 2024 Conversation with Aston Martin's CISO Robin Smith | On Location Coverage with Sean Martin and Marco Ciappelli

11 juni 2024 | 27 min

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]

On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.

The Icebreaker

The conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin’s cybersecurity culture.

Life at Aston Martin

Robin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin’s values and brand prestige.

Building a Cybersecurity Culture

Robin describes how he introduced a comprehensive security program that aligns with Aston Martin’s renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.

Lessons Learned

The conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.

The Vision for the Future

Robin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.

Impact on Customers and Community

Marco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.

Community and Collaboration

Sean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.

Wrapping Up

As the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.

Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Exploring Cyber Insurance Nuances Across Europe | An Infosecurity Europe 2024 Conversation with Marcin Gajkowski and Michal Balwinski from Generali Poland | On Location Coverage with Sean Martin and Marco Ciappelli

11 juni 2024 | 25 min

Guests:

Marcin Gajkowski, Head of Liability Underwriting Team, Generali Poland

On LinkedIn | https://www.linkedin.com/in/marcin-gajkowski-4a6685134/

Michal Balwinski, Senior Underwriter and Cyber Practice Leader, Generali Poland

On LinkedIn | https://www.linkedin.com/in/micha%C5%82-balwi%C5%84ski-136105197/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Exploring Cyber Insurance Nuances Across Europe with Generali Poland at InfoSecurity Europe 2024

Picture this: bustling conversations, gleaming booths, and thought-provoking sessions at InfoSecurity Europe 2024, held in the vibrant city of London. Amidst this atmosphere, Sean Martin and Marco Ciappelli of "On Location With Marco and Sean" invite listeners into a fascinating discussion focusing on the intricacies of cyber insurance within Europe. Joined by two brilliant minds from Generali Poland, Marcin Gajkowsky and Michal Balwinski, this episode immerses us into understanding cyber insurance and its varied landscape across the continent.

Setting the Scene: InfoSecurity Europe 2024

The episode kicks off with Marco and Sean's characteristically witty banter. They joked about their numerous travels and questioned their whereabouts, reflecting the lively and spontaneous spirit of live recording. They also introduce their esteemed guests, Marcin Gajkowsky and Michal Balwinski, from Generali Poland. The discussion's setting is none other than the renowned InfoSecurity Europe event, where cybersecurity professionals gather to forge connections and share innovative security solutions.

Understanding Cyber Insurance: Perspectives from Generali Poland

Marcin Gajkowsky, leading Generali Poland's Liability Team, opens up about his journey into cyber insurance. Despite his initial background in casualty and professional indemnity underwriting, Gajkowsky has grown passionate about the potential and challenges of cyber insurance, especially within Poland. With the deployment of their local cyber insurance policy in 2021, Generali Poland has committed to navigating and shaping this emerging market.

Michal Balwinski, a senior underwriter and cyber insurance practice leader at Generali Poland, delves further into the policies and market dynamics. He highlights the significant knowledge gap in Central and Eastern Europe, a relic of historical and geopolitical contexts. This awareness gap necessitates steps for thorough market education and awareness building, ensuring businesses understand and value the importance of cyber insurance.

Market Dynamics: Diversity Across Europe

Balwinski emphasizes the differing levels of cyber risk awareness across Europe. The UK, Western Europe, and the Mediterranean regions each present unique insurance needs and challenges based on their levels of digital sophistication and historical development. Poland's market reveals a stark contrast with larger enterprises adopting sophisticated vendor technologies akin to global banks, while smaller and mid-sized companies lag behind, often unaware of the essential benefits and protections cyber insurance provides.

Adapting to the Market: Educational and Technological Partnerships

Reflecting on the unique role of cyber insurance, the Generali Poland team outlines their approach to nurturing client relationships. They provide comprehensive risk assessments, engaging conversations, and tailored recommendations. True to their philosophy, Generali Poland extends beyond the role of mere policy provider, establishing themselves as committed partners in their clients' cybersecurity journeys.

One pivotal shift in insurance strategy involved offering additional prevention tools alongside policies, such as an anti-phishing package equipped with cutting-edge security kits. The goal is to bridge the evident gap in cyber preparedness among smaller enterprises, ensuring they have robust mitigation measures in place before a policy comes into effect.

Resilience and Ransomware: To Pay or Not to Pay?

A highlight of the discussion revolves around ransomware and the ethical and practical dilemmas associated with ransom payments. Marcin and Michal elucidate Generali Poland's firm stance against paying ransoms, except in extraordinary circumstances where lives are at stake. They stress that paying ransoms perpetuates the cycle of cybercrime funding and escalation. Instead, their approach focuses on bolstering clients' overall cyber resilience through comprehensive support, including 24/7 incident response services, business interruption coverage, and holistic risk management.

Conclusion: Building a Borderless Cyber-Aware Future

As the insightful conversation wraps up, Marco and Sean underscore the importance of cross-cultural exchange and the collective effort required to bolster cybersecurity awareness. They highlight the universal nature of cyber threats, transcending borders and demanding collaborative action.

This captivating episode serves as a testament to the power of open dialogue and education in fostering a more secure digital landscape. As we move forward, the lessons from Generali Poland's proactive approach to cyber insurance will undoubtedly resonate across the industry, setting a precedent for future advancements in the field.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Reducing Risk and Costs in a Rapidly Changing Cyber Insurance Landscape with Phishing-Resistant MFA: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.218914.reducing-risk-and-costs-in-a-rapidly-changing-cyber-insurance-landscape-with-phishing_resistant-mfa.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Jump Into Our DeLorean and Travel Back and Forth Into the Future | An Infosecurity Europe 2024 Conversation with Madelein van der Hout and Paul McKay from Forrester | On Location Coverage with Sean Martin and Marco Ciappelli

10 juni 2024 | 31 min

Guests:

Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/

On Twitter | https://x.com/HoutMadelein

Paul McKay, Vice President, Research Director at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Human Side of Cybersecurity

Infosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.

Reimagining Cybersecurity: Back to the Future

The episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.

The Reality of Cybersecurity Innovation

Madeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.

Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.

API Security: A Case for Consolidation

Both Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.

The Human Element and Mental Health

One of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."

Training and Educating Future Talent

The conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.

Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.

Cybersecurity's Future: More Than Just a Business Problem

Madeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.

Data-Driven Decision Making: The Key to Security's Evolution

Sean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.

Conclusion: A Call for Innovation and Humanity

The episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.

As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Building Resilience in Healthcare Cybersecurity Following the Recent NHS Third-Party Ransomware Incident | Expert Insights from InfoSecurity Europe 2024 | On Location Coverage with Sean Martin and Marco Ciappelli

7 juni 2024 | 18 min

Guests:

Brian Honan, Founder, BH Consulting
On LinkedIn: https://www.linkedin.com/in/brianhonan/
On X: https://x.com/BrianHonan

Suk Paul, Director - EMEA Services GTM, Kudelski Security
On LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/

Heather Lowrie, Chief Information Security Officer (CISO), The University of Manchester
On LinkedIn: https://www.linkedin.com/in/heather-lowrie/
On X: https://x.com/HeatherELowrie

Tim Grieveson, Senior Vice President - Global Cyber Risk Advisor, Bitsight
On LinkedIn: https://www.linkedin.com/in/timgrieveson/
On X: https://x.com/timgrieveson

Daniel Lattimer, Area Vice President - EMEA West, Semperis
On LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

WATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQ

In recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security.

One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals.

This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks.

The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture.

To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care.

Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards.

Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after an attack.

During the discussion, a repeated point was the inevitability of cyber incidents and the need for preparation and response. Tim Grieveson stressed the necessity of identifying critical assets and vulnerabilities, communicating risks to the board, and developing a clear response plan. He pointed out that it is not just about the technical aspects but also about storytelling and helping the organization understand the real-world implications of cyber risks.

The significance of cross-sector collaboration was also highlighted. Heather Lowrie noted that cyber threats are a societal challenge, not limited to individual organizations or sectors. Therefore, collective preparation and response are crucial for building resilience against cyber threats. She called for more exercises within and across sectors to prepare teams for real-world events.

Lastly, the episode discussed the ethical dilemma of paying ransoms. Brian Honan strongly advocated against paying the ransom, citing the lack of guarantee that systems would be restored securely and the need to rebuild trust in affected devices. Instead, the focus should be on robust preparation and managing supply chain security. In conclusion, this episode underscored the pervasive threat of cyber-attacks on critical infrastructure and the multifaceted approach needed to tackle these challenges.

From enhancing third-party risk management to legislative support, cross-sector collaboration, and ethical considerations, the conversation provides a comprehensive overview of the current state of cybersecurity in the healthcare sector. It highlights the urgent need for continuous improvement and resilience to protect not only systems but ultimately, patients' lives.

Top Questions Addressed

How can the impact of the ransomware attack on the NHS best be described?
How can organizations better manage third-party supply chain risk in cybersecurity?
What are the ethical considerations and implications of paying ransom in cyberattacks?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Directly From The CORO Security Modular Booth: Expansion Into The European Market | A Brand Story Conversation From InfoSecurity Europe 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

7 juni 2024 | 21 min

Here we are, once again from the bustling show floor at Infosecurity Europe 2024 in London, situated at the Excel Centre. Sean Martin of ITSP Magazine is your host, and he's joined by Dror Liwer, co-founder of CORO Security. Both are excited to dive deep into how CORO is expanding its focus into the European market.

Day Three: Nonstop Conversations and Presentations

From the get-go, Dror shares his enthusiasm about being part of this prestigious event for the first time. With a primary presence in the U.S., CORO is now aggressively moving into EMEA, starting right here in London. This move is in response to increasing demand from small to medium-sized enterprises (SMEs) in Europe who need robust cybersecurity solutions.

Addressing the Security Needs of SMEs

Sean recalls the comprehensive capabilities of CORO discussed in previous episodes. CORO provides multiple layers of security tailored to an organization’s specific needs, such as regulatory requirements, budget, and staffing capabilities. Sean encourages everyone to revisit those insightful seven-minute chats from RSA Conference to get an in-depth view.

Dror emphasizes that CORO is unique in targeting the mid-market from the ground up, unlike other companies that retrofit enterprise solutions to fit smaller businesses. With a focus on simplicity and powerful protection, CORO ensures that its solutions are manageable even for lean IT teams.

Navigating the Complexities of Europe

One of the significant discussions revolves around the differences between the U.S. and European markets. While Sean and Dror acknowledge the similar types of cyber threats faced globally, operational nuances like data residency and privacy regulations differ widely across Europe. CORO has established a data center in Germany to comply with local data residency requirements, ensuring that email and file inspections stay within the EU boundaries.

Real-World Applications and Challenges

Sean drives the conversation into the specific challenges CORO has faced and the different attack scenarios in Europe compared to the U.S. Dror mentions that while SME awareness of being targets has been prevalent in the U.S. for a while, European SMEs are just beginning to realize the same. As a result, CORO is educating this market about the imminent threats and how to efficiently protect against them without becoming overwhelmed.

The Importance of Affordability

Dror and Sean discuss the financial challenges faced by SMEs, such as difficult decisions on whether to invest in cybersecurity or other critical needs like educational resources. Dror emphasizes that CORO has priced its suite of security solutions to remove this barrier, making comprehensive coverage affordable for even the smallest enterprises.

Team and Technology: The Backbone of CORO

The conversation takes a moment to appreciate CORO’s dedicated team. Sean praises the high energy and mutual support visible at CORO’s booth. Dror points out that customer reviews often highlight how easy it is to work with CORO—a testimony to the company’s dedication to protecting overlooked small and mid-sized businesses.

The Future of SME Cybersecurity

CORO aims to remove the guesswork ("threat roulette”) for SMEs by providing an all-encompassing platform that is accessible and easy to manage. This approach ensures that small businesses can protect themselves comprehensively without the need to prioritize between different threat vectors due to budget constraints.

CORO’s Mission

As the conversation winds down, Dror reiterates CORO's mission to protect SMEs globally and make cybersecurity as effortless as possible. Sean encourages attendees of Infosecurity Europe to visit CORO's dynamic and innovative booth, and for those who cannot make it, to check out CORO online. For more information, visit CORO's website at Coro.net

Thanks to everyone for joining us. Expect more exciting updates from CORO, possibly next time from Las Vegas!

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Meet Phoenix Security | A Brand Story Conversation From Infosecurity Europe 2024 | A Phoenix Security Story with Francesco Cipollone | On Location Coverage with Sean Martin and Marco Ciappelli

6 juni 2024 | 21 min

In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company’s journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.

Setting the Stage

The bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security’s origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.

Phoenix Security’s Journey and Vision

Cipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.

Innovative Solutions for Modern Cybersecurity Challenges

Phoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.

Success Stories and Client Feedback

Cipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.

Expanding Reach Through Strategic Partnerships

Highlighting the importance of collaboration, Cipollone mentions Phoenix Security’s recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.

Conclusion

The conversation concludes with insights into future security trends and Phoenix Security’s commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.

We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.

Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v

Note: This story contains promotional content. Learn more.

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

Resources

Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Randomly Rambling About Random Things, Including the Randomness of Randomware (Ransomware) | An Infosecurity Europe 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

5 juni 2024 | 14 min

In this recap episode, Sean Martin and Marco Ciappelli think back on their experience thus far during their time at InfoSecurity in London. The conversation touches on several key areas including physical versus digital security, the allocation of budgets for cybersecurity measures, and broader societal implications of technology. Let's break down the significant points discussed by these industry professionals.

Sean Martin, starting the discussion, emphasizes the innovative ways the city of London integrates physical security with digital tools. He observes hidden security features, such as street lamps converted into cameras, showcasing a blend of centuries-old infrastructure with modern technology. This seamless integration represents a significant investment aimed at enhancing urban security while maintaining the city's historical aesthetic.

The discussion soon transitions into the critical topic of cybersecurity budgeting. Marco Ciappelli points out the complexities organizations face when deciding where and how much to invest in cybersecurity. John Davies’ keynote panel discussion he had with Sean and Marco on ransomware raised many ethical questions. Should one pay a ransom when lives are at stake? This sparks a nuanced debate among the participants.

Sean Martin recaps some sobering conversations about the NHS breach, which highlights the real-world consequences of insufficient cybersecurity investments. He ponders whether current spending is enough and asks how organizations can effectively allocate resources to mitigate risks. Another significant part of the conversation revolves around the societal impact of technology. Brian Honan's insights underscore the dual nature of technology as a tool that can be used for both good and bad purposes. This dichotomy is a recurrent theme that questions the ethical implications of technological advances in our society.

While cybersecurity aims to protect, there are those who exploit it for nefarious purposes. Throughout the episode, both hosts reflect on the global perspectives of these issues. They note a cultural contrast in how different countries perceive and react to cybersecurity threats.

The conversation also highlights the growing importance of cybersecurity awareness and collaboration on an international scale to effectively address these global challenges.

Concluding their dialogue, Martin and Ciappelli muse on the future of the industry. The dialogue serves not just as a recap of the information shared at the conference, but as a call to action for organizations to reassess their cybersecurity strategies. As Sean Martin aptly puts it, the industry must continually evolve to ensure that the investments in cybersecurity bring about the intended protective outcomes, thus safeguarding both data and lives in this interconnected world.

WATCH THE VIDEO: https://youtu.be/ccKG5KUdEII

____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Be sure to follow our Coverage Journey and subscribe to our podcasts!

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Maximising Your Budget Effectively in Turbulent Times – An SME Focus | An Infosecurity Europe 2024 Conversation with Don Gibson and Emma Philpott | On Location Coverage with Sean Martin and Marco Ciappelli

5 juni 2024 | 31 min

Guests:

Don Gibson, CISO, Kinly

On LinkedIn | https://www.linkedin.com/in/don-gibson-cyber/

Emma Philpott, CEO, IASME Consortium

On LinkedIn | https://www.linkedin.com/in/emphilpott/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli explore the intricacies of cybersecurity budget management and expenditure prioritization at the Infosecurity Europe event in London. The conversation kicks off with Sean and Marco discussing the challenges of balancing a minimalist approach with the need for robust security programs. The discussion swiftly transitions into budgeting strategies where the hosts are joined by guests Emma Philpott, CEO of IASME, and Don Gibson, Chief Information Security Officer (CISO) of Kinley. Emma provides insights into her role at IASME, highlighting their work on the Cyber Essentials program aimed at ensuring basic technical security controls. Don shares his experiences at Kinley, dealing with audiovisual technologies and their importance in security. The dialogue explores the difficulties organizations face, particularly around budget constraints, legacy technology, and the need for consistent investment in security measures.

A significant portion of the episode is dedicated to the challenges faced by various-sized companies, from micro-businesses to large corporations, in implementing effective cybersecurity measures. Emma stresses the importance of making security accessible to smaller entities and the efforts IASME is making to provide free guidance and support. Don emphasizes the importance of clear communication and leadership at the board level to properly budget for cybersecurity, balance between technology, and staff investment, and avoid the pitfalls of over-reliance on either.

The conversation also touches on the role of community and support networks within the cybersecurity realm. Both Don and Emma highlight the value of having trusted groups where professionals can share experiences, seek advice, and offer mental health support. They underscore how such communities foster a culture of openness and mutual assistance, which is crucial in an industry often grappling with high-pressure incidents and rapid technological changes.

The episode wraps up with a discussion on the dynamics of cybersecurity as a competitive advantage and the evolving nature of security leadership. Emma and Don explain how achieving certifications like Cyber Essentials can provide business benefits beyond compliance, such as improved insurance outcomes and differentiation in the marketplace. Don challenges CISOs to think creatively about how cybersecurity can become a revenue-generating aspect of the business, reinforcing the need for innovative and dynamic leadership in the field.

Tune in to learn more about budgeting, community support, and forward-thinking leadership in cybersecurity from the vibrant InfoSecurity Europe event.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Maximising Your Budget Effectively in Turbulent Times – An SME Focus: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219365.maximising-your-budget-effectively-in-turbulent-times-%E2%80%93-an-sme-focus.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

AI's Role in Cybersecurity and Society | An Infosecurity Europe 2024 Conversation with Ian Hill | On Location Coverage with Sean Martin and Marco Ciappelli

5 juni 2024 | 32 min

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]

On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At Infosecurity Europe 2024, conversations were electric, diving deep into the intersection of AI and cybersecurity and its profound impact on society. Industry experts Marco Ciappelli, Sean Martin, and Ian Hill explored these pivotal changes, offering sharp insights into the digital revolution.

A Casual Start

The event kicked off light-heartedly with Marco Ciappelli and Sean Martin, setting a relaxed, talk-show-like atmosphere. Despite minor technical hiccups, this informal start paved the way for an engaging discussion.

“We’re messing with physical technology and digital technology,” remarked Sean Martin, perfectly capturing the complex interplay between human users and their increasingly advanced tools.

From Keynotes to Key Concerns

Ian Hill shared his journey from Director of Information and Cybersecurity at UP Corporation, now part of Virgin Media O2, to his current advisory role. He emphasized the freedom and reduced stress of stepping back from frontline cybersecurity.

Hill’s keynote at the event centered on AI’s implications for the future of work and society, countering the exaggerated narratives often associated with AI.

The Mislabeling Issue: AI vs. Automation

Marco Ciappelli voiced a common frustration: the overuse of “AI” to describe mere automation. Hill stressed the need to differentiate true AI from sophisticated automation systems that lack adaptive learning capabilities.

“We need to distinguish between what is automation and what is AI. There’s a lot of automation going on at the moment,” Hill noted.

Western Society’s Dependency

Hill warned of AI’s subtle yet significant impact on Western societies, likening it to the industrial and agricultural revolutions but with a more profound effect due to AI’s ability to replace cognitive tasks.

“AI is different because AI is actually replacing our thinking, our creativity,” Hill cautioned, highlighting the potential for job displacement and challenges to human creativity and learning.

The Drive for Profit

A recurring theme was the economic drivers behind AI advancements. Hill critiqued the relentless pursuit of profit and efficiency, which risks lowering the quality of services and products in favor of mass production.

“The nature with all these technological developments, the primary driver is profit and money,” Hill asserted, reflecting on the commercialization of AI.

The AI Arms Race in Cybersecurity

Hill and Martin discussed the escalating AI-driven war between cybersecurity defenses and attacks. They emphasized the need for rapid, machine-learning-based responses to evolving cyber threats, as traditional human-led security operations struggle to keep up.

“You need machine learning, lightning-fast machine learning, to predict and react to events before the human even knows about it,” Hill stated, hinting at a future where automated systems dominate the cyber battlefield.

The Trust Dilemma

The conversation turned philosophical as the speakers pondered the reliability of AI-generated content and the impact of deep fakes and misinformation. Hill addressed the issue of AI “hallucinations”—erroneous outputs—and the dangers of blindly trusting AI.

“We’re losing a sort of grip on reality… because it’s becoming harder to distinguish between what’s real and what isn’t real,” Hill commented, expressing concerns about a future rife with misinformation.

Concluding Thoughts

Infosecurity Europe 2024 highlighted AI’s dual nature: its potential to revolutionize industries like healthcare and cybersecurity contrasted with its capacity to disrupt societal norms and personal authenticity.

As Hill succinctly put it, “Those that own the AI, you know, OpenAI and all their sponsors, and what influence could be exerted on AI, political or otherwise, to bias… dangerous.”

The dialogue underscored the need for evolving our understanding and ethical governance of AI to ensure these powerful tools enhance rather than undermine our societal fabric.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Latest Insights in Cybersecurity Resilience and The Ongoing Battle Against DDoS Attacks | A Brand Story Conversation From Infosecurity Europe 2024 | An Akamai Story with Richard Meeus | On Location Coverage with Sean Martin and Marco Ciappelli

4 juni 2024 | 25 min

Welcome to a brand-new episode of On Location with Sean Martin and Marco Ciappelli at Infosecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks.

The High Energy at Infosecurity Europe 2024

Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at Infosecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead.

The Importance of Resilience

In recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems.

The Rise in DDoS Attacks

Transitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact.

The Role of Akamai in Protecting Against DDoS

Richard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (PoPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands.

Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems.

Evolution of DDoS Attacks

Sean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks.

The Financial Sector: A Prime Target

The financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence.

Comprehensive Protection Strategy

Richard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats.

In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable services to their customers.

For more in-depth insights, be sure to check out Akamai's latest report and explore their extensive back catalog of valuable cybersecurity resources

Learn more about Akamai: https://itspm.ag/akamaievki

Note: This story contains promotional content. Learn more.

Guest: Richard Meeus, Director, Security Technology and Strategy, Akamai [@Akamai]

On LinkedIn | https://www.linkedin.com/in/richard-meeus/

Resources

Fighting the Heat: EMEA’s Rising DDoS Threats: https://itspm.ag/akamaievki

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Protecting The Overlooked: SMBs and Mid Market Organizations | 7 Minutes on ITSPmagazine | A Coro Story with Dror Liwer

3 juni 2024 | 7 min

SMBs and Mid Market companies make up 63% of the GDP, and over 70% of employment - making them the backbone of the economy. The entire cybersecurity industry is focused on the enterprise market, paying lip service to the SMB SME segments, leaving them vulnerable to cyber attacks. Coro decided to change the status quo and built a platform that was designed from day one for the overlooked SMB and SME segments - because we believe they deserve the best protection there is so they can focus on growing their businesses, and not cyber threats.

There were three barriers to SMBs getting adequate protection: The need for multiple tools to get end to end protection, the extreme labor intensiveness of managing these platforms, and the overall cost. What Coro did was create a platform that removes all three barriers. 1) It's a single platform with one dashboard and one endpoint agent that covered all of the cybersecurity needs. 2) The platform uses smart automation to offload workloads from people to machines, dramatically reducing the need to chase and remediate security events manually, and 3) Provide all of that for a price point that any SMB could easily afford.

Visit the Coro website and schedule a call with our Cyber Experts to see how we can help.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

2024 SME Security Workload Impact Report -- https://www.coro.net/sme-security-workload-impact-report

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Value of Criminology Within Cybersecurity | A Conversation with Mandy Turner and Nyalok Gatwech | Redefining CyberSecurity with Sean Martin

31 maj 2024 | 35 min

Guests:

Mandy Turner, Senior Manager - Heading up Cybersecurity Operations

On LinkedIn | https://www.linkedin.com/in/amandajane1/

Nyalok Gatwech, Data and Engagement Assistant, The University of Queensland

On LinkedIn | https://www.linkedin.com/in/nyalok/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, the conversation explored the intersection of criminology and cybersecurity with insights from Mandy Turner and Nyalok Gatwech. The discussion emphasized the significance of incorporating criminological principles into cybersecurity practices to better understand and combat cyber threats.

Mandy Turner elaborated on the practical applications of criminology within cybersecurity. She provided examples of how profiling cybercriminals based on criminological research can aid in predicting and preventing cyberattacks. Turner's insights underscored the value of empirical data in shaping cybersecurity strategies and policies.

Nyalok Gatwech shared her perspective on the evolving nature of cyber threats. Gatwech emphasized that as cyber threats become more sophisticated, the integration of criminology into cybersecurity becomes increasingly crucial. She pointed out that understanding the socio-economic factors that drive individuals to engage in cybercrime can help develop more targeted and effective interventions.

Together, the guests painted a comprehensive picture of how criminology can enrich the field of cybersecurity. They argued that by studying the patterns and underlying causes of cybercriminal behavior, professionals can develop more robust defensive mechanisms.

There is a consensus amongst the group on the need for ongoing research and collaboration between criminologists and cybersecurity professionals to stay ahead of emerging threats. It is evident that a multifaceted approach, integrating both criminological and cybersecurity expertise, is essential for addressing the dynamic landscape of cyber threats effectively.

Top Questions Addressed

What is the significance of criminology in cybersecurity?
How can profiling cybercriminals aid in predicting and preventing cyberattacks?
What socio-economic factors drive individuals to engage in cybercrime?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

empressbat Magazine: https://www.empressbat.com/magazine

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

The Evolution of the CISO in Digital Enterprise | An Infosecurity Europe 2024 Conversation with Mun Valiji | On Location Coverage with Sean Martin and Marco Ciappelli

31 maj 2024 | 26 min

Guest: Mun Valiji, CISO, Trainline

On LinkedIn | https://www.linkedin.com/in/munawar-v-b636802/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this engaging episode of the "On Location with Sean and Marco Podcast," Sean Martin flies solo to dive into the upcoming Infosecurity London event, focusing on a series of critical topics in the cybersecurity landscape. While Marco is notably absent, Sean hosts an insightful conversation with Mun Valiji, the outgoing CISO at Trainline.

The episode opens with Sean introducing the main topics of the discussion, which include the evolution of the Chief Information Security Officer (CISO) role, as well as the current state and future of Managed Security Service Providers (MSSPs). Mun contributes a detailed overview of his role at Trainline, highlighting his extensive experience spanning over 20 years and emphasizing the importance of blending human and technical elements in cybersecurity.

Sean and Mun discuss the main objective of Mun’s keynote session, "The Evolution of the CISO and the Digital Enterprise," scheduled for Thursday, June 6th. Mun passionately describes the challenges CISOs face today, including regulatory requirements, commercial agility, and the necessity of embedding security by design. He underscores the evolving responsibilities CISOs hold, particularly in fostering a security-conscious culture within fast-paced, high-growth organizations.

The conversation then transitions to the MSSP landscape, where Mun highlights the hybrid model's role in modern security strategies. Scheduled for Tuesday, June 4th, Mun’s panel session on MSSP competitiveness explores how organizations can effectively leverage MSSPs to handle routine security tasks, allowing internal teams to focus on strategic aspects such as secure-by-design principles.

Mun stresses the importance of community and collaboration, shedding light on how peer-to-peer and cross-industry interactions enhance security practices. He also touches on the impact of advanced technologies like AI and natural language processing in shaping future security frameworks. Listeners are encouraged to join Mun and other industry leaders at InfoSecurity London, where they will share deeper insights and practical strategies. The episode wraps up with Sean expressing enthusiasm for the event and looking forward to further discussions and engagements.

This episode compellingly explores strategic innovations and practical challenges in cybersecurity, making it a must-listen for professionals eager to stay ahead in the ever-evolving digital security landscape.

Top Questions Addressed

How can organizations leverage MSSPs to stay competitive in an evolving cybersecurity landscape?
What role does community and collaboration play in addressing the evolving challenges in cybersecurity?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

The Evolution of the CISO in Digital Enterprise: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219371.the-evolution-of-the-ciso-in-digital-enterprise.html

Staying Competitive as an MSSPs In an Evolving Cybersecurity Landscape: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219851.staying-competitive-as-an-mssps-in-an-evolving-cybersecurity-landscape.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Ransomware - Time to Decide - Will You or Won't You Pay? | An Infosecurity Europe 2024 Conversation with Jon Davies | On Location Coverage with Sean Martin and Marco Ciappelli

29 maj 2024 | 27 min

Guest: Jon Davies, Senior Director - Cyber Defence, News Corp

On LinkedIn | https://www.linkedin.com/in/drjondavies/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this engaging episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli dive into the imminent Infosecurity Europe event with special guest Jon Davies, a Senior Director at NewsCorp. The conversation opens with Sean and Marco expressing their excitement about the event, especially focusing on Jon Davies' upcoming panel discussion on the controversial topic of ransomware payments.

Jon highlights the diverse perspectives that will be represented on his panel, including law enforcement, insurance sectors, and end consumers. This diversity aims to illuminate the complex landscape of ransomware and the regulations surrounding it. Jon explains how recent guidance from UK government bodies is prompting debate about whether ransomware payments should be made illegal, and the implications this could have on businesses and society at large.

The dialogue shifts towards the impact of ransomware on different sectors, particularly critical infrastructure and healthcare. Sean raises the ethical dilemma of whether companies responsible for essential services should pay ransoms to ensure continuity and safety, also touching on the broader societal implications and fiduciary responsibilities of publicly traded companies.

Jon shares an interesting anecdote about a unique ransomware tabletop activity where he collaborated with hostage negotiators to better understand how to navigate ransomware demands. This leads to an intriguing discussion about the human element in cyber negotiations and the potential benefits of leveraging negotiation tactics traditionally used in hostage situations.

Marco and Sean further explore the necessity of having a strategic response plan in place for ransomware attacks, emphasizing the stark contrast between the resources available to large corporations versus small businesses. Jon underscores the importance of having a playbook and a coordinated effort to report and manage cyber incidents effectively.

The conversation also touches on the role of insurance policies in cyber warfare, potential regulatory changes, and the need for a collective effort to combat ransomware. Jon argues for a balanced approach that includes technological investment, regulatory measures, and smart strategic planning.

As the episode wraps up, Sean and Marco express their eagerness to attend the panel and encourage listeners to stay tuned for further coverage of Infosecurity Europe. This episode offers a comprehensive look at the multifaceted issue of ransomware, providing valuable insights for businesses of all sizes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

What Interviewing for a CISO Role Can Tell Us About the State of Cyber in Business | A Conversation with Phil Beyer | Redefining CyberSecurity with Sean Martin

29 maj 2024 | 52 min

Guest: Phil Beyer, Owner, Getting Security Done, Inc.

On LinkedIn | https://www.linkedin.com/in/pjbeyer/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Phil Beyer, former Head of Security at Etsy, to dive into the nuanced dynamics of interviewing for Chief Information Security Officer (CISO) roles. The discussion provides a multifaceted exploration of the CISO job market from both the employer and candidate perspectives, highlighting the evolving expectations and realities facing security leaders today.

Sean and Phil engage in a candid conversation about the state of the cybersecurity job market, emphasizing the shift towards an employer's market for CISO positions. This shift has intensified the challenges faced by candidates, including navigating interviews that may reveal deeper insights into an organization's cybersecurity program and its alignment (or lack thereof) with the candidate's vision and expertise.

Phil shares his experience and observations from his recent job searches, noting the complexities inherent in the process and the importance of aligning personal values and professional goals with potential roles. The episode touches on the importance of assessing the culture of potential employers and the critical role of the interviewing process in gauging fit on both sides.

A significant theme of the discussion is the need for transparency and clear communication between candidates and employers, particularly regarding the current state and desired direction of the cybersecurity program. Sean and Phil highlight how the expectations set during the interview process can significantly impact the ultimate success of the chosen CISO in driving the cybersecurity strategy forward.

Additionally, the episode addresses the broader implications of these hiring dynamics on the cybersecurity industry and the importance of fostering a community where shared experiences and strategies can lead to more effective leadership and program development.

Listeners will gain insights into the strategic considerations necessary for both CISO candidates and hiring organizations in today's complex cybersecurity landscape, as well as the leadership and relationship-building skills crucial for success in these influential roles.

Top Questions Addressed

How does the shift towards an employer's market impact CISO job candidates?
What are the current challenges and complexities in the cybersecurity job market?
How can candidates and organizations improve transparency and communication during the hiring process?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Rites of Passage by John Lucht (Book): https://a.co/d/3CmMMHa

2024 CISO Survey by Hitch Partners (Report): https://www.hitchpartners.com/ciso-security-leadership-survey-results-24

State of the CISO 2024 Report by IANS Research and Artico Search (Report): https://www.iansresearch.com/resources/infosec-content-downloads/research-reports/2023-2024-state-of-the-ciso-benchmark-report

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

The Art of Security Education: Security 101 Training Essentials | A Conversation with Sarah Young | Redefining CyberSecurity with Sean Martin

28 maj 2024 | 37 min

Guest: Sarah Young, Senior Cloud Security Advocate, Microsoft [@Microsoft]

On LinkedIn | https://www.linkedin.com/in/sarahyo16/

On Twitter | https://twitter.com/_sarahyo

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast hosted by Sean Martin, the focus was on "Security 101 training with Sarah Young." The discussion explored the foundational aspects of security training led by Sarah Young, an esteemed security educator with years of experience in the field.

Throughout the episode, Sarah Young shared her insights on the importance of establishing a strong security training program within organizations. As a seasoned professional in the realm of cybersecurity education, Sarah emphasized the critical role of continuous learning and development in building a resilient security posture.

Listeners are treated to a thought-provoking dialogue that highlighted the significance of equipping employees with the necessary knowledge and skills to combat evolving cyber threats effectively. Sarah's expertise in crafting comprehensive training modules tailored to various organizational needs was evident, showcasing her dedication to empowering individuals with the tools to safeguard sensitive information.

Moreover, the episode shed light on the practical strategies and approaches that Sarah employs to make security training engaging and impactful. From interactive workshops to scenario-based simulations, Sarah's innovative methods ensure that participants not only grasp fundamental security concepts but also cultivate a security-conscious mindset in their day-to-day operations.

This episode encapsulated the essence of effective security training and serves as a reminder of the pivotal role that dedicated professionals like Sarah Young play in shaping a resilient cybersecurity culture.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Crisis Management – Responding to the Unimaginable | An Infosecurity Europe 2024 Conversation with Stuart Seymour | On Location Coverage with Sean Martin and Marco Ciappelli

27 maj 2024 | 29 min

Guest: Stuart Seymour, Group CISO and Chief Security Officer, Virgin Media O2

On LinkedIn | https://www.linkedin.com/in/stuart-seymour-a4b7522/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco, Sean Martin hosts a captivating discussion with Stuart Seymour, the Director of Security at Virgin Media 02. The episode dives into the realm of crisis management, unpacking the complexities and challenges faced by organizations in responding to unforeseen events.

Stuart Seymour shares insights into the significance of crisis management, emphasizing the need for robust planning and coordination across different functions within an organization. He dives into the essence of crises as events that significantly impact business operations and require unified strategies for effective management.

The conversation touches on the concept of resilience, highlighting the broader spectrum that encompasses business resilience, operational resilience, IT resilience, and cyber resilience. Stuart stresses the importance of viewing cybersecurity within the context of overall business resilience and the interplay between various facets of an organization.

The episode also explores the dynamics of crisis escalation, detailing the role of crisis committees in navigating challenging situations. Stuart emphasizes the principle of "prudent overreaction" in crisis management, advocating for proactive measures and coordinated responses to mitigate risks effectively.

Furthermore, the episode touches on the diversity of perspectives in crisis management, as showcased by the upcoming panel discussion featuring stakeholders from varied industries. The panel aims to provide a comprehensive understanding of crisis scenarios and valuable insights for the audience.

Overall, this episode offers a deep dive into the intricacies of crisis management, emphasizing the necessity of proactive planning, collaboration, and adaptability in navigating unforeseen challenges. The engaging dialogue between Sean Martin and Stuart Seymour sheds light on the critical role of resilience in building and sustaining organizational preparedness in the face of crises.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

MFA, 2FA, and Passwordless Authentication — Rising to the Next Level of Protection | An Infosecurity Europe 2024 Conversation with Parul Khedwal | On Location Coverage with Sean Martin and Marco Ciappelli

24 maj 2024 | 21 min

Where are We Going and What are You Doing? Navigating Europe's Evolving Threat Ecosystem While Wading through AI Overload | An Infosecurity Europe 2024 Conversation with Topé Olufon and Madelein van der Hout | On Location Coverage

23 maj 2024 | 28 min

Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin

23 maj 2024 | 42 min

Guests:

Omkhar Arasaratnam, General Manager, OpenSSF [@openssf]

On LinkedIn | https://www.linkedin.com/in/omkhar/

Adrianne Marcum, Technical Project Manager, OpenSSF [@openssf]

On LinkedIn | https://www.linkedin.com/in/adriannefranscinimarcum

Arun Gupta, VP/GM Open Ecosystem at Intel, Governing Board Chair, OpenSSF [@openssf]

On LinkedIn | https://www.linkedin.com/in/arunpgupta/

On Twitter | https://twitter.com/arungupta

Christopher Robinson, Chairperson of the Technical Advisory Council, OpenSSF [@openssf]

On LinkedIn | https://www.linkedin.com/in/darthcrob/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In a comprehensive exploration of software supply chain security within the open-source arena, the latest episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, convenes notable figures from the Open Source Security Foundation (OpenSSF).

This discussion unveils the critical mission of OpenSSF, led by Omkhar Arasaratnam, the General Manager, emphasizing the foundation's endeavor to bolster security across open source software utilized in over 90% of commercial applications. Adrianne Marcum, OpenSSF's Technical Project Manager, and Arun Gupta, Vice President at Intel and the Governing Board Chair for OpenSSF, delve into the pioneering strategies for enhancing open source security, incident response, and the Essence of collaborative efforts bridging the gap between the private sector and public initiatives.

Christopher Robinson, chairperson of the Technical Advisory Council, provides insight into the ubiquitous integration of open source in technology, from consumer electronics to critical infrastructure, underlining the universal stake in securing this landscape. The episode also spotlights the pressing need for community involvement in securing open source ecosystems, highlighting OpenSSF's initiatives in education, repository security, and the creation of standards for safer open source software deployment.

The episode also touches on the collaborative efforts between private and public sectors to address security challenges in open source projects. Further discussions illuminate the initiative by OpenSSF to improve incident response and education within the open source community. There's even a shout-out to Allan Friedman and Bob Lord from the Cybersecurity and Infrastructure Security Agency (CISA).

The call to action for listeners encapsulates the essence of contributing to a broader community effort, underscoring the pivotal role each individual plays in advancing the security and integrity of open source software worldwide. The group encourages listeners to join the OpenSSF's mission by contributing to their diverse projects and working groups, reinforcing the idea that securing open source software is not just critical but achievable through collective effort.

Key Questions Addressed

What is OpenSSF and its mission?
How does OpenSSF address software supply chain security?
What role does community engagement play in securing open source software?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

OpenSSF Home Page: https://openssf.org

OpenSSF - Get Involved: https://openssf.org/getinvolved/

OpenSSF Events: https://openssf.org/events

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

From Secure Foundations to Resilient Futures: The UK's Digital Security by Design Initiative | An Infosecurity Europe 2024 Conversation with Professor John Goodacre | On Location Coverage with Sean Martin and Marco Ciappelli

23 maj 2024 | 31 min

Guest: Professor John Goodacre, Director Digital Security by Design, University of Manchester, UKRI [@UKRI_News]

On LinkedIn | https://www.linkedin.com/in/john-goodacre-722b59/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the "On Location with Sean and Marco" podcast, host Sean Martin flies solo to engage in a riveting conversation with Professor John Goodacre, Director of a UK government program and a renowned figure in the tech industry. Professor Goodacre sheds light on his diverse career journey, spanning from telecoms to supercomputers, with a key focus on cyber resilience and system integrity.

Emphasizing the need for a holistic approach beyond patching vulnerabilities, Professor Goodacre discusses the inception of the digital security by design program in 2019. He delves into the program's aim to revolutionize technology foundations, collaborating with industry giants like Microsoft and Google to enhance digital infrastructures globally.

The conversation explores the significance of memory safety in software, highlighting the ongoing battle against cyber threats and the necessity for robust security measures at the hardware and software levels. Professor Goodacre's insights underscore the imperative shift towards secure by design and default practices to combat evolving cybersecurity challenges effectively.

Furthermore, the episode touches upon the collaboration between academia, businesses, and governments to implement secure frameworks and educate stakeholders on the importance of cybersecurity. Professor Goodacre advocates for a proactive approach, stressing the economic benefits and risk mitigation associated with investing in secure technologies and practices.

Listeners are left with a deepened understanding of the crucial role memory safety, compartmentalization, and secure design play in fortifying digital ecosystems against cyber threats. Professor Goodacre's illuminating discussion paves the way for a paradigm shift in cybersecurity strategies, fostering resilience and integrity in the digital landscape.

Top Questions Addressed

How does the digital security by design program aim to enhance technology foundations?
Why is memory safety in software crucial for combating cyber threats effectively?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Smashing the Stack; All Good Things | Exploring Software Lifecycles from Secure By Design to End of Life | An RSA Conference 2024 Conversation with Allan Friedman and Bob Lord | On Location Coverage with Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/smashing-the-stack-all-good-things-exploring-software-lifecycles-from-secure-by-design-to-end-of-life-an-rsa-conference-2024-conversation-with-allan-friedman-and-bob-lord-on-location-coverage-with-sean-martin-and-marco-ciappelli

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Progress for the DSbD Initiative and CHERI Capability Hardware: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219352.progress-for-the-dsbd-initiative-and-cheri-capability-hardware.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unveiling Innovation at SquareX Booth during RSA Conference 2024: A Deep Dive Into SquareX's Vision | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A SquareX Story with Dakshitaa Babu and Shourya Pratap Singh

22 maj 2024 | 6 min

Innovation Unveiled: SquareX's Vision at RSA Conference 2024

During RSA Conference 2024, SquareX emerged as a source of fresh innovation, revolutionizing the cybersecurity landscape with their cutting-edge solutions. Hosted by Sean Martin, this episode of "On Location" takes you on a journey through the insights and revelations brought to light by key figures at SquareX.

Introducing SquareX: Meet the Visionaries

The episode turn on the microphones at the Square X booth, where Sean Martin introduces the audience to Dakshitaa Babu and Shourya Pratap Singh, pivotal figures driving innovation at SquareX. Dakshitaa, the product evangelist, and Shourya, the principal software engineer, shed light on their roles and the impact of SquareX's work on the industry.

The Passion Behind the Innovation

Dakshitaa shares her perspective on the privilege of contributing to a company that drives meaningful change in the industry, emphasizing SquareX's commitment to innovation. Shourya echoes this sentiment, highlighting the satisfaction of solving complex problems and witnessing their solutions making a tangible impact on customers.

Pushing the Boundaries: A Glimpse Into SquareX's Technology

Sean Martin delves into the intricacies of SquareX's technology, discussing AI-generated images and reverse engineering techniques employed to uncover hidden threats within images. Shourya elaborates on the challenges posed by malicious files and the innovative approaches adopted by SquareX to enhance cybersecurity.

Addressing Customer Concerns: SquareX's Value Proposition

Sean Martin probes Dakshitaa and Shourya on the key concerns voiced by prospects and customers at the conference. They shed light on how SquareX addresses the gap in endpoint security solutions, providing customers with insightful data and a comprehensive understanding of cyber threats.

Empowering Organizations: The SquareX Difference

The episode concludes with Sean Martin underscoring the significance of visibility at the web browser level and commending SquareX for empowering organizations to proactively tackle cybersecurity challenges. Dakshitaa extends her gratitude to visitors at the booth, emphasizing the value of SquareX's solutions for a secure digital environment.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guests:

Dakshitaa Babu, Security Researcher, SquareX

On LinkedIn | https://www.linkedin.com/in/dakshitaababu/

Shourya Pratap Singh, Principal Software Engineer, SquareX

On LinkedIn | https://www.linkedin.com/in/shouryaps/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Integrating Human Factors Engineering in Cybersecurity | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Calvin Nobles | Redefining CyberSecurity Podcast with Sean Martin

21 maj 2024 | 44 min

Guests:

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]

On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

Dr. Calvin Nobles, Ph.D., Portfolio Vice President / Dean, School of Cybersecurity and Information Technology, University of Maryland Global Campus [@umdglobalcampus]

On LinkedIn | https://www.linkedin.com/in/calvinnobles/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In a recent episode of Human-Centered Cybersecurity Series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Julie Haney dive into the intriguing world of human-centered cybersecurity with their guest, Dr. Calvin Nobles, Dean of the School of Cyber Security and Information Technology at the University of Maryland Global Campus. The episode provided a wealth of knowledge, not only about the significance of human factors in cybersecurity but also about how organizations can better integrate these considerations into their cybersecurity strategies.

The conversation illuminated the critical role of human factors, a field born out of experimental psychology and foundational to related subfields such as human-computer interaction and usability. Dr. Nobles' insights shed light on the need for cybersecurity systems to be designed with human limitations and strengths in mind, thus optimizing user performance and reducing the risk of errors. It's a call to move from technology-centered designs to ones that place humans at their core. A significant point of discussion revolved around the common misunderstandies surrounding human factors in cybersecurity. Dr. Nobles clarified the definition of human factors, pointing out its systematic approach towards optimizing human performance. By fitting the system to the user, rather than forcing the user to adapt, cybersecurity can become more intuitive and less prone to human error.

The episode also touched on the concerning gap in current cybersecurity education and practice. Dr. Nobles and Haney highlighted the sparse incorporation of human factors into cybersecurity curricula across universities, stressing the urgency for integrated education that aligns with real-world needs. This gap points to a broader issue within organizations—the lack of focused human factors programs to address the human element comprehensively.

Practical advice was shared for organizations aspiring to incorporate human factors into their cybersecurity efforts. Identifying 'human friction areas' at work, such as fatigue, resource shortages, and a lack of prioritization, can guide initiatives to mitigate these challenges. Moreover, the suggestion to provide cybersecurity professionals with education in human factors underlines the need for a well-rounded skillset that goes beyond technical expertise.

This episode serves as a beacon for the cybersecurity community, emphasizing the necessity of integrating human factors into cybersecurity education, practice, and policies. By doing so, the field can advance towards a more effective, human-centered approach that enhances both security and user experience.

Top Questions Addressed

What is the definition of human factors in cybersecurity?
How can organizations integrate human factors into their cybersecurity strategies?
What role does education play in bridging the gap between current cybersecurity practices and the need for a human-centered approach?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Are Traditional Roles Still Relevant In Today’s Modern Security Organization? | A Conversation with Lee Vorthman | Redefining CyberSecurity with Sean Martin

18 maj 2024 | 38 min

Guest: Lee Vorthman, VP, Chief Security Officer, Oracle [@Oracle]

On LinkedIn | https://www.linkedin.com/in/leevorthman/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

This pivotal episode from the Redefining CyberSecurity Podcast hosted by Sean Martin explores the ongoing relevance of traditional IT roles within the modern security architecture of organizations. This discussion features insights from Lee Vorthman, the Chief Security Officer for Oracle's advertising group and centers on the profound shifts within IT roles driven by cloud adoption, technological advancements, and a deeper integration of security practices into the business process.

As businesses increasingly migrate their operations to the cloud, the episode explores the evolving skill sets demanded of IT professionals. Vorthman and Martin discuss the journey from traditional data centers to cloud environments and beyond, considering the transformation required in workforce competencies. Highlighting the blend of technical and business acumen needed in today's security roles, the conversation pivots around how the business strategy shapes security priorities and the professional growth of IT personnel.

The discussion emphasizes the paramount importance of considering the human element in cybersecurity. Vorthman, drawing upon his extensive career spanning military service, web development, and cybersecurity leadership, advocates for a holistic view that combines technical prowess with a deep understanding of business needs and risk management. He underscores the significance of continuous learning and adaptability for professionals navigating the cybersecurity field. A salient point raised during the episode concerns how traditional IT roles adapt and evolve in the face of cloud technology and digital transformation.

Martin and Vorthman muse on the future of roles such as network security professionals in an era where infrastructure becomes increasingly abstracted and code-centric. The conversation also broaches critical issues around the cost of security deficiencies in cloud migrations and the need for robust security processes. Vorthman stresses the opportunity for security to be interwoven into the fabric of business change, rather than being an afterthought or impediment.

The dialogue ultimately transitions into advice for emerging professionals and maturing organizations looking to harness the full potential of their cybersecurity workforce. Emphasizing the importance of a diversified skill set that marries technical knowledge with business understanding, the episode serves as a beacon for those charting their path in the cybersecurity landscape.

Key Questions Addressed

Are traditional IT roles still relevant in today's modern security org?
How can IT professionals adapt their skills for the cloud and digital transformation era?
What is the role of continuous learning in cybersecurity career development?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Seeds, Sensors, and Security: Harvesting Safety Across the New Terrain of Tech-Enabled Agriculture | A Conversation with Phillip Miller | Redefining CyberSecurity with Sean Martin

16 maj 2024 | 39 min

Guest: Phillip Miller, Vice President, Chief Information Security Officer, Qurple

On LinkedIn | https://linkedin.com/in/pemiller

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin dove into an enlightening conversation with Phillip Miller, a figure well-versed in the nexus between cybersecurity, technology, and agriculture. This dialogue shed light on the less-acknowledged side of farming—a sector increasingly reliant on technological advancements and, consequently, the need for robust cybersecurity measures.

Agriculture, often perceived as a traditional field far removed from the high-tech buzz of the modern world, is undergoing a quiet revolution. With innovations ranging from drone technology to sophisticated IoT systems for monitoring crop health, the farm of the future is here.

Phillip, with his diverse background ranging from app development to infrastructure and cybersecurity, brings a unique perspective to the table. His dual role as a farmer and technologist allows him to see firsthand the impact of technology on agriculture and the critical importance of cybersecurity in safeguarding this vital industry. The conversation explored how the adoption of technology in farming goes beyond mere mechanization.

Today, tractors are internet-connected, and irrigation systems can be managed remotely, allowing for a level of precision farming previously unattainable. However, this technological leap comes with its risks. The cybersecurity vulnerabilities inherent in many modern systems pose a significant threat to the reliability and safety of food production. Phillip's insights into how these technological tools have transformed the farming landscape are fascinating.

From increased efficiency and reduced labor requirements to the enhanced ability to predict and respond to environmental conditions, technology offers numerous benefits. Yet, as Phillip pointed out, the reliance on tech also introduces complexity, particularly when it comes to securing farm data against cyber threats. His experiences reflect a broader trend where industries traditionally viewed as non-technical are now at the forefront of adopting cutting-edge technologies.

The discussion between Sean Martin and Phillip Miller underscores a crucial message: cybersecurity is not just a concern for typical tech sectors but is equally vital in areas like agriculture that are becoming increasingly digital. As we move towards more technologically driven farming practices, the need for cyber resilience in agriculture cannot be overstated. This episode serves as a reminder of the interconnectedness of technology, security, and the basic human need for food, highlighting the evolving role of cybersecurity in every aspect of our lives.

Key Questions Addressed

How do we deliver better outcomes for our businesses?
How do those experiences impact how you view Technology and cyber security on the farm?
What can the CISO not on a farm learn from the farming CISO?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Hacking Success: how owners and officers should cultivate policy for cybersecurity and use of artificial intelligence (book): https://www.barnesandnoble.com/w/hacking-success-phillip-miller/1145240507?ean=9798990386402

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

AI-Fitness and AI-Wellness and Deploying an Effective DevSecOps Team – What’s the Recipe for Success? | An Infosecurity Europe 2024 Conversation with Kevin Fielder | On Location Coverage with Sean Martin and Marco Ciappelli

16 maj 2024 | 30 min

Guest: Kevin Fielder, CISO, NatWest Boxed & Mettle

On LinkedIn | https://www.linkedin.com/in/kevinfielder/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli engage in an insightful discussion on the intersection of artificial intelligence (AI) and software development, specifically in the realm of information security. The conversation features Kevin Fielder, CSO for NatWest Boxed and Metal, sharing his expert insights and experiences. The trio dives into the potential risks and rewards of integrating AI with software development, touching upon the inherent challenges and opportunities this fusion presents for the future of technology and security.

The episode opens with a dynamic exchange on what it means to combine AI and software development, sparking a debate on the potential of AI to improve or complicate software development processes. Marco Ciappelli humorously inquires about the concept of a 'black box' in AI, prompting a profound exploration of the reliability and transparency of AI systems.

Kevin Fielder provides a comprehensive overview of his current role and the innovative projects under his stewardship at NatWest boxed and metal. He eloquently describes the endeavors to leverage cloud-based banking and AI to deliver enhanced banking services to small businesses and non-banking businesses alike. Fielder's insights into 'banking as a service' and the ethical considerations surrounding AI deployment in the financial sector stand out as key discussion points.

A significant portion of the conversation centers around the ethical dilemmas and technical challenges posed by AI, including data integrity, the potential for AI-powered systems to exhibit biases, and the importance of designing AI with security in mind from the outset. Fielder articulates concerns about the rapid advancement of AI technologies outpacing the development of ethical guidelines and security measures, highlighting the critical need for a balanced approach to innovation.

The hosts and Fielder ponder the future of AI, reflecting on scenarios ranging from utopian visions where AI alleviates human toil to dystopian outcomes where AI autonomy leads to unforeseen consequences. This speculative dialogue sheds light on the philosophical and practical implications of AI's role in society and the importance of responsible AI development and deployment.

As the discussion winds down, the episode shifts focus to Fielder's upcoming presentations at the Infosecurity Europe conference in London. He shares his anticipation for engaging with the conference attendees and emphasizes the value of open dialogues about AI, security, and the future of technology. This episode not only provides a platform for thought-provoking discussion on AI and information security but also underscores the importance of community engagement and knowledge sharing in navigating the complexities of modern technology landscapes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Deploying an Effective DevSecOps Team – What’s the Recipe for Success?: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219354.deploying-an-effective-devsecops-team-%E2%80%93-what%E2%80%99s-the-recipe-for-success.html

AI-Fitness and AI-Wellness: NatWest Boxed and Mettle CISO's Thoughts on Safe AI Use: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219536.ai_fitness-and-ai_wellness-natwest-boxed-and-mettle-cisos-thoughts-on-safe-ai-use.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Celebrating 15 Years of Leadership in Cloud Security: Preview of CSA AI Summit at RSA 2024 with Jim Reavis and Illena Armstrong | An RSA Conference 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

16 maj 2024 | 24 min

Guests:

Jim Reavis, CEO at Cloud Security Alliance [@cloudsa]

On LinkedIn | https://www.linkedin.com/in/jimreavis/

Illena Armstrong, President at at Cloud Security Alliance [@cloudsa]

On LinkedIn | https://www.linkedin.com/in/illenaarmstrong/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Join Sean Martin as he hosts an in-depth discussion with Illena Armstrong, President of Cloud Security Alliance, and Jim Reavis, CEO and Founder. Illena shares her excitement for celebrating the 15th anniversary of the organization while highlighting the industry's shift towards cloud adoption and AI technology. She emphasizes the importance of maintaining security controls, especially in the context of regulatory compliance and cloud provider obligations. The conversation also touches on the rising trend of zero trust security frameworks and the global perspective on AI integration in cybersecurity practices.

Jim Reavis adds valuable insights into the intersection of AI and cloud security, highlighting the need for a holistic approach that combines human intelligence with AI capabilities. He emphasizes the role of security as a catalyst for innovation and business transformation, citing examples of innovative approaches taken by European banks. The discussion also covers thesignificance of shared responsibility in cybersecurity and the collaborative efforts required to address evolving threats.

The CSA AI Summit promises an engaging lineup of speakers, including industry leaders from Google, Microsoft, and Zscaler, who will shed light on key topics such as incident response, secure development, and business transformation. The full-day event, which kicks off the week at RSA Conference, aims to bring together a diverse audience, ranging from C-suite executives to developers and compliance professionals, fostering meaningful discussions and knowledge sharing. Attendees can expect thought-provoking sessions that explore the intersection of AI and cybersecurity, providing valuable insights for enhancing security practices in the digital age.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

CSA AI Summit at RSAC: https://www.rsaconference.com/library/presentation/usa/2024/csa%20ai%20summit%20at%20rsac

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Empowering Women in Cyber Security and The Spiritual Aspect Of Cybersecurity | An RSA Conference 2024 Conversation with Jessica A. Robinson and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

13 maj 2024 | 21 min

Guest: Jessica A. Robinson, Chair Emeritus, World Pulse [@WorldPulse]

On LinkedIn | https://www.linkedin.com/in/jessica-a-robinson-she-her-22740311/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

The Vision and Inception of PurePoint International

Jessica A. Robinson shared the inspiring story of how PurePoint International came to be - born out of a dream during a pilgrimage in India and Nepal. Her vision encompassed not only traditional cyber security but also holistic security, integrating psychological, emotional, and spiritual well-being into the security framework.

The Feminine Approach to Security

Central to PurePoint International's ethos is the feminine approach to security, focusing on collaboration, empathy, and inclusivity. Jessica emphasized the importance of balancing masculine and feminine values in the security space, acknowledging the unique perspectives and solutions that women bring to the table.

Spirituality and Ritual in Cyber Security

The conversation also focuses into the role of spirituality and ritual in cybersecurity. Jessica highlighted the significance of viewing work as a spiritual practice, incorporating rituals like meditation, intention setting, and energy release to maintain balance and well-being in high-stress environments.

Overcoming Burnout and Leading with Purpose

Burnout has become a prevalent issue in the cybersecurity industry, with professionals facing increasing pressure and expectations. Jessica emphasized the importance of self-care and leading with purpose, urging CISOs to prioritize their well-being to effectively lead their teams and organizations.

The Evolution of the CISO Role

The discussion also touched upon the evolving role of Chief Information Security Officers (CISOs) and the challenges they face in balancing technical expertise with strategic leadership. Jessica emphasized the need for broader organizational support and a shift in mindset to recognize the CISO as a critical business leader.

Looking Ahead: Empowering Women in Cyber Security

As more women enter the cybersecurity industry, there is a growing opportunity to bring diverse perspectives and solutions to the forefront. Jessica highlighted the importance of women stepping into leadership roles and driving change in the industry, emphasizing the need for support and recognition at all levels of the organization.

Jessica A. Robinson's insights shed light on the transformative power of a feminine approach to cybersecurity, the role of spirituality in well-being, and the challenges and opportunities facing CISOs in today's security landscape. As the industry continues to evolve, empowering women in cybersecurity is not just a necessity but a strategic advantage in creating a safer and more inclusive digital world.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Exploring the Future of Software Supply Chain Security | An RSA Conference 2024 Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

12 maj 2024 | 22 min

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

On Twitter | https://twitter.com/Cassie_Crossley

On Mastodon | https://mastodon.social/@Cassie_Crossley

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This discussion shed light on various aspects of cybersecurity, technology, and the evolving role of IT professionals in addressing the challenges of the digital age.

The conversation kicked off with Sean Martin providing a warm welcome to the audience as he introduced the topic of software supply chain security. Cassie Crossley shared insights from her extensive experience in cybersecurity at Schneider Electric, emphasizing the critical importance of safeguarding product security and supply chain integrity.

Embracing Innovation and Resilience in Cybersecurity

The discussion dive into the concept of resilience in cybersecurity and the need for proactive risk management strategies. Both speakers emphasized the importance of leveraging AI-driven decision-making processes to enhance efficiency and reduce false positives in security operations. They also highlighted the role of machine learning and behavior analytics in strengthening cybersecurity posture.

Bridging the Gap between IT and Business Objectives

Crossley and Martin discussed the evolving role of IT professionals in bridging the gap between technical cybersecurity measures and broader business objectives. They stressed the significance of aligning cybersecurity initiatives with the overall strategic goals of the organization and fostering communication between C-suite executives and security professionals.

Navigating the Complexities of Hardware Development and Cybersecurity

The conversation also touched upon the complexities of hardware development and the unique challenges faced in securing chipboards and other hardware components. Crossley highlighted the nuances of cybersecurity in defending against a myriad of potential threats and underscored the need for robust verification processes in hardware security.

Empowering Businesses with GRC Controls and Cybersecurity Best Practices

As the discussion progressed, Crossley shared practical insights from her book on software supply chain security, emphasizing the essential GRC controls and cybersecurity best practices that organizations can implement to enhance their security posture. She highlighted the need for startups and companies to prioritize cybersecurity measures despite budget constraints.

Concluding Thoughts and Looking Towards the Future

In wrapping up the conversation, both speakers expressed optimism about the future of software supply chain security and the potential for innovation in AI-driven cybersecurity technologies. They encouraged businesses to prioritize cybersecurity education, resilience planning, and proactive risk management to stay ahead of emerging threats.

The engaging discussion between Cassie Crossley and Sean Martin at RSA Conference 2024 provided valuable insights into the evolving landscape of software supply chain security and the key challenges facing cybersecurity professionals. As organizations navigate the complexities of the digital age, proactive cybersecurity measures and a strategic alignment with business objectives are essential for safeguarding critical assets and maintaining a strong security posture.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

AI BOMs, and other insights into the future of Cybersecurity and AI | An RSA Conference 2024 Conversation with Helen Oakley and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

12 maj 2024 | 15 min

Guest: Helen Oakley, Director of Secure Software Supply Chain and Secure Development, SAP

On LinkedIn | https://www.linkedin.com/in/helen-oakley/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

This year many conversation at RSA conference rotate around artificial intelligence. Yes, AI is becoming more prevalent and essential, even in cybersecurity. At ITSP Magazine's RSA 2024 coverage, Helen Oakley and Christina Stokes shed light on the critical role of AI BOMs in safeguarding our digital ecosystems.

The Introduction of Helen Oakley with SAP

Christina Stokes sits down with Helen Oakley, director of software supply chain security and secure development at SAP, to learn about her journey from software development to cybersecurity. Helen discusses the importance of securing software supply chains in a global context where attacks can have far-reaching implications.

Unpacking the Significance of Supply Chain Security

Helen elaborates on the evolving landscape of cybersecurity, emphasizing the increasing focus on supply chain security as a prime target for attackers. She highlights the vulnerabilities present in open source components and the imperative to instill transparency and automation in securing software development processes.

The Intersection of AI and Security

As the conversation steers towards AI being used as a weapon in supply chain attacks, Christina and Helen explore the concept of weaponizing tools and the proactive measures needed to mitigate AI-related security risks. They underscore the need for vigilance in understanding AI systems and guarding against malicious manipulation.

The Role of AI BOMs in Cybersecurity

Helen connects the dots between the workshop's focus on AI BOMs and the imperative for comprehensive transparency in AI systems. She elucidates how AI Bill of Materials (BOM) acts as a framework for understanding AI models, their development processes, and potential risks, allowing for effective risk assessment and response strategies.

The Evolution of AI and Its Industry Impact

Christina reflects on the rapid evolution of AI in shaping industries and the need for professionals to adapt to AI technologies. She envisions AI as a collaborative ally in enhancing security measures, emphasizing the pivotal role of humans in monitoring and optimizing AI systems for accuracy and reliability.

Exploring Hypothetical Scenarios of AI Apocalypse

In a thought-provoking discussion, Helen and Christina speculate on hypothetical scenarios where AI could potentially pose existential threats. They stress the importance of training AI models with precision to align with human values and prevent catastrophic consequences.

Resources and Community Engagement in AI Security

Helen encourages following her on LinkedIn for educational content and highlights the upcoming AIBOM forum by CISA government, inviting industry experts and enthusiasts to contribute to the dialogue.

As we navigate the complexities of cybersecurity and artificial intelligence, the insights shared by Helen Oakley and Christina Stokes illuminate the path towards a more secure and transparent digital future. From supply chain intricacies to the transformative potential of AI, the discourse echoes the need for collaboration and innovation in safeguarding our digital ecosystems.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Bye Bye RSA Conference 2024: ITSPmagazine’s Goodbye to RSA Conference 2024 and Learn What Comes Next | An RSA Conference 2024 Conversation with Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

12 maj 2024 | 10 min

Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The recent RSA Conference 2024 held in San Francisco was not just an event; it was an immersive experience filled with insightful conversations, meaningful connections, and a deep dive into the ever-evolving landscape of cybersecurity. As the team from ITSPmagazine, including Marco Ciappelli, Christina Stokes, and Sean Martin, embarked on this enriching journey, they brought back a wealth of knowledge and stories to share.

Networking Highlights

The RSA Conference provided a platform for the ITSPmagazine team to engage with industry experts and thought leaders. Conversations ranged from AI ethics to cyber peace initiatives, highlighting the diverse perspectives shaping the cybersecurity domain. Key discussions with Justin Hutchins, Helen Oakley, and Adrian Ogee delved into crucial topics like the weaponization of AI and the importance of cybersecurity in non-profit organizations.

Broadcast Alley

One of the focal points of the conference was the vibrant atmosphere of Broadcast Alley, where innovative organizations showcased their groundbreaking work. ITSPmagazine's conversations with Level Blue, former AT&T Cyber Security, Coro, and SquareX shed light on the latest advancements in the field and emphasized the collaborative efforts driving cybersecurity solutions, amongst many other companies that shared their news with ITSPmagazine’s global audience.

Embracing Humanity in Technology

At the core of ITSPmagazine's mission lies a commitment to humanizing technology and fostering meaningful dialogues. The team's interactions with Larry Whiteside, Geoff White, and Steve Lucinski and many others in the industry underscored the significance of infusing humanity into the world of cybersecurity. These heartfelt exchanges transcended mere technicalities, moving into the ethical dimensions of technology and its impact on society.

Looking Ahead

As the RSA Conference drew to a close, the ITSPmagazine team reflected on the eventful week and expressed gratitude for the engaging discussions and camaraderie shared. With upcoming events like Infosecurity Europe and Black Hat USA on the horizon, there is a sense of anticipation for continued collaborations and insightful dialogues in the cybersecurity community.

The RSA Conference 2024 served as a catalyst for invigorating conversations, innovative ideas, and lasting connections within the cybersecurity sphere. ITSPmagazine's presence not only captured the essence of the event but also epitomized the spirit of meaningful engagement and thought leadership.

As we bid farewell to San Francisco and RSA Conference 2024, we eagerly await the next chapter of exploration, discovery, and humanity.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unveiling the Future of Cybersecurity: A Deep Dive into the LevelBlue Futures Report | A Brand Story Conversation From RSA Conference 2024 | A LevelBlue Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco Ciappelli

10 maj 2024 | 20 min

In a constantly changing cybersecurity landscape, staying ahead of the curve is not just a competitive advantage; it's a necessity. Recently, we had the privilege of diving into the insights of the LevelBlue Futures Report, a comprehensive annual thought leadership report that offers a glimpse into the future of cybersecurity and resilience. Join us as we unravel the key takeaways and implications of this groundbreaking report.

Exploring the Landscape

The LevelBlue Futures Report covers the core challenges and opportunities faced by organizations when it comes to cybersecurity and resilience. In a candid conversation between Theresa Lanowitz, Chief Evangelist of ATT Cybersecurity and Agent of LevelBlue, and Sean Martin, the stage is set for an enlightening discussion on the pressing issues at hand.

Key Insights and Findings: A Closer Look

As the conversation unfolds, we are introduced to critical findings from the report. From the changing role of the economic buyer to the imperative of aligning cybersecurity with business objectives, each insight sheds light on the evolving dynamics of the cybersecurity landscape.

Challenges and Barriers: Addressing the Reality

One of the stark revelations from the report is the prevailing challenges and barriers that hinder organizations from achieving cyber resilience. From the lack of a formalized incident response plan to the reactive nature of cybersecurity practices, the report highlights the urgent need for proactive and intentional cybersecurity measures.

Looking Toward the Future: A Call to Action

Despite the hurdles and complexities inherent in cybersecurity, the LevelBlue Futures Report serves as a guidance for organizations seeking to bolster their cybersecurity posture. By leveraging the insights and recommendations laid out in the report, organizations can embark on a journey towards enhanced cyber resilience and strategic alignment with business goals.

Empowering Change: The Role of Strategic Planning and Collaboration

A key theme that emerges from the report is the pivotal role of strategic planning and collaboration in driving cybersecurity innovation and resilience. By engaging third-party advisors, fostering cross-functional communication, and realigning cybersecurity investments with business objectives, organizations can pave the way for transformative change in their cybersecurity practices.

With the LevelBlue Futures Report one thing becomes abundantly clear: the future of cybersecurity lies in proactive, business-aligned strategies that prioritize resilience and innovation. By heeding the insights and recommendations put forth in the report, organizations can chart a course towards a more secure and resilient future.

In an era where cybersecurity threats loom large and innovations abound, armed with knowledge, foresight, and a commitment to change, organizations can forge a path towards a brighter, more secure tomorrow.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

LevelBlue Futures Report: https://itspm.ag/att-cy8awv

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Digital Dawn: Cyber Security Policy in the Wake of Political Change | A Brand Story Conversation From RSA Conference 2024 | A NCC Group Story with Siân John | On Location Coverage with Sean Martin and Marco Ciappelli

10 maj 2024 | 22 min

This Brand Story Podcast comes to you from the RSA Conference Broadcast Alley and features an insightful discussion between Sean Martin, the host, and Siân John, the Chief Technology Officer at NCC Group. The conversation dives deep into the complex world of cybersecurity, shedding light on critical issues and trends impacting organizations globally. Siân John, in her role as the Chief Technology Officer at NCC Group, brings a wealth of experience and knowledge to the table. She discusses the challenges faced by organizations in the rapidly evolving cybersecurity landscape.

From insights to innovation, threat intelligence to research, her role encompasses a wide range of responsibilities aimed at enhancing cybersecurity capabilities. One of the key highlights of the episode is the discussion around the shift in regulatory dynamics driven by citizen advocacy. Siân John emphasizes how the push for regulations, especially in areas like online safety and data privacy, is now coming from the citizens themselves. This shift signifies a growing awareness and concern among the general public regarding cybersecurity issues.

The conversation also touches upon the importance of bridging the gap between business and cybersecurity. Sean Martin and Siân John discuss how organizations need to align their security strategies with business objectives to effectively manage cyber risks. By emphasizing the need for a business-driven approach to cybersecurity, they underscore the significance of integrating security into the fabric of the organization. Furthermore, the episode explores emerging technology trends that are reshaping the cybersecurity landscape. Siân John highlights the importance of consolidation, simplification, and automation in security operations.

The discussion underscores the need for organizations to adapt to new technologies while ensuring a streamlined and resilient cybersecurity posture. As the conversation unfolds, Sean Martin and Siân John stress the importance of strategic planning and gradual implementation in cybersecurity initiatives. They caution against hasty decisions driven by urgency, advocating for a methodical approach to security transformation. By drawing parallels with failed IT projects, they emphasize the need for careful planning and execution in cybersecurity endeavors.

Ultimately, the episode offers valuable insights into the evolving cybersecurity landscape and the role of key stakeholders in driving security transformation. Sean Martin and Siân John bring a wealth of knowledge and expertise to the table, offering practical advice and strategic guidance for organizations navigating the complex cybersecurity terrain.

To learn more about the latest cybersecurity trends and best practices, connect with Sean John and the team at NCC Group and explore the cutting-edge solutions they offer to enhance cybersecurity resilience and protect against evolving threats.

Learn more about NCC Group: https://itspm.ag/ncc-gr1ajh

Note: This story contains promotional content. Learn more.

Guest: Siân John, Chief Technology Officer, NCC Group

On LinkedIn | https://www.linkedin.com/in/sian-john/

Resources

Learn more and catch more stories from NCC Group: https://www.itspmagazine.com/directory/ncc-group

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Revolutionizing Cybersecurity for Small Businesses and Mid-Market Companies | A Brand Story Conversation From RSA Conference 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

10 maj 2024 | 19 min

In the fast-paced world of cybersecurity, staying ahead of threats and protecting sensitive data is a top priority for organizations of all sizes. However, small businesses and mid-market companies often face unique challenges when it comes to implementing comprehensive cybersecurity solutions due to limited resources and expertise. That's where Coro comes in, revolutionizing cybersecurity for smaller enterprises with its innovative approach.

Unveiling Coro: A Purpose-Built Platform

The conversation between Sean Martin, host of the Redefining Cybersecurity Podcast on ITSPmagazine, and Dror Liwer, sheds light on the groundbreaking solutions offered by Coro. Positioned as the first purpose-built platform for the mid-market and small businesses, Coro addresses the cybersecurity needs of organizations that are often overlooked by traditional enterprise-focused solutions.

Understanding the Threat Landscape

Dror Liwer highlights the evolving threat landscape faced by small businesses and mid-market companies. Attackers are increasingly targeting these organizations due to their vulnerabilities and limited protection measures. With Coro, businesses can gain comprehensive control and protection at an affordable cost, tailored to their specific needs.

Simplifying Cybersecurity Management

One of the key benefits of Coro is its simplicity and ease of use. Unlike traditional cybersecurity solutions that require extensive configuration and management, Coro streamlines the deployment process, allowing businesses to be up and running within an hour for all 14 modules. By consolidating protection measures into one platform, Coro eliminates the need for multiple endpoint agents and ensures seamless integration across different modules.

Peace of Mind and Assurance

Coro's approach to cybersecurity is not just about protection; it's about providing peace of mind to business owners and executives. Automatic updates, simplified dashboards, and detailed reports give stakeholders the confidence to know that their systems are secure and compliant. Additionally, Coro's emphasis on transparency and accountability positions businesses to easily obtain cyber insurance by demonstrating their commitment to cybersecurity best practices.

Affordable and Comprehensive Solutions

Coro offers five suites tailored to different business needs, including endpoint protection, email protection, network and access, essential suite, and core complete. With competitive pricing starting at $6 per user per month, businesses can access a wide range of cybersecurity features without breaking the bank. The core complete suite, priced at $15 per user per month, provides a comprehensive package of security measures that cover all bases.

The Future of Cybersecurity is Here

As the cybersecurity landscape continues to evolve, solutions like Coro are paving the way for smaller businesses to achieve robust protection without the complexities and high costs associated with traditional enterprise solutions. By empowering organizations to focus on their core operations and leaving the cybersecurity heavy lifting to Coro, businesses can embrace a future where cybersecurity is no longer a headache but a seamless part of their operations.

Coro's innovative approach to cybersecurity is setting a new standard for small businesses and mid-market companies. By providing affordable, comprehensive, and user-friendly solutions, Coro is ensuring that cybersecurity is no longer a luxury but a necessity for all organizations. Embrace the future of cybersecurity with Coro and protect your business from ever-evolving threats.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Protecting the Vulnerable in Cyberspace: Unveiling The CyberPeace Institute's Mission | An RSA Conference 2024 Conversation with Adrien Ogee and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

9 maj 2024 | 20 min

Guest: Adrien Ogee, Chief Operations Officer, CyberPeace Institute [@CyberpeaceInst]

On LinkedIn | https://www.linkedin.com/in/adrien-ogee/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

A Glimpse into CyberPeace Institute

Christina welcomed Adrien, praising CyberPeace as an incredible organization with a vital mission. Adrien, an experienced cyber security professional, shared insights into his journey from working for governments to serving at the CyberPeace Institute. He emphasized the institute's focus on protecting the most vulnerable individuals globally and collaborating with governments to enhance cyber stability.

Advocacy and Protective Measures

Adrien elaborated on CyberPeace's advocacy efforts at international forums like the United Nations, highlighting the evidence-based approach to raise awareness among policymakers. With a network of 300 nonprofits, CyberPeace engages volunteers to assist vulnerable organizations in enhancing their cybersecurity posture. The institute's initiatives range from phishing simulations to incident response planning, aiming to protect those at risk in cyberspace.

Addressing Nonprofit Challenges

In response to Christina's inquiry about challenges faced by nonprofits, Adrien outlined three main threats—data breaches, financial attacks, and operational disruptions. He underscored the escalating ransomware trend and the dire consequences faced by organizations lacking robust defense mechanisms. CyberPeace's role in assisting nonprofits with cybersecurity measures underscores the institute's commitment to mitigating cyber risks for vulnerable communities.

Global Impact and Future Endeavors

The conversation moved into the global landscape of cybercrime, emphasizing the universal nature of threats while acknowledging regional nuances. Adrien highlighted the rise of ransomware as a pervasive concern and imparted insights on CyberPeace's collaborations with international partners to extend support to a broader array of nonprofits worldwide. The institute's focus on granular impact assessment aims to drive meaningful change at governmental and societal levels.

Call to Action: Join the CyberPeace Movement

As the discussion concluded, Christina underscored the critical need for collective action in combating cyber threats. Adrien stressed the importance of engaging with CyberPeace and the broader cybersecurity community to contribute skills, resources, and time towards protecting vulnerable populations. The call to action resonated with the essence of CyberPeace's mission—unity in defending against digital harm and promoting a safer online environment for all.

This conversation between Christina and Adrien at RSA 2024 highlight the role of organizations like CyberPeace Institute in fortifying cyber resilience and ensuring the safety of marginalized communities in the digital sphere.

In a world where cyber threats loom large, CyberPeace Institute's unwavering commitment to safeguarding the most vulnerable individuals underscores the transformative power of collective action in fostering a secure and inclusive digital ecosystem. Join the movement, stand united with CyberPeace, and together, let's pave the way towards a safer cyberspace for all.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

CyberPeace Institute: https://cyberpeaceinstitute.org/

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Power of Authentic Connections | An RSA Conference 2024 Conversation with Larry Whiteside Jr. | On Location Coverage with Sean Martin and Marco Ciappelli

9 maj 2024 | 15 min

Guest: Larry Whiteside Jr., Chief Information Security Officer, RegScale [@RegScale]

On LinkedIn | https://www.linkedin.com/in/larrywhitesidejr/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

A Deeper Meaning Beyond Technology

As Sean and Larry delved into their conversation, it became evident that the heart of their discourse was not solely centered around technology but rather on the individuals who drive the industry forward. Larry emphasized that at the core of cybersecurity endeavors are people—people who work tirelessly to protect businesses, societies, and the world at large. Their candid discussion shed light on the essential role of genuine care and mindfulness towards individuals in a tech-driven world.

Mindfulness and Authenticity in Cybersecurity

Larry’s poignant reflections on mindfulness resonated deeply, highlighting the importance of recognizing individuals as whole entities beyond their professional roles. In a fast-paced industry prone to burnout, his emphasis on genuine care for others and maintaining integrity stood out as a beacon of light. The power of authentic connections and the impact of positive actions rippled through Larry’s words, reminding us all of the profound influence we hold in each other's lives.

The Origin of 'Food for Thought'

Larry shared insights into his 'Food for Thought' series, revealing the inspiration behind bringing together a global community of brilliant minds to ponder on intriguing questions. His journey of seeking answers from others, fostering meaningful discussions, and sharing wisdom encapsulates the essence of collaboration and collective growth within the cybersecurity realm. Through his thoughtful videos, Larry extends an invitation to engage in deeper contemplation and exchange of ideas within the community.

Embracing the Power of Connection

As the conversation between Sean and Larry unfolded, it became evident that at the core of cybersecurity lies the profound impact of genuine connections. Beyond the technical intricacies and threat landscapes, it is the human touch, the empathetic gestures, and the authentic interactions that truly define the essence of cybersecurity efforts.

In a world that often prioritizes productivity over empathy, Larry Whiteside Jr.'s message serves as a poignant reminder of the transformative power of authenticity and mindfulness in forging meaningful relationships and creating a positive impact within the cybersecurity community.

This episode show is an honest heartfelt conversation between Sean Martin and Larry Whiteside Jr., offering a glimpse into the profound significance of authentic connections and genuine care within the cybersecurity landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Book: Rinsed | Unveiling the Intersection of Cybercrime and Money Laundering | An RSA Conference 2024 Conversation with Author and Investigative Journalist Geoff White | On Location Coverage with Sean Martin and Marco Ciappelli

9 maj 2024 | 19 min

Guest: Geoff White, Author, Investigative Journalist

On LinkedIn | https://www.linkedin.com/in/geoffwhitetech/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location, Marco Ciappelli and Geoff White dive into a fascinating conversation about the intricate world of cybercrime, investigative journalism, and the dark realms of money laundering. The duo explored the symbiotic relationship between technology, organized crime, and the evolving landscape of digital currencies like Bitcoin and NFTs.

From billion-dollar cyber heists to global money laundering rings and crypto-gangsters – Geoff White has covered it all. As an author, speaker, investigative journalist and podcast creator, his work’s been featured by Penguin, the BBC, Audible, Sky News, The Sunday Times and many more.

His new book for Penguin, Rinsed, reveals how technology has revolutionized money laundering, from drug cartels washing their cash in Bitcoin to organized fraud gangs recruiting money mules on social media.

His first book, Crime Dot Com, covered cybercrime’s emergence as a primal threat to modern society and was published in August 2020 by Reaktion Books. One of the key chapters detailed North Korea’s unlikely emergence as a cyber superpower. It was adapted by the BBC World Service into the hit 10-part podcast series The Lazarus Heist, co-created and co-hosted by Geoff, which immediately ranked number one in the UK Apple chart and within the top 7 in the US.

Marco Ciappelli invited Geoff White to join him on Broadcast Alley at RSA Conference 2024 to unravel the complex web of interconnected crimes and technologies shaping our modern world. Geoff shared insights from his extensive research and experience, shedding light on the hidden layers of organized crime and technological advancements.

From Investigative Journalism to Podcasting

Geoff White discussed his journey from covering technology stories for Channel 4 News to delving deep into cybercrime, highlighting how stories of North Korean hacking and money laundering captured his attention. His work on "The Lazarus Heist" podcast and the subsequent book delves into the astonishing world of cybercrime, where trust between criminals and innovative tactics play a pivotal role.

Unraveling the Mysteries of Money Laundering

In their conversation, Geoff White elaborated on the processes of money laundering, emphasizing the three crucial steps - placement, layering, and integration. He explained how technology has revolutionized the ways in which criminals launder money, leveraging crypto assets like Bitcoin while evading traditional detection methods.

The Rise of Cybercrime and AI

Geoff White addressed the adversarial battle between cybercriminals and security professionals, pointing out the attacker's advantage in exploiting vulnerabilities rather than developing advanced weaponry. He discussed the role of artificial intelligence in spotting suspicious transactions and the cat-and-mouse game between criminals and law enforcement agencies.

A Thought-Provoking Discussion on Ethical Dilemmas

As the conversation turned philosophical, Marco Ciappelli and Geoff White pondered the ethical implications of cybercrime and money laundering in modern society. They touched upon the coexistence of good and evil forces, the necessity of crime prevention, and the ongoing battle between innovation and criminal tactics.

Audience Engagement and Impact

Geoff White highlighted the diverse target audience for his work, encompassing cybersecurity professionals, financial crime experts, and cryptocurrency enthusiasts. By crafting engaging narratives and insightful analyses, Geoff aims to make complex topics like money laundering accessible to a broad readership, inviting them to delve into the dark corners of financial crime.

This dialogue between Marco Ciappelli and Geoff White serves as a poignant reminder of the intricate connections between technology, crime, and societal structures. By bringing these complex topics to light through compelling storytelling and in-depth research, they invite audiences to explore the hidden layers of cybercrime and money laundering, prompting critical reflections on the ethical and practical implications of these phenomena.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

About the Book

Rinsed reveals how organized crooks have joined forces with the world’s most sophisticated cybercriminals. The result: a vast virtual money-laundering machine too intelligent for most authorities to crack. Through a series of jaw-dropping cases and interviews with insiders at all levels of the system, Geoff White shows how thieves are uniting to successfully get away with the most atrocious crimes on an unprecedented scale.

The book follows money from the outrageous luxury of Dubai hotels to sleepy backwaters of coastal Ireland, from the backstreets of Nigeria to the secretive zones of North Korea, to investigate this new cyber supercartel. Through first-hand accounts from the victims of their devastating crimes, White uncovers the extraordinary true story of hi-tech laundering – and exposes its terrible human cost.

'Rinsed is as twisty, colourful and terrifyingly eye-opening as the people White investigates. You’ll never look at wealth, technology and crime in the same way’

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks (Book): https://amzn.to/4ez6ks7

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Passion and Purpose Behind the Aerospace Village | A Broadcast Alley Conversation at RSA Conference 2024 with Steve Luczynski | On Location Coverage with Sean Martin and Marco Ciappelli

9 maj 2024 | 19 min

Guest: Steve Luczynski, Chairman of the Board for the Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/steveluczynski/

On Twitter | https://twitter.com/cyberpilot22

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In a recent conversation between Steve Luczynski and Marco Ciappelli, the essence of the Aerospace Village came to life as they shared their experiences, vision, and passion for cybersecurity in the aviation and space industry.

A Meeting of Minds and Hearts

The conversation between Steve and Marco at Broadcast Alley, during RSA Conference 2024, revealed a deep connection between ITSPmagazine and the mission and vision of the Aerospace Village. Steve's military pilot background and transition into cybersecurity, combined with Marco's genuine curiosity and enthusiasm, set the stage for a rich discussion on the importance of bridging the gap between different sectors and inspiring the next generation of cybersecurity leaders.

The Heartbeat of the Aerospace Village

Steve and Marco's conversation highlighted the core values of the Aerospace Village—building relationships, fostering collaboration between government, private sector, academia, and students, and showcasing the cutting-edge work in aviation cybersecurity. The volunteer-driven effort emphasizes the power of collective intelligence and the impact of sharing knowledge and expertise in a transparent and open manner.

Nurturing Innovation and Education

The Aerospace Village's focus on STEM programs, outreach to schools, and engaging with the broader community demonstrates a commitment to nurturing innovation and education in cybersecurity. By bringing real-world scenarios, like flight simulator vulnerabilities and supply chain risks, to life, the Aerospace Village creates a dynamic learning environment that inspires participants to think critically and creatively about cybersecurity challenges.

Looking Towards the Future

Steve's wishlist of three key aspirations for the Aerospace Village—seeking more help and talent, expanding educational initiatives, and fostering partnerships for secure innovation—reveals a vision rooted in collaboration and growth. The idea of bringing in aviation and space equipment for demonstrations not only ignites curiosity but also showcases the practical applications of cybersecurity in high-stakes environments.

A Call to Action

As a reader, you are invited to join the Aerospace Village in their mission to push the boundaries of cybersecurity in aviation and space. Whether through volunteering your time, sharing your skills, or contributing to their initiatives, you can play a vital role in shaping the future of cybersecurity and inspiring the next generation of cybersecurity professionals.

The Aerospace Village at the RSA Conference represent innovation, education, and collaboration in the realm of aviation and space cybersecurity. Through the dedication and passion of volunteers like Steve and Marco, the Aerospace Village continues to pave the way for a more secure and interconnected future in the aerospace industry.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Art of Possible In the World of Enterprise Storage Solutions | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A Infinidat Story with Bill Basinas

9 maj 2024 | 7 min

7 Minutes Conversation at RSA Conference

As the Senior Director of Product Marketing, Bill Basinas brings a wealth of experience and knowledge as he sits down with Sean Martin for a new episode of "7 Minutes on ITSP Magazine" live from the RSA Conference. Bill shared insights into how Infinidat is redefining the landscape of storage solutions.

Bridging the Gap with InfiniSafe Technology

Bill's discussion shed light on how Infinidat's InfiniSafe technology is leading the industry in cyber resilience and data protection. In a world where cyber attacks are becoming increasingly prevalent, organizations need robust solutions to safeguard their critical data assets. Infinidat's platform not only ensures uninterrupted operations but also builds a bridge between cyber security measures and data storage.

Meeting the Evolving Needs of Customers

In the conversation, Bill highlighted how customers are constantly evolving, moving towards cloud-based solutions, and generating vast amounts of data. In response to these changing dynamics, Infinidat is continuously adapting its strategies to meet the evolving needs of its clientele.

Looking Towards the Future

As the discussion continues, Bill teased upcoming developments at Infinidat, hinting at new announcements that will further revolutionize the industry. With a focus on orchestrating end-to-end data protection and recovery processes, Infinidat is set to unveil groundbreaking solutions that will redefine data security.

Connecting with Infinidat

For those intrigued by Infinidat's cutting-edge technology and commitment to cyber resilience, Bill shared insights on how to connect with the company. Through webinars, live demos, and product demonstrations, individuals can delve deeper into the world of Infinidat and explore the innovative solutions they offer.

This conversation with Bill Basinas provided a fascinating glimpse into the world of enterprise storage solutions and cyber resilience. Infinidat's dedication to pushing boundaries and delivering unmatched customer experiences sets them apart in a competitive industry.

Stay tuned for more updates from Infinidat as they continue to lead the way in secure data storage and cyber resilience.

Learn more about Infinidat: https://itspm.ag/infini3o5d

Note: This story contains promotional content. Learn more.

Guest: Bill Basinas, Sr. Director Product Marketing, Infinidat [@Infinidat]

On LinkedIn | https://www.linkedin.com/in/billbasinas/

Resources

Learn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidat

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Revolutionizing Network Security: How to Strategize the relationship between IT and OT | A Brand Story Conversation From RSA Conference 2024 | A Dispersive Story with Rajiv Pimplaskar | On Location Coverage with Sean Martin and Marco Ciappelli

9 maj 2024 | 21 min

One company at the forefront of redefining IT security is Dispersive, led by the visionary CEO, Rajiv Pimplaskar. In a recent discussion with Sean Martin of ITSP Magazine at the RSA Conference, Rajiv shared insights into Dispersive's cutting-edge approach to network security and how they are revolutionizing the industry.

Unveiling Dispersive's Stealth Networking

At the heart of Dispersive's network security strategy lies the concept of Dispersive Stealth Networking. Rajiv Pimplaskar, with over 25 years of experience in the industry, revealed that Dispersive is a DARPA-incubated network security company with 53 patents granted. Their approach leverages spread spectrum technology from the radio frequency domain to secure cloud and internet communications effectively. By enabling customers to hide in plain sight while ensuring the integrity of their critical systems, Dispersive offers a unique solution in the cybersecurity landscape.

The Evolution of Network Security

Rajiv emphasized the shift from legacy SD WAN solutions to a more cloud-native approach, highlighting the challenges faced by businesses in ensuring security and privacy in today's distributed workforce model. The conversation with Sean shed light on the need for a more resilient and efficient networking infrastructure that can adapt to the evolving demands of modern businesses.

Use Cases and Success Stories

Through real-world examples with customers like Ovzon and Endeavour Energy, Rajiv illustrated how Dispersive's solutions are driving transformation in sectors such as satellite communications and sustainable infrastructure. By providing secure and efficient network connectivity across geographically dispersed assets, Dispersive is empowering organizations to meet the demands of the digital age without compromising on security.

Looking Towards the Future

As the conversation delved deeper into the intricacies of network security, Rajiv expressed optimism for the future of cybersecurity. Embracing principles like zero trust and automated moving target defense, Dispersive aims to stay ahead of the curve in protecting critical assets and resources from evolving cyber threats.

In a rapidly changing digital landscape where cybersecurity is non-negotiable, companies like Dispersive and leaders like Rajiv Pimplaskar are paving the way for a more secure and resilient network infrastructure. By combining innovative technology with a collaborative approach, Dispersive is redefining the art of network security in the digital age.

With Dispersive's disruptive approach to stealth networking, businesses can navigate the digital landscape with confidence, knowing that their critical systems are protected and secure.

Learn more about Dispersive: https://itspm.ag/dispermlwt

Note: This story contains promotional content. Learn more.

Guest: Rajiv Pimplaskar, President & CEO, Dispersive

On LinkedIn | https://www.linkedin.com/in/rajiv1p/

Resources

Learn more and catch more stories from Dispersive: https://www.itspmagazine.com/directory/dispersive

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Is there a Frankenstein's Industry Monster lurking in the shadow at RSAC 2024? | Cybersecurity Chronicles from Broadcast Alley with Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 35 min

Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Evolution of Cybersecurity

The dialogue initiated by Sean, Christina, and Marco shed light on how cybersecurity has matured over the years. From the early days of hacking as a hobby to the current focus on ethical practices, the panelists emphasized the importance of adapting to the changing technological landscape. They discussed how regulations, policies, and laws have played a crucial role in shaping the cybersecurity industry, emphasizing the need for responsible use of technology to prevent it from becoming a monster.

AI and Its Implications

The conversation also touched upon the growing role of Artificial Intelligence (AI) in cybersecurity. While AI has brought about advancements in threat detection and response, there are concerns about privacy and data protection. The panelists emphasized the importance of using AI ethically and responsibly to avoid potential risks associated with its misuse.

Supply Chain Vulnerabilities

A significant portion of the discussion revolved around supply chain vulnerabilities and the interconnected nature of global industries. The experts highlighted the importance of understanding and securing supply chains, particularly in the context of operational technology and manufacturing processes. They stressed the need for resilience and innovation to address evolving cybersecurity threats.

The Human Element in Cybersecurity

Throughout the conversation, the experts reiterated the significance of human connections and collaborations in the cybersecurity domain. They emphasized the need for organizations to invest in education, training, and building strong relationships within the industry to combat cyber threats effectively. The dialogue underscored the essential role of people in securing digital ecosystems and fostering a culture of cybersecurity awareness.

Looking Towards the Future

As the discussion came to a close, Sean, Christina, and Marco expressed optimism about the future of cybersecurity. They discussed upcoming trends such as Generative AI, AI Bill of Materials, and the continued focus on governance, data security, and AI ethics. The experts highlighted the importance of ongoing conversations, collaborations, and innovation in driving the industry forward.

This insightful chat at RSAC 2024 offered valuable perspectives on the current challenges and opportunities in cybersecurity. The experts' nuanced discussions about AI, supply chain vulnerabilities, and human-centric cybersecurity shed light on the complex nature of the digital threat landscape. As we navigate the evolving cybersecurity landscape, collaboration, innovation, and a shared commitment to ethical practices will be key to ensuring a secure digital future.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Empowering Businesses Through IT and Security Transformation | A Brand Story Conversation From RSA Conference 2024 | An Open Systems Story with Tim Roddy | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 20 min

In a world where businesses are constantly evolving and facing new challenges in cybersecurity and IT infrastructure, the importance of collaboration between IT and security teams has never been more critical. At the recent RSA Conference, Sean Martin had the opportunity to sit down with Tim Roddy from Open Systems to talk about the topics of business transformation, IT security, and the necessity of aligning IT and security initiatives for a more secure and efficient operation.

Business and IT Transformation in the Digital Age

The conversation kicked off discussing the challenges that businesses face in a rapidly changing digital landscape. Tim highlighted the need for businesses to adapt to transformations driven by factors like remote work, cloud migrations, and evolving business requirements. With threats constantly looming, the alignment of business processes, IT functions, and security measures becomes paramount to staying ahead of the curve.

Zero Trust Network Access (ZTNA) - A Game-Changer in Connectivity and Security

One of the key topics discussed was the concept of Zero Trust Network Access (ZTNA) and its impact on network security. Tim shed light on the importance of implementing ZTNA to ensure secure and controlled access to critical applications and data. By deploying ZTNA, organizations can limit access to authorized personnel only, thereby reducing the risk of unauthorized access and potential data breaches.

Bridging the Gap Between IT and Security Teams

Tim emphasized the need for organizations to bridge the gap between IT and security teams, especially in smaller enterprises where resources are limited. By offering managed services like SASE (Secure Access Service Edge), Open Systems enables organizations to focus on core business activities while ensuring that IT and security functions are efficiently managed and monitored.

Real-World Use Cases and Success Stories

Throughout the conversation, Tim shared insightful examples of how Open Systems has helped businesses, particularly in the manufacturing sector, enhance their security posture and IT infrastructure. From implementing ZTNA for secure access to critical equipment to transitioning from MPLS to SD WAN for cost efficiency and flexibility, Open Systems has been instrumental in driving IT and security transformations for organizations of all sizes.

Looking Towards a Secure Future

As businesses continue to navigate the complexities of modern cybersecurity challenges, the role of providers like Open Systems in guiding organizations towards a more secure and efficient future becomes increasingly significant. By offering tailored solutions, expert guidance, and proactive monitoring, Open Systems stands as a valuable partner in the journey towards robust IT and security operations.

This conversation with Tim Roddy from Open Systems highlighted the critical need for businesses to prioritize IT and security transformation in today's digital landscape. By embracing collaboration, deploying innovative solutions like ZTNA, and relying on trusted partners for managed services, organizations can navigate the complexities of cybersecurity with confidence and efficiency.

Reach out to Open Systems to learn more about their comprehensive IT and security solutions and embark on a transformative journey towards a more secure and resilient business infrastructure.

Learn more about Open Systems: https://itspm.ag/opensystems-d11

Note: This story contains promotional content. Learn more.

Guest: Tim Roddy, Vice President Marketing, Open Systems [@RealOpenSystems]

On LinkedIn | https://www.linkedin.com/in/troddy/

Resources

Learn more and catch more stories from Open Systems: https://www.itspmagazine.com/directory/open-systems

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Embracing Zero Trust: A Conversation with Object First and Numberline Security | A Brand Story Conversation From RSA Conference 2024 | An Object First Story with Anthony Cusimano and Jason Garbis | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 22 min

Throughout the cybersecurity planet, one term that continues to resonate and shape organizations' security strategies is Zero Trust. At the recent RSA Conference, Sean Martin had the opportunity to sit down with Anthony Cusimano from Object First and Jason Garbis from Numberline Security to talk about Zero Trust and its implications for data security and resilience.

Understanding Zero Trust

Zero Trust is more than just a buzzword; it represents a fundamental shift in how organizations approach security. Anthony and Jason emphasized that Zero Trust is not a one-size-fits-all solution but a strategy that requires a shift in mindset and collaboration across various teams within an organization.

The Role of Data Security in Zero Trust

Data security and resilience play a crucial role in the Zero Trust framework. Jason highlighted the importance of applying Zero Trust principles to backup and recovery processes to ensure the protection and availability of critical data, especially in the face of evolving threats like ransomware.

The Intersection of IT and Security

As organizations navigate the implementation of Zero Trust, the conversation touched on how the boundaries between IT and security are becoming increasingly blurred. The shared responsibility model extends beyond technical aspects to involve finance, operations, and every individual within the organization.

Empowering Organizations with Zero Trust

Both Object First and Numberline Security are at the forefront of helping organizations navigate their Zero Trust journey. Object First's Ootbi product focuses on out-of-the-box immutability to secure backup data effectively, while Numberline Security provides guidance on Zero Trust strategy and readiness assessments.

Taking the First Steps Towards Zero Trust

Starting the Zero Trust journey does not require perfection from the get-go. Jason stressed the importance of focusing on foundational security measures before moving into more complex aspects of Zero Trust, emphasizing the need for a methodical and incremental approach.

Final Thoughts

Embracing Zero Trust is not just about adopting a new security paradigm but about fostering a culture of continuous improvement and security resilience across all facets of an organization. As Anthony and Jason aptly put it, leadership can emerge from any part of the organization, driving the transformation towards a Zero Trust mindset.

In conclusion, the conversation with Object First and Numberline Security sheds light on the multifaceted nature of Zero Trust and underscores the importance of collaboration, resilience, and proactive security measures in today's threat landscape. Embracing Zero Trust is not a choice; it's a necessity in safeguarding the most valuable asset organizations possess—their data.

Stay tuned for more insights and resources from Object First and Numberline Security as they continue to pave the way for organizations embarking on their Zero Trust journey.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guests:

Anthony Cusimano, Director of Technical Marketing, Object First [@object_first]

On LinkedIn | https://www.linkedin.com/in/anthonycusimano89/

Jason Garbis, Founder and CEO, Numberline Security

On LinkedIn | https://www.linkedin.com/in/jasongarbis/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Shaking Up the Security Information and Event Management Market | A Brand Story Conversation From RSA Conference 2024 | An Abstract Security Story with Colby DeRodeff | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 18 min

In the bustling atmosphere of the RSA Conference, a conversation unfolded that shed light on the evolution of cybersecurity and the innovative solutions paving the way for a more efficient and effective approach to data management. Colby DeRodeff, the CEO and co-founder of Abstract Security, shared insights into the journey that led to the creation of a groundbreaking platform designed to transform the way organizations tackle data collection, analysis, and threat detection.

A Walk Down Memory Lane

The dialogue between Colby DeRodeff and Sean Martin at the RSA Conference delved into the history of cybersecurity, reflecting on the shifts from perimeter security to compliance-driven approaches and the emergence of new technologies like XDR. This introspective look highlighted the need for a paradigm shift in cybersecurity strategies to keep pace with the rapidly evolving threat landscape.

Challenges in Traditional Approaches

One of the key challenges discussed was the inefficiency of traditional SIEM solutions, which often resulted in data overload, lack of actionable insights, and hefty costs associated with data storage. Colby emphasized the importance of focusing on outcome-driven data collection and detection scenarios rather than accumulating vast amounts of data with limited value.

The Birth of Abstract Security

The catalyst for Abstract Security stemmed from Colby's experiences in previous companies, where the disconnect between data collection and effective threat detection became glaringly apparent. This realization led to the inception of a platform that prioritizes data relevance, streamlining the process of identifying and responding to security threats efficiently.

Abstract Security's Unique Approach

Abstract Security's modular platform offers a refreshing take on cybersecurity data management, with a focus on tailored data collection, analytics, and storage solutions. By enabling organizations to align data sources with specific detection outcomes, Abstract Security empowers teams to make informed decisions and optimize their cybersecurity strategies.

Seamless Integration with Existing Tech Stack

One of the standout features of Abstract Security is its seamless integration capabilities with existing tech stacks. The platform can complement and enhance current security infrastructure without the need for rip-and-replace, offering a smooth transition towards more effective threat detection and response mechanisms.

Looking Towards the Future

As organizations navigate the complexities of cloud environments and evolving cybersecurity challenges, Abstract Security stands out with fresh innovative ideas and practicality. By reimagining the data management process and emphasizing outcome-driven approaches, Abstract Security is poised to shape the future of cybersecurity operations.

Conclusion

The conversation between Colby DeRodeff and Sean Martin at the RSA Conference not only highlighted the pivotal role of Abstract Security in revolutionizing cybersecurity data management but also underscored the importance of reevaluating traditional approaches in the face of modern threats. With Abstract Security leading the charge towards a more efficient and proactive cybersecurity landscape, organizations have the opportunity to elevate their security posture and stay ahead of emerging cyber risks.

Learn more about Abstract Security: https://itspm.ag/abstractsec-zao

Note: This story contains promotional content. Learn more.

Guest: Colby DeRodeff, CEO and Co-Founder, Abstract Security [@get_abstracted]

On LinkedIn | https://www.linkedin.com/in/colbyderodeff/

Resources

Learn more and catch more stories from Abstract Security: https://www.itspmagazine.com/directory/abstract-security

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

From Data to Defense. Behind the Scenes of the DirectDefense's Threat Report Insights | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Jim Broome | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 21 min

In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.

Uncovering Threat Intelligence Trends

The dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.

From Penetration Testing to Managed Services: DirectDefense's Evolution

Jim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.

The Impact of Threat Actor Behavior on Security Posture

Through real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.

Collaboration and Customized Solutions

Jim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.

Empowering Organizations with Actionable Insights

The blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.

Looking Towards the Future of Cybersecurity

As cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.

The Essence of Collaboration and Expert Guidance

DirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.

DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.

Learn more about DirectDefense: https://itspm.ag/directdef-gs7

Note: This story contains promotional content. Learn more.

Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]

On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/

Resources

Learn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefense

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Presenting The Superhero Product for Browser Security at RSA Conference | A Brand Story Conversation From RSA Conference 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 27 min

As we journey through the ever-evolving landscape of enterprise and individual cybersecurity, it is clear for organizations that is it essential to stay one step ahead of malicious actors looking to exploit vulnerabilities. One such innovative solution, SquareX, has emerged as a superhero product in the market of browser security, providing a dynamic shield against sophisticated cyber threats.

At the recent RSA Conference, the founder and cybersecurity veteran, Vivek Ramachandran, shed light on the mission behind SquareX - to empower enterprises and individuals to be fearless online. The conversation with Sean Martin focuses onto the crucial role of browsers in modern-day cyberattacks and highlighted the challenges organizations face in securing this often overlooked aspect of their IT infrastructure.

Unveiling the Blind Spot in Browser Security

The dialogue between Sean and Vivek underscored the significance of addressing the blind spot that browsers present in the cybersecurity posture of organizations. While traditional security measures such as firewalls and web gateways play a vital role, they often fall short in detecting and mitigating threats originating from the browser.

The Power of Managed Browsers and Browser Extensions

Vivek emphasized the importance of deploying managed browsers as a foundational step towards enhancing visibility and control over browser-based threats. SquareX's browser extension acts as a vigilant guardian, monitoring every tab and window for anomalous activities and potential security risks.

Real-World Impact: Stories from the Field

Vivek shared compelling anecdotes of how SquareX has made a tangible difference in fortifying organizations against cyber threats. From preventing data leakage through unauthorized file uploads to thwarting sophisticated social engineering attacks via malicious documents, SquareX proved its effectiveness in identifying and neutralizing threats that evaded traditional security measures.

Elevating Browser Security with Cutting-Edge Technology

SquareX's innovative approach to browser security leverages AI vision and in-browser macro analysis to detect and block malicious activities in real-time. By providing detailed visibility into browser-based threats and streamlining post-incident forensics, SquareX equips organizations with the tools needed to proactively defend against evolving cyber threats.

The Path to Enhanced Cyber Resilience

In conclusion, the discussion between Sean Martin and Vivek Ramachandran encapsulates the essence of proactive cybersecurity measures in today's threat landscape. By embracing solutions like SquareX and prioritizing browser security, organizations can bolster their cyber resilience and safeguard their digital assets against sophisticated adversaries.

As we navigate the digital frontier, the importance of browser security cannot be overstated. With SquareX leading the charge as a superhero product of cybersecurity, organizations can embark on a journey towards a more secure and resilient future online.

Cheers to the new hero!

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/vivekramachandran/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Navigating the Future of AI Governance with LogicGate | A Brand Story Conversation From RSA Conference 2024 | A LogicGate Story with Matt Kunkel and Nick Kathmann | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 21 min

The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.

Unveiling the Experts

Moderated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.

The CISO Perspective

Nick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.

Demystifying AI Governance

As the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.

The LogicGate Solution

Matt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate’s platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.

Looking Towards the Future

The conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.

In Closing

This episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.

As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.

Learn more about LogicGate: https://itspm.ag/logicgate-92d6bc

Note: This story contains promotional content. Learn more.

Guests:

Matt Kunkel, CEO at LogicGate [@LogicGate]

On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/

Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]

On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/

Resources

Learn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgate

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Innovations in Cybersecurity and Threat Intelligence Solutions | A Brand Story Conversation From RSA Conference 2024 | A MITRE Story with Jon Baker | On Location Coverage with Sean Martin and Marco Ciappelli

8 maj 2024 | 20 min

The cybersecurity landscape is ever-evolving, and staying ahead of threats requires constant innovation and collaboration. At the recent RSA Conference, industry experts gathered to discuss the latest trends and advancements in the field. One of the On Location Coverage with Sean Martin and Marco Ciappelli was the insightful conversation between Sean and Jon Baker, shedding light on the groundbreaking work being done at MITRE's Center for Threat Informed Defense.

The Art of Possible: A Glimpse into RSA Conference 2024

The RSA Conference provided a platform for cybersecurity professionals to come together and discuss pressing issues in the industry. Sean Martin and Jon Baker's conversation touched upon the theme of this year's conference, "The Art of Possible." This theme resonated with the audience as they delved into the dynamic nature of cybersecurity and the need for continual learning and growth.

MITRE: A Beacon of Innovation in Cybersecurity

Jon Baker, Director of the Center for Threat Informed Defense at MITRE, shared insights into the organization's rich history and its mission to solve problems for a safer world. With a focus on advancing threat informed defense globally, MITRE has been a driving force behind initiatives like the ATT&CK framework and the CVE program.

Collaborative Research and Development at MITRE

One of the key pillars of MITRE's work is collaborative research and development. Through projects like the Technique Inference Engine and Summoning the Pyramid, MITRE is pushing the boundaries of what is possible in cybersecurity. These projects not only aim to enhance detection capabilities but also empower security teams to proactively defend against threats.

Engaging the Community: How You Can Get Involved

The Center for Threat Informed Defense encourages active participation from the cybersecurity community. By leveraging resources like the Top Attack Technique Calculator and M3TID, organizations can enhance their threat intelligence capabilities and improve their defenses. MITRE also hosts global events and training sessions to promote awareness and facilitate knowledge sharing.

Join the Movement: Embracing Innovation in Cybersecurity

As the cybersecurity landscape continues to evolve, embracing innovation is key to staying ahead of cyber threats. MITRE's Center for Threat Informed Defense offers a roadmap for organizations looking to enhance their security posture and adapt to the changing threat landscape. By getting involved, providing feedback, and leveraging the tools and resources available, organizations can contribute to a safer and more secure digital ecosystem.

Closing Thoughts

The conversation between Sean Martin and Jon Baker at the RSA Conference highlighted the critical role of collaboration and innovation in cybersecurity. MITRE's Center for Threat Informed Defense is at the forefront of driving impactful research and development efforts that benefit the entire cybersecurity community. By embracing the spirit of continual learning and advancement, organizations can strengthen their defenses and create a more resilient cybersecurity posture.

Stay tuned for more insights and updates from MITRE's Center for Threat Informed Defense and join the movement towards a safer digital world.

Learn more about MITRE:https://itspm.ag/mitre-eng24

Note: This story contains promotional content. Learn more.

Guest: Jon Baker, Director , Center for Threat-Informed Defense, MITRE [@MITREcorp]

On LinkedIn | https://www.linkedin.com/in/jonathanobaker/

Resources

Learn more and catch more stories from MITRE: https://www.itspmagazine.com/directory/mitre

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Navigating the World of Operational Technology and Cybersecurity | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Chris Walcutt | On Location Coverage with Sean Martin and Marco Ciappelli

7 maj 2024 | 28 min

In a recent episode recorded live at the RSA Conference, an insightful discussion unfolded between Sean Martin and Chris Walcutt on the intersection of operational technology (OT) and cybersecurity. The conversation look into the challenges, insights, and best practices surrounding these vital areas of technology. Let's dive deeper into the key takeaways from this engaging dialogue.

Bridging the Gap Between IT and OT

Chris emphasized the importance of collaboration between IT and OT teams, highlighting the need for mutual understanding and cooperation. By fostering communication and building trust, organizations can navigate the complexities of integrating IT and OT systems effectively.

Understanding Critical Infrastructure

One of the key insights shared by Chris revolved around the critical nature of infrastructure, particularly in sectors such as energy, water, and manufacturing. The emphasis on resilience-based risk assessments and the need to comprehensively evaluate vulnerabilities underscored the importance of proactive cybersecurity measures.

The Purdue Model and Practical Approaches

Chris shed light on the Purdue model, a framework often referenced in the OT space. While acknowledging its value, he emphasized the need for practical implementations tailored to individual environments. Simplifying zones and focusing on critical operational aspects can enhance security without compromising system performance.

Fostering Resilience through Collaboration

The conversation underscored the significance of resilience in cybersecurity efforts. By fostering collaboration, implementing tailored security measures, and leveraging expertise across IT and OT domains, organizations can bolster their resilience to cyber threats effectively.

Procurement as a Strategic Ally

An insightful recommendation from Chris highlighted the role of procurement as a strategic ally in the cybersecurity landscape. Educating procurement teams on the specific needs of OT systems and integrating cybersecurity requirements into vendor contracts can fortify defense mechanisms and mitigate risks.

The dialogue between Sean Martin and Chris Walcutt offered a comprehensive glimpse into the dynamic realm of operational technology and cybersecurity. By emphasizing collaboration, risk assessment, and strategic partnerships, organizations can navigate the evolving cybersecurity landscape with resilience and adaptability.

The insights shared in this conversation serve as a valuable resource for IT and OT professionals seeking to enhance their cybersecurity practices and fortify critical infrastructure against potential threats. Embracing a proactive and collaborative approach can pave the way for a more secure and resilient technological ecosystem.

Learn more about DirectDefense: https://itspm.ag/directdef-gs7

Note: This story contains promotional content. Learn more.

Guest: Chris Walcutt, Chief Security Officer at DirectDefense [@Direct_Defense]

On LinkedIn | https://www.linkedin.com/in/christopher-walcutt-cism-cissp-45a6631/

Resources

Learn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefense

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Unveiling the World of Bad Bots: Insights from Imperva's 11th Edition Report | A Brand Story Conversation From RSA Conference 2024 | An Imperva Story with Erez Hasson | On Location Coverage with Sean Martin and Marco Ciappelli

7 maj 2024 | 22 min

The world of cybersecurity never ceases to amaze with its intricacies and challenges. One of the ongoing battles that organizations face is the constant threat posed by bad bots infiltrating the digital landscape. In a recent interview with Sean Martin and Erez Hasson from Imperva, key insights from the 11th edition of the Bad Bot Report were unveiled, shedding light on the evolving nature of automated traffic and the impact it has on various industries.

Unraveling the Bad Bot Landscape

The conversation kicks off with Sean Martin introducing the topic of bad bots and the significance of Imperva's Bad Bot Report in providing insights into the world of automated traffic. Erez Hasson, a senior product marketing manager at Imperva, dives into the details of the 11th edition report, which is based on a staggering 6 trillion blocked bad bot requests processed by the Imperva network over the past year.

Delving into Key Statistics

Erez Hasson elaborates on the critical statistics highlighted in the report, such as the percentage breakdown of automated traffic into bad bots and good bots. The report categorizes bad bots based on their sophistication levels, ranging from simple to advanced (evasive), emphasizing the need for robust bot management strategies to combat sophisticated attacks.

Industry Insights and Use Cases

The conversation shifts towards exploring the impact of bad bots across different industries, with a focus on sectors such as Law, Government, Travel, Airlines, Retail, and Financial Services. Erez emphasizes the need for organizations to understand the sophistication level of bot attacks targeting their industry to effectively mitigate risks and safeguard their digital assets.

Transforming Data into Action

Sean Martin underscores the importance of translating the insights from the Bad Bot Report into actionable strategies for organizations. By leveraging the educational content provided in the report, companies can enhance their understanding of bot-related challenges and tailor their security programs to address potential threats effectively.

AI's Role in Bot Evolution

The discussion moves into the intersection of artificial intelligence (AI) and bot activity, highlighting the increased use of AI-driven attacks, including credential stuffing attacks orchestrated through AI algorithms. The evolving landscape of automated traffic poses challenges for organizations, necessitating a proactive approach to mitigate risks associated with bot-driven activities.

Safeguarding Against Bot Abuse

The conversation touches upon the misuse of bots targeting AI interfaces, leading to increased operational costs for organizations. Additionally, the resurgence of debates around the legality of web scraping underscores the complex nature of combating bot-related activities and protecting proprietary content from illicit scraping practices.

Conclusion

As the conversation draws to a close, a call to action is extended to readers to delve into the insights provided by Imperva's Bad Bot Report and equip themselves with the knowledge needed to combat bot threats effectively. The collaboration between security teams, leadership, and practitioners is essential in implementing robust bot management strategies to safeguard against evolving cyber threats.

By understanding bad bots and automated traffic, organizations can bolster their cybersecurity defenses and stay ahead of malicious actors looking to exploit digital vulnerabilities. The insights shared in Imperva's 11th edition report serve as the base of awareness, guiding organizations towards a more secure digital future.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Erez Hasson, Product Marketing Manager at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/erezh/

Resources

Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Embracing the Art of Possible | A Brand Story Conversation From RSA Conference 2024 | An Imperva Story with Nanhi Singh | On Location Coverage with Sean Martin and Marco Ciappelli

7 maj 2024 | 21 min

In the buzzing atmosphere of the RSA conference in San Francisco, key players in the cybersecurity industry gathered to discuss the evolving landscape of technology and data security. Among them was Nanhi Singh, the General Manager for the application security business of Imperva, who shared insights on how organizations are redefining cybersecurity to achieve better business outcomes.

Embracing Technology for Business Success

The theme of this year's conference, "The Art of Possible," resonated with Nahnhi Singh as she highlighted the shifting perspectives of executives and organizations towards leveraging technology and cybersecurity to drive business growth. In a conversation with Sean Martin, host of the Redefining Cybersecurity podcast on ITSP magazine, Nanhi discussed the critical role of CIOs and CISOs in not only securing digital experiences but also enabling business innovations.

Navigating the Complexities of Application Environments

As organizations embark on their digital transformation journeys, the complexities of modern application environments come to the forefront. Nanhi emphasized the prevalence of APIs in connecting various systems and the challenges of securing these connections amidst cloud migrations and hybrid infrastructures. Imperva's API security solutions were highlighted as essential tools in providing visibility and protection against potential threats.

Addressing Concerns of API-Driven Attacks

The conversation delved into the rising concern of API-driven attacks, with Nanhi underscoring the importance of identifying and mitigating threats posed by advanced bots targeting organizations across different industries. By leveraging Imperva's advanced bot protection solutions and a comprehensive security portfolio, organizations can fortify their defenses against evolving cyber threats.

Empowering Organizations with Comprehensive Security Solutions

With the recent acquisition of Imperva by Thales, Nanhi Singh showcased the combined strength of their security offerings, encompassing application security, API security, advanced bot protection, data security, encryption, key management, and identity and access management solutions. This holistic approach enables organizations to protect their data and applications across diverse environments and technologies.

Driving Operational Efficiency and Focus

In a landscape where security teams are stretched thin and faced with cost constraints, Imperva's solutions aim to enhance operational efficiency and empower teams to concentrate on strategic security initiatives. By automating security controls and collaborating closely with customers to mitigate threats, Imperva ensures that organizations can operate securely and effectively in a rapidly evolving digital ecosystem.

Securing Applications Anywhere

As applications are deployed across multiple cloud providers and environments, the need to secure them anywhere becomes paramount. Imperva's commitment to safeguarding applications and APIs regardless of their deployment location reinforces the idea that security should be intrinsic to every aspect of an organization's digital infrastructure.

Conclusion

The engaging dialogue between Nanhi Singh and Sean Martin offered valuable insights into the current cybersecurity landscape and the imperative for organizations to adapt proactively to emerging threats. By embracing the art of what is possible in cybersecurity, businesses can not only safeguard their digital assets but also unlock new opportunities for growth and innovation. Imperva's comprehensive security solutions stand as a beacon of trust and efficacy in an ever-evolving cybersecurity landscape.

Stay tuned for more insightful conversations and updates from Imperva at the RSA Conference, and continue following our coverage to stay abreast of the latest trends and developments in cybersecurity.

Thank you for joining us in this exploration of cybersecurity and business resilience.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Nanhi Singh, Chief Customer Officer and GM Application Security at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371

On Twitter | https://twitter.com/NanhiSingh14

Resources

Learn more and catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Embracing Data-Centric Security | A Brand Story Conversation From RSA Conference 2024 | A Seclore Story with Vishal Gupta | On Location Coverage with Sean Martin and Marco Ciappelli

7 maj 2024 | 13 min

Amidst the buzzing atmosphere of RSA Conference 2024, Sean Martin, host an On Location Brand Story With ITSPmagazine, engages in a thought-provoking discussion with Vishal Gupta, co-founder of Seclore. The theme of this year's conference, the Art of Possible, sets the stage for a conversation that unravels the critical role of data in driving business innovation and success.

Protecting Data in the New Technological Landscape

Vishal Gupta sheds light on the importance of ensuring that security and collaboration align seamlessly, emphasizing that CISOs and security teams must work in harmony to foster a secure yet conducive business environment. In a world where data sprawls across diverse platforms and devices, the focus on data protection emerges as a paramount necessity to mitigate risks and safeguard critical assets.

Shifting from Infrastructure to Data Protection

The dialogue navigates towards a fundamental shift from traditional infrastructure protection to data-centric security. Gupta highlights the challenges that arise when enterprises grapple with securing an ever-expanding volume of data across varied networks, devices, and applications. The conversation underscores the significance of transitioning towards a data-centric approach to address the inherent vulnerabilities in contemporary cybersecurity frameworks.

Enabling Secure Data Collaboration with Seclore

By introducing the innovative concept of embedding security, privacy, and compliance directly into the data itself, Seclore revolutionizes the paradigm of data sharing and collaboration. Gupta elucidates how organizations can enforce personalized security policies, regulate data access, and monitor data interactions in real-time to prevent unauthorized usage and ensure data integrity.

Navigating the Path to Data-Centric Security

As enterprises embark on the journey towards data-centric security, Gupta emphasizes the importance of meticulous planning and strategic implementation. By focusing on targeted use cases and achieving early wins, organizations can gradually scale their data protection initiatives and cultivate a culture of data-centricity within their operations.

The enriching discussion between Sean Martin and Vishal Gupta showcases the transformative potential of data-centric security solutions in the realm of cybersecurity. For further insights and collaboration opportunities with Seclore, connect with them on LinkedIn, on their website, or meet them at upcoming industry events.

Learn more about Seclore: https://itspm.ag/seclore-km6r

Note: This story contains promotional content. Learn more.

Guest: Vishal Gupta, CEO, Seclore [@secloretech]

On LinkedIn | https://www.linkedin.com/in/jiguptaji/

Resources

Learn more and catch more stories from Seclore: https://www.itspmagazine.com/directory/seclore

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Redefining Cybersecurity by Unlocking Government and Startup Collaboration While Enhancing Software Supply Chain Visibility | A Conversation with Melissa Oh and Anil John | Redefining CyberSecurity with Sean Martin

6 maj 2024 | 33 min

Guests:

Melissa Oh, Managing Director, Silicon Valley Innovation Program (SVIP), DHS Science & Technology Directorate [@DHSgov]

On LinkedIn | https://www.linkedin.com/in/melissa-oh/

Anil John, Technical Director, Silicon Valley Innovation Program (SVIP), DHS Science & Technology Directorate [@DHSgov]

On LinkedIn | https://www.linkedin.com/in/aniljohn/

On Twitter | https://twitter.com/aniltj

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

This new episode of the 'Redefining Cybersecurity' podcast features a thought-provoking discussion on software development, supply chain security, and the innovative initiatives of the Silicon Valley Innovation Program (SVIP). The conversation was led by host Sean Martin, with insights from distinguished guests Melissa Oh, Managing Director at the Department of Homeland Security Science and Technology Directorate, and Anil John, Technical Director of the Silicon Valley Innovation Program.

Melissa Oh shared her extensive experience in public service and the innovative approach of the Silicon Valley Innovation Program in identifying emerging technology companies. Her background in Silicon Valley and dedication to solving DHS's pain points through collaboration with startups underscored the program’s mission of fostering innovation in the government sector.

Anil John, a public interest technologist, provided valuable insights into bridging the gap between the government and the startup community. His role in translating government needs into actionable solutions highlighted the importance of leveraging global talent to address local challenges and drive technological advancements in the public sector.

The discussion explored the Silicon Valley Innovation Program's unique selection process for startups, focusing on building products that have broad utility and can be readily adopted. The success story of the protobom project transitioning into an open-source tool exemplified the program's commitment to nurturing innovative solutions with real-world applications.

The significance of Software Bill of Materials (SBOM) in enhancing software supply chain visibility was emphasized, with a call to action for organizations to prioritize its inclusion in software development processes. By driving awareness and adoption of SBOM, the SVIP is empowering security leaders to enhance software security and visualization in the development pipeline.

Security leaders were encouraged to explore tools and technologies that enhance software security and visualization in the development pipeline. A call to action was made to participate in the SVIP demo week to learn about innovative solutions and capabilities and to drive the adoption of SBOM within organizations.

Key Questions Addressed

How does the Silicon Valley Innovation Program (SVIP) bridge the gap between government needs and startup innovations in cybersecurity?
What role does the Software Bill of Materials (SBOM) play in enhancing software supply chain security?
How can organizations, both public and private, benefit from the innovative solutions developed through the SVIP for software supply chain visibility?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

SVIP Demo Week 2024: https://www.dhs.gov/science-and-technology/svip-demo-week-2024

S&T at RSA Conference 2024: https://www.dhs.gov/science-and-technology/st-rsa

SVIP & CISA: Enhancing Software Security with SBOMs: https://www.youtube.com/watch?v=sNjVQaK5QW4

Protobom Project: https://openssf.org/press-release/2024/04/16/cisa-dhs-st-and-openssf-announce-global-launch-of-software-supply-chain-open-source-project/

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Simplifying Identity Management in 2024: A Deep Dive into Latest Research about IT and the Role of MSPs | A JumpCloud Brand Story with Chase Doelling

6 maj 2024 | 39 min

In an enlightening discussion on ITSP Magazine, Sean Martin, a seasoned voice in the technology space, dives into the evolving realm of identity management with Chase Doelling, Principal Strategist at JumpCloud. This conversation sheds light on the operational challenges organizations face in today's complex digital landscapes and how identity management stands at the core of addressing these issues. Below, we unpack the essentials of this dialogue, offering insights into identity management's current state, its implications for businesses, and how JumpCloud is pioneering solutions to streamline and secure identity management.

The Evolution of Identity Management and Its Current Challenges

The conversation begins with an exploration of the journey to the present state of identity management, particularly in the context of hybrid cloud environments. Sean and Chase navigate the history and complexities that have led to the current landscape, emphasizing how identity management has become central to enabling business operations, securing revenue, protecting against cyber threats, and facilitating growth.

Chase Doelling articulates the paradox of identity management: when it's functioning seamlessly, it's virtually invisible to organizations, yet it's fundamental to the operational, security, and business continuity of any organization. The discussion highlights how the COVID-19 pandemic has accelerated the shift toward remote work, intensifying the focus on identity management as organizations navigate the challenges of a global, hybrid workforce.

The Integral Role of Identity in Modern Organizations

The conversation shifts to how identity management, viewed as the hub around which all tech solutions revolve, has evolved. Over the years, the perception of identity management has oscillated between being a centerpiece and receding into the backdrop. However, with increasing cybersecurity threats and the adoption of multi-cloud environments, identity management is now more crucial than ever.

Doelling vividly illustrates the concept of identity being at the core of operational enablement, drawing parallels to how it grants access and interconnectivity within the organizational ecosystem. This section of the dialogue underscores the critical nature of identity management in enabling access to resources, ensuring security, and fostering operational efficiency.

JumpCloud's Role in Shaping the Future of Identity Management

As the discussion unfolds, the spotlight turns to JumpCloud and its innovative approach to identity management. Sean Martin probes into how JumpCloud's solutions are designed to address the multifaceted challenges businesses face today. Chase Doelling provides a comprehensive overview of JumpCloud's role in redefining identity management, detailing how their platform aids organizations in overcoming operational hurdles through seamless identity and access management across cloud environments.

JumpCloud's solution is presented as a robust platform that integrates digital identity management with device management, offering a unified approach to secure access across various applications and systems. This integration is crucial for enabling passwordless access, simplifying onboarding and offboarding processes, and enhancing overall security posture.

Evolving with Identity Management: Insights and Future Directions

In concluding the conversation, Doelling emphasizes the importance of a proactive and curious mindset towards identity management. He encourages organizations to re-evaluate their approach to identity management, considering its central role in ensuring operational resilience, security, and scalability. The discussion ends with a forward-looking perspective, highlighting the need for organizations to adapt and evolve with the trends in identity management to stay competitive and secure in the digital age.

This insightful episode with Chase Doelling not only highlights the critical role of identity management in today's digital landscape but also showcases how JumpCloud is at the forefront of innovating solutions that enable businesses to navigate the complexities of modern IT environments. As organizations continue to face evolving challenges, adopting a cohesive and integrated approach to identity management will be key to ensuring operational efficiency, security, and business growth in 2024 and beyond.

Note: This story contains promotional content. Learn more.

Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud]

On LinkedIn | https://www.linkedin.com/in/chasedoelling/

Resources

Learn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7z

Catch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloud

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Smashing the Stack; All Good Things | Exploring Software Lifecycles from Secure By Design to End of Life | An RSA Conference 2024 Conversation with Allan Friedman and Bob Lord | On Location Coverage with Sean Martin and Marco Ciappelli

5 maj 2024 | 33 min

Guests:

Allan Friedman, Senior Advisor and Strategist, Cybersecurity and Infrastructure Security Agency (CISA) [@CISAgov]

On LinkedIn | https://www.linkedin.com/in/allanafriedman/

At RSAC | https://www.rsaconference.com/experts/allan-friedman

Bob Lord, Senior Technical Advisor, Cybersecurity and Infrastructure Security Agency (CISA) [@CISAgov]

On LinkedIn | https://www.linkedin.com/in/lordbob/

On Twitter | https://twitter.com/boblord

At RSAC | https://www.rsaconference.com/experts/Bob%20Lord

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this new On Location episode, Sean Martin hosted a conversation with Allan Friedman and Bob Lord from the Cyber Security and Infrastructure Security Agency (CISA) as part of the Chats on the Road to the RSA Conference series. The discussion centered around key topics such as securing software by design, navigating the intricacies of managing end-of-life (EOL) software, and emphasizing the crucial role of transparency in the software supply chain.

Allan Friedman, a vocal advocate for the Software Bill of Materials (SBOM) — he has the t-shirt to prove it! — explored the increasing competitiveness of getting accepted to speak at renowned conferences like RSA, reflecting the growing awareness and urgency around cybersecurity topics. His upcoming RSA presentation is set to delve into the looming challenge of end-of-life and end-of-support software—a topic that, while not new, demands innovative technical and policy-level responses to mitigate emerging threats effectively.

Bob Lord's discussion highlighted an area often overlooked yet critical for software security: memory safety. By sharing his experiences and underscoring the prevalence of vulnerabilities traced back to memory safety issues, Lord emphasized the necessity for developers and companies to adopt a more proactive and transparent approach in their software development practices. This call to action is not just about developing new solutions but also about ensuring that existing software is resilient against current and future threats.

One of the key takeaways from this episode is the imperative of transparency in the software supply chain. As Friedman notes, the path to a more secure digital infrastructure lies in the ability to have clear visibility into the software components businesses rely on—including their age, vulnerabilities, and update requirements. This clarity is essential not only for building trust between software manufacturers and their customers but also for enabling a proactive stance on cybersecurity, which can significantly reduce the risks associated with outdated or unsupported software.

Moreover, the conversation underscored the evolutionary nature of cybersecurity. As threats evolve, so too must our strategies and tools to combat them. The dialogue between Martin, Friedman, and Lord brought to light the importance of continuous learning, adaptation, and collaboration within the cybersecurity community to address these ongoing challenges.

The episode represents a microcosm of the larger conversations happening within the fields of cybersecurity and software development. As we move forward, the insights shared by Allan Friedman and Bob Lord remind us of the critical importance of design security, comprehensive policies, and, above all, the need for a collective belief in the possibility of creating safer software solutions for the future.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Smashing the Stack: Let’s Make It Less Fun And Unprofitable!: https://www.rsaconference.com/USA/agenda/session/Smashing%20the%20Stack%20Lets%20Make%20It%20Less%20Fun%20And%20Unprofitable

All Good Things: End of Life and End of Support in Policy and Practice: https://www.rsaconference.com/USA/agenda/session/All%20Good%20Things%20End%20of%20Life%20and%20End%20of%20Support%20in%20Policy%20and%20Practice

Unforgivable Vulnerabilities: https://cwe.mitre.org/documents/unforgivable_vulns/unforgivable.pdf

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unveiling the Cybersecurity Revolution for Small and Medium-Sized Enterprises (SMEs) | A Brand Story Conversation From RSA Conference 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

3 maj 2024 | 22 min

Unveiling the Origin Story

In a recent brand story episode, Sean Martin and Marco Ciappelli engaged in a compelling conversation with Dror Liwer, shedding light on the inception of CORO. Dror's background as a former CIO of the Israeli military police paved the way for the founding of Coro in 2014, with a mission to bridge the gap in cybersecurity solutions for mid-market companies and small businesses.

Solving Real-World Challenges

While the cybersecurity industry often overlooks the needs of mid-market companies and small businesses, CORO identified a critical deficiency in the market. By providing a comprehensive platform with a "power of one" approach, CORO offers a simplified yet effective solution to address the unique cybersecurity challenges faced by these organizations.

Empowering with Affordable Protection

CORO's modular approach allows businesses to tailor their cybersecurity strategy based on their specific needs, without the burden of unnecessary complexities. With affordable pricing and automated cybersecurity tasks, CORO ensures that even organizations with limited budgets and resources can benefit from robust protection.

Tailored Solutions for Every Industry

Recognizing the diverse needs of different sectors, CORO offers specialized suites for industries like education and automotive. By securing both staff and students in educational environments, CORO's tailored solutions demonstrate a commitment to protecting vital institutions against cyber threats.

Partnering for Success

With a strong channel-centric approach, CORO collaborates closely with partners to deliver personalized support and education. From onboarding processes to managed detection and response services, CORO empowers organizations to navigate their cybersecurity journey with confidence.

The Path Ahead: RSA Conference and Beyond

As CORO continues its mission to revolutionize cybersecurity, Dror Liwer's upcoming engagements at the RSA Conference underscore the company's commitment to sharing knowledge and driving industry advancements. Through deeper dive discussions, use cases, and real-world outcomes, CORO aims to showcase the tangible benefits of their solutions.

Stay Tuned for Chapter Two

With an exciting chapter ahead, listeners are encouraged to follow CORO's journey and explore the transformative impact of their cybersecurity solutions. Whether in person at events like the RSA Conference or through online resources, the opportunity to connect with Dror Liwer and the CORO team remains open for all interested parties.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Easily Answer the Questions Fundamental to a Modern Organization’s Security and Resilience | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A Mitiga Story with Ariel Parnes

2 maj 2024 | 7 min

Today organizations have a large part of their environment outside of their control. They have authentication, email, data, code—some organizations have the majority of their most important assets in cloud and SaaS applications. And yet the security team does not have effective tooling to investigate across this surface.

So when a complex breach unfolds, an organization can find themselves scrambling. Why?

The first problem is cloud scale. The amount of telemetry that is produced daily across this surface is extraordinary. The security tooling a team would use is not appropriate for the sheer volume of data that needs to be collected.

The second problem is cloud complexity. Correlating cloud data into contextual alerts and insights that teams can act on is a massive task that requires deep understanding of each environment—which leads into the third problem:

Most teams lack cloud expertise—and the DevOps teams they often turn to for cloud knowledge lack security expertise. Nobody is holding all the cards when it comes to detecting, investigating and responding to threats.

We have spent years building a comprehensive solution that addresses the challenges facing modern SOC teams and the transforming enterprises they're tasked with securing. It distills our knowledge to elevate their cloud security capacity and capabilities. So the now SecOps can have broad visibility across clouds and SaaS—because our solution harvests all the needed telemetry and stores it for years for a minimal cost.

When an incident happens, they can easily answer the questions that are fundamental to a modern organization’s security and resilience: Did anyone get in? Where did they go? What did they do while inside? What did they take? —because our Cloud Attack Scenario Library filled with the latest intelligence to root out cloud and SaaS threats.

And they'll possess the speed of Mitiga's automation—to dramatically accelerate detection, investigation and response—minimizing impact.

With Mitiga, the SOC is well equipped to deal with cloud threats.

Learn more about Mitiga: https://itspm.ag/mitiga-5zz

Note: This story contains promotional content. Learn more.

Guest: Ariel Parnes, COO and Co-Founder at Mitiga

On LinkedIn | https://www.linkedin.com/in/arielparnes/

On Twitter | https://twitter.com/arielparnes

Resources

Learn more and catch more stories from Mitiga: https://www.itspmagazine.com/directory/mitiga

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Evolution to Highly Reliable, Highly Performant Workload IAM | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | An Aembit Story with Apurva Davé

2 maj 2024 | 7 min

Aembit is the first Workload Identity and Access Management Platform. It discovers, enforces, and audits workload access. By using native identities and short-lived credentials, we eliminate the need for secrets scanning and credential rotation. We let your teams focus on building your software, without worrying about sharing API keys or misusing vaults. An Aembit access policy enforces authorized access in three steps: First, Aembit cryptographically verifies workload identity, and validates access rights. This works for the most complex environments like an AWS serverless app accessing Snowflake or Salesforce. Second, Aembit implements workload Zero Trust by adding conditional access. For example, Aembit can check CrowdStrike or Wiz posture assessment before authorizing access. Finally, Aembit issues access credentials. Aembit automatically injects short-lived credentials into requests with no burdensome code changes required by the dev team.

The benefits of using Aembit include significant time savings and reduced complexity. This allows engineering teams to move faster in building software and APIs that help companies automate more and build great products. From a security standpoint, Aembit also mitigates a growing attack surface (workload credential compromise) by allowing companies to go secretless using short-lived dynamic access credentials, as opposed to long lived tokens. There's no more credential reuse across multiple workloads. They can also enable Zero Trust conditional access for workload access. If the workload isn't being actively managed by their cloud security tool, it shouldn't get access. And with Aembit, they now have a highly compliant automated system of record to keep track of every workload requesting access, which is huge for audit and compliance requirements.

Learn more about Aembit: https://itspm.ag/aembit-1oq

Note: This story contains promotional content. Learn more.

Guest: Apurva Davé, CMO at Aembit [@aembit_io]

On LinkedIn | https://www.linkedin.com/in/apurvadave/

On Twitter | https://twitter.com/ApurvaBDave

Resources

Learn more and catch more stories from Aembit: https://www.itspmagazine.com/directory/aembit

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Predictive Risk, Data Integrity and the Role of Large Language Models in Cybersecurity | An RSA Conference 2024 Conversation With Edna Conway and Andrea Little Limbago | On Location Coverage with Sean Martin and Marco Ciappelli

2 maj 2024 | 33 min

Guests:

Edna Conway, CEO, EMC ADVISORS

On LinkedIn | https://www.linkedin.com/in/ednaconway

On Twitter | https://twitter.com/Edna_Conway

At RSAC | https://www.rsaconference.com/experts/edna-conway

Andrea Little Limbago, Senior Vice President, Research & Analysis, Interos

On LinkedIn | https://www.linkedin.com/in/andrea-little-limbago/

At RSAC | https://www.rsaconference.com/experts/andrea-little-limbago

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The dialogues in this insightful episode touch upon the evolving landscape of AI technology, particularly focusing on the adoption of large language models (LLMs) and their implications for predictive risk analysis. The speakers shed light on the need for a comprehensive framework that combines algorithmic advancements with robust policy guardrails to ensure the accurate and secure utilization of AI models.

One of the key takeaways from the conversation is the emphasis on the critical role of data scientists and engineers in leveraging AI technologies effectively. While AI models can enhance productivity and streamline workflows, human expertise remains paramount in validating data, identifying potential risks, and steering decision-making processes in the right direction.

The discussion also discuss the challenges posed by data integrity, potential attack vectors targeting AI systems, and the importance of implementing safeguards to protect against data leaks and malicious manipulations. The speakers stress the significance of maintaining stringent guardrails to uphold data accuracy and mitigate the negative impacts of erroneous information inputs.

Moreover, the episode explores the intersection of AI technology with military and diplomatic decision-making processes, highlighting the complex nature of forecasting risks and making informed strategic moves in response to evolving scenarios. The speakers reflect on the probabilistic nature of risk analysis and underscore the need for continuous refinement and insight generation to enhance predictive capabilities.

As the conversation unfolds, the panelists bring to light the nuances of AI utilization in different domains, from supply chain management to national security, underscoring the importance of tailored approaches and domain-specific expertise in maximizing the benefits of AI technologies.

In conclusion, the episode encapsulates the dynamic interplay between human intelligence and AI advancements, urging for a holistic approach towards integrating AI tools while upholding data integrity, security, and accuracy in predictive risk analysis.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Getting to True Predictive Risk: Will Data Accuracy Thwart AI’s Potential?: https://www.rsaconference.com/USA/agenda/session/Getting%20to%20True%20Predictive%20Risk%20Will%20Data%20Accuracy%20Thwart%20AIs%20Potential

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Five Most Dangerous New Attack Techniques You Need to Know About | An RSA Conference 2024 Conversation With Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich | On Location Coverage with Sean Martin and Marco Ciappelli

2 maj 2024 | 30 min

Guests:

Ed Skoudis, President at SANS Technology Institute [@SANS_EDU]

On LinkedIn | https://www.linkedin.com/in/edskoudis/

At RSAC | https://www.rsaconference.com/experts/ed-skoudis

Heather Mahalik Barnhart, Faculty Fellow & DFIR Curriculum Lead at SANS, Sr Dir of Community Engagement at Cellebrite [@Cellebrite]

On LinkedIn | https://www.linkedin.com/in/heather-mahalik-cellebrite/

On Twitter | https://twitter.com/HeatherMahalik

At RSAC | https://www.rsaconference.com/experts/heather-mahalik

Johannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]

On LinkedIn | https://www.linkedin.com/in/johannesullrich/

On Twitter | https://twitter.com/sans_isc

On Mastodon | https://infosec.exchange/@jullrich

At RSAC | https://www.rsaconference.com/experts/johannes-ullrich

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this new episode of the On Location Podcast with Sean and Marco, listeners were treated to an in-depth preview of the RSA Conference SANS Keynote, featuring engaging dialogues with industry luminaries Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich. Each brought to the fore their unique perspectives and expertise, providing a fascinating glimpse into the current state and future direction of cybersecurity.

Ed Skoudis, President of the SANS Technology Institute College, stands at the forefront of cybersecurity education, guiding the future of the field through his leadership and vision. As moderator of the RSA Conference keynote panel, Skoudis emphasized the panel's history and its focus on burgeoning cybersecurity threats and innovations. His dual role as a SANS fellow and the founder of CounterHack challenges underscores a commitment to practical, real-world applications of cybersecurity knowledge.

Heather Mahalik Barnhart brings a wealth of experience as the Curriculum Lead at SANS and a Senior Director of Community Engagement at Celebrite. Her expertise in mobile threats and digital intelligence is pivotal in an era where mobile devices are ubiquitous. Barnhart's focus on the escalation of mobile security threats underscores the critical need for continuous vigilance and advanced protective measures in cybersecurity practices.

Johannes Ullrich, Dean of Research for the SANS Technology Institute College, brings his profound insights into web application security to the discussion. His leadership at the Internet Storm Center provides him with a unique vantage point on the latest cyber threats and defensive strategies. Ullrich's work exemplifies the essential nature of forward-looking research in developing effective cybersecurity defenses.

The conversation highlights not just individual achievements but also the collective effort of the panel to address current cyber threats while preparing for future challenges. The keynote panelists discussed their approach to selecting topics that not only resonate with current issues but also anticipate future threats. This proactive approach is a testament to their deep understanding of the cybersecurity landscape and their commitment to equipping professionals with the knowledge to stay one step ahead.

Terrence Williams, a new addition to the panel and a notable figure in cloud security from Amazon, and Steve Sims, an authority on offensive security curriculum at SANS, were also mentioned as key contributors to the upcoming keynote session. Their inclusion promises to bring fresh insights and a broader perspective to the discussions, enriching the discourse on cybersecurity's most pressing and complex issues.

Key Questions Addressed

How does SANS choose the five topics for the RSA Conference SANS Keynote?
What are the key cybersecurity trends and threats for the future?
How can individuals and organizations mitigate these identified threats?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

The Five Most Dangerous New Attack Techniques You Need to Know About: https://www.rsaconference.com/Library/presentation/USA/2024/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unveiling the Future of Cybersecurity From A Venture Capital Investors as we approach the beginning of RSA Conference 2024 | An RSA Conference 2024 Conversation With Dave DeWalt | On Location Coverage with Sean Martin and Marco Ciappelli

2 maj 2024 | 35 min

Guest: Dave DeWalt, Founder & CEO, NightDragon [@nightdragon]

On LinkedIn | https://www.linkedin.com/in/ddewalt/

At RSAC | https://www.rsaconference.com/experts/dave-dewalt

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Navigating the Cybersecurity Horizon: Anticipating RSA Conference 2024

In a thoughtfully pre-event episode, seasoned cybersecurity expert Dave DeWalt share the microphone with Sean Martin and Marco Ciappelli to set the stage for an in-depth exploration of the dynamic cybersecurity landscape anticipating what will be RSA Conference 2024. Their engaging conversation with Dave DeWalt, a titan in the cybersecurity investment space, unveils an intricate web of challenges and pioneering solutions that are at the forefront of the battle against digital threats.

Venture Capital's Role in Shaping Cybersecurity's Future

DeWalt, with his profound experience and insights, brings into focus the critical role of venture capital in steering the future of cybersecurity. Highlighting the importance of strategic investments and partnerships, he underscores the necessity for a specialized approach—akin to that seen in fintech and biotech ventures—towards fostering security-oriented technological advancements. By casting a spotlight on venture capital, the discussion emphasizes its pivotal role in incubating innovations that promise to redefine cyber defense mechanisms.

The Confluence of Electronic Warfare and Cyber Strategies

A particularly compelling segment of their conversation veers into the impending intersection of electronic warfare and cyber strategies. As cyber threats evolve, DeWalt predicts a paradigm shift where hacking transcends conventional malware attacks, venturing into the realm of radio frequency (RF) based tactics. This speculative yet insightful projection hints at a future where cybersecurity and electronic warfare converge, illustrating the urgent need for adaptive and forward-thinking defensive measures.

Securing the Software Supply Chain

Another focal point of the discussion revolves around the vital necessity of securing the software supply chain—a challenge magnified by recent high-profile breaches. The conversation delves into the strategic importance of a secure-by-design philosophy, propelling a proactive approach to safeguarding the integrity of software infrastructures against insidious threats. This segment highlights the ongoing evolution of cybersecurity strategies to protect the digital backbone of global commerce and communication.

Strengthening Public-Private Partnerships and Global Cooperation

In addressing the complexities of cybersecurity, the dialogue sheds light on the essentiality of robust public-private partnerships and global cooperation. With cyber threats recognizing no borders, the collective action of governments, private entities, and tech conglomerates is underscored as a sine qua non for a comprehensive defense strategy. This united front, as envisioned by cybersecurity leaders, signifies a beacon of hope in the arduous journey towards securing cyberspace.

Conclusion: A Call to Arms

As the RSA Conference 2024 approaches, this pre-event episode serves as a clarion call to the global cybersecurity community. It beckons industry stalwarts, innovators, policymakers, and practitioners to converge, collaborate, and collectively navigate the tempestuous seas of digital threats. Through enlightening conversations and shared wisdom, the path to a more secure digital future becomes clearer, guiding the collective quest for resilience against the ever-evolving landscape of cyber threats.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Ensuring Intelligence, National Security in a Rapidly Changing Technology World: https://www.rsaconference.com/USA/agenda/session/Ensuring%20Intelligence%20National%20Security%20in%20a%20Rapidly%20Changing%20Technology%20World

CSAC: https://www.cisa.gov/news-events/news/director-easterly-announces-new-members-join-cisas-cybersecurity-advisory-committee

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Deception Is on the Rise, But Is It Time to Unleash Engagement Operations? | An RSA Conference 2024 Conversation With Ondrej Nekovar and Jan Pohl | On Location Coverage with Sean Martin and Marco Ciappelli

1 maj 2024 | 24 min

Aligning Safety with Business Strategy to Enable Operational Reliability | 7 Minutes on ITSPmagazine with Rock Lambros | A Short Brand Innovation Story By Rock Cyber

1 maj 2024 | 7 min

Sometimes organizations know they need to do something to improve their cybersecurity posture … or, in some cases, something more, something different. They know there is a disconnect between cybersecurity and the business — they just don’t know how to get started or transition to get the best results, given their unique environments and operating processes. What’s truly innovative about RockCyber’s cybersecurity assessments is how they intertwine cybersecurity strategies directly with business alignment and outcomes. This is not just about securing IT assets; it's about shaping cybersecurity as a strategic advantage that supports overall business goals. The service is tailored for organizations that need a cybersecurity approach that is not only robust but also aligned with their business objectives, enhancing both security and business performance.

This approach solves the key problem of the disconnect between cybersecurity practices and business objectives, which many companies struggle with. The RockCyber vCISO and cybersecurity assessment services are particularly valuable for organizations where security must be a driver of cyber resiliency and growth, not just a protective measure.

Let’s talk about how this changes the future for our customers. Traditionally, cybersecurity has often been a siloed IT function, reactive and disconnected from core business functions. RockCyber’s assessments transform this by integrating cybersecurity with business strategy, making it a cornerstone of business planning and execution.

Imagine a before scenario where a company's cybersecurity efforts are technically adequate but not aligned with the strategic business initiatives, leading to inefficiencies and missed opportunities. After a RockCyber assessment, this company strengthens its security and aligns its cybersecurity strategy with business objectives, ensuring that every security investment directly supports business growth and resilience.

With the assessment in place, RockCyber clients typically lean in on the virtual CISO services where the RockCyber team can take the knowledge we have in the field — both figuratively and literally — to establish a strategy that will begin the process of maturity and lead the organization down a path of cyber sustainability.

For example, with one recent oil and gas client, the cybersecurity program the RockCyber created not only reduces cyber risk and improves the ability of the organization to handle and manage a potential cyber incident, but it aligns directly with the organization’s key objectives:

Maintain operating reliability
Drive positive impact on revenue and profit
Ensure digital and physical safety

To achieve this, the team at RockCyber kept the big business picture in mind while focusing on breaking down the problem into smaller projects that be accomplished successfully, building on the past to continue to improve the future.

The RockCyber cybersecurity assessment and vCISO services provide the following benefits:

Establish a business-aligned strategic vision while bringing the skills, experience, and technology needed to execute tactically.
Helping the organization to identify key challenges in security operations, staffing, training, execution, and communication and to help them overcome these challenges with confidence, giving them peace of mind to know we are there by their side every step of the way.

Rock invites you all to connect with him via LinkedIn where you can find some of his musings on this topic and so many more. If you have questions about getting started and/or transforming your program in a meaningful way, you can reach out to Rock and the team directly at [email protected].

Learn more about RockCyber: https://itspm.ag/rockcyber-3gq7

Note: This story contains promotional content. Learn more.

Guest: Rock Lambros

CEO and founder of RockCyber [@RockCyberLLC]

On LinkedIn | https://www.linkedin.com/in/rocklambros/

On Twitter | https://twitter.com/rocklambros

Resources

Learn more and catch more stories from RockCyber: https://www.itspmagazine.com/directory/rockcyber

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Critical Need for CISO-CIO Synergy in Cybersecurity and Business Leadership | CISO Circuit Series: Episode 4 with Betsy Bevilacqua | Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

1 maj 2024 | 53 min

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests:

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

Betsy Bevilacqua, Co-Founder and Business Strategy Lead, Tabiri Analytics [@tabirianalytics]

On LinkedIn | https://www.linkedin.com/in/betsybevilacqua/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

The latest episode of the CISO Circuit Series, part of the Redefining CyberSecurity Podcast on ITSPmagazine, brought together prominent figures in the cybersecurity industry, Michael Piacente, co-founder of Hitch Partners, and special guest Betsy Bevilacqua, a seasoned security professional with a rich background in both operational and information security realms. The discussion, led by Sean Martin, took a drive through the evolving world of cybersecurity within businesses and the intricate relationship between the CIO and CSO/CISO roles.

The episode kicked off with Michael Piacente sharing insights into the convergence of the CIO and CISO functions, emphasizing the unique challenges and opportunities this blend presents. The evolution of these roles reflects broader changes within companies, influenced by industry, size, and the maturity of their cybersecurity journey. Following, Betsy Bevilacqua offered a deeply personal account of her career trajectory, which traversed diverse sectors—from her early days in the data center and help desk roles to leadership positions at eBay, Facebook, and her entrepreneurial ventures. Bevilacqua’s narrative underscored the multifaceted nature of cybersecurity work, highlighting its essential role in enabling businesses to expand safely and successfully.

The conversation also touched on the crucial, yet often overlooked, partnership between CIOs and CISOs/CSOs. Betsy illustrated this with examples from her career, explaining how strategic alignment and collaboration between these roles are pivotal in safeguarding a company's digital assets while supporting its growth objectives. Whether in a startup or a large corporation, the synergy between IT operations and security strategy paves the way for innovation and efficient risk management.

Lastly, the dialogue also turned towards future directions in cybersecurity. Both guests agreed on the importance of listening, adaptability, and the human element in navigating the complexities of today's digital landscape. As businesses continue to grapple with emerging threats and the integration of new technologies, the role of cybersecurity leadership is ever more critical.

This episode of the Redefining CyberSecurity Podcast not only highlights the professional journeys and insights of Michael Piacente and Betsy Bevilacqua but also sheds light on the broader implications of cybersecurity in business strategy and operations. Furthermore, it underscores the need for open dialogue, cross-functional collaboration, and forward-thinking leadership in tackling the cybersecurity challenges of tomorrow.

Key Questions Addressed

How does the convergence of CIO and CISO roles affect business strategy and cybersecurity practices?
What operational and cultural challenges do cybersecurity leaders face in their organizations?
How can businesses effectively scale cybersecurity practices in response to rapid growth and technological advancements?

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Automated Behavioral Fingerprinting: The Key to Cloud Security | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A RAD Security Story with Brooke Motta

30 april 2024 | 7 min

When you are only looking for malicious indicators, you will NEVER get security teams in control of the rapidly evolving threats to their organizations. When Brooke Motta's co-founder, Jimmy Mesta, was a security architect, and consulting companies on Kubernetes security at the very start of containerization, he witnessed a paradigm shift to defining your environment in a declarative way, through code. He decided to apply this paradigm shift toward a positive security model.

To this end, RAD Security was born. RAD Security creates fingerprints of known good behavior and notifies on drift from that behavior. RAD Security have built fingerprints for cloud native workloads, identities, and infrastructure to detect attacks through meaningful drift that signifies attacker behavior. RAD Security have also built a real-time posture model that can accept the data from our drift engine, so teams can constantly refine their shift-left efforts with the best data possible. By necessity, RAD Security have the first runtime agent that would automate the creation of these behavioral fingerprints.

Today, teams use RAD Security’s industry-first positive security model for their zero trust initiatives, posture management for cloud native infrastructure, and detection of zero days in runtime. RAD Security's mission is to empower engineering and security teams to push boundaries, build technology and drive innovation so they can focus on growth versus security problems. In today’s environment, attackers are more versed in cloud native security than security teams.

RAD Security removes the blind spots of legacy tools, closing the gap for prioritization and remediation in cloud native infrastructure. To learn more, meet with Brooke Motta and her RAD Security co-founder Jimmy Mesta at the Innovation Sandbox on Monday, May 6th, where they will be participating in the pitch contest.

Learn more about RAD Security: https://itspm.ag/radsec-l33tz

Note: This story contains promotional content. Learn more.

Guest: Brooke Motta, CEO and Co-Founder of RAD Security [@RADSecurity_]

On LinkedIn | https://www.linkedin.com/in/brookemotta/

On Twitter | https://twitter.com/brookelynz1

Resources

RAD Security Blog: https://itspm.ag/radsec-477a54

Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Women Empowering the Cybersecurity Industry - Insights from Infosecurity Europe with Keynote Stephanie Hare | An On Location Coverage Conversation with Sean Martin and Marco Ciappelli

30 april 2024 | 26 min

Guest: Stephanie Hare, Researcher, Broadcaster, Author

On LinkedIn | https://www.linkedin.com/in/stephaniehare/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Unveiling Pre-Event Conversations: Women in Cybersecurity

Set against the vibrant backdrop of Infosecurity Europe in London, the initial episode of the Infosecurity Europe Coverage by On Location With Marco and Sean features a compelling dialogue with Stephanie Hare. A distinguished researcher and author, Stephanie navigates the intricate interplay of technology ethics within the cybersecurity sphere.

Navigating the Cyber World: Stephanie Hare's Journey

Stephanie Hare shares her insights, stressing the importance of expanding the cybersecurity talent pool. Her extensive involvement in research, broadcasting, and writing showcases the varied avenues through which one can significantly impact the industry.

Bridging the Diversity Gap: Challenges and Solutions

The discussion delves into the persistent diversity hurdles that the cybersecurity industry faces. Stephanie points out the essential role of inclusive perspectives in driving innovation and resilience against cybersecurity threats. The conversation emphasizes the strategic necessity for organizations to adopt inclusivity and diversity within their teams.

Empowering Through Knowledge: The Role of Education

Highlighting the power of education, Stephanie advocates for the dissemination of knowledge and empowerment, especially among the youth and those transitioning into cybersecurity from non-traditional backgrounds. Her vision promotes a more inclusive and dynamic sector.

Looking Ahead: Infosecurity Europe and Beyond

The episode transitions to the upcoming activities at Infosecurity Europe, focusing on women's contributions to cybersecurity and the importance of inclusivity in the sector. As the event approaches, participants look forward to engaging with transformative insights and discussions spearheaded by leaders like Stephanie Hare.

Conclusion

This blog post, through Stephanie Hare's expert perspectives, captures the essence of the crucial discussions at Infosecurity Europe, spotlighting the pivotal role of women in shaping a more inclusive and robust cybersecurity industry.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Women in Cybersecurity Keynote: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219367.women-in-cybersecurity.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Infosecurity Europe 2024 Coverage Countdown and Insights with Sean and Marco | An On Location Coverage Conversation with Event Director Nicole Mills and Conference Manager Victoria Aitken

30 april 2024 | 24 min

Guests:

Nicole Mills, Exhibition Director at Infosecurity Europe [@Infosecurity]

On LinkedIn | https://www.linkedin.com/in/nicolemmills/

Victoria Aitken, Conference Manager at Infosecurity Europe [@Infosecurity]

On LinkedIn | https://www.linkedin.com/in/vickyaitken/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Starting the Countdown with Sean and Marco

In a lively conversation, Sean and Marco discuss the anticipation leading up to Infosecurity Europe, sharing intriguing insights and predictions about the event. From favorite places to true stories, their dynamic exchange sets the tone for an exciting journey ahead.

Meeting the Industry Leaders

Nicole Mills and Victoria Aitken, from Infosecurity Europe, shed light on their roles and the evolution of the event over the years. With Nicole as the event director and Victoria as the conference manager, their expertise fuels the growth and success of this premier cybersecurity gathering.

Unveiling the Theme: Rethink the Power of Security

Dive into the core theme of this year's event, "Rethink the Power of Security," as Nicole elaborates on the strategic vision behind the theme. Explore how this concept drives the conference program, bringing together top-notch speakers, workshops, and exhibitors to shape the future of cybersecurity.

Innovation Unleashed: Showcasing Tomorrow's Tech

Discover the innovative showcases and startup zones that highlight cutting-edge technologies and solutions. From the Discovery Zone to the Startup Zone, experience a glimpse into the future of cybersecurity through a lens of creativity, entrepreneurship, and disruptive innovation.

Keynotes and Conversations: A Deep Dive

Get a sneak peek into the lineup of keynote speakers and their thought-provoking talks. From AI experts to industry leaders like Claire Williams from F1, the keynote stage promises a rich tapestry of discussions on trust, crisis management, and the power of collaboration in the cybersecurity landscape.

Empowering Women in Cyber

Stephanie Hare headlines a special afternoon dedicated to women in cybersecurity, emphasizing diversity, inclusion, and allyship in the industry. Learn how Infosecurity Europe champions gender equality and amplifies the voices of women professionals shaping the future of cybersecurity.

Looking Ahead: Tomorrow's Topics

Explore the new stage "Tomorrow's Topics," focusing on channel insights and the evolving trends in the cybersecurity domain. Discover how Infosecurity Europe stays ahead of the curve by embracing fresh perspectives, diverse voices, and transformative ideas in the ever-evolving cybersecurity landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unpacking Data Privacy and AI Ethics at RSA Conference 2024 | An RSA Conference 2024 Conversation With Anu Talus | On Location Coverage with Sean Martin and Marco Ciappelli

27 april 2024 | 23 min

Guest: Anu Talus, Head of the Office of the Information Commissioner (TSV), and Chair of the European Data Protection Board (EDPB) [@EU_EDPB]

On LinkedIn | https://www.linkedin.com/in/anu-talus-657a892/

At RSAC | https://www.rsaconference.com/experts/Anu%20Talus

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The latest episode of the On Location podcast, hosted by Sean Martin and Marco Ciappelli, provided a deep dive into the crucial topics of data privacy and AI ethics, featuring an enlightening discussion with Anu Talus, the Finnish Data Protection Ombudsman. The conversation explored the intersection of GDPR, the AI Act, and the ethical considerations surrounding artificial intelligence.

The Role of Anu Talus: Protecting Data Privacy in Europe

Anu Talus, the Finnish Data Protection Ombudsman and chair of the European Data Protection Board, shed light on the dual role she holds in safeguarding data privacy across Europe. With a comprehensive overview of the GDPR and its application in the new reality of AI, Talus emphasized the importance of a harmonized approach to data protection legislation.

Unveiling the Complexity: AI Act and GDPR Interconnection

The discussion with Talus goes deep into the intricate interplay between the AI Act and GDPR, highlighting the essential role of the GDPR in regulating the processing of personal data in AI applications. The conversation underscored the need for a consistent and comprehensive enforcement mechanism to ensure the protection of individuals' privacy rights.

Navigating Ethical Dilemmas: Balancing Innovation and Risk

Ethical considerations in AI governance were a focal point of the conversation, with a deliberate exploration of the challenges posed by emerging technologies like deepfakes and misinformation. Talus emphasized the significance of conducting thorough risk assessments to strike a balance between innovation and ethical usage of AI.

Bridging Stakeholders: Collaboration for Effective Legislation

The episode highlighted the importance of stakeholder engagement in the legislative process, emphasizing the need for diverse perspectives to inform effective policymaking. Talus underscored the value of collaborative efforts among researchers, policymakers, and industry innovators in shaping meaningful and enforceable regulations.

Looking Ahead: Insights and Experiences from RSA Conference 2024

As Anu Talus prepared to participate in a panel on AI Governance and Ethics at the RSA Conference, the podcast provided a glimpse into the anticipated discussions around data privacy, AI ethics, and legislative perspectives. The panel promised a robust dialogue with industry experts and privacy advocates, offering attendees a wealth of insights to carry forward.

Join the Conversation: A Call to Action for Data Privacy Advocates

The episode concluded with a call to action for listeners to engage with the evolving landscape of data privacy and AI ethics. Encouraging attendance at the RSA Conference panel, Sean Martin and Marco Ciappelli emphasized the importance of continued dialogue and collaboration in shaping a secure and ethically-driven AI ecosystem.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

AI Governance & Ethics: A Discussion with the Big Players: https://www.rsaconference.com/USA/agenda/session/AI%20Governance%20%20Ethics%20A%20Discussion%20with%20the%20Big%20Players

EDPB: https://www.edpb.europa.eu/edpb_en

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Blackjack and Breaches: History of Ransomware on the Casino Industry | An RSA Conference 2024 Conversation With Tennisha Martin and Aleise McGowan | On Location Coverage with Sean Martin and Marco Ciappelli

26 april 2024 | 26 min

Guests:

Tennisha Martin, Executive Director and Chairwoman at BlackGirlsHack [@blackgirlshack]

On LinkedIn | https://linkedin.com/in/tennisha

At RSAC | https://www.rsaconference.com/experts/Tennisha%20Martin

Aleise McGowan, Chief Information Security Officer, BlackGirlsHack [@blackgirlshack]

On LinkedIn | https://www.linkedin.com/in/aleisemcgowan/

At RSAC | https://www.rsaconference.com/experts/Aleise%20McGowan

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The upcoming Blackjack and Breaches RSA Cconference talk featuring Tennisha Martin, a seasoned cybersecurity specialist, and Aleise McGowan, a renowned data breach investigator, promises to be an enlightening exploration of cybersecurity challenges, data breach trends, and the specific risks that casinos face.

Tennisha Martin, with her extensive background in cybersecurity strategy and risk management, is anticipated to share insights on the evolving cyber threats landscape and the crucial strategies organizations, including casinos, can implement to fortify their defenses. Aleise McGowan, known for her expertise in forensic analysis and incident response, is poised to delve into the intricacies of data breach investigations, highlighting the unique challenges that casinos encounter in safeguarding sensitive information and maintaining robust casino security measures.

The forthcoming presentation by Tennisha Martin and Aleise McGowan is aimed at shedding light on the importance of collaborative approaches in cybersecurity, particularly in industries like casinos where the risks can be heightened. Their combined insights and experiences are expected to underscore the significance of proactive cybersecurity practices and strategic incident response protocols tailored to the casino environment.

As we look forward to the Blackjack and Breaches RSA Conference session with Tennisha Martin and Aleise McGowan, the anticipation of their expertise and knowledge sharing, including insights on casino security risks, sets the stage for a compelling dialogue on cybersecurity best practices and the imperative for organizations, including casinos, to prioritize data security. Stay tuned for an insightful exploration of cybersecurity resilience and data breach mitigation strategies and to hear what Marco thinks about potential jail time.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Blackjack and Breaches: History of Ransomware on the Casino Industry: https://www.rsaconference.com/USA/agenda/session/Blackjack%20and%20Breaches%20History%20of%20Ransomware%20on%20the%20Casino%20Industry

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Leading the Charge to Fortify Web Browsing Security | A Brand Story Conversation From RSA Conference 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli

25 april 2024 | 21 min

Vivek Ramachandran, a cybersecurity luminary with over two decades of experience, embarked on a transformative journey from developer to esteemed security researcher. His relentless pursuit of innovation led to the creation of SquareX, a pioneering cybersecurity company redefining secure web browsing.

Vivek's journey epitomizes a shift towards innovative and proactive cybersecurity measures. With a keen eye for detecting vulnerabilities and a passion for safeguarding corporate assets, he envisioned a solution that transcends traditional security paradigms. SquareX stands as a testament to Vivek's commitment to fortifying online defenses against sophisticated cyber threats.

By providing real-time attack detection and comprehensive insights, SquareX empowers organizations to fortify their web browsing environment effectively. Vivek's team's innovations address the critical gap in existing security measures, offering a holistic approach to threat mitigation. With a focus on user-centric protection and robust defense mechanisms, SquareX champions a new era of cybersecurity resilience. Vivek's visionary leadership positions SquareX as a trailblazer in secure browsing solutions.

As SquareX continues to make strides in the cybersecurity arena, Vivek's story serves as an inspiration for budding innovators and security enthusiasts while providing much-needed confidence for business and security leaders looking to protect their business assets.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/vivekramachandran/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Redefining Solutions Architecture: Cybersecurity as a Catalyst for Business Innovation | A Conversation with Steve Orrin | Redefining CyberSecurity with Sean Martin

25 april 2024 | 55 min

Guest: Steve Orrin, Federal CTO, Intel Corporation [@intel]

On LinkedIn | https://www.linkedin.com/in/sorrin/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, host Sean Martin is joined by Steve Orrin, Federal Chief Technology Officer at Intel Corporation, to delve into the intricacies of solutions architecture within the cybersecurity realm. The discussion bridges the often-separate worlds of business architecture and infrastructure with security architecture and infrastructure, arguing that these elements are fundamentally intertwined.

Steve Orrin shares his extensive background in cybersecurity, highlighting his journey from leading multiple security startups to his current role at Intel, where he focuses on integrating technology to enhance government and enterprise systems. His experience underscores the importance of developing innovative security solutions that not only address current problems but anticipate future challenges.

A central theme of the conversation is the concept of operationalizing cybersecurity measures to ensure they are effective and manageable. Orrin emphasizes the need for solutions that are not overly complex or burdensome, which can lead to them being unused or ineffective. This point segues into an exploration of the evolution of mainframe systems to today's distributed computing environments. Orrin and Martin discuss how lessons from the past can inform current practices, particularly in creating resilient and secure systems.

Further, the dialogue covers the potential for cybersecurity practices to catalyze business innovation. Rather than viewing security measures solely as a risk management tool, Orrin posits that proactive security planning can enable new business capabilities and efficiencies. This perspective is elaborated through examples, such as leveraging cloud services and multi-factor authentication to improve business scalability and resilience.

Lastly, the conversation touches on the broader implications of fostering a security-aware culture within organizations. By aligning security objectives with business goals and embracing a proactive approach to cybersecurity, Orrin suggests that companies can not only protect against threats but also unlock new growth opportunities. Listeners are left with a comprehensive overview of how integrating cybersecurity into solution architecture can not only mitigate risks but also drive business innovation and efficiency.

Key Questions Addressed

How can integrating cybersecurity into solution architecture drive business innovation and growth?
In what ways can lessons from the past, like mainframe security, inform current cybersecurity practices to create more resilient systems?
How does operationalizing cybersecurity measures contribute to enhanced efficiency and scalability within organizations?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

New Research Reveals Five New Trends for Cyber Resilience | A Brand Story Conversation From RSA Conference 2024 | An AT&T Cybersecurity Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco Ciappelli

24 april 2024 | 19 min

The upcoming thought leadership research set to be announced at the RSA Conference which will be presented by Theresa Lanowitz, the Head of Cybersecurity Evangelism at AT&T Cybersecurity, promises to dive into critical aspects of cyber resilience, providing actionable advice for organizations to enhance their cybersecurity strategies. AT&T Cybersecurity aims to empower businesses of all sizes to strengthen their security posture and embrace a proactive approach to cyber resilience through the insights delivered through their upcoming thought leadership report for 2024.

As organizations navigate the complex cybersecurity landscape, the focus on cyber resilience becomes paramount. The thought leadership report intends to prompt discussions within organizations, urging them to reevaluate their cybersecurity strategies and resilience efforts. By sharing insights and trends in cybersecurity, the report aims to equip businesses with the tools needed to enhance their security practices.

The interconnected nature of the supply chain, both physical and software-based, presents challenges and opportunities for businesses of all sizes. Assessing the security posture of vendors and partners is crucial in mitigating cyber threats and ensuring a robust cybersecurity framework within organizations. The thought leadership report from AT&T Cybersecurity seeks to guide organizations in fortifying their security posture and navigating the ever-evolving threat landscape effectively.

Be sure to connect with the Theresa and the rest of the AT&T Cybersecurity team during the RSA Conference. You can learn more and find them by visiting: https://itspm.ag/att-cy4nk3

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Cybersecurity [@attcyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

At RSAC | https://www.rsaconference.com/experts/Theresa%20Lanowitz

Resources

Learn more and catch more stories from AT&T Cybersecurity: https://www.itspmagazine.com/directory/att-cybersecurity

The Possibilities, Risks, and Rewards of Cyber Tech Convergence: https://www.rsaconference.com/usa/agenda/session/The-Possibilities-Risks-and-Rewards-of-Cyber-Tech-Convergence

New Research Reveals Five New Trends for Cyber Resilience: https://www.rsaconference.com/USA/agenda/session/New%20Research%20Reveals%20Five%20New%20Trends%20for%20Cyber%20Resilience

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Cybersecurity's Next Legal and Policy Frontier: AI, the Software Supply Chain, Software Liability | An RSA Conference 2024 Conversation With Jim Dempsey and Jacob DePriest | On Location Coverage with Sean Martin and Marco Ciappelli

24 april 2024 | 33 min

Guests:

Jim Dempsey, Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance [@FSIStanford]; Lecturer, UC Berkeley Law School [@BerkeleyLaw]

On LinkedIn | https://www.linkedin.com/in/james-dempsey-8a10a623/

At RSAC | https://www.rsaconference.com/experts/James%20Dempsey

Jacob DePriest, VP, Deputy Chief Security Officer, GitHub [@github]

On LinkedIn | https://www.linkedin.com/in/jacobdepriest/

At RSAC | https://www.rsaconference.com/experts/Jacob%20DePriest

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this new episode of On Location with Sean and Marco, the hosts, Sean Martin and Marco Ciappelli, dive into the intricate world of software supply chain challenges and the dynamic interplay of AI and cybersecurity. Joining the conversation are two distinguished guests: Jim Dempsey, a lecturer at UC Berkeley Law School and Senior Policy Advisor at the Stanford program on geopolitics, technology, and governance, and Jacob DePriest, Deputy Chief Security Officer at GitHub.

The episode kicks off with a vibrant discussion on the achievements of Jim and Jacob, who have both been accepted to speak at the RSA Conference, highlighting their significant contributions to the cybersecurity field. Jim Dempsey introduces his perspective from a legal and regulatory standpoint, emphasizing the importance of understanding the legal frameworks surrounding cybersecurity and his efforts to demystify this complex landscape through his published work.

Sean Martin skillfully navigates the conversation towards the juxtaposition of AI technology within the domain of software supply chain risks, probing into the potential benefits and dangers that AI presents for both attackers and defenders. Jacob DePriest provides a nuanced view of the software supply chain, emphasizing the multifaceted components, from development and deployment to the inherent risks posed by threat actors actively seeking exploitation opportunities.

A significant portion of the episode is dedicated to exploring the notion of software liability, with Jim Dempsey offering a thought-provoking analogy of constructing an airplane mid-flight to capture the evolving nature of technology and cybersecurity. He shares insights into the current legal debates surrounding software liability and the potential for legislative action to incentivize the creation of more secure software products.

Marco Ciappelli and Sean Martin deliberate on the implications of placing accountability on developers and the broader industry to enhance cyber hygiene as a societal norm. They underscore the vital role of collaboration across various stakeholders in addressing cybersecurity challenges.

As the discussion draws to a close, the episode previews the upcoming RSA Conference talks by Jim and Jacob, promising engaging sessions on the legal and policy frontiers of cybersecurity and the evolving landscape of AI and software supply chain management. The hosts encourage listeners to engage further with these critical topics at the conference, highlighting the importance of these discussions in shaping the future of cybersecurity and technology.

Top Questions Addressed

How is AI influencing the cybersecurity landscape?
What are the legal implications of software liability?
How can the software supply chain be secured against emerging cyber threats?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Cybersecurity’s Next Legal and Policy Frontier: Software Liability: https://www.rsaconference.com/usa/agenda/session/Cybersecuritys%20Next%20Legal%20and%20Policy%20Frontier%20Software%20Liability

AI, the Software Supply Chain, and Other (Not So) Puzzling Pieces: https://www.rsaconference.com/usa/agenda/session/AI%20the%20Software%20Supply%20Chain%20and%20Other%20Not%20So%20Puzzling%20Pieces

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin

23 april 2024 | 50 min

Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]

On LinkedIn | https://www.linkedin.com/in/mccartypaul/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.

Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.

A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.

The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.

Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.

Key Questions Addressed

What does red teaming the software supply chain mean and why is it important?
How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?
What role do containers play across different stages of the software supply chain, and how do they impact security?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

4 hour training at CrikeyCon March 23rd: https://crikeycon.com/workshops/

All day training at Adelaide BSides May 16th: https://bsidesadelaide.com.au/agenda-training

Presenting at BrisSEC: https://aisasecuritydays.com.au/brissec-program

Visualizing the Software Supply Chain: https://github.com/SecureStackCo/visualizing-software-supply-chain

VBP Framework: https://gitlab.com/pmccarty/vbp

CrikeyCon - Workshop: Red Teaming the Software Supply Chain: https://crikeycon.com/workshops/#redteam

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

RSA Conference 2024 Keynote: The Cybercrime Unicorns: Exploring the First and Next Decades of Corporate Ransomware | An RSA Conference 2024 Conversation With Mikko Hypponen | On Location Coverage with Sean Martin and Marco Ciappelli

22 april 2024 | 24 min

Guest: Mikko Hypponen, Chief Research Officer (CRO) at WithSecure [@WithSecure]

On LinkedIn | https://www.linkedin.com/in/hypponen/

On Twitter | https://twitter.com/mikko

At RSAC | https://www.rsaconference.com/experts/Mikko%20Hypponen

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this new episode of On Location with Sean and Marco Podcast, the dynamic duo engage in an insightful conversation with Mikko Hypponen. Mikko shares his vast experience in the cybersecurity field, tracing back to the early days of malware on floppy disks in 1991. He emphasizes the importance of long-term dedication and expertise in becoming a global cybersecurity expert.

The discussion explores the evolution of cybersecurity over the past three decades, highlighting the shift towards increased security on mobile devices compared to traditional computers. Mikko elaborates on the rise of corporate ransomware and the organized crime tactics employed by ransomware gangs. He underscores the significance of branding and reputation management within cybercrime circles.

Sean and Marco inquire about the targets and methods employed by ransomware gangs, shedding light on the random and widespread nature of cyber attacks. Mikko shares insights on the vulnerability of organizations to exploits and the intricate dynamics of the ransomware ecosystem.

The episode concludes with anticipation for Mikko's keynote address at the RSA Conference, where he promises surprises and intriguing revelations. Listeners are left with a sense of excitement and anticipation for the informative and engaging session at the conference. Overall, the episode offers a deep dive into the world of cybersecurity, featuring thought-provoking discussions and expert insights from Mikko Hypponen, setting the stage for a compelling and enriching podcast experience.

Key Questions Addressed

How has cybersecurity evolved over the past three decades?
What are the targets and methods employed by ransomware gangs?
What surprises can we expect in the RSA Conference keynote?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

The First Decade of Corporate Ransomware: https://www.rsaconference.com/usa/agenda/session/The-First-Decade-of-Corporate-Ransomware

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Unveiling the New Short Podcast Format — 7 Minutes on ITSPmagazine | On Location Podcast with Sean Martin and Marco Ciappelli

19 april 2024 | 7 min

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast | https://www.itspmagazine.com/marco-ciappelli

Episode Notes

In a fast-paced world where time is a precious commodity, ITSPmagazine is revolutionizing the way we consume podcast content with their latest episode format - 7 Minutes on ITSPmagazine. Sean Martin and Marco Ciappelli, the dynamic duo behind this innovative concept, are here to shake things up in the podcasting arena.

The Concept

The premise of 7 Minutes on ITSPmagazine is simple yet brilliant. In just seven minutes, listeners are taken on a whirlwind journey through a concise and impactful brand announcement story. This short podcast format is designed for those moments when you need a quick burst of insightful content without committing to a full-length episode.

Testing the Waters

Sean and Marco are boldly stepping into uncharted territory by testing this new format. By asking three key questions - What are you announcing? Who is it for? What are the desired objectives or outcomes? - they delve straight into the heart of the matter, ensuring that every minute of the seven is packed with valuable information.

Audio and Video Experience

One of the beauty of 7 Minutes on ITSPmagazine is its versatility. Whether you prefer to listen to the audio-only version or watch the video podcast, ITSPmagazine has got you covered. The duo's investment in the video aspect elevates the podcasting experience, bringing a visual element to the storytelling.

Announcing at RSA Conference

Sean and Marco are gearing up for the RSA Conference, where they plan to unveil an array of exciting brand stories. From broadcast alley interviews with industry veterans like Teresa Leinovitz and Vivek Ramachandran to media room briefings with cybersecurity experts, ITSPmagazine promises a diverse lineup that will captivate audiences.

Engaging the Audience

The ultimate goal of 7 Minutes on ITSPmagazine is to engage and inform the audience. Through thought-provoking conversations with industry leaders, the podcast aims to shed light on the latest trends, research, and innovations in cybersecurity. By inviting listeners to participate in the journey, Sean and Marco are fostering a community of like-minded individuals eager to stay informed.

Call to Action

As the clock winds down on the podcast, Sean and Marco issue a compelling call to action. They invite listeners to join them at RSA Conference, either in person or virtually, to be a part of the immersive experience. By sharing updates, recaps, and exclusive insights, ITSPmagazine promises to keep the audience entertained and educated every step of the way.

Conclusion

In just seven minutes, Sean Martin and Marco Ciappelli have encapsulated the essence of innovation and engagement in the podcasting world. 7 Minutes on ITSPmagazine is not just a podcast; it's an experience, a community, and a journey worth embarking on. Join them on this exciting venture and discover a new way to stay connected in a rapidly evolving industry.

Seven minutes. Done.

____________________________

Resources

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Catch all of our RSA Conference coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

View more conferences and events: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

ITSPmagazine YouTube Channel — Be sure to share and subscribe!
📺 https://www.youtube.com/@itspmagazine

Subscribe to the Newsletter: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7109347022809309184

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Catch the regular catch-up videos here: https://youtube.com/playlist?list=PLnYu0psdcllQGJIyWHoPPDigW-B0ANjhn

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Redefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

Are you interested in creating custom podcasts with us, being part of a conversation, promoting your brand, or sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/purchase-programs

Beyond Borders: Uncovering Cyber Challenges and Innovations in Latin America | A Conversation with Kate Esprit and Marco Ciappelli | Redefining CyberSecurity with Sean Martin

18 april 2024 | 49 min

Guests:

Kate Esprit, Senior Cyber Threat Intelligence Analyst, MITRE [@MITREcorp]

On LinkedIn | https://www.linkedin.com/in/kate-e-2b262695/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Kate Esprit and co-founder Marco Ciappelli to explore the nuanced cybersecurity landscape of Latin America. Esprit, with a rich background in Latin American geopolitical affairs and cybersecurity, provides invaluable insights into the evolving threat environment, emphasizing the region's often underreported cyber adversaries.

The discussion highlights Latin America's complex cyber landscape, marked by financial-motivated cybercriminals who, until recently, predominantly targeted local victims. Esprit points out the distinction between these cybercriminals and state-sponsored actors, shedding light on the operational and financial constraints that shape their activities. The conversation also explores the impact of language and cultural factors on cyber operations, including how attribution challenges complicate the response to cyber threats.

Esprit's extensive experience offers a comprehensive overview of the spectrum of cyber threats in Latin America, from traditional malware to sophisticated ransomware attacks targeting the financial sector and government agencies. She underscores the significant yet often overlooked role of technology, including the deployment of 5G infrastructure and its implications for regional cybersecurity.

Delving into the dynamics of cybercrime, the episode covers the intersection of cyber and traditional criminal activities, exemplified by cartels expanding into cyber avenues. This segment illuminates the blending of digital and conventional crime landscapes, highlighting the adaptability and resilience of criminal enterprises in the digital age.

The discussion also touches on broader societal and political issues, such as election interference and information manipulation, demonstrating cybersecurity's far-reaching implications. By examining the varying cyber maturity levels across Latin America, Esprit points to the critical need for improved cyber defense mechanisms and the role of international collaboration in bolstering regional cybersecurity capabilities.

In sum, this episode provides an insightful exploration of Latin America's cybersecurity challenges and opportunities, highlighting the importance of regional focus in understanding and combating cyber threats. Through Esprit's expert lens, listeners gain a comprehensive understanding of the unique cyber landscape of Latin America and the pivotal role of technology and policy in shaping its future.

Key Questions Addressed
Why Latin America's cyber adversaries remain overlooked in global discussions?
How does the culture and political landscape in Latin America impact its cybersecurity strategies and responses?
What are the future trends and challenges in cybersecurity within the region?

EDITORIAL NOTE: During the discussion about the 2022 Conti ransomware attack targeting Costa Rica, it was stated that the attack occurred shortly after [President] Santos took office. We would like to make the correction to [President] Chaves.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

2023 in Review: Notable Cyber Trends in Latin America: https://www.phishingforanswers.com/blog/2023-cyber-trends-latin-america

Operation King Tut - The Universe of Threats in LATAM: https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Looking-into-TUTs-tomb-the-universe-of-threats-in-LATAM.pdf

Blind Eagle's North American Journey: https://www.esentire.com/blog/blind-eagles-north-american-journey

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Global Collaboration for Financial Security: The Role of FS-ISAC in Safeguarding Financial Stability | A Conversation with Cameron Dicker | Redefining CyberSecurity with Sean Martin

17 april 2024 | 36 min

Guest: Cameron Dicker, Director of Global Business Resilience at FS-ISAC [@FSISAC]

On LinkedIn | https://www.linkedin.com/in/cameron-dicker-74804959/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Cameron Dicker, the Director of Global Business Resilience at FS-ISAC (Financial Services Information Sharing and Analysis Center). The discussion delves into the critical role of FS-ISAC in enhancing business resilience within the financial services sector.

Cameron Dicker provides insights into the extensive global program he oversees at FS-ISAC, focusing on conducting exercises for members and fostering a community of practitioners in risk, resilience, crisis management, and business continuity. The organization serves as a platform for members to share experiences, assess risks, and collaborate on addressing operational challenges collectively.

The conversation expands to highlight the unique positioning of FS-ISAC as a global node network, comprising over 5,000 member organizations across 75 countries. The organization's pillars of intelligence, resilience, and security work in unison to collect, analyze, and disseminate valuable information to bolster members' resilience and security measures.

Furthermore, Sean and Cameron discuss the increasing challenges posed by third-party services in the financial sector, emphasizing the need for standardized reporting practices among multinational banks. The episode underscores the importance of continuous learning and adaptation in response to evolving cybersecurity threats.

The episode includes a call to action for increased engagement within the FS-ISAC community, encouraging members to actively participate in discussions and initiatives aimed at strengthening the sector's resilience to cybersecurity challenges. Through a blend of real-world insights and strategic foresight, the episode offers a comprehensive overview of the vital role played by FS-ISAC in safeguarding the financial services industry against emerging cyber threats.

Top Questions Addressed

What are the challenges posed by third-party services in the financial sector?
How does FS-ISAC foster global collaboration among members?
What role does intelligence sharing play in bolstering business resilience within the financial services sector?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Fundamentals of Operational Resilience: https://www.fsisac.com/hubfs/Knowledge/FSISAC_FundamentalsOfOperationalResilience.pdf

FS-ISAC's Resilience Page: https://www.fsisac.com/resilience

FS-ISAC's Knowledge Page: https://www.fsisac.com/knowledge

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Leadership and Transformation: Building a Business-Centric Cybersecurity Framework | A Conversation with Nitin Raina | Redefining CyberSecurity with Sean Martin

17 april 2024 | 49 min

Guest: Nitin Raina, Global CISO, Thoughtworks [@thoughtworks]

On LinkedIn | https://www.linkedin.com/in/nnraina/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, host Sean Martin connects with Nitin Raina, the global Chief Information Security Officer (CISO) for ThoughtWorks. The discussion centers around Nitin's innovative approaches to transforming and elevating cybersecurity, drawing from his rich experience and strategic mindset. Nitin shares his journey in cybersecurity, emphasizing the evolution of the security program under his leadership. He discusses the significance of adapting a business-centric approach to cybersecurity, breaking away from conventional, technology-focused strategies. This includes the development and successful implementation of a business security maturity model designed to align with the organization's diverse, global operations.

A notable aspect of Nitin's strategy is the emphasis on leadership activation and the importance of governance in driving cybersecurity initiatives. By fostering a culture of security ownership across all levels of leadership and the broader organization, Nitin underscores the transformational shift in how cybersecurity is perceived and managed within ThoughtWorks. He highlights the collaborative efforts with different departments, such as IT operations and legal compliance, to ensure a cohesive approach to protecting the organization's 'crown jewels.' Through anecdotes and examples, Nitin illustrates the impact of these strategies on enhancing security awareness, decision-making, and operational effectiveness across the company.

The conversation also touches on the technical side, discussing the role of developers within the cybersecurity landscape and the utilization of contemporary technologies and frameworks to bolster the security posture. The episode concludes with insights into the future of cybersecurity, advocating for a more integrated and business-aligned approach. Nitin's reflections on the journey and achievements of his company's cybersecurity initiatives provide valuable lessons for organizations aiming to redefine their security strategies in a rapidly evolving digital world.

Key Questions Addressed

How did Nitin Raina's leadership and strategies transform the cybersecurity posture at his company?
What role does leadership activation play in redefining cybersecurity across an organization?
How can cybersecurity be aligned with business strategies to foster growth and innovation?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Adversarial Machine Learning: Realities of AI and ML in Cybersecurity | A Conversation with Dr. Anmol Agarwal | Redefining CyberSecurity with Sean Martin

11 april 2024 | 45 min

Guest: Dr. Anmol Agarwal, Senior Security Researcher

On LinkedIn | https://www.linkedin.com/in/anmolsagarwal/

On Twitter | https://twitter.com/anmolspeaker

On YouTube | https://www.youtube.com/channel/UCuWzfnJyZ0S68kG5e-lUZ6w

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin explores the complex world of artificial intelligence (AI) and machine learning (ML) with Dr. Anmol Agarwal, a senior security researcher at Nokia and adjunct professor at George Washington University. The discussion kicks off with a reflection on the evolving dialogue around AI and ML, shedding light on the critical role of machine learning as the backbone of AI technology. Dr. Agarwal emphasizes machine learning's influence on the accessibility and popularity of generative AI, thanks to its application in natural language processing.

The conversation transitions to Dr. Agarwal's intricate work on standardizing 5G and 6G technologies, underscoring the significance of security standardization in the rapid advancement of mobile technologies. Furthermore, they explore the utilization of machine learning in balancing network load and enabling emerging technologies like the metaverse, showcasing AI's prowess in facilitating fast data analytics.

A substantial portion of the episode is dedicated to adversarial machine learning, where Dr. Agarwal explains its definition as the study of attacking and defending machine learning models. Through examples such as the potential manipulation of Tesla's autopilot via adversarial techniques, they provide a vivid picture of the threats posed by malicious actors leveraging AI for harmful purposes. The episode concludes with an appeal for a deeper understanding of AI and ML beyond the buzzwords, promoting a pragmatic approach to integrating these technologies in cybersecurity strategies.

This episode offers valuable insights for cybersecurity leaders, CISOs, business executives, and security analysts, emphasizing the importance of comprehensive risk analysis and the ethical application of AI and ML in bolstering cybersecurity defenses.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

MITRE ATLAS: https://atlas.mitre.org/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

The Art of Possible: Getting a Peek into the Future of Cybersecurity Innovations | An RSA Conference 2024 Conversation With Cecilia Murtagh Marinier | On Location Coverage with Sean Martin and Marco Ciappelli

11 april 2024 | 32 min

Guest: Cecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this new On Location with Sean and Marco episode, hosts Sean Martin and Marco Ciappelli are joined by a special guest, Cecilia Murtagh Marinier, renowned for her pivotal role in overseeing innovation programs and scholar initiatives at the RSA Conference. The trio embarks on an insightful conversation, navigating through a myriad of topics central to the RSA Conference 2024 and the broader landscape of technology and security.

The discussion kicks off with a light-hearted exchange about the unpredictability of San Francisco weather and the personal tradition of acquiring new jackets during the RSA conferences. Quickly shifting gears, they delve into the anticipations surrounding the conference, reminiscing about past interactions with notable figures such as Linda, Britta, and Jessica Robinson, and emphasizing the vibrancy of aerospace village and upcoming discussions on sandbox innovation.

A significant portion of the conversation is dedicated to the College Day, the scholar program, and the sandbox innovation, spotlighting the RSA Conference's commitment to nurturing the future generation of security professionals. Cecilia eloquently outlines her role in fostering innovation across the conference, with a special focus on contests and expos aimed at spotlighting emerging talents and startups within the cybersecurity realm.

Artificial Intelligence (AI) takes center stage as the trio explores its transformative impact on security practices and the anticipation of its further integration into the RSA Conference's themes. Cecilia shares insights into the Innovation Sandbox Contest and Launchpad, highlighting the remarkable potential and diversity of participating companies.

The episode is peppered with personal anecdotes and reflections on the evolution of the cybersecurity sector, underscoring the importance of community, diversity, and innovation. Special mention is made of the diverse tracks and villages at the RSA Conference, each offering unique perspectives on security and technology's role in society.

As the conversation winds down, excitement builds for the RSA Conference 2024, with encouraging calls for participation and engagement. The hosts reflect on the importance of community and innovation, urging listeners to stay tuned for what promises to be an extraordinary event.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Art and Science of Defending Against Business Logic Attacks: Insights from Imperva's Observations and Best Practices for Defense | An Imperva Brand Story with Luke Babarinde

9 april 2024 | 44 min

Hosts Sean Martin and Marco Ciappelli delve into the complexities of business logic attacks, with a particular focus on vulnerabilities within APIs. They engage with Luke Babarinde, Global Solutions Architect at Imperva, in a detailed conversation about how cybersecurity threats have evolved in tandem with business processes, tapping into Sean Martin's introduction of the novel concept of a "Workflow Bill of Materials," underlining the necessity of comprehending each step within complex business tasks to defend against potential misuse and abuse.

The discussion explores the mechanisms through which attackers leverage business logic for sophisticated, hard-to-detect attacks that pose significant risks to organizations. Through examples, Babarinde illustrates how automated bots and malicious actors can inflict substantial financial damage by exploiting publicly accessible services, highlighting the paramount importance of identifying and counteracting these threats. Moreover, the episode addresses the impact of artificial intelligence and machine learning in enhancing cybersecurity defenses while also expanding attackers’ arsenals. The conversation reflects on the dual effects of these technologies, especially concerning API usage, which now dominates a considerable volume of internet traffic and is integral to digital services.

Babarinde also emphasizes the crucial role of human interaction in cybersecurity, advocating for substantive dialogue between security experts and business leaders to align on strategies and comprehend the motivations behind attacks. This human-centered approach, augmented by the technological solutions offered by entities like Imperva, is portrayed as the foundation of effective cybersecurity strategies amid continuously evolving threats.

Overall, the episode offers an exhaustive overview of both the challenges and strategies associated with business logic attacks, promoting a collaborative and informed stance on cybersecurity in the face of progressing threats.

Confused Learning: Supply Chain Attacks through Machine Learning Models | A Conversation With Adrian Wood and Mary Walker | On Location Coverage with Sean Martin and Marco Ciappelli

9 april 2024 | 28 min

The Alphabet Soup of Privacy and Data Protection Across Borders: Employing Justification, Documentation, and Transparency in Global Privacy | A Conversation with Elena Elkina | Redefining CyberSecurity with Sean Martin

8 april 2024 | 50 min

Guest: Elena Elkina, Partner / Privacy & Data Protection Management Executive, Aleada Consulting [@AleadaPrivacy]

On LinkedIn | https://www.linkedin.com/in/elenaelkina/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, the spotlight is on the complex world of data privacy, specifically focusing on the French data protection authority, CNIL, and its broader implications on global privacy and data protection practices. Joining the conversation is Elena Elkina, a seasoned privacy and data protection executive. With nearly two decades of experience in the field, Elkina shares her expertise on the evolving landscape of privacy laws and the challenges businesses face in operationalizing these regulations.

The discussion opens up with an exploration of various privacy frameworks, including GDPR, CNIL, TIA, EDPB, and ICO, unraveling the interconnected yet distinct nature of these acronyms in the realm of data protection. Elena Elkina delves into the intricacies of the CNIL and its recent draft guidance on Transfer Impact Assessments (TIA), emphasizing its practical approach and the operational guidance it offers to companies dealing with data protection across different jurisdictions.

A significant part of the conversation is dedicated to understanding the legal and operational challenges associated with TIA, including the legal analysis required for transfers to third countries, the importance of documenting and periodic reevaluation, and the role of both data importers and exporters in ensuring compliance. Elkina highlights the collaboration required between these parties and the importance of comprehensive documentation to demonstrate compliance efforts.

Additionally, the dialogue touches upon broader themes, such as the differences between privacy approaches in the United States and the European Union, the impact of new privacy laws and regulatory guidance, and the importance of organizational data hygiene.

Throughout the episode, both Martin and Elkina underscore the importance of justification, documentation, and transparency in navigating the complex landscape of international data transfers. The conversation serves as a crucial guide for businesses looking to align their data protection practices with regulatory requirements and industry best practices, providing valuable insights into the ongoing evolution of privacy and data protection obligations.

Top Questions Addressed

What is the role of CNIL in data protection?
How do data transfer impact assessments work?
What does the new executive order on data protection mean for American companies?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Post: https://www.linkedin.com/posts/elenaelkina_cnil-transferimpactassessment-activity-7151733484561010689-qda5/

CNIL (Commission Nationale de l’Informatique et des Libertés) = French Data Protection Authority | https://www.cnil.fr/en

TIA = Transfer Impact Assessments

EDPB = European Data Protection Board: EDPB | https://edpb.europa.eu/edpb_en

ICO = Information Commissioner's Office (ICO) for International data transfers | https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/ & https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/

PIA = Privacy Impact Analysis

ROPA = Records of Process Activity

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

ITSPmagazine Podcasts Catch-Up | Thinking About and Looking Forward to all the Engaging Conversations That Will Happen at RSA Conference 2024 | On Location Podcast with Sean Martin and Marco Ciappelli

7 april 2024 | 18 min

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

Episode Notes

In a dynamic and engaging episode of the On Location Podcast, hosts Sean Martin and Marco Ciappelli take listeners on a captivating journey through their on-location plans leading up to the RSA Conference 2024. The duo's insightful conversations shed light on the diverse topics and vibrant energy surrounding one of the most anticipated cybersecurity events of the year.

The podcast kicks off with Sean and Marco bantering about app functionalities and the picturesque backdrop of Mount Fuji (no is not!). Their camaraderie and playful exchange set the tone for a series of discussions that seamlessly blend tech-talk with personal anecdotes, offering listeners a glimpse into the human side of the cybersecurity community and their coverages around the world.

As the hosts dive into the preparations for the RSA Conference, they provide a behind-the-scenes look at the meticulous planning and excitement building up to the event. From testing out equipment to reminiscing about past experiences, Sean and Marco offer valuable insights into the multifaceted nature of cybersecurity conferences.

The conversation evolves to highlight the theme of innovation and the intersection of art and technology within the cybersecurity landscape. Through engaging dialogues with industry futurists and thought leaders, Sean and Marco emphasize the significance of embracing emerging technologies like AI while pondering the ethical implications that accompany such advancements.

Amidst the buzz of the upcoming conference, Sean and Marco extend a heartfelt call to action to their audience, inviting them to actively participate in shaping the podcast's future content. Emphasizing the importance of community engagement and diverse perspectives, the hosts encourage listeners to contribute their ideas and suggestions for future episodes, showcasing the inclusive spirit that drives the On Location Podcast.

As the podcast draws to a close, Sean and Marco exude a palpable sense of anticipation for the RSA Conference 2024. Their infectious enthusiasm, coupled with a commitment to fostering engaging conversations and connections within the cybersecurity community, sets the stage for an immersive and insightful event experience.

This On Location Podcast episode featuring Sean Martin and Marco Ciappelli offers a compelling blend of candid conversations, insightful reflections, and a heartfelt call to action for audience engagement. As the hosts gear up for the RSA Conference 2024, listeners are in for a dynamic and enriching podcast experience that showcases the vibrancy and diversity of the cybersecurity landscape.

____________________________

Resources

Catch all of our RSA Conference coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

View more conferences and events: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

ITSPmagazine YouTube Channel — Be sure to share and subscribe!
📺 https://www.youtube.com/@itspmagazine

Subscribe to the Newsletter: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7109347022809309184

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Catch the regular catch-up videos here: https://youtube.com/playlist?list=PLnYu0psdcllQGJIyWHoPPDigW-B0ANjhn

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Redefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

Are you interested in creating custom podcasts with us, being part of a conversation, promoting your brand, or sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/purchase-programs

From Regulations to Relationships: Navigating the Maze of Third-Party Risk Management | A Conversation with Branan Cooper | Redefining CyberSecurity with Sean Martin

5 april 2024 | 44 min

Guest: Branan Cooper, Financial Services exec

On LinkedIn | https://www.linkedin.com/in/brananc/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin, we dive into the intricate world of third-party risk management with the insightful Branan Cooper, boasting an impressive three-and-a-half decades of experience in financial services. Throughout this discussion, Cooper and Martin explore the evolution and critical aspects of managing third-party risk within businesses, emphasizing the ever-increasing interconnectivity and dependencies in the digital age.

Branan Cooper draws on his vast experience, touching on the regulatory milestones that have shaped third-party risk management practices, from early quality assurance efforts in the '90s to the recent comprehensive interagency guidance. Highlighting the intertwined nature of third-party risk with operational, cybersecurity, and compliance aspects, the episode sheds light on the need for a holistic approach encompassing due diligence, ongoing monitoring, and a lifecycle approach to vendor relationships.

Significantly, the conversation delves into practical strategies for mitigating third-party risk, the importance of fostering a culture of communication and collaboration across departments, and the pivotal role of documentation in managing and mitigating risks effectively.

Cooper also shares invaluable insights into the nuances of vendor relationships, from assessing and prioritizing risks to the crucial aspect of planning for potential exit strategies. This episode not only serves as a primer on the complexities of third-party risk management but also as a guide for navigating these challenges proactively, offering listeners actionable advice and best practices drawn from decades of experience.

Whether you're a business leader, IT professional, or risk management practitioner, this episode provides a wealth of knowledge on safeguarding your organization in a interconnected business ecosystem.

Key Questions Addressed

How have regulatory milestones shaped third-party risk management practices over time?
What are the key strategies for effectively managing and mitigating third-party risks?
How does coordinating across departments contribute to managing third-party risks more effectively?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Third Party Risk Management 101 : Learning the Fundamentals of Third-Party Risk Management (venminder.com)

The interagency guidance on third party risk management : Federal Register :: Interagency Guidance on Third-Party Relationships: Risk Management

What is a third party?: What Is a Third Party? How Their Role Works and Examples (investopedia.com)

Why is third party risk management important?: Why is Third-Party Risk Management Important? | UpGuard

Although no longer in force, these pieces of guidance were so fundamental in defining industry terms and such watershed moments that they are valuable still as reference material, for terms and procedures commonly followed in TPRM:

FDIC financial institution letter 44 - 2008: FDIC: Inactive FIL-44-2008: Guidance for Managing Third-Party Risk

OCC Bulletin 2019 - 23: OCC+2013-29.pdf (sqspcdn.com)

Understanding UDAAP or UDAP The Differences Between UDAP & UDAAP | McCune Law Group (mccunewright.com)

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Exploring the Excitement of Aerospace Village at RSA Conference 2024 | A Conversation With Henry Danielson and Liz Wharton | On Location Coverage with Sean Martin and Marco Ciappelli

4 april 2024 | 25 min

Guests:

Henry Danielson, Volunteer at AeroSpace Village [@SecureAerospace]

On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/

On Twitter | https://twitter.com/hdanielson

Liz Wharton, Founder, Silver Key Strategies [@silverkeystrat]

On LinkedIn | https://www.linkedin.com/in/elizabeth-wharton/

On Mastodon | https://infosec.exchange/@LawyerLiz

On Twitter | https://twitter.com/LawyerLiz

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Aerospace Village at the RSA Conference 2024 is gearing up to be an event filled with innovation, collaboration, and excitement. In a recent episode of "Chats on the Road to RSA Conference 2024" with Sean Martin and Marco Ciappelli, the hosts digs into the details of what attendees can expect at the Aerospace Village. Let's take a closer look at the insights shared during this engaging discussion.

Unveiling the Aerospace Village Experience:

The podcast episode kicks off with Marco Ciappelli welcoming listeners to the conversation alongside guests Henry Danielson and Liz Wharton. The trio's palpable enthusiasm sets the stage for a deep dive into the diverse offerings of the Aerospace Village at RSA Conference 2024.

Innovative Initiatives and Collaborations:

Henry Danielson shares exclusive details about the Aerospace Village's collaboration with BuddhaBot to introduce a unique badge experience focused on constellations. The hands-on challenges and engaging activities promise an immersive experience for attendees, emphasizing learning through interactive participation.

Exciting Activities and Exhibits:

The conversation unfolds with discussions on Pentest partners' flight simulator and the AMSAT project, showcasing opportunities for visitors to explore CubeSat technology and ground control stations. The Space Grand Challenge, aimed at educating young minds in the cybersecurity realm, further highlights the village's commitment to fostering innovation and knowledge sharing.

Insightful Industry Conversations:

Liz Wharton sheds light on the importance of vulnerability disclosures in the aerospace industry and emphasizes the significance of building robust security practices collaboratively. The dialogue underscores the village's role in fostering critical conversations around cybersecurity, aviation, and space exploration.

Community Engagement and Visionary Leadership:

Hosts and Guests express their excitement for the upcoming RSA Conference and encourage attendees to join the vibrant community at the Aerospace Village. From showcasing cutting-edge technologies to facilitating thought-provoking discussions, the village promises to be a hub of inspiration and knowledge exchange.

As the episode concludes, the hosts extend a warm invitation to all enthusiasts, innovators, and industry professionals to participate in the vibrant experience awaiting them at the Aerospace Village during RSA Conference 2024. The blend of education, engagement, and collaboration sets the stage for an unforgettable event that promises to shape the future of aerospace and cybersecurity industries.

Stay tuned for more updates and insights as we venture into the dynamic world of Aerospace Village at RSA Conference 2024!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Cal Poly Space Grand Challenge: https://cci.calpoly.edu/empower/space-grand-challenge-program

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Embracing Technology Safely: A Look into Consilio's Role in Legal Cybersecurity | A Brand Story Conversation from LegalWeek 2024 | A Consilio Story with James Jansen

4 april 2024 | 31 min

Guest: James Jansen, Vice President & Global Head - Cyber Response Solutions at Consilio [@ConsilioGlobal]

On Linkedin | https://www.linkedin.com/in/james-jansen-076a0214/

In the latest episode of Brand Stories, Sean Martin and Marco Ciappelli host James Jansen, Vice President & Global Head of Cyber Response Solutions at Consilio as he sheds light on the critical intersection of technology and cybersecurity in the legal space. The conversation dives deep into the challenges and opportunities that arise when embracing technology while maintaining a keen focus on cybersecurity and risk management.

The Importance of a Technology-Forward Approach: Consilio has always been at the forefront of embracing technology to drive efficiencies in legal workflows. With a forward-leaning attitude towards legal technology services, Consilio understands the significance of technology in assisting clients with various legal processes. From conceptual analytics to technology-assisted reviews, it has consistently leaned into new technologies with a blend of curiosity and skepticism, ensuring that they are utilized in the right way for their clients.

Navigating the Landscape of AI in Legal Processes: As technology evolves, Consilio continues to vet new technologies and adopt innovative solutions to enhance their services. Particularly noteworthy is the adoption of generative AI, which presents both opportunities and challenges. Jansen emphasizes the importance of having humans at the wheel, underscoring the critical role of human oversight in leveraging technology effectively.

Fostering a Culture of Cybersecurity: The dialogue highlights the need for a cultural shift within organizations towards cybersecurity. Every business is a potential target for cyber attacks, emphasizing the importance of developing a cybersecurity-conscious culture. By empowering employees to recognize and address cybersecurity threats, organizations can bolster their defenses and mitigate risks effectively.

Enabling Legal Teams to Embrace Technology Safely: Consilio's role in helping legal teams navigate the complexities of technology integration is paramount. By offering insights, resources, and expertise, they assist organizations in managing legal processes, protecting data, and handling incidents with precision. Their commitment to connecting the human element with technological advancements ensures a balanced approach that prioritizes both innovation and security.

Consilio stands out as a trusted partner for legal teams seeking to leverage technology safely and effectively. By emphasizing the importance of human oversight, fostering a culture of cybersecurity, and embracing innovative solutions like generative AI, it is possible to lead with a strategic approach to navigating the intersection of technology and legal cybersecurity.

By adopting a technology-forward approach and prioritizing cybersecurity, Consilio is paving the way for legal teams to navigate the digital age with confidence and resilience.

To learn more about Consilio and how they can assist your organization in embracing technology safely in the legal space, visit their website at https://itspm.ag/consilio-ch4i or reach out to their team for personalized insights and solutions.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/brand-story

Resources
Learn more about Consilio and their offering: https://itspm.ag/consilio-ch4i

Hear more stories from the Consilio team on their directory page: https://www.itspmagazine.com/directory/consilio

Are you interested in telling your Brand Story?
https://www.itspmagazine.com/telling-your-story

Crossing Borders: The Cyber Pulse of Global Healthcare | A Conversation with Dr. Saif Abed | Redefining CyberSecurity with Sean Martin

2 april 2024 | 40 min

Guest: Dr. Saif Abed MD, Director of Cybersecurity Advisory Services, The AbedGraham Group

On LinkedIn | https://www.linkedin.com/in/drsaifabed/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin welcomes Dr. Saif Abed, who brings a wealth of experience from both the medical and cyber security practices. Specializing in the interface of healthcare and cybersecurity, Dr. Abed discusses the diverse challenges and evolving threats faced by the healthcare sector amidst rapid digitization and the global push towards electronic health records and connected medical devices.

Dr. Abed provides insightful reflections on the state of cyber maturity across nations, emphasizing the diverse stages at which healthcare systems find themselves in terms of digitization and cybersecurity readiness. He underpins the conversation with examples from his extensive advisory roles to technology companies and governmental agencies, especially during critical times such as the pandemic.

A significant part of the discussion revolves around how healthcare entities are digitizing faster than they can secure their systems, making them susceptible to attacks such as ransomware. Dr. Abed criticizes the reactive nature of policy and regulation, suggesting that it often lags behind the threats, posing an ongoing challenge for healthcare providers to maintain patient safety and care quality.

The conversation also explores the implications of policies like HIPAA and the importance of adopting a global treaty to address cyber attacks on healthcare organizations. Dr. Abed argues for a balanced approach — 'carrots' for providers and 'sticks' for vendors — to enforce better compliance and ensure the sustainability of digital healthcare ecosystems. Through a blend of personal anecdotes, professional achievements, and expert analysis, Dr. Abed offers a nuanced understanding of the intricate relationship between healthcare delivery and cybersecurity. His call for more resilient and proactive measures highlights the urgent need for alignment between healthcare advancements and cybersecurity policies to protect public health on a global scale.

Top Questions Addressed

How does digitization in healthcare face cybersecurity challenges?
What role do policies like HIPAA play in shaping cybersecurity in healthcare?
How can global healthcare policy and diplomacy improve cybersecurity in healthcare?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Post: https://www.linkedin.com/posts/drsaifabed_dr-abed-who-cybersecurity-publications-activity-7158569953263042561--Gi3/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Now You’re in Role: The Fearless CISO | A Conversation With Jessica Robinson | A Deep Dive into RSA Conference 2024 | On Location Coverage with Sean Martin and Marco Ciappelli

2 april 2024 | 23 min

Guests: Jessica Robinson, Executive Officer of PurePoint International [@PurIntl]

On LinkedIn | https://www.linkedin.com/in/jessica-a-robinson-she-her-22740311/

At RSAC | https://www.rsaconference.com/experts/jessica-robinson

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The RSA Conference 2024 is just around the corner, and our hosts Sean Martin and Marco Ciappelli are gearing up for an insightful and engaging on-location coverage of the event. In this second Chat On The Road to RSA Conference 2024 conversation with cybersecurity expert Jessica Robinson, we got a sneak peek into what to expect from this year's talk she will give during the event.

Now You’re in Role: The Fearless CISO

As a follow up to the talk last year at RSAC, attendees will learn the top three skills for success for any first time CISOs to advance and grow their cybersecurity program. This talk will be a discussion on what is most important as we start to really think about what is required for success in the CISO role as it directly relates to the success of the cybersecurity program.

The stage is set for an enriching dialogue on the nuances of the CISO role, cybersecurity programs, and the evolving landscape of cyber threats. Jessica Robinson, with her wealth of experience and fearless approach to cybersecurity leadership, promises to dive deep into the art of making possibilities a reality in the realm of cybersecurity.

Embracing Fear to Unlock Potential

One of the key themes that emerged from the conversation was the idea of embracing fear to unlock untapped potential. Jessica emphasized the importance of facing challenges head-on, advocating for cybersecurity programs, and pushing boundaries to drive meaningful change within organizations. By transforming fear into a catalyst for growth and innovation, CISOs can navigate the complex cybersecurity landscape with confidence and resilience.

The Art of Possibility in Cybersecurity

The theme of this year's RSA Conference, "The Art of Possible," resonates deeply with Jessica's approach to cybersecurity leadership. By infusing creativity, strategic thinking, and a proactive mindset into their roles, CISOs can redefine what is achievable in the realm of cybersecurity. The session with Jessica promises to offer valuable insights on how to leverage the art of possibility to advance cybersecurity programs and drive success in an ever-evolving threat landscape.

Joining the Conversation

As Sean Martin and Marco Ciappelli gear up for the RSA Conference 2024, they invite cybersecurity enthusiasts, industry experts, and professionals to join them on this enriching journey. The on-location coverage promises to capture the pulse of the conference, featuring engaging conversations, expert insights, and thought-provoking discussions on the future of cybersecurity.

With Jessica Robinson's fearless approach to cybersecurity leadership and the insightful conversations lined up for the RSA Conference 2024, this year's event is set to be a landmark gathering for cybersecurity professionals. Stay tuned for more updates, interviews, and coverage as Sean Martin and Marco Ciappelli bring you the latest insights from the forefront of cybersecurity innovation.

RSA Conference 2024 promises to be a platform where possibilities converge with reality, fear transforms into opportunity, and cybersecurity leaders pave the way for a secure digital future. Join us on this exciting journey as we explore the art of possibility in cybersecurity with Sean Martin, Marco Ciappelli, and a host of industry experts at RSA Conference 2024.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Now You’re in Role: The Fearless CISO: https://www.rsaconference.com/USA/agenda/session/Now%20Youre%20in%20Role%20The%20Fearless%20CISO

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

The Art of Hacking the Final Frontier: Learn How to Bring Your Own Satellite by Crafting Virtual Labs | An On Location HackSpaceCon Coverage Conversation with Tim Fowler

29 mars 2024 | 33 min

Guest: Tim Fowler, Offensive Security Analyst, Black Hills Information Security [@BHinfoSecurity]

On LinkedIn | https://www.linkedin.com/in/roobixx/

On Twitter | https://twitter.com/roobixx

At HackSpaceCon | https://www.hackspacecon.com/speakers24#tim-fowler

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this thought-provoking episode of On Location with Sean and Marco, we soar into the fascinating world of space cybersecurity with our esteemed guest, Tim Fowler. As a penetration tester at Black Hills Information Security, specializing in offensive security, Tim shares his intriguing transition from focusing on terrestrial cybersecurity challenges to those within the space domain.

With the space industry rapidly democratizing, he highlights the urgency for better securing our assets in space, drawing a compelling parallel with the historical oversight in the industrial control systems (ICS) sector. The conversation explores the unique challenges and opportunities space cybersecurity presents, including the emerging need for governance, risk, and compliance (GRC) frameworks tailored for space. Tim's insights shed light on the importance of secure software development and contingency planning in this critical yet exhilarating field.

Additionally, Tim enthuses about his upcoming workshop at HackSpaceCon, 'Bring Your Own Satellite' (BYOS), aimed at demystifying space cybersecurity through hands-on experience with virtual satellites. The episode also humorously touches upon the concept of 'Deorbit plans' and the fanciful notion of hacking the 'Death Star,' blending deep technical discussion with engaging speculative thought.

This episode is a must-listen for anyone curious about the nexus of cybersecurity and space exploration, offering a unique perspective on a domain that is becoming increasingly integral to our daily lives and future aspirations.

Key Questions Addressed

How can cybersecurity principles be applied to the space domain?
What challenges does the democratization of space present to cybersecurity?
How does one begin building a virtual satellite lab?

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

____________________________

Resources

HackSpaceCon: https://www.hackspacecon.com/

About Tim's "Bring Your Own Satellite" Workshop: https://www.linkedin.com/posts/roobixx_satellitecommunication-virtuallab-spacetech-activity-7168236170760404992-uY1_/

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Navigating the Final Frontier: The Global Effort to Protect Space Infrastructure with Space-ISAC | A Conversation with Erin Miller and Marco Ciappelli | Redefining CyberSecurity with Sean Martin

28 mars 2024 | 41 min

Guests:

Erin Miller, Executive Director, Space ISAC [@SpaceISAC]

On LinkedIn | https://www.linkedin.com/in/erinmarlenemiller/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin takes a journey into the fascinating realm of space security with Erin Miller, the executive director of the Space-ISAC, alongside Marco Ciappelli, a fervent space enthusiast who also helms the Redefining Society Podcast. They navigate the multifaceted landscape of space information sharing and analysis centers (ISACs), emphasizing the critical role these entities play in bolstering our global security posture against vulnerabilities, incidents, and threats within the space industry.

Erin Miller sheds light on key milestones and initiatives propelling the Space-ISAC forward, including its inception at the behest of the U.S. White House in 2019, to address the unprotected attack surfaces of the burgeoning commercial space sector. The episode illuminates the importance of private-public partnerships and international collaboration, highlighting engagements with space agencies worldwide to enhance threat intelligence sharing.

The conversation traverses the importance of making threat intelligence actionable and accessible, eschewing spreadsheets for alerts that are immediate and practical. Further, the dialogue touches on the upcoming phase two of the Space ISAC's operational watch center, poised to expand its threat scenario coverage. The episode punctuates with Erin Miller extending an invitation to Sean Martin and Marco Ciappelli to visit the Space-ISAC watch center in Colorado Springs, foregrounding the ongoing endeavors and successes in the domain of space security.

Listeners are invited to explore this episode's rich discussions, not only as a beacon of knowledge on space security but also as a conduit for understanding the synergies between cybersecurity, space exploration, and societal impacts.

Key Topics Covered

How space security impacts global cybersecurity posture
What is the role of Space ISAC in space security
How public-private partnerships and international collaboration enhance space security

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Space ISAC: https://spaceisac.org/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Embracing Adaptation and Innovation: The CISO Role is at the Forefront of Cyber Resilience | A Conversation with Jeremy Snyder | Redefining CyberSecurity with Sean Martin

25 mars 2024 | 42 min

Guest: Jeremy Snyder, Founder & CEO at FireTail.Io

On Linkedin | https://www.linkedin.com/in/jeremysnyder/

On Twitter | https://twitter.com/halffinn

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a thought-provoking conversation with Jeremy Snyder, exploring the evolving landscape of the Chief Information Security Officer (CISO) role via the Worldwide State of the CISO Based on the ‘Ask A CISO’ Podcast. The discussion explores the complexities and pressures faced by CISOs in today’s rapidly changing cybersecurity environment.

Jeremy shares insightful perspectives on his journey through the cybersecurity realm, starting from his initial foray into IT and the series of events that anchored his interest and career in cybersecurity, particularly during the COVID-19 pandemic. The episode touches on the challenges CISOs encounter, such as regulatory compliance, threat management, and the shift toward a security-centric business model.

The dialogue further explores the integration of IT and security functions, the role of artificial intelligence in cybersecurity, and the impact of emerging technologies on risk assessment. Notably, the conversation highlights the critical nature of understanding business logic and data flows within organizations, stressing the importance of collaborative efforts between CISOs and other business functions to advance secure and innovative solutions.

The episode concludes with reflections on the future of the CISO role, emphasizing the need for adaptability, resilience, and a proactive approach to navigating the complex cybersecurity landscape. Overall, the episode provides valuable insights into the strategic significance of the CISO role in enabling business growth and innovation in a secure manner.

Key Questions Addressed

What is the evolving role of the CISO in today’s cybersecurity landscape?
How can CISOs navigate the changing threat environment to enable business growth and innovation?
What impact do emerging technologies, especially AI, have on cybersecurity and the responsibilities of a CISO?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Steering Through Cyber Threats: Cybersecurity Insights from Trucking and Automotive Leaders | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

23 mars 2024 | 11 min

Unveiling the Art of Possible: A Glimpse into RSA Conference 2024 | An On Location Conference Coverage Conversation with Linda Gray Martin and Britta Glade

21 mars 2024 | 32 min

Guests:

Linda Gray Martin, Vice President at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/

On Twitter | https://twitter.com/LindaJaneGray

Britta Glade, Vice President, Content & Curation at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/

On Twitter | https://twitter.com/brittaglade

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Welcome to the kickoff of our comprehensive coverage for RSA Conference 2024, a pivotal gathering that unites minds from all corners of cybersecurity under one expansive theme: The Art of Possible. This year, we're breaking down the walls of impossibility, bringing the power of imagination, humanity, innovation and community into the realm of cybersecurity and beyond.

The Fabric of Creativity

In an engaging exchange between the On Location Coverages hosts Sean Martin and Marco Ciappelli, the conversation begins with a reflection on what’s possible. Martin and Ciappelli, in a funny exchange bring forth the concept of the "plausible impossible," a creative doctrine that pushes the boundaries of our imagination and challenges the limits of reality. This theme strongly correlates with this year's RSA Conference, focused on exploring the myriad potentials within the cybersecurity landscape.

Tradition Meets Innovation

A tradition that Sean and Marco hold dear is the annual inclusion of Linda Gray Martin and Britta Glade, central figures in the orchestration of the RSA Conference. Their participation signifies the commencement of a profound exploration into cybersecurity trends, themes, and innovative ideas set to shape the future. The conversation warmly unfolds to welcome these pivotal voices, shedding light on the central theme, "The Art of Possible," and its implications for the global cybersecurity community.

Bridging Ideas and Implementation

The discourse navigates through various aspects of the conference, from keynote speakers to new tracks, emphasizing the commitment to diversity, advancement, and community. With over 2,700 submissions and a broad spectrum of sessions, the RSA Conference stands as a testament to what becomes attainable when different minds unite in pursuit of a shared vision.

Among the highlights, Linda Gray Martin and Britta Glade touch upon the essence of community at the conference, illustrating how collective effort can transcend traditional barriers, fostering innovation and progress. The introduction of new programs, such as the Next Stage Expo, reaffirms the conference’s dedication to nurturing growth at every level, providing a stepping stone for emerging companies.

Forging Ahead: The Exploration Continues

As we venture closer to RSA Conference 2024, set against the backdrop of San Francisco's iconic Moscone Center, the anticipation builds for what promises to be an extraordinary congregation of cybersecurity’s brightest. From groundbreaking keynotes by industry visionaries to immersive track sessions that traverse the unknown, the conference is a beacon for those eager to explore the vastness of what’s achievable.

A Journey Awaits

For newcomers and veterans alike, RSA Conference 2024 is more than an event; it's an expedition into the heart of innovation, an opportunity to witness the unfolding of the art of possible firsthand. With thoughtful preparation and an open mind, attendees are poised to discover insights that could redefine the trajectory of cybersecurity and beyond.

As we inch closer to May 2024, the excitement is palpable, with much left to uncover. This year’s RSA Conference is not just a event; it's a convergence of ideas, a celebration of potential, and most importantly, a gathering of a community that believes fiercely in the art of turning the impossible into the possible.

Join us, as we step into a realm where imagination meets reality, at RSA Conference 2024.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Rolling Safely to Feed the Nation: The Cyber Frontline of Trucking Safety | A Conversation with Chloe Callahan, Antwan Banks, Jeremy Daily | Redefining CyberSecurity with Sean Martin

21 mars 2024 | 48 min

Guests:

Chloe Callahan, IT Operations Manager at Peninsula Truck Lines [@PeninsulaTL]

On LinkedIn | https://www.linkedin.com/in/chloe-callahan-36822995/

Antwan Banks, Director of Enterprise Security at NMFTA [@nmfta]

On LinkedIn | https://www.linkedin.com/in/antwan-banks-cissp-cciso-cism-cisa-29465314/

Dr. Jeremy Daily, Ph.D., P.E, Associate Professor of Systems Engineering, Colorado State University [@ColoradoStateU]

On LinkedIn | https://www.linkedin.com/in/jeremy-daily-646750103/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this installment of the Redefining CyberSecurity Podcast, host Sean Martin dives deep into the intricate world of trucking (large vehicle) cybersecurity. Sean brings together a panel of distinguished guests, each contributing unique insights from their respective positions in the trucking and cybersecurity realms. Attendees include Chloe Callahan, Operations Manager at Peninsula Truck Lines, and Antwan Banks, Director of Enterprise Security at NMFTA, alongside Jeremy Daly from Colorado State University, where he teaches systems engineering at the graduate level. The conversation uncovers the specialized cybersecurity challenges faced by the trucking industry. Despite the sector's pivotal role in maintaining the supply chain, it emerges that the requirements and threats it encounters are significantly distinct from those in more traditional IT environments.

Callahan shares her journey towards recognizing the importance of cybersecurity through her engagement with NMFTA conferences, which fueled her dedication to educating her community about cybersecurity basics and beyond. Banks offers a compelling perspective from his experience in cyber defense and warfare, emphasizing the strategic implications of securing the trucking sector against potential nation-state attacks that aim to disrupt critical supply lines.

The episode further explores the technological complexities inherent in the trucking industry, particularly concerning the integration of operational technology (OT) with information technology (IT) systems. Daly adds depth to the discussion by highlighting the evolving threat landscape and the importance of considering the entire lifecycle of trucking assets from a security standpoint. He also sheds light on initiatives like the Cybertruck Challenge, designed to foster talent and awareness in tackling these unique cybersecurity challenges.

The panel also addresses the vital role of education and proactive cybersecurity practices, underscoring the significance of comprehensive incident response planning, which extends to responding to cybersecurity incidents affecting the physical operation of trucks. Through their dialogue, the importance of community, information sharing, and collaboration across industries to enhance cybersecurity readiness emerges clear.

Overall, the episode offers an enlightening exploration of cybersecurity's critical place within the trucking industry, stressing the necessity for vigilance, preparedness, and community cooperation to safeguard vital supply chains against sophisticated cyber threats.

Key Questions Addressed

What is the current state of cybersecurity in the trucking sector?
How does cybersecurity in trucking impact food supply chain safety?
What strategies are being implemented to improve cybersecurity within trucking?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

CyberTruck Challenge: www.cybertruckchallenge.org

Posters and presentations by Dr. Daily: https://www.engr.colostate.edu/~jdaily/presentations/index.html

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Wheels, Wires, Silicon, Sensors, Networks, and Data: Navigating the Cybersecurity Across an Automotive Ecosystem on the Road to Passenger Vehicle Autonomy | A Conversation with Scott Sheahan and Marco Ciappelli | Redefining CyberSecurity with Sean Martin

20 mars 2024 | 46 min

Guests:

Scott Sheahan, Owner/Principal Consultant, Rustic Security LLC

On LinkedIn | https://www.linkedin.com/in/scottsheahan/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity Podcast, host Sean Martin is joined by co-founder Marco Ciappelli, host of the Redefining Society Podcast, and guest Scott Sheahan, a seasoned professional with a rich background in the automotive industry and embedded software development. The episode digs into the pressing issue of automotive cybersecurity, exploring the challenges and complexities that manufacturers, OEMs, and consumers face in an increasingly connected world.

Sheahan shares insights from his transition from aerospace to automotive, emphasizing the similarities between the industries, particularly their reliance on embedded systems and the heightened concern for cybersecurity. The conversation touches on the evolution of connected cars, highlighting the myriad of data collected through telematics devices and the potential privacy concerns this raises. The episode also discusses the impact of cybersecurity on vehicle safety, the role of industry standards like ISO/SAE 21434, and the paramount importance of secure by design principles.

The dynamics of the automotive supply chain and the right to repair are examined, alongside a discussion on the future of autonomous vehicles and the implications for consumers' connection with driving. Scott Sheahan encourages aspiring cybersecurity professionals to dive into the industry, underscoring the demand for talented individuals in this critical area. The episode wraps up with a philosophical reflection from Marco on the essence of ownership and control in the era of connected and autonomous cars, posing thought-provoking questions about the nature of technology's role in our lives.

Key Questions Addressed

How does the automotive industry tackle the challenges of cybersecurity?
What are the implications of connected vehicles for consumer privacy and data security?
How is the concept of the right to repair impacted by advancements in vehicle technology and cybersecurity measures?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring post: https://www.linkedin.com/posts/scottsheahan_getting-into-automotive-cybersecurity-activity-7143250700741804032-FJe4/

ISO/SAE 21434:2021: https://www.iso.org/standard/70918.html

Road Vehicles: Cybersecurity Engineering: https://www.iso.org/standard/70918.html

ASRG Youtube Channel: https://www.youtube.com/@automotivesecurityresearch1613/videos

ASRG website: https://asrg.io/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

How Do We Handle Sneaky Changes in Terms and Conditions That Allow Training of AI with Sensitive/Customer Data Essentially Without Our Knowledge | A Conversation with Nigel Cannings | Redefining CyberSecurity with Sean Martin

18 mars 2024 | 44 min

Guest: Nigel Cannings, CEO at Intelligent Voice [@intelligentvox]

On Linkedin | https://www.linkedin.com/in/nigelcannings/?originalSubdomain=uk

Google Scholar | https://scholar.google.co.uk/citations?user=zHL1sngAAAAJ&hl=en

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Nigel Cannings. The conversation centers around the evolving landscape of data privacy, particularly focusing on the implications of companies using customer data to train AI models, with a specific look at DocuSign's recent policy changes. Martin and Cannings discuss the fine line between using data for enhancement of services and the ethical, legal, and privacy concerns that arise when companies change terms and conditions to harness customer data for AI training without explicit consent.

Cannings, drawing on his background as both a lawyer and a technologist, provides insights into the challenges of truly anonymizing data and the potential risks of data misuse. He shares his personal decision to cancel his subscription to the service in response to these practices, urging listeners to reconsider their use of services that do not transparently and responsibly handle their data. The conversation also touches upon the broader implications for cybersecurity, including third-party risk assessments and the responsibility of companies to not only secure consent for data usage but to continuously update and inform customers about changes to terms and conditions.

Both hosts stress the importance of consumer awareness and the need for businesses to balance innovation with ethical data practices. By highlighting examples from various industries, this episode calls for a more transparent and responsible approach to data usage in the digital age, emphasizing customer rights and the potential repercussions of neglecting privacy concerns.

Top Questions Addressed

How can organizations balance the use of customer data for AI training with ethical and legal considerations?
What are the implications of DocuSign's policy change on data privacy and consumer trust?
How can cybersecurity leaders ensure their organization's data practices are transparent and responsible?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring Post: https://www.linkedin.com/posts/nigelcannings_privacymatters-docusign-aiprivacyconcerns-ugcPost-7168953031135322112-vZSM

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Crisis Management: Strategies When Communicating with Multiple Stakeholders | An On Location Conference Coverage Conversation with Mary Chaney, Melanie Ensign, and Shawn Tuma

15 mars 2024 | 37 min

Security, Laws, and Vulnerabilities: Unpacking the Disclosure Process to Understand the Intersection of CFAA, DMCA, and Coordinated Vulnerability Disclosure | A Conversation with Katie Noble and Harley Geiger| Redefining CyberSecurity with Sean Martin

14 mars 2024 | 51 min

Guests:

Katie Noble, Director, PSIRT and Bug Bounty at Intel Corporation

On LinkedIn | https://www.linkedin.com/in/katie-trimble-noble-b877ba18a/

Harley Geiger, Founder and Coordinator, Security Research Legal Defense Fund

On LinkedIn | https://www.linkedin.com/in/harleylorenzgeiger/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by Katie Noble, Director of Product Security and Communications at Intel Corporation, and Harley Geiger, a cybersecurity attorney at Venable LP. The episode provides a deep dive into the realm of vulnerability disclosure and the corresponding laws that shape its dynamics.

The insightful conversation unveiled vulnerability disclosure as a toolbox for receiving vulnerabilities from diverse sources and then subsequently identifying, mitigating, and disclosing them. Both Noble and Geiger highlighted the importance of this process in creating a more secure digital ecosystem. However, they identified some challenges which include technical literacy, uneven state laws, clarity on good-faith security research, and sanctions that restrict conversation about vulnerabilities with certain entities.

Furthering the discussion, they touched upon the implications of AI and services provided through APIs on vulnerability disclosure. They acknowledged AI as an enabler which necessitates creative thinking about new tools for infrastructure security. They also highlighted potential issues with cloud services and AI, along with the growing practice of identifying non-security harms such as bias and discrimination through similar disclosure processes.

While discussing the role of regulations and policies, the Noble and Geiger stressed these aid in setting security standards and issuing regulatory compliance. They emphasized that understanding regulation as a net good and engaging proactively with policy formulation can result in better product security.

The episode concluded with insights on how regulatory improvements could reduce liability and move the space forward. This includes improvements in state law, clarification around AI, and easing sanctions to allow dialogue around vulnerabilities.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Hacking Policy Council - State Charging Policies for Good Faith Security Researchers: https://assets-global.website-files.com/62713397a014368302d4ddf5/64d3d1e780453a690d637186_HPC%20statement%20on%20state%20charging%20policy%20reform%20-%20August%202023.pdf

Hacking Policy Council - AI red teaming: Legal clarity and protections needed: https://assets-global.website-files.com/62713397a014368302d4ddf5/6579fcd1b821fdc1e507a6d0_Hacking-Policy-Council-statement-on-AI-red-teaming-protections-20231212.pdf

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

What Executive Leaders Can Do to Change Their Company's Culture | An On Location Conference Coverage Conversation with Denitra Letrice and Dwan Jones

13 mars 2024 | 27 min

Guests:

Denitra Letrice, Director of Cybersecurity Planning & Engagement, MassMutual

On LinkedIn | https://www.linkedin.com/in/denitraletrice/

On Twitter | https://twitter.com/denitraletrice

Dwan Jones, Directory of Diversity, Equity and Inclusion, ISC2 [@ISC2]

On LinkedIn | https://www.linkedin.com/in/dwanjones/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This episode of the "On Location with Sean and Marco" discusses the crucial topic of company culture and its impact on organizations, particularly in the cybersecurity field. Throughout the episode, Sean Martin and Marco Ciappelli engage in thought-provoking conversations with guests Denitra Letrice and Dwan Jones, focusing on the significance of cultivating a positive work culture. The discussion emphasizes the idea that a strong company culture is essential for attracting and retaining top talent, especially in a highly competitive industry like cybersecurity.

Denitra Letrice and Dwan Jones provide valuable insights into the need for organizations to create inclusive and diverse environments where employees feel valued and can thrive. They stress the importance of executive leaders listening to and understanding the experiences of their workforce to drive positive change and improve overall productivity. They also highlight the significance of continuous feedback, engagement surveys, and creating safe spaces for open communication within the workplace, underscoring that building a healthy work environment requires intentional effort, assessments, and a willingness to address systemic issues that may hinder organizational culture.

Furthermore, the episode previews an upcoming session at the Minorities in Cybersecurity (MiC) Annual Conference in Dallas, Texas, with Denitra Letrice and Dwan Jones as panelists for this session. Titled "What Executive Leaders Can Do to Change Their Company's Culture," the session aims to provide actionable strategies for executives to enhance their organizational culture and drive positive outcomes.

Overall, the episode serves as a platform for insightful discussions on the role of leadership in shaping company culture, the importance of diversity and inclusion, and the impact of culture on attracting and retaining talent in the cybersecurity industry. It encourages listeners to consider the value of creating a supportive and empowering work environment for long-term success.

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Redefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Learn more about Minorities in Cybersecurity: https://www.mincybsec.org/

Annual Conference: https://www.mincybsec.org/annual-conference

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Book | Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age | A Conversation with Author, Frank McCourt | Redefining CyberSecurity and Society with Sean Martin and Marco Ciappelli

12 mars 2024 | 62 min

Guest: Frank McCourt, Executive Chairman and Founder, Project Liberty [@pro_jectliberty]

On LinkedIn | https://www.linkedin.com/in/frank-h-mccourt/

Project Liberty on LinkedIn | https://www.linkedin.com/company/projectliberty/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

___________________________

Episode Notes

In this thought-provoking and potentially life-changing conversation with hosts Sean Martin and Marco Ciappelli, Frank McCourt discusses the necessity of prioritizing personhood in the face of increasing Internet surveillance. The trio discuss the deceptive practices of companies that extract user data under the alluring guise of free services. They explore the fundamental need for society to determine how to harness and utilize technology, which currently exists as an all-powerful, autocratic surveillance entity beyond individual control.

Recognizing the necessity of cultural shift to reclaim liberty, humanity, and dignity in the digital age, Frank emphasizes the urgency for society to take action. He presents Project Liberty as a conscious initiative to course-correct the trajectory of the Internet's effect on society and calls on individuals to raise their hopeful voices and make discerning choices. The narrative sheds light on how McCourt envisions restructuring internet governance, espousing a people-centric approach, ultimately promoting a more secure democratic digital world. To further this mission McCourt presents several ideals from his book 'Our Biggest Fight', emphasizing the necessity to reclaim control over personal data.

This is a conversation that must be heard — a discussion you want to be part of.

Key Questions Addressed

What is the importance of recognizing personhood on the internet?
What is the potential impact of technology on society and democracy?
How can society influence the direction of the internet and promote individual data ownership?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age (Book): https://www.projectliberty.io/our-biggest-fight

Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age: https://amzn.to/3TwyVG7

The proceeds from the book will be donated to the Project Liberty Foundation, a 501(c)(3) organization working to advance the responsible development of technology and ensure that tomorrow’s internet is designed and governed for the common good.

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

BlackCloak Exposes a Surge in Cyber Attacks Targeting Crypto-Invested Venture Capital and Private Equity Firms | A BlackCloak Brand Story with Chris Pierson

12 mars 2024 | 32 min

In the recent installment of Brand Stories with BlackCloak, co-hosts Marco Ciappelli and Sean take a journey into the escalating issue of cyber threats facing venture capitalists, private equity professionals, and affluent individuals invested in cryptocurrency. This episode stands out for its insightful analysis into how cybercriminals are increasingly targeting high-net-worth individuals, employing sophisticated strategies to breach their privacy and security and to steal their cryptocurrency. The discussion, enriched by the expertise of Chris Pierson, CEO and founder of BlackCloak, along with in-depth research from his team, highlights the imperative for tailored cybersecurity solutions in an era where financial investments intersect with digital vulnerability.

The conversation begins with an overview of the emerging trend where cybercriminals meticulously target individuals at the apex of financial and technological investments. Pierson’s input paints a detailed picture of the advanced tactics these nefarious actors use, ranging from social engineering to advanced phishing and hacking methods. These tactics are not random; they are precisely aimed at exploiting the unique lifestyles and the consequent vulnerabilities of high-net-worth individuals, making the need for customized cybersecurity measures more critical than ever.

A significant portion of the episode is dedicated to discussing the necessity of concierge-style cybersecurity services. Pierson emphasizes that BlackCloak’s approach is far from generic; it offers bespoke protection plans that cater to the individual’s specific lifestyle and risk profile. This personalized approach is crucial, as the assets and digital footprints of high-net-worth individuals are far from ordinary and require specialized protection strategies.

Pierson further outlines essential mitigating controls and risk reduction tactics that are pivotal in safeguarding against cyber-attacks. The focus here is on creating a multi-layered defense system that protects personal devices, secures network connections, and minimizes vulnerabilities related to one's digital presence. This strategy is not only about defending against current threats but also about being agile enough to adapt to new risks as they emerge.

A key insight from the discussion is BlackCloak’s proactive stance in anticipating future cybersecurity challenges. The cyber threat landscape is dynamic, with criminals continuously innovating to find new ways to breach defenses. BlackCloak’s methodology is centered on staying ahead of these threats through anticipation and preparation, ensuring their clients remain protected against both current and future vulnerabilities.

This episode goes beyond traditional cybersecurity discussions, focusing on the nuanced challenges faced by individuals whose financial success makes them prime targets for cybercriminals. It underscores the importance of investing in advanced, personalized cybersecurity solutions in today’s digital age. For venture capitalists, private equity professionals, and cryptocurrency investors, the message is clear: sophisticated, tailored cybersecurity and privacy protection is not an option but a necessity.

The insights provided in this episode of Brand Stories with BlackCloak offer a comprehensive look into the complexities of protecting high-net-worth individuals in the digital realm. It serves as a crucial resource for anyone involved in high-stakes investment sectors, highlighting the need for vigilance, sophisticated security measures, and a proactive approach to cybersecurity in the face of evolving threats.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Cyber Investigations: Methodology over Tools | A Conversation with Christopher Salgado | Redefining CyberSecurity Podcast with Sean Martin

11 mars 2024 | 51 min

Guest: Christopher Salgado, CEO at All Points Investigations, LLC

On Linkedin | https://www.linkedin.com/in/christophersalgado/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin converses with Christopher Salgado about the critical yet overlooked aspects of cyber investigations. Salgado's rich experiences, from being an insurance investigator in Chicago to working on Facebook's global investigations division and being a key player amidst the Cambridge Analytica crisis, lay the foundation for this engrossing dialogue.

Salgado elaborates on the unique challenges posed by cyber investigations—being analytical, yet organic; thorough, yet flexible—straddling between rigidity of process and fluidity of response. Pragmatism and diligent investigation are pitched alongside the usefulness of AI tools, which, as per Salgado, can be both ally and adversary.

Highlighting the importance of operating within established processes, Salgado presses on the need for standardization and streamlining, without compromising on the inherently organic nature of investigative work. He underscores how modifiable Standard Operating Procedures (SOPs) can uphold consistency and enable comprehensive learning, while staying legally sound and economically feasible.

Salgado also draws attention to the flip-side of AI-tools—potential data-leaks and the threat of manipulated AI-platforms. Corporations employing AI must weigh their usage against the risks, envisaging issues of data-privacy, information-misuse, and disinformation before rolling out (or permitting vendors to use) AI-based systems.

In a nutshell, this enlightening conversation delves into the complexities of cyber investigations, the indispensable role of AI, and the necessity of solid processes, making it a must-listen for cybersecurity enthusiasts and cyber sleuths alike.

The 'Security Show': Identifying the Real Truman for Transformative Business Excellence | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

10 mars 2024 | 10 min

Book | Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware | A Conversation with Cassie Crossley | Redefining CyberSecurity Podcast with Sean Martin

8 mars 2024 | 46 min

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

On Twitter | https://twitter.com/Cassie_Crossley

On Mastodon | https://mastodon.social/@Cassie_Crossley

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.

Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.

Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.

Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.

To help businesses navigate these challenges, Crossley’s book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.

Key Questions Addressed:

What is the importance of software supply chain security in businesses?
What are the challenges presented by OT environments when implementing cybersecurity measures?
How can businesses proactively navigate these challenges and strengthen their supply chain security?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware (Book): https://amzn.to/3XQKwT5

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Diversity in Depth: From FBI Special Agent to Corporate Leader to Cybersecurity Advocate | A Minorities in Cybersecurity Conference Coverage Conversation with Mary N. Chaney

7 mars 2024 | 22 min

Guest: Mary N. Chaney, Chairwoman, CEO and President, Minorities in Cybersecurity

On LinkedIn | https://www.linkedin.com/in/marynchaney/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Join hosts Sean Martin and Marco Ciappelli for this new On Location event coverage episode along with Mary Chaney, a lawyer and seasoned professional in the cybersecurity field, as they focus on the pivotal topic of diversity and inclusion in the cybersecurity industry. Chaney highlights the creation and purpose of the Minorities in Cybersecurity organization and annual conference, emphasizing leadership development, empowerment, and creating safe spaces for professional growth.

The episode explicitly explores the importance of diversity in depth, promoting tangible actions to support retention and advancement of minority leaders. It also discusses the diverse range of topics covered in the conference, sessions on crisis management, financial planning, and cultural change within organizations. The episode concludes with a call to action for listeners to participate in the conference and support the mission of minorities in cybersecurity. During the discussion, Mary Chaney clearly demonstrates a commitment to fostering a more inclusive and diverse cybersecurity landscape.

JavaScript is Often the Most Common Resource to be Compromised and Exploited | Let's See How Client-Side Security Can Help Successfully Navigate the Application Threat Landscape | An Imperva Brand Story with Lynn Marks: Sr. Product Manager

7 mars 2024 | 45 min

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.

The conversation begins with a key question: What is client-side protection?

Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,’ where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.

Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva’s Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.

Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva’s Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.

For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.

Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.

Top Questions Addressed

What is client-side protection?
How can an organization protect itself against client-side attacks?
What is the role of Imperva's Client Side Protection product in combating client-side security threats?

Note: This story contains promotional content. Learn more.

Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]

On Linkedin | https://www.linkedin.com/in/lynnmarks1/

Blog | https://thenewstack.io/author/lynn-marks/

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttq

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Cyber Governance Alliance and the Effort to Fight for CISO Liability Protections | A Conversation with Emily Coyle, Dr. Amit Elazari, and Andrew Goldstein | Redefining CyberSecurity Podcast with Sean Martin

6 mars 2024 | 50 min

Guests:

Emily Coyle, President & Founding Partner, Cyber Governance Alliance

On LinkedIn | https://www.linkedin.com/in/emily-elaine-coyle-a8243328/

Dr. Amit Elazari, Co-Founder & CEO, OpenPolicy

On LinkedIn | https://www.linkedin.com/in/amit-elazari-bar-on/

On X | https://www.twitter.com/AmitElazari

Andrew Goldstein, Chair of Global White Collar Defense and Investigations Practice, Cooley LLP [@CooleyLLP]

On LinkedIn | https://www.linkedin.com/in/andrew-d-goldstein/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In the episode of Redefining CyberSecurity Podcast, host Sean Martin discusses the issues surrounding the SEC's precedent-setting decision to charge the CISO of SolarWinds, Tim Brown, in the aftermath of the Sunburst cyberattack. Joining Sean are Emily Coyle, the founder of Cyber Governance Alliance, Andrew Goldstein from law firm Cooley and Amit Elazari from OpenPolicy.

Emily elucidates on the work of the Cyber Governance Alliance, aiming to lobby for methodology change by bringing the best practices of cybersecurity into the legal framework. The Alliance is seeking to provide cyber security professionals with the protections they need to carry out their role, including limitations on liability and protection against the chilling effect of litigation.

Andrew speaks to the potential impacts their arguments could have on the wider cyber security field. A pressing concern he highlights is the effect of the SEC's decision on aspiring cyber security professionals and their willingness to engage in the field, potentially exacerbating an already vulnerable shortage of professionals.

Amit points out the contradictions between best practice standards for cybersecurity, enshrined in legislation, and the SEC’s decision. She puts a call to action to the cyber community to collectively support the renewal of the amicus, around furthering discussions with policy makers to create a balanced decision.

The group concludes that the lawsuit sets a challenging precedence for cybersecurity professionals. They argue that aligning legal and policy frameworks with cybersecurity practices should be a priority. They also encourage the community to engage the policymakers in discussion, starting with commenting on and signing the next amicus brief being drafted. Collectively they emphasize the urgency and importance of the cybersecurity community's involvement in shaping the future of cybersecurity policy and governance before it's set in stone.

Key Questions Addressed

What has been the impact, thus far, of the SEC's decision to charge the CISO of SolarWinds, Tim Brown, after the Sunburst cyberattack?
How can conflicting policies potentially impact the sustainability of effective cybersecurity practices and what is the call to action for the cybersecurity community?
How is the Cyber Governance Alliance challenging the current cybersecurity legal framework and what protections are they seeking for cybersecurity professionals?

Top Insights from the Conversation

The SEC's decision to charge the CISO of SolarWinds has far-reaching implications for the cybersecurity community and can deter aspiring professionals for a long time to come.
Through the Cyber Governance Alliance, there's an ongoing effort to integrate the best practices of cybersecurity into the legal framework and provide basic liability protections for cybersecurity professionals.
Despite the contradictions in cybersecurity policies, there's an urgent call for the cybersecurity community to unify and shape the future of cybersecurity policies and governance.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The amended amicus is due March 29th. Cooley will be hosting a webinar with Latham & Watkins (SolarWinds & Tim Brown outside counsel) to discuss:

Date: Monday, March 11th
Time: 4:00 - 4:30 EST
Zoom Link: https://cooley.zoom.us/j/99323354217

To learn more about signing on to the updated amicus, contact Open Policy ( [email protected] ) or the team at Cooley via https://forms.office.com/Pages/ResponsePage.aspx?id=vqaHcH1e6Eme5Tx__T8eZbG7QNlB75pMoakNn09c-C5UMDBDNUVRVU8yUzFKV09HNjk5MTc0V0taSS4u.

To learn more about Cyber Governance Alliance and their efforts to fight for cyber professionals in Washington, contact the team at ( [email protected]) or check out https://cybergovernancealliance.org/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Transforming Cybersecurity Governance: The Role of Enterprise Risk Management (ERM) in the Context of the SEC Incident Reporting Rule | A Conversation with Keyaan Williams | Redefining CyberSecurity Podcast with Sean Martin

4 mars 2024 | 48 min

Guest: Keyaan Williams, Founder and Managing Director of CLASS-LLC [@_CLASSllc]

On LinkedIn | https://www.linkedin.com/in/keyaan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, we are joined by guest Keyaan Williams to discuss the impact of the Securities and Exchange Commission (SEC) Incident Reporting Rule on organizations and its far-reaching implications. The wide-ranging discussion covers the shift in responsibility from a single Chief Information Security Officer (CISO) to the entire organization, the necessity for companies to have situational awareness to rapidly determine the materiality of cyber security incidents, and how these rules affect the company's enterprise risk management strategy.

Enterprise Risk Management (ERM) is integral to the way organizations protect themselves and manage risk. Contrary to focusing exclusively on cybersecurity and cyber-related risk, ERM takes an holistic approach and considers all risks across the company. This comprehensive approach ensures that companies make well-informed decisions about how they allocate resources, prioritize risks, and choose specific areas to mitigate. ERM also distributes the burden of risk oversight, reducing the intense pressure on CISOs or any single department and making risk management a collective responsibility. In an era of increasing regulatory oversight, such as the new rules from the SEC, ERM also aims to help companies demonstrate that they are taking all necessary precautions and addressing regulatory requirements effectively.

Williams also emphasizes the need for businesses to prepare for the increasing regulatory scrutiny by maintaining a robust governance structure and adopting a team-based approach for managing cyber security risks. They predict the possibility of additional rule-making concerning cybersecurity in the future, thus viewing the current phase as the calm before the storm.

Williams ends the conversation with an invitation for listeners to provide feedback, reinforcing the theme of the episode: collective engagement in cybersecurity management.

Key Questions Addressed:

What is the impact of the new SEC reporting rule on CISOs and their teams?
How can Enterprise Risk Management contribute to overcoming cybersecurity challenges?
How does the SEC reporting rule change the role of a CISO within an organization?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Digital Twin Technology: Revolutionizing Industries and Redefining Cybersecurity | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

2 mars 2024 | 20 min

A Path to Banning Ransomware Payments | A Conversation with Ari Schwartz | Redefining CyberSecurity Podcast with Sean Martin

29 februari 2024 | 41 min

Guest: Ari Schwartz, Managing Director of Cybersecurity Services and Policy at Venable LLP [@VenableLLP]

On Linkedin | https://www.linkedin.com/in/ari-schwartz-484a297a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ari Schwartz about the momentum to ban ransomware payments and the path to achieve it. Schwartz, a cybersecurity expert with three decades of experience, discusses his recently published blog post titled "The Path to Banning Ransomware Payments", and unpacks the ways not just businesses, but also governments can respond to this growing threat.

Martin and Schwartz delve into significant issues, including the moral, national security, and economic imperatives for banning these payments. The duo further discuss four potential strategies to make not paying ransoms the rational thing to do: requiring victims to report ransom payments, to submit to oversight by a government regulator, to pay fines or face potential criminal charges for refusing to comply.

Addressing the practicalities of such a ban, Schwartz believes it’s likely to happen within the next 3 to 5 years but notes the need for passing laws to successfully enforce it. He also examines the critical role of insurance in this scenario and emphasizes the importance of risk mitigation strategies and robust cybersecurity measures.

The episode also explores potential exceptions to the ban like potential life-or-death situations or major economic harm, and the need for government intervention during ransom situations. Lastly, they discuss how targeting ransomware can help internal corporate security teams highlight the threats to their leadership and drive investment in robust cybersecurity.

Balancing Platforms and Point Solutions: Insights from a Product Manager, Industry Analysts, and the Market | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

27 februari 2024 | 8 min

Securing your Business Against The Latest Cyber Threat Trends: Incident Responses and Insurance Essentials | A Conversation with Shawn Tuma | Redefining CyberSecurity Podcast with Sean Martin

26 februari 2024 | 45 min

Guest: Shawn Tuma, Co-Chair, Data Privacy & Cybersecurity Practice at Spencer Fane, LLP [@SpencerFane]

On Linkedin | https://www.linkedin.com/in/shawnetuma/

On Twitter | https://twitter.com/shawnetuma

On Instagram | https://www.threads.net/@shawnetuma

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin sits down with cybersecurity data privacy attorney, Shawn Tuma. They delve into a comprehensive discussion on cyber risk, cybersecurity incident response, and cyber insurance.

During their discussion, Tuma shares a wealth of knowledge stemming from his deep involvement in thousands of cyber incident responses. He discusses the evolving cyber threat landscape, singling out business email compromises as now topping the list and how the evolution of threat actor tactics has exploited the human element in organizations.

The conversation segues into the crucial role of insurance in incident response planning. Tuma goes into detail about the issues that organizations face with insurance, especially when they aren't familiar with the terms stipulated in their policies. He also emphasizes the importance of getting the insurance carrier involved early on and the necessity for businesses to have pre-approved incident response teams.

The episode wraps up with Tuma’s advice on building a robust incident response plan and how insurance plays a key part in the strategy.

Key Insights Provided:

Though cyber threats continue to evolve, business email compromises now top the list over ransomware attacks because threat actors are manipulating the human element in organizations.
Insurance carriers play an indispensable role in incident response planning; it's crucial to get them involved early on and for businesses to have pre-approved incident response teams.
In building a robust incident response plan, businesses must understand their risk, be familiar with the terms stipulated in their policies, and ensure the implementation of measures that limit their vulnerabilities.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

From Ad-hoc Solutions to Systemic Approaches to Securing the Internet's Infrastructure: Introducing The Common Good Cyber Initiative | A Conversation with Phil Reitinger, Josh Corman | Redefining CyberSecurity Podcast with Sean Martin

23 februari 2024 | 44 min

Guests:

Phil Reitinger, President and CEO, Global Cyber Alliance [@GlobalCyberAlln]

On Linkedin | https://www.linkedin.com/in/philipreitinger/

On Twitter | https://twitter.com/CarpeDiemCyber

Joshua Corman, Founder, I am The Cavalry [@joshcorman]

On Twitter | https://twitter.com/joshcorman

On LinkedIn | https://www.linkedin.com/in/joshcorman/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with guests Phil Reitinger and Josh Corman to discuss the importance of financial backing and coordinated efforts in maintaining the security of the internet's infrastructure. Both guests emphasize the necessity for systemic approaches to sustain critical online operations, and the need to move from a reliance on generous volunteers towards more strategic, financially supported initiatives.

Reitinger and Corman cite several initiatives and organizations they've been involved with, such as Global Cyber Alliance, I Am The Cavalry, and others, illuminating their efforts to address cybersecurity issues. They also express the hope that the collaboration they've begun with the Common Good Cyber initiative, will lead to broad systemic solutions. The podcast brings to light key industry players, from large corporations to governments, and non-profits. The episode serves as a solid call to action, urging everyone to be part of a 'coalition of the willing' to secure the common good of the internet.

The Common Good Cyber initiative kicks off with a workshop in Washington DC. The workshop exists as a platform to gather diverse perspectives from cybersecurity stakeholders ranging from government representatives, corporations, to non-profit organizations. It is designed as a three-part effort, starting with understanding the urgency and identifying existing solutions, followed by brainstorming new solutions, and finally merging into a joint action plan to address the identified problems. The entire idea is to transition from simple plans to concrete action, which is the most challenging step. Moreover, the workshop is not just a one-off event but a launchpad for the Common Good Cyber initiative. It aims to understand the most viable solutions from the community, develop coherent strategies, and work on implementation beyond just the initial event.

Key insights discussed:

There's a recognized gap in funding for critical internet infrastructure security, which has largely been dependent on volunteer efforts and small non-profit organizations.
The Common Good Cyber initiative is an effort to bring together multiple stakeholders, including governments, corporations, and non-profits, to brainstorm and implement sustainable solutions to cybersecurity problems.
Collaborative efforts, transparency, and a shared purpose are seen as crucial elements in addressing the challenges of internet security and operationalizing security tools and processes.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRWnxWBBf8E2rGm4AaELu1Y

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

About Common Good Cyber: https://commongoodcyber.org/

Workshop Overview: https://commongoodcyber.org/events/

Workshop Agenda: https://commongoodcyber.org/wp-content/uploads/2024/02/Common-Good-Cyber-February-Workshop-Agenda.pdf

Wendy Nather's Cyber Poverty Post: https://www.linkedin.com/posts/wendynather_securitypovertyline-cyberpoverty-cybercivildefense-activity-7165733967113957376-80jy

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Reality Check: Platforms vs. Standalone Solutions and Their Place in an Expanding and Contracting Cybersecurity Market | A Conversation with Eric Parizo and Richard Stiennon | Redefining CyberSecurity Podcast with Sean Martin

23 februari 2024 | 54 min

Guests:

Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]

On Linkedin | https://www.linkedin.com/in/ericparizo/

On Twitter | https://twitter.com/EricParizo

Richard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]

On Twitter | https://twitter.com/stiennon

On LinkedIn | https://www.linkedin.com/in/stiennon/

On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.

Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.

Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.

Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.

Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.

How Risk Management and Human Behavior Shape Security Strategies: The Untold Impact of Cyber Insurance on Businesses | Human-Centered Cybersecurity Series with Co-Host Julie Haney | Redefining CyberSecurity Podcast with Sean Martin

22 februari 2024 | 52 min

Guests:

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]

On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

Jason Nurse, Reader in Cyber Security and Director of Science & Research, University of Kent [@UniKent] and CybSafe [@CybSafe]

On Linkedin | https://www.linkedin.com/in/jasonrcnurse

On Twitter | https://twitter.com/jasonnurse

On Mastodon | https://infosec.exchange/@jasonnurse

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the new (first!) episode of the Human-Centered Research Series on the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney from the Human Centered Cybersecurity program at NIST, chat with Dr. Jason Nurse, a reader in cybersecurity at the University of Kent in the UK. The discussion revolves around the role of cyber insurance in organizational risk management.

Jason elucidates cyber insurance’s function as a residual risk mitigation tool when dealing with cyber attacks, helping businesses recover and connect with response teams. They discuss how cyber insurance can incentivize better security practices but highlight challenges related to assessing security postures across diverse businesses. While ransomware features heavily in discussions of cyber risks, Jason points out that insurers don't always encourage ransom payments. Julie raises the issue of accessibility of cyber insurance for small businesses and suggests insurers offer 'pre-breach services'.

Sean, Julie, and Jason debate the role of human behavior in cyber risk, and how it affects organizations and insurance policies. They underscore the value of research in enhancing security practices and conclude by pondering ways to bridge the gap between academic research and practical implementation in cybersecurity.

Key Questions Addressed:

What is the role and impact of cyber insurance in organizational risk management?
How does cyber insurance interact with a business's cybersecurity practices, and how could it incentivize better measures?
How does human behavior factor into cyber risks and insurance policies, especially in the context of ransomware and small-medium enterprises?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Between a rock and a hard(ening) place: Cyber insurance in the ransomware era: https://www.sciencedirect.com/science/article/pii/S016740482300072X

Cyber Insurance and the Cyber Security Challenge: https://kar.kent.ac.uk/89041/1/RUSI-Kent-OP-Cyber-insurance.pdf

Mapping the coverage of security controls in cyber insurance proposal forms: https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0059-y

Impact 2024: https://www.theimpactconference.com/impact-usa/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

How the Newly-Formed AI-ISAC is Protecting Businesses from Emerging Cybersecurity Threats by Building Cross-Industry Trust and Collaborating with Other ISACs | A Conversation with Sidney Pearl | Redefining CyberSecurity Podcast with Sean Martin

19 februari 2024 | 31 min

Guest: Sidney Pearl, Executive Director at AI-ISAC

On Linkedin | https://www.linkedin.com/in/sidney-pearl/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

Welcome to a new episode of Redefining CyberSecurity Podcast. In this episode, Sean Martin is joined by Sidney Pearl to discuss the AI-ISAC (Artificial Intelligence Information Sharing and Analysis Center). They talk about the importance of operationalizing security and how communities, such as CISOs and other business executives, play a vital role in information sharing.

Sidney Pearl, the newly appointed executive director of AI ISAC, shares his background and experience in cybersecurity. The pair explore the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs. They explain that ISACs were initially formed to develop public and private partnerships between the government and private industry to share information and identify threats to critical infrastructure. Over time, ISACs have evolved into ISAOs, which have members beyond just the government and focus on sharing information across various domains.

The conversation then shifts to the AI ISAC and its importance in sharing information about artificial intelligence-related threats. They emphasize that the AI-ISAC is neutral and aims to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence. They discuss the challenges of navigating the rapidly evolving field of artificial intelligence, where bad actors can leverage AI tools for malicious purposes.

Sean and Sidney stress the necessity for organizations to proactively understand the trajectory of AI and make informed decisions. They highlight the importance of accessibility to good information for organizations to stay ahead of threats. Trust plays a crucial role in the success of ISACs, and Sidney invites the audience to engage with the AI-ISAC to foster trust and collaboration. Sidney also expresses the AI-ISAC's commitment to working together with the cybersecurity community to adapt to the changes brought by artificial intelligence. He encourages listeners to reach out and participate in the dialogue, emphasizing that we are all in this together.

Key Insights Provided:

What is the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers)? How have they evolved over time to develop public and private partnerships and share information to identify threats to critical infrastructure?
What is the role of the AI-ISAC ? How does it aim to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence? What are the challenges in navigating the rapidly evolving field of artificial intelligence?
How can organizations proactively understand the trajectory of artificial intelligence and make informed decisions to stay ahead of emerging threats? What is the importance of accessibility to good information in cybersecurity? How does trust play a crucial role in the success of ISACs, and how can the AI-ISAC foster trust and collaboration within the cybersecurity community?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

New Artificial Intelligence Information Sharing Analysis Center (AI-ISAC) Launches at Kennedy Space Center: https://world.einnews.com/pr_news/674452892/new-artificial-intelligence-information-sharing-analysis-center-ai-isac-launches-at-kennedy-space-center

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Illuminating Cybersecurity: A Wave Of Revelations From The Blue LED Revolution | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

16 februari 2024 | 23 min

Incorporating Security from the Start for a More Secure Future: Exploring the 'Secure by Design' Initiative and the Ongoing Secure by Design Alert Series | A Conversation with Jack Cable | Redefining CyberSecurity Podcast with Sean Martin

14 februari 2024 | 37 min

Guest: Jack Cable, Senior Technical Advisor at CISA [@CISAgov]

On LinkedIn | https://linkedin.com/in/jackcable

On Twitter | https://twitter.com/jackhcable

CISA on LinkedIn | https://www.linkedin.com/company/cisagov/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin invites Jack Cable, Senior Technical Advisor at CISA (U.S. Cybersecurity and Infrastructure Security Agency), to discuss the concept of 'Secure by Design' and the importance of incorporating security into the development process of technology products. The episode explores the motivations behind CISA's 'Secure by Design' initiative, which aims to shift the responsibility for cybersecurity from end users to technology manufacturers.

During the conversation, Jack highlights the need for long-term investments in cybersecurity and emphasizes the role of business leaders in driving necessary security improvements. The conversation explores the core principles of 'Secure by Design', including technology manufacturers taking ownership of security outcomes for their customers, promoting radical transparency and accountability, and ensuring top business leadership drives security improvements. The episode also touches on the collaboration between CISA and the open-source community to foster greater security improvements in the open-source space.

Jack also shares success stories of companies effectively implementing 'Secure by Design' principles and highlights the economic and business factors that will drive a more secure future. The episode concludes with a call-to-action for organizations to adopt the 'Secure by Design' approach and engage with CISA to support the shift towards more secure software.

Top Key Insights:

The 'Secure by Design' initiative is aiming to shift the burden of cybersecurity from end users to the technology manufacturers, essentially pushing for a more proactive approach to security.
Successful adoption of 'Secure by Design' requires buy-in from business leaders who possess the power to allocate budgets and direct the shift towards a secure future, demonstrating that cybersecurity is as much a business issue as a technical one.
Collaboration with the open-source community is crucial for improving security in the technology ecosystem. This includes expectaing companies who use open-source software to be responsible consumers and sustainable contributors to the open-source software ecosystem.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring LinkedIn Post: https://www.linkedin.com/posts/jackcable_when-a-new-vulnerability-comes-out-its-activity-7135658158726791168-nz9h

Secure by Design Overview: https://www.cisa.gov/securebydesign

Alert Series Announcement: https://www.cisa.gov/news-events/news/cisa-announces-secure-design-alert-series-how-vendor-decisions-can-reduce-harm-global-scale

Principles for Package Repository Security: https://repos.openssf.org/principles-for-package-repository-security

Request for Information: https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Great AI Debate: Does It Belong in SIEM? | Dissecting the Impact of AI on Modern SIEM Solutions | A Conversation with Mick Douglas and Dinis Cruz | Redefining CyberSecurity Podcast with Sean Martin

12 februari 2024 | 66 min

ITSPmagazine Podcast Network Live Weekly Catch-Up | February 10, 2024 | Sean Martin and Marco Ciappelli talk about “What kind of technology driven world will we live in, and do we get to choose?” Plus a few comment on recent and upcoming podcast episodes.

11 februari 2024 | 19 min

Survivability Fundamentals in Cybersecurity: A CISO's Blueprint for Effective Preparedness and Response | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

11 februari 2024 | 14 min

Effective Communication Strategies between Salespeople and CISOs | CISO Circuit Series: Episode 3 with Don Boian | Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

7 februari 2024 | 58 min

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests:

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

Don Boian, Chief Information Security Officer of Hound Labs

On LinkedIn | https://www.linkedin.com/in/don-boian-05820714/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, co-hosts Sean Martin and Michael Piacente talk with Don Boian to discuss effective communication between salespeople and CISOs. The main focus is on building trust and understanding in an environment that often sees these roles at odds.

Boian highlights the importance of understanding the corporate structure and knowing who to approach. He suggests that salespeople target not only the CISO but elements of their team, citing examples where security engineers are equally valuable contacts.

Boian stresses that the key to successful communication is trust, built over time and through demonstrated value. He encourages cybersecurity salespeople to become an integral part of the cybersecurity community and invest in long-term relationships with CISOs.

Piacente adds that the CISO’s role has greatly expanded in recent years, requiring them to be business leaders in addition to technical experts. He notes that board members are often pleasantly surprised at a CISO's business acumen.

The conversation also explores the importance of salespeople using a language that resonates with CISOs and clearly articulating their product’s value propositions.

Key Ingishts:

Establishing trust between salespeople and CISOs, built over time through actions and value demonstration.
Importance of understanding the corporate structure and knowing who to approach in the organization, beyond solely aiming at the CISO.
The dramatically expanded role of a CISO in recent years, requiring them to be both technical experts and efficient business leaders.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

When Bits Meet Bricks: Critical Infrastructure CyberSecurity Beyond the Traditional Server Room | A Conversation with Joe Weiss | Redefining CyberSecurity Podcast with Sean Martin

5 februari 2024 | 46 min

Guest: Joe Weiss, Managing Partner at Applied Control Solutions, LLC [@appliedcontrol]

On Linkedin | https://www.linkedin.com/in/joew1/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a thought-provoking conversation with Joe Weiss, a pioneer in the realm of control system cybersecurity. Weiss shares his experiences and insights from the frontlines of this intersection between cybersecurity and physical infrastructure.

The conversation reveals a significant gap between the cybersecurity and engineering worlds. Weiss highlights how cybersecurity professionals often focus on protecting servers and data, while overlooking the physical infrastructure that supports those servers. This disconnect, Weiss argues, can lead to significant operational issues, including the shutdown of major data centers due to control system cyber issues misidentified as mechanical failures.

Weiss presents a riveting case study of a billion-dollar manufacturing facility that was unknowingly suffering a 3% hit on net productivity. This was due to malfunctions in sensors and systems that were not detected by the facility's operational displays. The issue was only discovered when the raw physics of sensor readings were examined, emphasizing the need for a more comprehensive approach to cybersecurity.

Weiss further discusses the potential consequences of these overlooked vulnerabilities, including the disruption of critical services like air conditioning, power, and water supply. He stresses that these are not just issues for private entities but can impact every government operation, and consequently, our way of life.

The conversation concludes with Weiss advocating for an integrated approach to cybersecurity, one that connects security to operations and safety. He sees education as a key part of the solution, calling for more cross-disciplinary learning and collaboration between the fields of computer science and engineering.

This episode is a deep dive into the complexities of cybersecurity and the urgent need for a paradigm shift in its approach. Listeners will gain valuable insights into the critical intersection of cybersecurity and physical infrastructure, making this a must-listen for anyone interested in the future of cybersecurity.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

ITSPmagazine Podcast Network Live Weekly Catch-Up | February 3, 2024 | Sean Martin introduces the topics of some of his upcoming podcasts while walking around Central Park (NYC), as Marco Ciappelli joins from his office in Los Angeles.

4 februari 2024 | 18 min

CES 2024 Coverage | AI is the 5th Industrial Revolution: How AI is transforming how organizations operate, scale and improve efficiencies | A Post-Event Coverage of CES 2024 with Dr. Dimitri Kusnezov, Under Secretary, for the Science and Technology DHS

30 januari 2024 | 37 min

Guest: Dr. Dimitri Kusnezov, Under Secretary, for the Science and Technology DHS

On LinkedIn | https://www.linkedin.com/in/dimitri-kusnezov-097a9b68/

____________________________

Hosts:

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this last episode of the of the Post Event Coverage for CES 2024, Marco Ciappelli and Sean Martin are joined by Dr. Dimitri Kusnezov, the Undersecretary from the Department of Homeland Security responsible for science, technology, and first response.

The podcast begins with an enthusiastic discussion about the importance of CES and how it goes beyond just showcasing gadgets and incredible tech, but representing the present and future of society’s relationship with technology. Marco and Sean express their excitement about the panel Dr. Kusnezov had at CES: AI is the 5th Industrial Revolution | How AI is transforming how organizations operate, scale and improve efficiencies to grow the economy keep the nation moving forward, and of the overall significance of the event in shaping the future of technology and society.

Dr. Kusnezov introduces himself as a theoretical physicist turned government official and shares his admiration for the remarkable mission of the Department of Homeland Security. He highlights the challenges and opportunities that arise from the intersection of technology, innovation, and operational law enforcement.

The conversation then delves into the role of AI as the fifth industrial revolution and its transformative power across various sectors. Dr. Kusnezov emphasizes the interconnectedness of emerging technologies and the need to reimagine traditional fields such as farming and transportation, but also the way we need to think about technology’s role and how our society must be thought in terms of complexity and perpetual change.

Marco and Dr. Kusnezov discuss the cultural shift brought about by technology and how it challenges established norms and sources of information. They ponder the uncertainties of the future, particularly in a world where everything is evolving rapidly, and the social contract needs to be redefined.

Sean brings up the collaboration between the government, tech industry, and academia in shaping the future. Dr. Kusnezov acknowledges the importance of working with private companies and universities to harness innovation collectively. He emphasizes the need for deeper conversations and partnerships to address unique challenges faced by the Department of Homeland Security.

The podcast concludes with Marco expressing gratitude for Dr. Kusnezov's insights and highlighting the importance of staying open to change and redefining societal norms. They encourage listeners to engage in thoughtful discussions and continue questioning the evolution of technology and its impact on society.

Overall, this Post CES Coverage podcast provides a rich and thought-provoking conversation about the intersection of technology, society, and government efforts in shaping the future.

Listen, enjoy, share, and be sure to subscribe to Redefining Society (Marco’s Podcast) and Redefining Cybersecurity (Sean’s Podcast) for many more engaging conversations at the intersection of technology, cybersecurity and society.

____________________________

Catch all of our CES 2024 event coverage: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverage

Watch this and other videos on ITSPmagazine's YouTube Channel

CES 2024 Las Vegas playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcuvjsP6zvFyZkL7z2D8WZ

Redefining Society Podcast with Marco Ciappelli playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

AI is the 5th Industrial Revolution: https://www.ces.tech/sessions-events/voice/voice01.aspx

Artificial Intelligence | Homeland Security (dhs.gov) : https://www.dhs.gov/science-and-technology/artificial-intelligence

The Role of Science and Technology in Preparing for Future Change | Homeland Security (dhs.gov) : https://www.dhs.gov/science-and-technology/news/2023/12/21/role-science-and-technology-preparing-future-change

Learn more about CES 2024: https://www.ces.tech/

____________________________

For more CES 2024 Event Coverage visit: https://www.itspmagazine.com/ces-2024-las-vegas-usa-event-coverage

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

ITSPmagazine Podcast Network Weekly Catch-Up | January 29, 2024 | Sean Martin Joins Marco Ciappelli from the canals of Venice - Venezia, Italy - to talk about his trip and the upcoming RSA Conference Coverage.

29 januari 2024 | 16 min

Looking Back to Move Forward: Threat Research Reflections on 2023 | An Imperva Brand Story with Nadav Avital: Head of Threat Research

26 januari 2024 | 42 min

The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.

Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.

Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.

Imperva’s Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.

However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.

Imperva’s forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it’s not solely about using advanced techniques for quality attacks but also about creatively using existing ones.

As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention.

Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape.

Note: This story contains promotional content. Learn more.

Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]

On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/

On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9Yg

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Leaning in on ISO 5338, ISO 27090/27091, and the OWASP AI Exchange to Build Secure and Responsible AI Systems: Balancing Innovation and Ethical Boundaries | A Conversation with Rob van der Veer | Redefining CyberSecurity Podcast with Sean Martin

24 januari 2024 | 39 min

Guest: Rob van der Veer, Senior director at Software Improvement Group [@sig_eu]

On Linkedin | https://www.linkedin.com/in/robvanderveer/

On Twitter | https://twitter.com/robvanderveer

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity podcast, host Sean Martin welcomes Rob van der Veer to discuss the intersection of engineering AI systems and security. The conversation revolves around the potential risks and impacts of leveraging AI, particularly generative AI, on business growth and data security.

Rob, an expert in AI with extensive experience in the industry, shares insights on the advancements, challenges, and regulatory frameworks in the AI landscape. Rob highlights the importance of recognizing ethical and moral considerations when applying AI algorithms and emphasizes the need for governance, risk, and compliance roles, as well as security officers, to be involved in AI initiatives. He emphasizes the significance of maintaining ethical boundaries and complying with regulations, such as the European AI Act, to prevent potential harm to individuals and society.

Sean and Rob discuss the evolving nature of AI regulations, with governments setting boundaries to ensure responsible AI usage. Rob also mentions the OWASP AI Exchange, an open-source platform promoting collaboration and knowledge sharing among experts in AI security, and the need for alignment among various frameworks and standards.

The discussion also touches on the role of data scientists and the importance of collaboration with software engineers to ensure the development of secure, maintainable, and transferrable AI systems. Platform engineering is identified as the future of AI security and quality, enabling organizations to cover a wide range of requirements, including security, explainability, and unbiased decision-making.

Overall, this episode provides valuable insights into the complex landscape of AI engineering, security, and ethics, highlighting the need for multidisciplinary collaboration, adherence to regulations, and continuous improvement in AI practices.

Key Insights:

AI is influencing many aspects of business growth and data protection, but there are potential risks with this innovation that need thoughtful understanding and careful management.
Various disciplines, including governance, risk compliance, and security officers, need to be actively involved in AI initiatives to ensure ethical practices.
The future of AI quality and security lies in platform engineering, a collaborative approach that allows organizations to cover a wide range of requirements and ensure the development of secure, maintainable, and transferrable AI systems.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring LinkedIn post: https://www.linkedin.com/posts/robvanderveer_ai-aisecurity-activity-7139372087177068544-EUNg/

Member states and MEPs strike deal on EU AI Act after drawn-out, intense talks: https://www.euronews.com/my-europe/2023/12/08/eu-countries-and-meps-strike-deal-on-artificial-intelligence-act-after-drawn-out-intense-t

Artificial intelligence (European Council, Council of the EU): https://www.consilium.europa.eu/en/policies/artificial-intelligence/

Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world: https://www.consilium.europa.eu/en/press/press-releases/2023/12/09/artificial-intelligence-act-council-and-parliament-strike-a-deal-on-the-first-worldwide-rules-for-ai/

OpenCRE interactive content linking platform for uniting security standards: https://opencre.org

OWASP AI Exchange: https://owaspai.org

OpenCRE-chat the world's first security chatbot: https://www.opencre.org/chatbot

ISO/IEC 5338: Get to know the global standard on AI systems: https://www.softwareimprovementgroup.com/iso-5338-get-to-know-the-global-standard-on-ai-systems/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guidelines for Evaluating Differential Privacy Guarantees: NIST SP 800-226 | Differential Privacy and Its Potential in Protecting Sensitive Data | A Conversation with Damien Desfontaines | Redefining CyberSecurity Podcast with Sean Martin

23 januari 2024 | 43 min

Guest: Damien Desfontaines, Staff Scientist at Tumult Labs

On Linkedin | https://www.linkedin.com/in/desfontaines/

On Twitter | https://twitter.com/TedOnPrivacy

On Mastodon | https://hachyderm.io/@tedted

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

This episode of Redefining CyberSecurity features a deep discussion between host, Sean Martin and guest, Damien Desfontaines on the topic of Differential Privacy (DP) and its implications in the field of cybersecurity. Damien, who currently works in a startup, Tumult Labs, primarily focuses on DP concepts and has rich prior experience from working in the anonymization team at Google. He shares key insights on how differential privacy — a tool to anonymize sensitive data can be effectively used by organizations to share or publish data safely, thus opening doors for new business opportunities.

They discuss how differential privacy is gradually becoming a standard practice for companies wanting to share more data without incurring additional privacy risk. Damien also sheds light on the forthcoming guidelines from NIST regarding DP, which will equip organizations with a concrete framework to evaluate DP claims. Despite the positive dimension, Damien also discusses the potential pitfalls in the differential privacy implementation and the need for solid data protection strategies.

The episode concludes with an interesting conversation about how technology and risk mitigation controls can pave way for more business opportunities in a secure manner.

Key insights:

Differential Privacy (DP) offers a mathematically proven methodology to anonymize sensitive data. It enables organizations to safely share or publish data, opening new business opportunities while adhering to privacy norms and standards.
The forthcoming guidelines from NIST will equip organizations with a concrete framework to evaluate DP claims, fine-tune their privacy governance, and promote data governance within their operations.
Implementing DP is complex and necessitates solid data protection strategies. Even with a strong mathematical foundation, the practical implementation of DP requires careful monitoring of potential vulnerabilities, illustrating the need for a holistic approach to data privacy.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring post: https://www.linkedin.com/feed/update/urn:li:activity:7140071119859957762/

Guidelines for Evaluating Differential Privacy Guarantees: https://csrc.nist.gov/pubs/sp/800/226/ipd

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Literary Approach: The Novel Intersection of Fiction and Cybersecurity Storytelling | A Conversation with D. Greg Scott | Redefining CyberSecurity Podcast with Sean Martin

21 januari 2024 | 46 min

Guest: D. Greg Scott, Principal Technical Account Manager at Red Hat [@RedHat]

On Linkedin | https://www.linkedin.com/in/dgregscott/

On Twitter | https://twitter.com/DGregScott

Website | https://www.dgregscott.com/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

On this episode of 'Redefining CyberSecurity,' our host, Sean Martin, engages in an enlightening conversation with IT veteran and author, D. Greg Scott. Greg provides valuable insights from his journey in technology and cybersecurity, revealing how the seemingly innocuous act of not updating systems can lead to substantial financial damage. Using engaging stories that mirror real-world incidents, Greg delves into his novels 'Bullseye Breach' and 'Virus Bomb,' underlining the educational potential of the fiction genre in cybersecurity.

Together, they explore how these narratives can play a pivotal role in transforming perspectives about IT and cyber preparedness, emphasizing the urgent transition of viewing IT not only as an expense but a crucial business asset. The profound human and financial costs of failing to prioritize cybersecurity are brought to the fore, serving as a wake-up call for awareness and action. Greg also gives a sneak peek into his upcoming novel 'Trafficking You', yet another compelling narrative marrying the realms of technology and reader-engaging fiction.

Tune in for a unique blend of thrilling storytelling and critical cybersecurity learnings.

Key Insights:

The importance of updating and patching systems in cybersecurity
The role of storytelling in effectively conveying cybersecurity concepts and threats
The real-world consequences of cybersecurity breaches, including the potential for loss of life

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Bullseye Breach: Anatomy of an Electronic Break-In: https://www.dgregscott.com/bullseye-breach/

Trafficking U: https://www.dgregscott.com/trafficking-u/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin

15 januari 2024 | 48 min

Guest: Sandy Dunn, Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State university [@BoiseState]

On Linkedin | https://www.linkedin.com/in/sandydunnciso/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin and cybersecurity expert, Sandy Dunn, navigate the intricate landscape of AI applications and large language models (LLMs). They explore the potential benefits and pitfalls, emphasizing the need for strategic balance and caution in implementation.

Sandy shares insights from her extensive experience, including her role in creating a comprehensive checklist to help organizations effectively integrate AI without expanding their attack surface. This checklist, a product of her involvement with the OWASP TOP 10 LLM project, serves as a valuable resource for cybersecurity teams and developers alike.

The conversation also explores the legal implications of AI, underscoring the recent surge in privacy laws across several states and countries. Sandy and Sean highlight the importance of understanding these laws and the potential repercussions of non-compliance.

Ethics also play a central role in their discussion, with both agreeing on the necessity of ethical considerations when implementing AI. They caution against the hasty integration of large language models without adequate preparation and understanding of the business case.

The duo also examine the potential for AI to be manipulated and the importance of maintaining good cybersecurity hygiene. They encourage listeners to use AI as an opportunity to improve their entire environment, while also being mindful of the potential risks.

While the use of AI and large language models presents a host of benefits to organizations, it is crucial to consider the potential security risks. By understanding the business case, recognizing legal implications, considering ethical aspects, utilizing comprehensive checklists, and maintaining robust cybersecurity, organizations can safely navigate the complex landscape of AI.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Announcing the OWASP LLM AI Security & Governance Checklist v.05: https://www.linkedin.com/pulse/announcing-owasp-llm-ai-security-governance-checklist-sandy-dunn-jeksc/

OWASP Top 10 for Large Language Model Applications: https://owasp.org/www-project-top-10-for-large-language-model-applications/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

CISOs Embracing Cross-Functional Wisdom To Drive Business Success | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

13 januari 2024 | 21 min

Beyond the Boardroom: Safeguarding Leadership with Dual Front Executive Defense | A BlackCloak Brand Story with Chris Pierson and Roland Cloutier

12 januari 2024 | 48 min

In this engaging podcast, cyber-security leaders Roland Cloutier and Chris Pierson discuss with Marco and Sean the rising digital threats that executives face. With recent advancements in AI, phishing attacks and cyber crime have become sophisticated and harder to spot. The podcast underlines the importance of protecting the "executive digital space" —not just at the individual executive's level, but also their families, considering the potentially detrimental impacts they can have on organizations at large.

The two experts point out that being aware of cyber threats and diligently safeguarding precious data isn't enough. They propose a holistic approach to security, noting that the minimal knowledge most executives have about cyber threats plays to the advantage of cyber criminals. The alarming yet enlightening discussion encompasses physical security, AI-assisted scamming, artificially-created voice calls, and more.

A practical solution offered in the conversation is to outsource security measures to a reliable third-party for monitoring and immediate response to threats, thereby safeguarding everyone linked to the executive. The unique aspect here is the emphasis on a personalized, bespoke defense strategy that takes into consideration the differing security requirements of individuals. Ultimately, the mission here is to provide a safer cyber environment for executives and their families without impacting their personal lives.

Join this intriguing podcast and learn how to fortify not just your organization's, but your executive's life from cyber attacks.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guests:

Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Roland Cloutier, Advisor at BlackCloak [@BlackCloakCyber]

On Linkedin: https://www.linkedin.com/in/rolandcloutier/

On Twitter: https://twitter.com/CSORoland

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

ITSPmagazine Podcast Network Weekly Catch-Up | January 11, 2024 | Unscripted and Random Thoughts with Marco Ciappelli and Sean Martin

11 januari 2024 | 19 min

Unlocking Business Workflow Security: Introducing Workflow Bill of Materials (WBOM) | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

8 januari 2024 | 11 min

Book | The Language of Deception: Weaponizing Next Generation AI | Unmasking the Invisible Threat of Tomorrow's AI | A Conversation with Justin 'Hutch' Hutchens | Redefining CyberSecurity Podcast with Sean Martin

8 januari 2024 | 53 min

Guest: Justin "Hutch" Hutchens, Host of Cyber Cognition Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/hutch

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, Sean Martin, the host, engages in a riveting conversation with Justin Hutchins, also known as Hutch. Hutch, a seasoned R&D professional, is the co-host of the Cyber Cognition podcast and the author of The Language of Deception, Weaponizing Next Generation AI.

The conversation orbits around the objective of Hutch's book, which is to dispel the fear, uncertainty, and doubt (FUD) that often clouds the understanding of AI, and to illuminate the real and emerging risks that we face in our rapidly evolving technological landscape. Hutch also shares his extensive experience in creating a proof of concept for adaptive command and control malware driven by ChatGPT, demonstrating the potential dangers of AI-powered malware attacks.

The discussion extends to the increasing prevalence of bots in our daily online interactions and the need for individuals to be mindful of this when interacting online. Hutch emphasizes the importance of responsible innovation and provides guidance on how organizations and individuals can prepare for these new and emerging threats.

The conversation is not just a deep dive into the risks and threats of AI, but also a call to action for responsible and ethical use of technology. It's an essential listen for anyone interested in the intersection of AI and cybersecurity, offering invaluable insights into the current state and future trajectory of these intertwined fields.

About The Book: In The Language of Deception: Weaponizing Next Generation AI, artificial intelligence and cybersecurity veteran Justin Hutchens delivers an incisive and penetrating look at how contemporary and future AI can and will be weaponized for malicious and adversarial purposes. In the book, you will explore multiple foundational concepts to include the history of social engineering and social robotics, the psychology of deception, considerations of machine sentience and consciousness, and the history of how technology has been weaponized in the past. From these foundations, the author examines topics related to the emerging risks of advanced AI technologies, to include:

The use of Large Language Models (LLMs) for social manipulation, disinformation, psychological operations, deception and fraud
The implementation of LLMs to construct fully autonomous social engineering systems for targeted attacks or for mass manipulation at scale
The technical use of LLMs and the underlying transformer architecture for use in technical weapons systems to include advanced next-generation malware, physical robotics, and even autonomous munition systems
Speculative future risks such as the alignment problem, disembodiment attacks, and flash wars.

Perfect for tech enthusiasts, cybersecurity specialists, and AI and machine learning professionals, The Language of Deception is an insightful and timely take on an increasingly essential subject.

____

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____

Resources

Book | The Language of Deception: Weaponizing Next Generation AI: https://amzn.to/3XAFEQz

____

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Beyond Traditional Software Security: Let's Explore the Concept of a Workflow Bill of Materials (WBOM) | A Conversation with Francesco Cipollone | Redefining CyberSecurity Podcast with Sean Martin

5 januari 2024 | 45 min

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

On YouTube | https://www.youtube.com/@phoenixsec

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin is joined by Francesco Cipollone from Phoenix Security for a riveting conversation on the vulnerabilities associated with using pre-made tools for website development. The dialogue revolves around the inherent security risks these tools pose, especially when used by non-technical teams like marketing.

Francesco shares a fascinating account of discovering a potential SQL injection in a well-known CRM system. This revelation underscores the importance of input validation and the necessity of secure defaults in any tool. The discussion also brings to light the fact that many systems do not consider these potential security risks as standard, often requiring additional licenses or configurations for basic security measures.

The conversation takes an interesting turn as they discuss a new concept of a Workflow Bill of Materials™ (WBOM)—a term coined by the host, Sean Martin, for the first time. This idea extends beyond the typical focus on software bill of material security (which often focuses on source code, services, and APIs) to include a broader view of the tools and systems that teams use in their daily operations. The WBOM concept emphasizes the need for organizations to understand the associated risks of these tools and implement more secure practices.

Sean and Francesco highlight the importance of threat modeling in identifying potential risks. They also discuss the challenges organizations face in ensuring security, especially when these tools are used by teams with zero security knowledge. The episode concludes with a call to action for the industry to move towards security by default and the ethical use of technology.

This episode offers listeners an insightful look into the complexities of cybersecurity in the context of commonly used tools and systems, and the urgent need for a shift in perspective when it comes to securing these tools.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Francesco's LinkedIn Post: https://www.linkedin.com/posts/fracipo_bit-of-a-rant-on-the-security-tax-of-certain-activity-7139650868064202753-LZ21/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Operationalize Cybersecurity Throughout the Business: Building Security from the Ground Up | A Conversation with David Adeoye Abodunrin | Redefining CyberSecurity Podcast with Sean Martin

31 december 2023 | 43 min

Guest: David Adeoye Abodunrin PMP, CSM, CSPO, CSP-SM, MSC, Cybersecurity Project Manager/Enterprise Agile Coach at Cybarik [@CybarikGlobal]

On LinkedIn | https://www.linkedin.com/in/abodunrinadeoyedavid/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with David Adeoye Abodunrin about the operationalization of security throughout the organization. They explore the importance of considering cybersecurity from the beginning stages of product development and the challenges that can arise when attempting to retrofit security measures.

David emphasizes the need for organizations to think about cybersecurity as a layer throughout the entire value map, from conceptualization to product design and implementation. He highlights the trade-offs and complexities involved in integrating cybersecurity later on in the process and stresses the role of security architects in the early stages of product development. By incorporating risk analysis and cybersecurity considerations from the start, organizations can create more robust and cost-effective security programs.

The conversation also delves into the obstacles faced by CIOs, CEOs, and CMOs when it comes to prioritizing cybersecurity in the beginning. Sean and David discuss the potential for finding nimble and efficient solutions by addressing security concerns early on. The challenges of retrofitting security and the financial implications of doing so are explored, along with the issues related to legacy systems and ERPs that lack proper cybersecurity measures.

Throughout the episode, Sean and David provide valuable insights and practical advice for building effective cybersecurity programs and integrating security into the fabric of an organization's operations. They stress the importance of thinking about cybersecurity from the conceptualization stage of product design and highlight the role of security architects in this process. They also touch upon the need for trade-offs between speed and customer convenience in implementing security measures like multiple factor authentication.

Overall, this episode provides listeners with a deeper understanding of how to operationalize security and navigate the challenges of incorporating cybersecurity from the outset. The conversation is informative and thought-provoking, offering practical insights for organizations looking to build robust and cost-effective security programs.

____

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____

Resources

____

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Cyber Vision in Motion: Topics I am Keen to Explore in 2024 | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

31 december 2023 | 12 min

The Role of AI in Cyber Attacks and Cybersecurity Defense Strategies: Adapting the Business to an AI-Driven Paradigm | An Imperva Brand Story with Kunal Anand

29 december 2023 | 57 min

The Battle of the Bad Bots in Santa's Security Operations Center | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

23 december 2023 | 9 min

11 Learnings From 8 Hours With 75 CISOs | CISO Circuit Series: Episode 2 with Omar Khawaja | With Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

21 december 2023 | 56 min

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests:

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

Omar Khawaja, VP Security, Field CISO at Databricks [@databricks]

On LinkedIn | https://www.linkedin.com/in/smallersecurity/

On Twitter | https://twitter.com/smallersecurity

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this special CISO Circuit Series edition of the Redefining CyberSecurity podcast episode, Sean Martin and Michael Piacente engage in a thought-provoking conversation with Omar Khawaja, VP of Security and Field CISO at Databricks. Driven by a conversation with 75 of his CISO peers, Omar brings his unique perspective to the table, discussing the evolving role of a CISO and the importance of aligning security efforts with business needs.

Drawing on his experiences transitioning from a CISO at a large healthcare organization to a Field CISO, Omar shares insights on how he assists other CISOs, particularly in managing their data and implementing AI. He emphasizes the necessity of effective communication, audience awareness, and collaboration. Using the metaphor of a plane journey, Omar illustrates the importance of delivering a clear, simplified view of security efforts to stakeholders.

A significant part of the conversation revolves around the importance of building strong relationships with other executives and being open about vulnerabilities. Omar stresses the value of maintaining a relentless curiosity and refraining from judgment to foster better relationships and collaboration. He also shares some practical techniques for CISOs, encouraging them to continuously work on the craft of asking the right questions and demonstrating curiosity.

This episode serves as a valuable resource for anyone interested in the ever-changing role of the CISO and the critical task of aligning security efforts with business needs. With its blend of practical advice, insightful metaphors, and real-world experiences, it's a must-listen for those looking to understand the complexities and challenges in the world of cybersecurity.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Omar's LinkedIn Post: https://www.linkedin.com/feed/update/urn:li:activity:7129749407146627072/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Great Cyber-Heist of the AI Chef's Quantum Quiche | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

16 december 2023 | 9 min

Book | Wiring the Winning Organization: Slowify, Simplify, and Amplify for Operational Excellence | What Happens When Security Sits on the Couch | A Conversation with Gene Kim | Redefining CyberSecurity Podcast with Sean Martin

15 december 2023 | 50 min

Guest: Gene Kim, Author

On Linkedin | https://www.linkedin.com/in/realgenekim/

On Twitter | https://twitter.com/RealGeneKim

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity on the ITSPmagazine Podcast Network, host Sean Martin engages in an insightful conversation with Gene Kim, co-author of "Wiring the Winning Organization". The discussion revolves around the transformative concept of 'Shifting Left' in DevOps, a strategy that has allowed tech giants like Amazon to achieve a staggering 136,000 deployments per day.

Kim likens this breakthrough to a collaborative effort between developers and operators, comparing it to the teamwork required to move a couch. He also explores the crucial role of information security in this process, underlining the necessity for security to equip developers with the tools to work independently, thereby serving as the first line of defense. Don't let security sit on the couch while you're trying to move it!

The conversation transitions into an exploration of the three mechanisms of performance: slowification, simplification, and amplification. Kim uses relatable real-life examples to elucidate these concepts, emphasizing the importance of timely and accurate information for effective decision-making and problem-solving. The more you know up front, the better off you'll be.

Drawing on his extensive work on the state of DevOps research, Kim discusses the predictors of high performance and how these principles apply to DevOps. He also points to the growing trend of specialization within DevOps and the emerging need for 'platform engineering,' a system that enables developers to focus on solving business problems while specialists handle the complex technical aspects.

This episode provides listeners with a deeper understanding of the evolution and future of DevOps, the importance of information security, and how these principles can be applied to enhance overall security programs. It also serves as an introduction to the Gene co-authored with Steven J. Spear. Be sure to listen to the podcast that Marco Ciappelli had with Spear on his Redefining Society Podcast.

About the book

Forget vision, grit, or culture. Wiring the Winning Organization reveals the hidden circuitry that drives organizational excellence.

Drawing on decades of meticulous research of high-performing organizations and cross-population surveys of tens of thousands of employees, award-winning authors Gene Kim and Dr. Steven J. Spear introduce a groundbreaking new theory of organizational management. Organizations win by using three mechanisms to slowify, simplify, and amplify, which systematically moves problem-solving from high-risk danger zones to low-risk winning zones.

Wiring the Winning Organization shines an investigative light on some of the most famous organizations, including Toyota, Amazon, Apple, and NASA, revealing how leaders create the social wiring that enables exceptional results.

This is not feel-good inspiration or armchair philosophy but a data-driven prescriptive playbook for creating excellence grounded in real-world results and proven theory. This is the rare business book that delivers concrete tools―not platitudes―to convert mediocrity into mastery.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Wiring the Winning Organization: Liberating Our Collective Greatness through Slowification, Simplification, and Amplification (book): https://amzn.to/47B89T1

Google Leaked Memo "We Have No Moat (and Neither Does OpenAI)" through the Lens of Slowify, Simplify, Amplify: https://www.linkedin.com/pulse/google-leaked-memo-we-have-moat-neither-does-openai-through-gene-kim-0oghc/?trackingId=hPCsZXK8T8OhZVEe2Bz8Pg%3D%3D

Google "We Have No Moat, And Neither Does OpenAI": https://www.semianalysis.com/p/google-we-have-no-moat-and-neither

Book | Wiring the Winning Organization: Liberating Our Collective Greatness through Slowification, Simplification, and Amplification | A Conversation with Author Steven J. Spear | Redefining Society with Marco Ciappelli: https://redefining-society-podcast.simplecast.com/episodes/book-wiring-the-winning-organization-liberating-our-collective-greatness-through-slowification-simplification-and-amplification-a-conversation-with-author-steven-j-spear-redefining-society-with-marco-ciappelli

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Staying Ahead of the Curve: Leapfrogging Through Growth in Cybersecurity | A Cymulate Brand Story with Ben Fitzpatrick

14 december 2023 | 32 min

In this Brand Story episode, hosts Marco Ciappelli and Sean Martin engage in a thought-provoking conversation with Ben Fitzpatrick from Cymulate. The discussion explores the innovative approaches to cybersecurity that can help regions advance beyond their current situation.

Fitzpatrick shares his insights on the lifecycle of security and technology, emphasizing the critical role of continuous monitoring and understanding the attack path for staying ahead of potential threats. He elaborates on Cymulate's use of cutting-edge tools and methods like automation, AI, and TTP to simulate high-level intrusion attacks without causing damage, providing a non-disruptive method for businesses to validate their security controls.

An important aspect of the conversation revolves around risk prioritization. Fitzpatrick expresses the necessity for businesses, particularly CISOs, to conduct regular—even continuous—testing of all components of their infrastructure and applications. This approach allows for a comprehensive understanding of potential risks and the ability to prioritize their mitigation.

Fitzpatrick also digs into the concept of response. He asserts that many companies are only at the cusp of realizing its significance in their cybersecurity strategy. He underscores the need to stay ahead of the curve, tackling the most important threats and adversaries, and minimizing the risk window.

The episode concludes with Fitzpatrick discussing Cymulate's role in helping businesses understand their most critical threats and adversaries, and how they can best respond to them. He emphasizes that Cymulate is not just about ticking boxes; it's about understanding the business, managing risks, and staying ahead of the curve. This episode promises to offer listeners a unique perspective on proactive, intelligent cybersecurity strategies and their role in business resilience.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-story

Guest: Ben Fitzpatrick, VP of Sales, Asia Pacific (APAC)

On LinkedIn | https://www.linkedin.com/in/befitzpatrick/

Resources

Cymulate Expands Sales Leadership Team to Drive Growth in EMEA & APAC Global Markets: https://cymulate.com/news/cymulate-expands-sales-leadership-team-to-drive-growth-in-emea-apac-global-markets/

Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya: https://redefining-cybersecurity.simplecast.com/episodes/security-analytics-for-continuous-threat-exposure-management-making-better-it-decisions-through-the-lens-of-an-attacker-a-company-briefing-from-infosecurity-europe-2023-london-england-a-cymulate-company-briefing-story-with-nir-loya

____________________________

Catch more stories from Cymulate: https://itspm.ag/cymulate-ltd--s2k4

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

2024 ... You Know | A Conversation of InfoSec and Technology Predictions with Yolanda Reid, Laura Payne, Cat Self, Rob Black, Chuck Brooks, George Platsis, Matthew Rosenquist | Redefining CyberSecurity Podcast with Sean Martin and Marco Ciappelli

13 december 2023 | 73 min

Guests:

Yolanda Reid, Associate Partner at IBM [@IBM]

On Linkedin | https://www.linkedin.com/in/yolanda-c-reid/

Laura Payne, Chief Enablement Officer & VP Security Consulting at White Tuque [@WhiteTuque]

On Linkedin | https://www.linkedin.com/in/laura-l-payne/?originalSubdomain=ca

Cat Self, Principal Adversary Emulation Engineer, MITRE [@MITREcorp]

On Linkedin | https://www.linkedin.com/in/coolestcatiknow/

On Twitter | https://twitter.com/coolestcatiknow

Rob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]

On LinkedIn | https://www.linkedin.com/in/rob-black-30440819/

Chuck Brooks, Adjunct Professor at Georgetown University’s Graduate Applied Intelligence Program [@GeorgetownSCS]

On LinkedIn | https://www.linkedin.com/in/chuckbrooks/

On Twitter | https://twitter.com/ChuckDBrooks

George Platsis, Senior Lead Technologist, Proactive Incident Response & Crisis Management at Booz Allen Hamilton [@BoozAllen]

On LinkedIn | https://www.linkedin.com/in/gplatsis/

On Twitter | https://twitter.com/gplatsis

Matthew Rosenquist, Host of Cybersecurity Insights Podcast

On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/matthew-rosenquist

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Co-Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

Steering Through the Cybersecurity Evolution: Adapting to the Changing Tides of InfoSec

In this special edition of the Redefining CyberSecurity Podcast on the ITSPmagazine Podcast Network, hosts Sean and Marco navigate the complex universe of cybersecurity with a panel of experts, including Yolanda Reid, Laura Payne, Cat Self, Rob Black, Chuck Brooks, George Platsis, and Matthew Rosenquist. The conversation weaves together threads of technology, AI, geopolitics, and the shifting role of the Chief Information Security Officer (CISO) into a rich narrative that illuminates the challenges and opportunities in the cybersecurity landscape.

Cat Self shines a light on the increasing visibility of cyber threats on underrepresented platforms like Linux and MacOS, while Yolanda Reid emphasizes the role of community involvement in cybersecurity. Matthew Rosenquist discusses the challenges posed by legacy systems in Operational Technology (OT) networks, painting a picture of a landscape filled with potential vulnerabilities.

Rob Black advocates for a more proactive approach to cybersecurity, suggesting a chess-like strategy of using deception to shape attacker behavior. Laura Payne explores the evolving role of the CISO, suggesting that this role is expanding like an ever-growing universe, now including geopolitical trends and threat intelligence. George Platsis brings his experience in disaster and emergency management to the discussion, adding another layer to the intricate tapestry of this conversation.

This expert panel also discusses the potential implications of high-profile court cases involving CISOs, suggesting that these cases could redefine the role and responsibilities of CISOs, much like how a software update can redefine the functionality of a system. The conversation also touches on the increasing involvement of state actors in cyber attacks and the potential for these attacks to target critical infrastructure, painting a sobering picture of the potential future of cybersecurity.

The panel decided to close on a positive note, with each of the panelists and the hosts sharing some good news predictions for 2024. Not sure how the pants, the rat, and the roaches come into play there — let's just say it all works out somehow.

____

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____

Resources

____

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Power of Curiosity and Questioning the Status Quo: A New Take on Success | An Imperva Brand Story With Nanhi Singh

11 december 2023 | 39 min

In this Brand Story episode, hosts Sean Martin and Marco Ciappelli engage in a stimulating dialogue with Nanhi Singh from Imperva. The conversation revolves around the themes of personal growth, career progression, and the importance of curiosity and questioning in personal and professional success.

Nanhi shares her unique insights on the significance of self-defined success and the dangers of letting others dictate your measures of achievement. She emphasizes that success is a personal journey and should be defined on your own terms.

A central theme of the discussion is the myth of needing to know everything in senior roles. Nanhi dispels this myth and stresses that the key to success lies in asking the right questions, not necessarily knowing all the answers. She encourages listeners to maintain a childlike curiosity and to probe deeper into issues to truly understand them. She also discusses the importance of staying true to your core values, even in the face of office politics. She advises listeners to identify their non-negotiable values and to remain steadfast in upholding them.

Nanhi shares her own experiences and lessons learned from her career journey. She discusses the joy she finds in seeing her team members grow and advance in their careers. She also talks about the importance of learning from mistakes and the necessity of being willing to reinvent your knowledge in a rapidly changing field like technology and cybersecurity.

The conversation also explores the importance of using multiple sources of data for decision-making and the role of curiosity in personal and professional growth. Nanhi shares an interesting anecdote about learning to ski as an adult, illustrating the value of taking risks and having fun in the process. Who knows, there may be a story about Marco and Sean skiing together as well.

Overall, this episode offers listeners a rich exploration of career growth, self-defined success, and the power of curiosity and questioning.

Note: This story contains promotional content. Learn more.

Guest: Nanhi Singh, Chief Customer Officer at Imperva

On LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371

On Twitter | https://twitter.com/NanhiSingh14

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Convergence of Command: Redefining the CISO's Position in the Corporate Reporting Structure | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

9 december 2023 | 10 min

Navigating the Ethical Maze of AI Usage: Curtailing Misuse in Cybercrime | An Imperva Brand Story With Ron Bennatan

7 december 2023 | 41 min

In this Brand Story Podcast, hosts Marco Ciappelli and Sean Martin join forces with Ron Bennatan from Imperva to embark on a journey into the world of generative AI. The conversation is a blend of philosophy, technology, and cybersecurity, offering listeners a deep-dive into the complexities and opportunities of AI.

The trio explores the accuracy and unpredictability of AI, discussing its ability to handle complex prompts and the unexpected 'hallucinations' it can produce. Bennatan highlights the challenges this poses in a software development lifecycle, emphasizing the non-deterministic nature of AI outputs and the difficulties this poses for automated testing.

The conversation also delves into the scalability of AI, discussing the potential for automation at scale despite perceived slowness. Bennatan provides an interesting perspective on AI's tendency to never repeat the same answer, viewing it as both a source of creativity and a potential issue.

Cybersecurity is a key theme in the discussion, with Bennatan acknowledging that AI's ability to mimic human communication could elevate the sophistication of social engineering attacks. He also raises the potential for AI to mimic specific individuals, increasing the risk of impersonation, deep fakes, and insider threats. Despite these risks, Bennatan maintains that AI can be a powerful tool for defense, making cyberattacks more sophisticated but also enhancing defenses.

The conversation also gets into a philosophical exploration of the Turing test and AI's potential to fool someone into believing it's human. Bennatan suggests that AI doesn't need to excel at everything at once, but can be highly effective in specific tasks. He also envisions AI improving customer service and operational efficiency by handling complex tasks more efficiently than humans.

In this episode, listeners get a taste of the intriguing possibilities, challenges, and ethical considerations that AI presents, making it a must-listen for anyone interested in the intersection of technology, philosophy, and cybersecurity.

Note: This story contains promotional content. Learn more.

Guest: Ron Bennatan, General Manager, Data Security at Imperva

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Driving Innovation and Protecting Growth: The Intricate Relationship Between Information Technology (CTO) and Information Security (CISO) | A Their Story Conversation from RSA Conference 2023 | An Imperva Story with Kunal Anand: https://redefining-cybersecurity.simplecast.com/episodes/driving-innovation-and-protecting-growth-the-intricate-relationship-between-information-technology-cto-and-information-security-ciso-a-their-story-conversation-from-rsa-conference-2023-an-imperva-story-with-kunal-anand

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Evolution from Governance, Risk & Compliance to Cyber Risk Governance | A Conversation with John Sapp | Redefining CyberSecurity Podcast with Sean Martin

5 december 2023 | 39 min

Guest: John Sapp , VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]

On Linkedin | https://www.linkedin.com/in/johnbsappjr/

On Twitter | https://www.twitter.com/czarofcyber

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining Cybersecurity, hosted by Sean Martin, listeners are invited to explore the complex landscape of cyber risk governance. John Sapp, a seasoned professional in risk management, emphasizes the importance of defining cyber risk from the perspective of various executives. The CIO, CFO, COO, and general counsel each own different aspects of risk within an organization, and understanding their perspectives is key to effective risk management.

The conversation takes an intriguing turn as John introduces the concept of approaching cyber risk governance as a product. This involves understanding the desired outcomes, defining the requirements, and creating personas for different stakeholders. The aim is to develop a common pane of glass, a unified perspective through which each persona can access near real-time information to make informed decisions.

John also underscores the importance of presenting information to various stakeholders, including the board and cyber insurance carriers, in a way that demonstrates the strength of the organization's cyber risk program. This approach has tangible benefits, such as a reduction in cyber insurance premiums based on the strength of the cyber risk program.

The episode concludes with a discussion on the importance of collective decision-making in managing cyber risk. John emphasizes that it's not about presenting some information and giving somebody responsibility to make a decision, but rather about presenting information in different ways to all the different personas to spur a conversation so that the team can determine the best path forward.

This episode is a must-listen for anyone interested in understanding how to approach cyber risk governance in a way that is both effective and efficient. It provides valuable insights into how to manage risk in an ever-evolving digital world.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

CISO Stories Recounted By The World's First CISO | A Conversation With Steve Katz | The Business of Security | Redefining CyberSecurity Podcast with Sean Martin and Marco Ciappelli

5 december 2023 | 43 min

Pioneering the 2050 Collective: From Digital Islands to Global Harmony and Cyber Resilience | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

2 december 2023 | 13 min

New Comic Book | Yours Truly, Johnny Dollar #1 | A Conversation with Allan Liska | Redefining CyberSecurity Podcast with Sean Martin

28 november 2023 | 37 min

Guest: Allan Liska, Owner at Green Archer Comics

On Linkedin | https://www.linkedin.com/in/allan2

On Twitter | https://twitter.com/uuallan

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin chats with Allan Liska, a cybersecurity professional and comic book writer. Allan shares his journey of creating the comic book series "Yours Truly, Johnny Dollar," which follows the adventures of a cyber insurance investigator battling ransomware. While the focus is on entertaining and escapism, there is also an educational component, keeping the technical aspects true to life without boring readers.

Allan discusses the catharsis and wish fulfillment he experiences through the comic book medium, allowing the protagonist to do things that are not possible in real-life cybersecurity cases. He highlights the importance of problem-solving and investigation, drawing parallels between incident response professionals and the character's approach to challenges.

The conversation delves into the process of turning the story into a comic book format, including hiring artists, finding a publisher, and running a successful Kickstarter campaign.

Allan expresses his gratitude for the support he received from the cybersecurity community and the challenges of running a small business.

They explore the creative process of adapting technical descriptions into a visually appealing comic book format, emphasizing the need for an independent editor to ensure the story flows visually. Allan reflects on the intersection of cybersecurity and storytelling, discussing the theme of wish fulfillment and the heroic role of threat intelligence analysts.

About the Comic Book

A new comic book series featuring Johnny Dollar, the star of the 1940s - 60s radio serial of the same name! He is back fighting ransomware and more!

Written by Allan Liska, the comic is based on CBS Radio’s popular serialized drama of the same name that ran from 1949 through 1962. Known as “the man with the action-packed expense account,” Johnny Dollar has been reimagined and brought into the digital age to fight ransomware as a hard-nosed cyber insurance investigator.

In this first issue, Johnny Dollar is called to Johnstown, Pennsylvania to investigate a ransomware attack against Gotham Steel. The insurance company is concerned that there may be a company insider helping the ransomware group. Johnny quickly realizes something is off with this case and must race to find the insider, while avoiding attacks from Russian thugs, before the company caves in and pays the ransom.

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

Resources

Yours Truly, Johnny Dollar #1: https://www.greenarcher.io/product-page/yours-truly-johnny-dollar-1

Learn more about the history of Yours Truly, Johnny Dollar: https://www.johnnydollar.io/about

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Book | The Privacy Leader Compass | A Conversation with Valerie lyons | Redefining CyberSecurity Podcast with Sean Martin

28 november 2023 | 56 min

Guest: Dr. Valerie Lyons, Author

On Linkedin | https://www.linkedin.com/in/valerielyons-privsec/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining Cybersecurity podcast, host Sean Martin engages in a conversation with Dr. Valerie Lyons, co-author of "The Privacy Leader Compass." They discuss various aspects of privacy and provide practical guidance for privacy leaders.

Dr. Lyons highlights the regulatory difference between the US and Europe's approach to privacy, with data minimization being a regulatory requirement in Europe. However, she emphasizes that it's not about which approach is better, but rather understanding and complying with the regulatory requirements. They delve into the principles of Fair Information Practices (FIPS) and privacy by design, which are enshrined in GDPR.

"The Privacy Leader Compass" is designed to be a comprehensive resource for privacy leaders, incorporating the McKinsey seven S model. It goes beyond compliance, incorporating ethics, trust, and consumer satisfaction in privacy programs. The book is intended to be location and jurisdiction agnostic, allowing privacy leaders to adapt the framework to their specific contexts.

The conversation also highlights the value of learning from privacy pioneers and leveraging their experiences. The book includes contributions from over 60 privacy pioneers, providing real-world examples and insights. Dr. Lyons emphasizes the importance of collaboration and learning from others' experiences rather than starting from scratch.

They discuss the flexible interpretation within privacy legislation, such as the choice between appointing a Data Protection Officer (DPO) or a Chief Privacy Officer (CPO). They stress the importance of developing a privacy strategy and vision, regardless of the jurisdiction, and exploring why privacy leaders were hired for their roles.

Throughout the conversation, Dr. Lyons and Sean Martin present a balanced perspective, focusing on practical guidance and empowering privacy leaders. They explore the dynamic nature of privacy and the need to go beyond compliance, considering ethics, trust, and consumer satisfaction. The conversation is grounded in real-world experiences and provides valuable insights for privacy leaders navigating the ever-changing privacy landscape.

About the Book

Congratulations! Perhaps you have been appointed as the Chief Privacy Officer (CPO) or the Data Protection Officer (DPO) for your company. Or maybe you are an experienced CPO/DPO, and you wonder - "what can I learn from other successful privacy experts to be even more effective?" Or perhaps you are considering a move from a different career path and deciding if this is the right direction for you.

Seasoned award-winning Privacy and Cybersecurity leaders Dr. Valerie Lyons (Dublin, Ireland) and Todd Fitzgerald (Chicago, IL USA) have teamed up with over 60 award-winning CPOs, DPOs, highly respected privacy/data protection leaders, data protection authorities, and privacy standard setters who have fought the tough battle.

Just as the #1 best-selling and CANON Cybersecurity Hall of Fame winning CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers book provided actionable advice to Chief Information Security Officers, The Privacy Leader Compass is about straight talk - delivering a comprehensive privacy roadmap applied to, and organized by, a time-tested organizational effectiveness model (the McKinsey 7-S Framework) with practical, insightful stories and lessons learned.

You own your continued success as a privacy leader. If you want a roadmap to build, lead, and sustain a program respected and supported by your board, management, organization, and peers, this book is for you.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

The Privacy Leader Compass: A Comprehensive Business-Oriented Roadmap for Building and Leading Practical Privacy Programs (Book): https://www.amazon.com/Privacy-Leader-Compass-Comprehensive-Business-Oriented/dp/1032467304

Enduring Ideas: The 7-S Framework: https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/enduring-ideas-the-7-s-framework#

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Book | Castle Defenders: What Do Cyber Parents Do? | A Pentera Brand Story with Aviv Cohen

23 november 2023 | 21 min

Join Sean Martin and Aviv Cohen as they embark on a fascinating exploration of the often misunderstood world of cybersecurity. They discuss the importance of recognizing cybersecurity professionals as the modern-day heroes they are, and the need for children to understand and appreciate their parents' roles in this field.

Cohen introduces a unique tool to bridge this understanding gap - a beautifully illustrated book titled "Castle Defenders: What Do Cyber Parents Do?". The book, written in engaging rhyme, uses the metaphor of a castle needing defense to explain the complex world of cybersecurity to children. It serves not only as a bedtime story but also as a platform for parents to discuss online safety and cybersecurity literacy with their children.

The book has been met with enthusiastic feedback, with parents sharing their experiences of reading it to their children, and children asking for repeated readings. It also includes ten cybersecurity rules, providing children with practical tools to stay safe online.

The conversation underscores the urgent need for more cyber defenders in our world and the importance of fostering understanding and respect for this role from a young age.

This episode is a must-listen for anyone interested in the intersection of technology, cybersecurity, and society, and especially for those who wish to inspire the next generation of cyber defenders.

About the Book: Castle Defenders: What Do Cyber Parents Do?

Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.

Castle Defenders by Dana Meschiany is a charming story, filled with delightful illustrations and playful storytelling, is perfect for young minds eager to explore the captivating world of cybersecurity.

Note: This story contains promotional content. Learn more.

Guest:

Aviv Cohen, CMO at Pentera [@penterasec]

On Linkedin | https://www.linkedin.com/in/avivco/

Resources

Learn more about Pentera and their offering: https://itspm.ag/pentera-tyuw

Catch more stories from Pentera at https://www.itspmagazine.com/directory/pentera

Book | Castle Defenders: What Do Cyber Parents Do?: https://www.amazon.com/Castle-Defenders-What-Cyber-Parents/dp/B0C51PCQ6Q

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Thanksgiving Tribute: An Ode to the Cybersecurity Heroes | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

23 november 2023 | 5 min

We Need to Stop the Temperature From Rising If We Don't Want to Ice the CISO Role | A Black Hat Europe 2023 Event Coverage Conversation with Joe Sullivan

22 november 2023 | 44 min

Guest: Joe Sulllivan, CEO at Ukraine Friends [@UkraineFriends_]

On Linkedin | https://www.linkedin.com/in/joesu11ivan/

At Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#joe-sullivan-47056

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Most of the time, for these event coverage conversations, we get to connect with keynote speakers to learn more about the topic they plan to share at the event. During our conversation with Joe Sullivan, we did that ... and so, so much more.

We talk about Joe's role in prosecuting cyber crime—and the ironic twist where he was charged and convicted as the former CISO at Uber. We touch on Tim Brown's situation with the SEC as a result of the SolarWinds Breach. And then Joe takes this conversation to the stratosphere to shed some light on the trends he is seeing, the rise in the pressure for the role and the rise in the temperature across the CISO community. He discusses the challenges the CISO role continues to face, and how the growing fear of personal liability as a result of the conflict between the public and private sectors could ultimately ice the role and make it ineffective. Joe wants to change this, is leveraging Black Hat, ITSPmagazine, and other outlets to do so. But he needs the community's help as well.

Tune in to this (dare we say, approaching emotional) conversation to hear about Joe's journey and all the things he is doing to help keep the CISO role safe and successful. And, most importantly, how you—a security professional that cares about good winning over evil—can join yet another fight for good.

About Joe's Keynote at Black Hat Europe 2023 in London, England—'My Lessons from the Uber Case': In a case closely watched and debated by security professionals globally, Joe Sullivan was convicted of two felonies related to a security incident at Uber that the company had labeled a coverup when it fired him. The decision reverberated throughout the security community, but still left many unanswered questions. Before the judge sentenced him, Sullivan committed that he would speak wherever possible about the need for a better model for collaboration between the private sector and government. The judge rejected the claims by the prosecutors and Uber that the use of an NDA during the investigation was a coverup, and sentenced Sullivan to probation only.

Today, Sullivan mentors security leaders and consults on security best practices, in addition to serving as volunteer CEO of the nonprofit humanitarian relief organization Ukraine Friends. In a candid conversation, Sullivan will share the lessons he hopes security professionals all learn from his case, so that they, their team, and their company don't ever go through anything similar. He will also make suggestions for how the private sector and government can better collaborate and share other insights about the high-stakes pressures on security executives in an era of unrelenting breaches, ransomware, and automated attacks.

____________________________

Resources

My Lessons from the Uber Case: https://www.blackhat.com/eu-23/briefings/schedule/index.html#my-lessons-from-the-uber-case-36399

Black Hat Executive Summit: https://www.blackhat.com/eu-23/executive-summit.html

Learn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Black Hat Europe 2023 playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQXpNVL6L8zfXXDip7JtQY1

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

How I Learned to Stop Worrying and Build a Modern Detection & Response Program | A Black Hat Europe 2023 Event Coverage Conversation with Allyn Stott

22 november 2023 | 35 min

Guest: Allyn Stott, Senior Staff Engineer

On LinkedIn | https://www.linkedin.com/in/whyallyn/

On Twitter | https://twitter.com/whyallyn

On Mastodon | https://infosec.exchange/@whyallyn

At Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#allyn-stott-42433

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin engages in a thought-provoking conversation with guest Allyn Stott, a seasoned cybersecurity professional and senior staff engineer. The discussion orbits around the challenges and solutions in building a modern detection response program.

Allyn shares his unique perspective on why blue teams often fail. He suggests that the failure is not due to a lack of technical skills, but rather a lack of a broader strategy and understanding of the overall detection response program. He emphasizes the importance of integrating the detection response team into broader business conversations, thereby fostering a more holistic approach to managing risk.

The conversation also explores the role of threat intelligence and the need for continuous learning and adaptation in the face of evolving threats. Allyn underscores the importance of understanding the business's actual risk and aligning the detection response program accordingly.

Allyn also shares his experience in creating a framework to help teams understand their current capabilities and how to evolve towards a more effective detection response program. This framework, he suggests, can help prioritize work within the program and provide a roadmap for reporting out.

This episode is a treasure trove of insights for CISOs, managers, directors, and builders in the cybersecurity field. It provides a roadmap for identifying skill sets, prioritizing work within the program, and reporting out, all crucial elements in building a modern detection response program.

The conversation is a blend of practical advice and philosophical musings on the nature of cybersecurity, making it a must-listen for anyone interested or practicing in the field.

About Allyn's Black Hat Europe 2023 Session, 'How I Learned to Stop Worrying and Build a Modern Detection & Response Program': You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).

Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.

How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?

This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.

* How worrying can be a superpower

* Why blue teams fail

* The framework I've developed for building a detection and response program

____________________________

Resources

How I Learned to Stop Worrying and Build a Modern Detection & Response Program: https://www.blackhat.com/eu-23/briefings/schedule/#how-i-learned-to-stop-worrying-and-build-a-modern-detection--response-program-34241

A Security Newsletter with a Cute Cat: https://www.meoward.co/subscribe

Learn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Black Hat Europe 2023 playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQXpNVL6L8zfXXDip7JtQY1

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Human-Centered Cybersecurity at NIST: Unlocking the Human Factor | Human-Centered Cybersecurity Series with Co-Host Julie Haney | Redefining CyberSecurity Podcast with Sean Martin

21 november 2023 | 44 min

Guest: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]

On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity podcast, host Sean Martin engages in an insightful conversation with Julie Haney, the leader of the human-centered cybersecurity program at NIST. The discussion revolves around the challenges organizations face in implementing security awareness and other information security training programs, products, and operations.

During the conversation, Julie introduces the NIST phish scale, a tool that helps training coordinators contextualize phishing click rates. It considers user context and alignment with individual roles, allowing organizations to tailor their phishing simulation exercises to engage employees effectively. This approach goes beyond numbers and focuses on the human factor in cybersecurity.

Sean and Julie discuss the various challenges organizations encounter when implementing security awareness programs. These challenges include obtaining leadership support, allocating sufficient resources, and finding engaging approaches for a diverse workforce. They emphasize the importance of collecting user-generated security incidents and gathering feedback to identify areas for improvement and enhance awareness programs.

Throughout the conversation, Sean and Julie highlight the significance of understanding and addressing human factors in cybersecurity. They stress that effective security awareness and training programs should go beyond compliance and consider the individual's mindset, attitudes, and behaviors. Additionally, they discuss the lack of effective metrics to measure program success and impact, emphasizing the need for organizations to gather data and feedback to continuously improve their programs.

Overall, this episode offers practical insights and advice for organizations seeking to enhance their security awareness and training initiatives. It emphasizes the importance of a human-centric approach and provides valuable tools, such as the NIST phish scale, to help organizations tailor their programs to engage employees effectively.

So, tune in to this episode as Sean and Julie take a journey into the challenges and solutions surrounding security awareness in the ever-evolving world of cybersecurity.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Human-Centered Cybersecurity: https://csrc.nist.gov/projects/human-centered-cybersecurity

NIST Unveils Newly Named Human-Centered Cybersecurity Program: https://www.nist.gov/blogs/cybersecurity-insights/nist-unveils-newly-named-human-centered-cybersecurity-program

Julie's LinkedIn post about NIST Unveils Newly Named Human-Centered Cybersecurity Program: https://www.linkedin.com/feed/update/urn:li:activity:7113240410604363778/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

It's That Time of the Year: The Predictions for 2024 Are Pouring In, and Boy, Could I Have Predicted That Myself! Welcome to the Marvelous, Mysterious, and Mind-Bending World of 2024 Predictions with a Twist of 2074 | Read by TAPE3

21 november 2023 | 3 min

Online Retailers: There are Threats Actively Targeting Your Business This Holiday Shopping Season, and Beyond | An Imperva Brand Story With Gabi Stapel and Erez Hasson

21 november 2023 | 41 min

In this Brand Story episode, Sean Martin, along with Gabi Stapel and Erez Hasson from Imperva, explores the complex landscape of retail web and mobile security and the increasing role of AI-enabled bots (both good and bad) in e-commerce and the potential threats they pose.

Gabi and Erez highlight how these bots can exploit business logic and application capabilities, leading to new account fraud, account takeover, and price manipulation. They emphasize the importance of layered security and anomaly detection as key strategies to counter these threats.

The discussion also explores the need for businesses to differentiate between human and bot traffic. Gabi and Erez point out the potential backlash from legitimate users when bots buy and deplete inventory, and the subsequent impact on customer experience and the company's reputation. They also touch on the importance of monitoring the total value of the cart, as bots tend to purchase single items, resulting in net losses for the retailer.

The conversation further delves into the global and local aspects of commerce, including regulatory considerations like PCI DSS. Gabi and Erez discuss the upcoming changes in PCI DSS v4, which requires retailers to focus on managing scripts and changes to payment pages to prevent data breaches.

The episode also offers valuable insights for both large-scale and smaller retailers. Gabi and Erez underscore the importance of staying on top of security and vulnerabilities, regardless of the size of the business. They provide practical advice for retailers, such as implementing a waiting room web page or a raffle system for big sales events, and auditing purchases for limited product drops.

This episode is a must-listen for anyone involved in e-commerce and cybersecurity, providing a comprehensive understanding of the evolving landscape of cyber threats in the retail industry.

Note: This story contains promotional content. Learn more.

Guests:

Gabi Stapel, Cybersecurity Threat Research Content Manager at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/

On Twitter | https://twitter.com/GabiStapel

Erez Hasson, Product Marketing Manager at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/erezh/

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

Blog | Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season: https://itspm.ag/impervkb2g

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Innovating for a Secure, Connected World | A CES 2024 Event Coverage Conversation with J. David Grossman

21 november 2023 | 28 min

Cyber Shadows Over Serenity—Part 4 | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

15 november 2023 | 9 min

Design Goals and Cybersecurity Integrity: Redefining the CISO Role to Avoid Failure | A Conversation with Malcolm Harkins | Redefining CyberSecurity Podcast with Sean Martin

13 november 2023 | 54 min

Guest: Malcolm Harkins, Chief Security & Trust Officer at HiddenLayer [@hiddenlayersec]

On Linkedin | https://www.linkedin.com/in/malcolmharkins/

On Twitter | https://twitter.com/ProtectToEnable

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin engages in a thought-provoking conversation with guest Malcolm Harkins about the challenges and failures of the CISO role. They discuss the importance of setting clear design goals and standards to determine success or failure. The conversation delves into risk management and the complexities of goal-setting, highlighting the role of integrity in the CISO's decision-making process.

They explore the gray areas and potential conflicts that arise when balancing risk perspectives within an organization. Sean also touches on the idea of having multiple specialized CISOs and the inflation of job titles in the industry. They examine where breakdowns occur and whether they stem from lack of clear design or succumbing to company pressure or vendor hype.

The episode also take a turn to exploration the CISO's role in ensuring the cybersecurity integrity of a company, drawing parallels to the roles of general counsel and CFO in maintaining legal and financial integrity.

Throughout the conversation, Sean and Malcolm provide insights and anecdotes from their own experiences, offering valuable perspectives on redefining the CISO role and addressing the challenges faced in the cybersecurity industry. The discussion encourages listeners to consider the ethical implications of their decision-making and the importance of designing control environments that prioritize true protection over profiting from insecurity.

If you're interested in gaining a deeper understanding of the complexities and failures of the CISO role, as well as exploring the gray areas and conflicts that arise in risk management, this episode is a must-listen.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Materiality Matters: https://www.icitech.org/post/materiality-matters

Integrity Matters: https://www.uscybersecurity.net/csmag/integrity-matters/

Integrity Matters (RSAC): https://www.rsaconference.com/library/blog/integrity-matters-lets-keep-the-conversation-going

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Cyber Shadows Over Serenity—Part 3 | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

11 november 2023 | 6 min

Cyber Shadows Over Serenity—Part 2 | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

9 november 2023 | 7 min

The State of Identity Management and Its Role in Modern Security Strategies, and the IDSA’s 2023 Research | A Conversation with Jeff Reich | Redefining CyberSecurity Podcast with Sean Martin

8 november 2023 | 46 min

Guest: Jeff Reich, Executive Director of Identity Defined Security Alliance [@idsalliance]

On Linkedin | https://www.linkedin.com/in/jreich/

On Twitter | https://twitter.com/JeffReichCSO

On YouTube | https://www.youtube.com/channel/UC8yfa2vRYDjS7TUWKAHIrwg

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CybersSecurity, host Sean Martin connects with Jeff Reich to dive deep into the world of digital identities and identity management. Through their lively and thought-provoking conversation, they explore various aspects of identities, from multiple personas in apps to the challenges and risks associated with identity sharing.

They discuss the impact of cloud adoption and remote work on identity security, emphasizing the need for organizations to prioritize securing digital identities. They also touch on the role of artificial identities in smart devices and cars, and how AI and machine learning can be utilized in identity use cases.

Throughout the episode, Sean and Jeff bring a philosophical and science fiction perspective to the topic, using metaphors and engaging storytelling techniques to captivate listeners. They highlight the importance of policy and control in identity management, and the need for organizations to take proactive measures in securing digital identities. They also provide valuable insights from a research survey, revealing that identity security is a top priority for a significant percentage of organizations.

They emphasize the complexities of identity management and the evolving nature of identities in today's digital landscape. Overall, this episode offers a captivating and informative discussion on digital identities, leaving listeners with valuable takeaways and a deeper understanding of the importance of identity security in the modern world.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

IDSA: https://www.idsalliance.org/

2023 Trends In Securing Digital Identities (White Paper): https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/

2023 Trends In Securing Digital Identities (Infographic): https://www.idsalliance.org/wp-content/uploads/2023/08/IDSA-2023Trends-Infographic.pdf

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Cyber Shadows Over Serenity—Part 1 | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

4 november 2023 | 7 min

Developing Personal Thought Leadership Through Passion, Purpose, and Progress: Leading the Way in Cybersecurity Knowledge Sharing | A Conversation with Gary Hayslip | Redefining CyberSecurity Podcast with Sean Martin

30 oktober 2023 | 41 min

Guest: Gary Hayslip, Chief Security Officer at SoftBank Investment Advisers

On Linkedin | https://www.linkedin.com/in/ghayslip/

On Twitter | https://twitter.com/ghayslip

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin and guest Gary Hayslip engage in a conversation about thought leadership and knowledge sharing in the cybersecurity community. They discuss the process of creating a matrix or list of topics of interest and grading them based on comfort and expertise levels. But is it thought leadership we seek or thought mentorship? 🤔

Gary emphasizes the importance of passion and purpose in thought leadership, viewing it more as mentorship rather than traditional leadership roles. He shares his own journey, starting small by speaking at local chapters and gradually expanding to larger conferences. Various writing platforms like LinkedIn, Medium, and personal websites are discussed as avenues for sharing content and seeking feedback from the community.

The conversation emphasizes the continuous learning and updating of knowledge to provide valuable insights. Gary highlights the qualities of a thought leader, including passion, purpose, and a genuine desire to help others.

Overall, the episode offers insights on thought leadership, knowledge sharing, and the process of becoming a trusted mentor in the cybersecurity field. Listeners can expect an engaging and informative conversation between Sean Martin and Gary Hayslip that focuses on the practical aspects of sharing expertise and making a positive impact in the community.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

When Virtual Reality Is A Commodity, Will True Reality Come At A Premium?: https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72

Questions on Developing Your Thought Leadership: https://www.linkedin.com/pulse/questions-developing-your-thought-leadership-gary-hayslip/

CISO Desk Reference Guide Website: https://cisodrg.com/

So You Want to be a CISO?: https://www.linkedin.com/pulse/so-you-want-ciso-approach-success-gary-hayslip-cissp-

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

SOC Analyst Appreciation Day 2023 | Day in the Life of a SOC Analyst | An Event Coverage Conversation with Jules Okafor, David Meece, Jay Jay Davey

26 oktober 2023 | 48 min

Guests:

Jules Okafor, BISO and CEO and Founder of RevolutionCyber

On LinkedIn | https://www.linkedin.com/in/julesmgmt/

David Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedIn

On LinkedIn | https://www.linkedin.com/in/david-meece-cybertech-dave/

Jay Jay Davey, Global Security Operations Centre Lead, Marks and Spencer

On LinkedIn | https://www.linkedin.com/in/secopsjay/?originalSubdomain=uk

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Hello to all our listeners out there! Marco and Sean here, and we are thrilled to bring you a special episode today. For the third consecutive year, we've been invited to host a panel for an event that's become a cornerstone for the infosec community. And guess what? We've been involved right from its inception. That's right! We are talking about the SOC Analyst Appreciation Day™, a day designed to shed light on the unsung heroes of the cybersecurity world.

Now, for those new to this, let us dive a bit deeper. The life of a SOC analyst isn't always glamorous. They often find themselves caught in the whirlwind of immense workload, sometimes feeling like the weight of the entire digital universe rests on their shoulders. Overworked and, sadly, often underappreciated, these analysts face challenges that can lead to burnout and, ultimately, a high turnover rate.

Enter Devo, the brilliant minds behind the establishment of the SOC Analyst Appreciation Day™. Their mission? To offer a hearty shoutout to these hardworking individuals and to prompt organizations globally to step up, recognizing the importance of their analysts' satisfaction and mental well-being.

If you've been following the event, you know that this year was jam-packed with on-demand content that was nothing short of enlightening. With presentations from some of the most influential thought leaders in the infosec community, topics ranged from real-life use cases to the intricacies of SOC automation and the critical importance of managing mental well-being in such high-pressure roles.

But, listeners, we have a treat for you. Today, we're going to dive deep into one of the event's highlights. We had the privilege of moderating a panel that, trust us, you won't want to miss. So, whether you're a budding SOC analyst, a seasoned pro, or just someone with a keen interest in the world of infosec, sit back, relax, and let's delve into some insightful discussions.

This panel will take a look at the ins and outs of SOC life. From the tier one analyst role to leadership positions to everything in between, the day-to-day in each type of SOC can look very different — and this panel will cover all perspectives. Moderated by Sean Martin and Marco Ciappelli from ITSP Magazine

Jules Okafor, BISO and CEO and Founder of RevolutionCyber

David Meece, SOC Analyst, also known as Cyber Tech Dave on LinkedIn

Jay Jay Davey, Global Security Operations Centre Lead, Marks and Spencer

Thanks for tuning in to this special episode. Let's get started!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

SOC Analyst Appreciation Day: https://re4.ms/0b41ee

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

RSA Conference ESAF Report 2023: How Top CISOs Are Transforming Third-Party Risk Management | A Conversation with Laura Robinson | Redefining CyberSecurity Podcast with Sean Martin

24 oktober 2023 | 36 min

Guest: Laura Robinson, ESAF Program Director at RSA Conference [@RSAConference]

On Linkedin | https://www.linkedin.com/in/laurarobinsoninsight/

At RSA | https://www.rsaconference.com/experts/laura-robinson

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Laura Robinson, the ESAF Program Director at RSA Conference, about the changing landscape of third-party risk management. They explore the need for organizations to shift their approach in assessing third-party risk and the limitations of relying solely on questionnaires. Laura emphasizes the importance of more detailed assessments and manageable requirements for suppliers.

The conversation touches on the significance of fostering a culture of security and collaboration between organizations and their third-party partners. They discuss the challenges faced by small businesses in meeting complex regulatory requirements and the difficulties in finding the right cybersecurity services and talent. The episode showcases case studies that highlight successful third-party risk management programs and their positive impact, including significant reductions in incidents and quantifiable risk reduction.

The discussion also delves into the potential benefits of standardization in the industry, such as shared assessments, resources, and frameworks such as NIST CSF and HITRUST. Sean and Laura underscore the importance of collaboration, community, and a change in mindset to effectively address third-party risk in the evolving cybersecurity landscape. Throughout the conversation, practical insights and success stories are shared, providing listeners with a deeper understanding of the progress being made in third-party risk management while acknowledging that there is still work to be done.

The episode offers a thoughtful exploration of the topic, focusing on the need for collaboration, cultural shifts, and the development of more effective assessment approaches in order to mitigate third-party risk effectively.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

CISO Perspectives on Transforming Third-Party Risk Management: https://www.rsaconference.com/library/webcast/158-ciso-persp-transfer-third-party?utm_source=x&utm_medium=social&utm_content=158-ciso-persp-transfer-third-party-webcast&utm_campaign=september-2023-rsac365&postID=11353906220

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Neoterica's Paradox: A Harmonic Dance of Nature, Humanity, and Progress | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

21 oktober 2023 | 7 min

Keynote: 2024 Predictions in Future-Hindsight View - Get Ready! | A SecTor Event Coverage Conversation with Laura Payne

20 oktober 2023 | 35 min

Guest: Laura Payne, Chief Enablement Officer & VP Security Consulting at White Tuque [@WhiteTuque]

On Linkedin | https://www.linkedin.com/in/laura-l-payne/?originalSubdomain=ca

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this Chats on the Road episode of the ITSPmagazine Podcast Network, hosts Marco Ciappelli and Sean Martin embark on a road trip to the SecTor cybersecurity conference in Toronto, Canada. Along the way, they engage in playful banter about using a time machine or an autonomous car to reach their destination. Once they arrive, they sit down with Laura Payne, this year's keynote speaker at SecTor.

Laura shares her journey in the cybersecurity field and her experience working with various organizations. The conversation delves into the future of cybersecurity and the impact of artificial intelligence. They discuss the importance of resilience, the adoption of AI in small businesses, and the challenges of regulating AI. They also touch on the skills that security practitioners need to develop, such as understanding protocols and APIs.

Throughout the conversation, they emphasize the need to build security into new technologies from the start and to maintain a focus on the basics of cybersecurity. They also reflect on the recurring nature of cybersecurity challenges and the importance of learning from history to predict the future. Overall, this thought-provoking episode dives into the future of technology, cybersecurity, and society, providing insights and perspectives from industry experts. The conversation is a mix of playful banter, practical advice, and philosophical reflections, offering listeners a well-rounded and engaging discussion.

About Laura's Keynote Session: If 2023 was the year of AI exploding into popular use, what is on the horizon for 2024? There are a lot of predictions for what is coming, but what should we be preparing for as security professionals? We'll look at some of the most popular predictions, view them as if they've already happened and see if history is just repeating itself with past lessons to learn from.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Keynote: 2024 Predictions in Future-Hindsight View - Get Ready!: https://www.blackhat.com/sector/2023/briefings/schedule/#keynote--predictions-in-future-hindsight-view---get-ready-36117

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Do We Really Need to Worry about Critical Infrastructure? | A Discussion about Cyber Operations in the Context of the Leaked Vulkan Files | A SecTor Event Coverage Conversation with Marina Krotofil

19 oktober 2023 | 30 min

Guest: Marina Krotofil, Senior Cyber Security Advisor, Critical Infrastructure Protection

On Linkedin | https://www.linkedin.com/in/marina-krotofil/

Marina's Website | https://www.cyberphysicalsecurity.info/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of Chats on the Road, hosts Marco Ciappelli and Sean Martin are joined by Marina Krotofil, a specialist in cyber physical security, at the SecTor Canada security conference in Toronto. Marina sheds light on the world of cyber warfare and the evolution of cyber weapons. She discusses the leaked Vulkan files, which reveal Russia's centralized strategy and software platform for managing cyber operations. Marina emphasizes the combination of cyber and physical sabotage required in attacks on critical infrastructure and the focus on controlling the masses through disinformation and propaganda.

The conversation covers a range of topics, including the link between cybersecurity and political science, societal implications, and the need for independent thinking. Marina highlights the importance of preparing for cyber attacks during peacetime and the vulnerability of small and medium-sized organizations. She shares insights into Russia's cyber capabilities and practices, providing evidence of their development and testing throughout the years. Marina invites listeners to think critically and independently, encouraging them to consider the political and societal implications of cyber warfare.

The episode provides thought-provoking insights into the complexities of cyber warfare and the need to be prepared and vigilant in the face of evolving threats. It explores the manipulation of media and propaganda, the dangers of controlling information flow, and the importance of understanding the long-term game of cyber operations. The conversation is not sensationalized or journalistic in nature, but rather focuses on informing and educating listeners about the realities of cyber warfare.

Marina's session at the conference, "Do We Really Need to Worry about Critical Infrastructure?" goes deeper into the analysis of Russia's cyber operations and their connection to the leaked Vulkan documents.

Overall, this episode offers listeners a chance to gain a deeper understanding of the challenges posed by cyber warfare and the need for proactive defense measures. It encourages independent thinking and critical analysis, highlighting the importance of staying informed and prepared in an age of evolving cyber threats.

About Marina's SecTor Session: In the past, the definition of hybrid war was frequently reduced to a composition of kinetic and cyber warfare to simplify the discussion. Lessened to just two components and in the absence of real-world examples of hybrid war, it was often argued that cyberwarfare, and especially attacks on various critical infrastructures, had the potential of having a critical role at times of significant conflicts with combat actions. However, the events in the Ukrainian war theater have shown that kinetic weapons were preferred at the time of tactical military operations. Ever wondered why this was the case?

This talk will consist of two parts. The first part will provide a short yet comprehensive summary of the recently leaked "Vulkan files", classified documentation which provides details about Russian hybrid warfare strategy and distributed software platforms to prepare and manage cyber- and information operations in a centralized manner. In the second part, we will analyze notable Russian cyber operations in the post-Stuxnet era (after 2010) and show how Russia gradually evolved and tested its cyber capabilities and hybrid warfare vision. Some of the operations will be discussed with technical details based on first- and second-hand experiences with such operations. By the end of this talk, the audience should get a better idea about a wide range of factors that impact the success of cyber operations and why cyber attacks on critical infrastructures are more frequently opportunistic than strategic as well as may not always yield the desired impact. In conclusion, the talk will outline a type of cyber operations being conducted in war and peace times.

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

Resources

Do We Really Need to Worry about Critical Infrastructure? Discussion about Cyber Operations in the Context of Leaked Vulkan Files: https://www.blackhat.com/sector/2023/briefings/schedule/#do-we-really-need-to-worry-about-critical-infrastructure-discussion-about-cyber-operations-in-the-context-of-leaked-vulkan-files-34876

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Navigating the Privacy Maze: Mozilla’s Vehicle Privacy Report Sparks a Drive | A BlackCloak Brand Story with Chris Pierson and Ingrid Gliottone

18 oktober 2023 | 37 min

The recent report by Mozilla, shedding light on the privacy concerns around modern vehicles, struck a chord. Notably, every car brand reviewed, including behemoths like Ford, Volkswagen, and Toyota, flunked the privacy test. This revelation steered a fascinating conversation with Chris Pierson and Ingrid Gliottone from BlackCloak during a brand story recording for the Redefining Society podcast. Our focus veered towards the lurking privacy and security issues tied to the modern, tech-savvy vehicles we so casually entrust with our data.

The modern car is no longer just a mode of transport—it's a smart gadget, a data hub on wheels. But as the wheels spin, so does the reel of our personal information, weaving into the vast web of data, ready for harvest by not just the car makers, but a string of 'they' – the infotainment system providers, app developers, network providers, and possibly cyber rogues. The conversation took a deeper dive as Chris, the CEO of BlackCloak, elucidated the firm's mission—shielding corporate executives and key personnel from personal cyber threats that could ricochet back to the corporations.

The Mozilla report is an alarm bell, underscoring the high time to separate the wheat from the chaff in terms of what data is essential for functionality and what merely serves as a gold mine for advertisers or a hunting ground for cyber-attackers. This blend of privacy and security, or the lack thereof, is a cocktail we are forced to sip, as Ingrid pointed out the lack of clarity presented to buyers at the point of sale concerning the privacy policies tied to these vehicles.

The promise of tech advancements in vehicles is dazzling—better shocks for off-roaders, safety features to prevent accidents during a sudden snooze, and so on. Yet, as Chris highlighted, there's a dark side. Some policies mentioned collecting data about one's sex life and genetic information— a far cry from the basic expectations of privacy.

As the conversation with BlackCloak unrolled, the blend of excitement and concern was palpable. The question now is not about halting the march of technology but steering it towards a path where privacy and security are not the passengers but co-drivers.

The findings from the Mozilla report and insights from BlackCloak are not just food for thought, but a call to action. It is crucial to reckon with the reality of the modern-day vehicles doubling as data hubs and to steer the conversation towards a road where transparency, consent, and security are the landmarks. I urge you to dive into BlackCloak's offerings to explore how they are redefining the security landscape, ensuring the privacy and security of your personal digital realm, including that computer on wheels parked in your driveway. Visit BlackCloak to discover what they offer in shielding the modern-day knights from the unseen arrows of the digital world.

Guests:

Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Ingrid Gliottone, Chief Experience Officer of BlackCloak [@BlackCloakCyber]

On LinkedIn | https://www.linkedin.com/in/ingridgliottone/

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The California Delete Act: Emerging Changes for Data Brokers and Its Impact on Data Privacy | A Conversation with Nia Luckey | Redefining CyberSecurity Podcast with Sean Martin

17 oktober 2023 | 47 min

Guest: Nia Luckey, Senior Cybersecurity Business Consultant at Infosys [@Infosys]

On LinkedIn | https://www.linkedin.com/in/nia-f-713270127/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin and guest Nia Luckey discuss the California Delete Act (California Senate Bill 362) and its impact on data privacy and protection. They delve into the concept of data brokers and the sensitive information they gather, such as personal details, credit data, facial recognition, and driving behaviors.

Presenting a couple examples, the conversation raises questions about responsibility for data protection in the realms of autonomous vehicles and platforms like Meta. They emphasize the need for businesses to understand the data they collect, educate themselves on data privacy regulations, and consider offering opt-out options for customers. Of course, providing the option to delete data is going to be a non-negotiable customer feature.

The discussion also touches on the challenges faced by smaller organizations in complying with the bill and provides advice on data inventory and protection. They stress the importance of knowing what data is being collected, where it is stored, and how to protect it to an appropriate standard. They highlight the need for businesses, regardless of size, to prioritize data protection and privacy. The ultimate aim is to empower individuals and businesses to have control over their data and protect privacy in an interconnected world.

The conversation takes a consumer-centric approach, discussing the implications for individuals and their rights to opt out of data collection. They explore the potential difficulties in deleting data from various platforms and emphasize the importance of making the process accessible and user-friendly.

Throughout the episode, Sean and Nia engage in a thoughtful and informative conversation, touching on topics such as data classification schemes, data handling practices, and the overall spirit of the California bill. They encourage businesses to proactively manage risk and ethics and take steps to protect data and privacy.

By listening to this episode, listeners can expect to gain a deeper understanding of the California Delete Act, its implications for data privacy, and the responsibilities businesses have in protecting sensitive information. They provide practical advice and insights to help individuals and organizations navigate the complex landscape of data protection and privacy regulations.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

An Analysis of California Senate Bill 362 - The California Delete Act: https://www.linkedin.com/pulse/analysis-california-senate-bill-362-delete-act-nia-f-luckey-lssbb

International Association of Privacy Professionals (IAPP). California Legislature Passes Delete Act for PI Aggregated by Data Brokers: https://iapp.org/news/a/california-legislature-passes-delete-act-for-pi-aggregated-by-data-brokers/#:~:text=The%20California%20State%20Legislature%20passed,information%20collected%20by%20data%20brokers

California Legislature. (2023). Senate Bill 362.: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362

California's 'Delete Act' Could Let You Scrub Your Data From Brokers' Files.: https://fortune.com/2023/09/15/california-delete-act/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Game Show: CISO Jeopardy! | How Many CISOs Does an Organization Really Need? | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

14 oktober 2023 | 8 min

The Future of Secure Business Browsing: Isolation and Protection | Browser Security : Isolation-101 | A SecTor Event Coverage Conversation with Evgeniy Kharam

13 oktober 2023 | 37 min

Guest: Evgeniy Kharam, Cybersecurity Professional, Security Architecture Podcast [@secarchpodcast]

On Linkedin | https://www.linkedin.com/in/ekharam/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Evgeniy Kharam to explore the world of browser security and browser isolation. They discuss the user experience and the policies that organizations can apply to protect against security threats.

The conversation delves into the concept of remote browser isolation and its application in ensuring user safety when visiting unknown or malicious websites. They also dive into the benefits of using enterprise browsers and the control they provide over website access, malware scanning, data loss prevention, and more.

The episode touches on the impact of browser security on security programs, team structures, and the tech stack. They discuss the relatively new browser security space and its potential to disrupt the SASE and SSE markets. Evgeniy shares insights into the potential transformation of the cybersecurity landscape and predicts that endpoint solutions may incorporate isolation technology. The episode concludes with a preview of Evgeniy's upcoming session at the SecTor security conference in Toronto, where he will dive deeper into browser security isolation.

Overall, this episode offers valuable insights into the evolving world of browser security and its potential impact on cybersecurity practices. Listeners can expect an engaging conversation that combines technical knowledge with practical applications.

About Evgeniy's SecTor Session: There has been renewed hype about adding more security efforts around the browser. New security startups and the bigger players as well have been making the case that because browsing is such an inherent part of our work and personal lives, we should address phishing and other attacks there. After interviewing and analyzing the offerings of many providers, I will share my findings and perspective on the market. This session will go over key points on how such a technology might be used in your organization, the pitfalls and how it fits in with / competes with other product suites like SASE and EDR. What you will learn:

- Use cases for browser isolation/enterprise browser

- ZTNA using browser isolation/enterprise browser

- Where browser isolation/enterprise browser fits in an environment

- Vendor land space

- What we should expect in the next 12-18 months

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Browser Security / Isolation-101 (session): https://www.blackhat.com/sector/2023/briefings/schedule/#browser-security--isolation-101-34279

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Prioritize with Purpose: Unleashing the Promise of Risk-Based Vulnerability Management | A Conversation with Andrew Braunberg | Redefining CyberSecurity Podcast with Sean Martin

11 oktober 2023 | 44 min

Guest: Andrew Braunberg, Principal Analyst at Omdia [@OmdiaHQ]

On Linkedin | https://www.linkedin.com/in/andrew-braunberg-74a69/

On Twitter | https://twitter.com/abraunberg

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin engages in a thought-provoking conversation with Andrew Braunberg, a principal analyst at Omdia. They explore the world of risk-based vulnerability management and its potential to revolutionize security operations and risk management programs.

The discussion delves into the challenges of traditional vulnerability management, including the reliance on Common Vulnerability Scoring System (CVSS) scores and the increasing volume of software vulnerabilities. They stress the importance of context, value, and verifiable risk reduction in prioritizing actions to effectively mitigate risk.

Andrew shares insights on the convergence of risk management and vulnerability management, as well as the role of telemetry in gaining a comprehensive view of the digital landscape. The conversation also touches on the need to understand the external threat landscape and consolidate threat information for better predictions. They discuss the expansion of vulnerability management into dev environments and the broader view of vulnerability, encompassing exposure management and misconfigurations.

The potential for self-serve tools and services in risk-based vulnerability management is explored, along with the consolidation of security control validation and attack path validation capabilities. Throughout the episode, the importance of rethinking security programs and embracing a proactive security posture based on risk reduction is emphasized. Collaboration and communication between security teams, asset owners, and management are highlighted as crucial for effective vulnerability management and risk mitigation.

The conversation provides valuable insights into the world of risk-based vulnerability management and the shift towards proactive cybersecurity. So if you're seeking innovative approaches to vulnerability management and risk reduction, tune in to this enlightening episode of Redefining CyberSecurity Podcast with Sean Martin and Andrew Braunberg.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Omdia research finds risk-based vulnerability management set to encompass the vulnerability management market by 2027 (press release): https://omdia.tech.informa.com/pr/2023/09-sep/omdia-research-finds-risk-based-vulnerability-management-set-to-encompass-the-vulnerability-management-market-by-2027

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Shaking Up the Cybersecurity Market: The Potential Implications of Splunk's Intended Acquisition by Cisco | A Conversation with Allie Mellen | Redefining CyberSecurity Podcast with Sean Martin

9 oktober 2023 | 40 min

Guest: Allie Mellen, Senior Analyst at Forrester [@forrester]

On Linkedin | https://www.linkedin.com/in/hackerxbella/

On Twitter | https://twitter.com/hackerxbella

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In the fast-paced world of cybersecurity, market dynamics constantly evolve, driven by technological advancements, strategic partnerships, and acquisitions. One recent development that has captured the industry's attention is Cisco's intended acquisition of Splunk. This move promises to reshape the cybersecurity landscape and prompts us to explore the implications it holds for market competitiveness and security program effectiveness. In this conversation, Sean Martin and Allie Mellen take a journey into the intricacies of this acquisition, examining its impact on the dynamics of the cybersecurity space overall.

Sean and Allie discuss some of the key drivers behind the acquisition, touching on the challenges Splunk has faced and the industry’s need for more innovation in security operations. They dive into the challenges faced by security teams, particularly regarding SIEM cost management and a lack of innovation. They also touch on the importance of talent management, training beyond the tools, and improving the analyst experience to drive transformation efforts.

The conversation expands to consider the broader market impact of the acquisition. They discuss the opportunities for other security analytics and SIEM vendors to position themselves as alternatives to Splunk. The emergence of the XDR market expanding deeper into the security response space is also explored, focusing on its potential to provide bundled offerings that replace some of the traditional SIEMs on the market.

Sean and Allie also discuss the potential vision for SIEM and whether the shift towards XDR and endpoint-focused solutions limits the potential for a broader security operations scope. While XDR vendors aim to expand beyond endpoints, the discussion acknowledges the need for more comprehensive solutions like Splunk that remain ready to handle events and incidents that occur beyond the endpoint.

They also have a discussion on potential future trends, such as federated search and access of data, and the interest in building a more comprehensive, sustainable IT operations platform.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Sourcing for Cyber: Addressing the Cybersecurity Talent Gap | A Conversation with Devon Bryan, Kimberly Quan, Katrina M, Dr. Elizabeth Kolmstetter, Licole Bursey | Redefining CyberSecurity Podcast with Sean Martin

7 oktober 2023 | 60 min

It’s About Time: The Turning Tide for Cyber Transformation | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

7 oktober 2023 | 9 min

From Concealment to Accountability: The SEC's Call for Transparency to Safeguard Shareholders | A Conversation with Matthew Rosenquist | Redefining CyberSecurity Podcast with Sean Martin

4 oktober 2023 | 43 min

Guest: Matthew Rosenquist, CISO at Eclipz.io

On LinkedIn | https://www.linkedin.com/in/matthewrosenquist/

On Twitter | https://twitter.com/Matt_Rosenquist

On Medium | https://matthew-rosenquist.medium.com/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this thought-provoking episode of the Redefining CyberSecurity Podcast on the ITSPmagazine Podcast Network, host Sean Martin connects with Matthew Rosenquist to engage in a discussion about the recent SEC notification ruling. They explore the importance of transparency and accountability in cybersecurity for public companies as they dig into topics such as the need for transparency in security posture, the impact on shareholders and potential investors, and the role of privacy regulations in raising the security posture of industries like healthcare. They emphasize the value of notification and the balance between providing timely information to shareholders and avoiding potential lawsuits.

The conversation highlights the ethical implications of concealing information and the changing role of legal counsel in incident response. They discuss the potential emergence of whistleblowers to expose non-compliant companies and the impact of fines and penalties. They also touch on how transparency can drive accountability and impact business partners, vendors, and suppliers.

Recognizing the challenges faced by companies in operationalizing security and stress the importance of continuous monitoring and evaluation of cybersecurity measures, the episode discusses the potential for companies to face lawsuits and the role of the board in overseeing cybersecurity controls.

Overall, this episode offers valuable insights into the SEC notification ruling, providing listeners with a deeper understanding of its implications for cybersecurity, transparency, and accountability in public companies.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies: https://www.sec.gov/news/press-release/2023-139

Matthew's post on LinkedIn: https://www.linkedin.com/posts/matthewrosenquist_clorox-says-last-months-cyberattack-is-still-activity-7109565860331065344-yRec/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Zero-Day Showdown—Is the wrEchoChamber Vulnerability Worse Than Log4Shell? | Navigating Cyber Threats in the Age of AI and Instant News | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

30 september 2023 | 6 min

Is Shift Left Overrated? | An Imperva Brand Story With Peter Klimek

26 september 2023 | 41 min

Habits and Hitchisms: The CISO Revolving Door | CISO Circuit Series: Episode 1 | With Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

26 september 2023 | 55 min

Preview of Devo's SOC Analyst Appreciation Day | Celebrating SOC Analysts: A Day of Appreciation and Happiness | An Event Coverage Conversation with Kayla Williams, CISO of Devo

25 september 2023 | 31 min

Guest: Kayla Williams, CISO of Devo Inc. [@devo_Inc] and co-host of the Locked Down Podcast [@LockedDownKT]

On Linkedin | https://www.linkedin.com/in/kaylamwilliams1/

On Twitter | https://twitter.com/kayla_obviously

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/kayla-williams

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode, hosts Marco and Sean are joined by Kayla Williams, CISO for Devo Technology, to discuss the upcoming SOC Analyst Appreciation Day. The conversation covers various sessions that will be part of the event, including topics such as mental health, a day in the life of a SOC analyst, and the impact of AI and automation. They emphasize the need for empathy and understanding when it comes to mental health, highlighting the importance of recognizing signs of distress and offering support. They also discuss the challenges faced by SOC analysts, such as burnout and the lack of recognition, and stress the need for better communication and collaboration within the industry.

The CISO panel that will be part of the event, titled "CISOs in the Hot Seat," sparks curiosity about the discussion topics, with hopes that people management and understanding the mental health of teams will be addressed. The session on AI and automation raises questions about whether it will make the life of SOC analysts easier or increase the threat landscape. There is tons of excitement from Sean and Marco about hosting the "Day in the Life of a SOC Analyst" panel, where they aim to explore the daily struggles and experiences of analysts. They underscore the importance of appreciation and recognition within the industry, as indicated by statistics showing that many analysts are seeking a way out of their roles.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

SOC Analyst Appreciation Day: https://re4.ms/0b41ee

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Tale of 2 CISOs: Navigating the Evolving Landscape of Information Security and Ethics, Today and Tomorrow | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

23 september 2023 | 10 min

The SOC Analyst Strike: Can the Balance Be Restored Between Humans, Machines, and Artificial Intelligence? | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

19 september 2023 | 7 min

Book | Irreducibly Complex Systems: An Introduction to Continuous Security Testing | A Conversation with Author David Hunt | Redefining CyberSecurity Podcast with Sean Martin

18 september 2023 | 43 min

Guest: David Hunt, Author

On Linkedin | https://www.linkedin.com/in/david-hunt-b72864200/

On Twitter | https://twitter.com/privateducky

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining Cybersecurity, host Sean Martin engages in a thought-provoking conversation with David Hunt, author of the book, Irreducibly Complex Systems: An Introduction to Continuous Security Testing, to explore the topic presented in the book.

David introduces the concept of irreducibly complex systems, explaining that continuous security testing requires a system where all the individual components must be functioning correctly for the system to work. He uses the analogy of a mousetrap to illustrate this idea, highlighting that removing even one component renders the entire system useless.

The conversation also digs into the challenges of testing in changing environments and the need to understand how defenses perform during specific time frames. They discuss the value of continuous security testing in gaining visibility into the effectiveness of security defenses and shedding light on techniques used by malicious actors.

Sean, having been a software quality assurance engineer in previous roles, and David, having held numerous roles in the commercial, public, and non-profit realms, explore the differences between continuous security testing and traditional security testing. They explain that continuous testing focuses on evaluating how defenses respond to attacks, rather than testing offensive capabilities. Moreover, continuous security testing operates at complete scale on production systems, unlike traditional testing which is often limited to development environments.

They also discuss the importance of overcoming the dichotomy of skill sets required for continuous security testing. David explains that the offensive skills needed to create effective tests and attacks are often separate from the software skills needed to build a safe, high-assurance command and control center.

Throughout the episode, Sean and David provide listeners with valuable insights into the world of continuous security testing and its significance in the evolving cybersecurity landscape. They emphasize the need for organizations to adopt this approach in order to gain better visibility and understanding of their defenses in the face of emerging threats.

There’s a lot to take from this conversation, including an extreme example of how continuous security testing results have redefined cybersecurity in David’s organization.

____________________________

About the book

Continuous security testing (CST) is a new strategy for validating your cyber defenses. We buy security products that promise to protect us, like EDR, but how do we know they're working? CST takes the stance that endpoints are the center of your infrastructure universe. Whether the operating system verticalizes defense or a third party is bolted on, it is the job of the endpoint to protect itself from within. This new concept dictates testing should occur around the clock, in production and at scale. It provides an open model that others can use to approach testing and finally answer the question: Do you know with certainty that your defenses will protect you against the latest threats?

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Irreducibly Complex Systems: An Introduction to Continuous Security Testing (Book): https://www.yellowduckpublishing.com/books.html?title=icsd

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The State of the CISO: Breaking Silos and Navigating Responsibilities | A Conversation With Sue Bergamo | Redefining CyberSecurity Podcast with Sean Martin

11 september 2023 | 40 min

Guest: Sue Bergamo, Executive Advisor/CISO/CIO at BTE Partners, LLC

On Linkedin | https://www.linkedin.com/in/suebergamo/

On Twitter | https://www.twitter.com/@suebergamo

On YouTube | https://www.youtube.com@suebergamo

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin engages in a conversation with guest Sue Bergamo about the dynamics and responsibilities of cybersecurity leadership. They discuss, compare, and contrast the roles of the CISO, CIO, and CTO in an organization and the handoff of tasks and responsibilities between them.

Sue emphasizes the need for a holistic approach to security, with the CISO responsible for protecting the inner workings of the company and its data. They explore the challenges of hiring in the cybersecurity field and the impact of the current economic climate. Sue cautions against a siloed approach to security and advocates for a well-rounded security program. They discuss the importance of consistency and structure in change control and release management processes to prevent issues and vulnerabilities. They also emphasize the role of the CISO as a trusted advisor, communicator, and educator within the organization.

They touch on the maturity level of cybersecurity programs and the need for organizations to embrace business-level conversations to reduce risk and exposure. Sue addresses the current state of the industry, highlighting the challenges faced by CISOs and security teams. She suggests that a calm and collected approach is a sign of a well-functioning security program. This, however, could leave the rest of the organization questioning their investment in cybersecurity. To this end, they discuss the importance of implementing controls and processes to create structure, improve security posture, and demonstrate this to the business leaders and key stakeholders.

Overall, the episode provides valuable insights into the evolving role of the CISO and the importance of a holistic approach to cybersecurity. The conversation is informative, thoughtful, and thought-provoking, without sensationalizing the content or adopting a journalistic tone.

Listeners can expect to gain insights into the complex dynamics of cybersecurity leadership and the challenges faced by organizations in the current landscape. Have a listen!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Short-Takes (podcast): https://www.youtube.com/ @suebergamo

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Pathway to Innovation: Understanding and Embracing Cascading Risk for Technological Progress | A Conversation With Trond Arne Undheim | Redefining CyberSecurity Podcast with Sean Martin

31 augusti 2023 | 48 min

Guest: Trond Arne Undheim, Founder of Yegii [@Yegii_Insight] and Research Scholar in Global Systemic Risk, Innovation, and Policy at Stanford University [@Stanford].

On Linkedin | https://www.linkedin.com/in/undheim/

On Twitter | https://twitter.com/trondau

Website | https://trondundheim.com/

On Facebook| https://www.facebook.com/trond.undheim/

On Instagram | https://www.instagram.com/trondundheim/?hl=en

On YouTube | https://www.youtube.com/channel/UCI4EpjuQzb58EiawzElwvYQ

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by futurist, Trond Arne Undheim, as they engage in a deep conversation about the intersection of technology, innovation, and risk management. Trond offers deep insights into the world of risk and the need for new paradigms to address emerging challenges.

The conversation starts with a discussion on the importance of systematic feedback and validation-driven strategies in fostering innovation. Sean and Trond highlight the positive aspects of risk information, emphasizing that it can help save resources by redirecting efforts towards more viable avenues.

Sean and Trond explore the notion of systems thinking and the challenges it presents. They explain that when we describe something as a "system," it implies that it is something we cannot fully control, but rather something we are amidst. They also touch on the concept of cascading risks, highlighting the potential dangers of multiple risks working together.

The conversation shifts to the role of organizations in managing risk. Sean and Trond acknowledge the complexity and short-term focus of many risk management approaches and express the need for new institutions (non-profit, government, etc.) and companies (commercial product/service providers, for example) to address this gap. They mention the rise of industries focused on specific risk areas, such as cybersecurity and ESG risk, and predict that more industries will emerge to provide risk management services. Sean and Trond also explore the idea that a higher level of risk can spur innovation, but caution against irresponsible risk-taking. They stress the importance of finding a balance between risk and innovation.

Join Sean and Trond for an engaging conversation rooted in philosophical discussion about the future of technology, the potential risks posed by emerging technologies like AI and bio-risks, and the impact of risk management on society. This episode of Redefining CyberSecurity Podcast helps to navigate the challenging landscape of technology and risk. We hope you enjoy it!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Yegii | https://yegii.org/blog/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Mind the Shadow AI Gap: Perception vs. Reality for Insider Threats in Data Security | An Imperva Brand Story With Terry Ray

28 augusti 2023 | 43 min

In this Brand Story episode, hosts Marco and Sean discuss data security and insider threats with their guest Terry Ray, field CTO and senior vice president for data security strategy at Imperva. The conversation covers a range of topics related to data security and the challenges organizations face.

Terry highlights the need for clear policies and strategies to detect and prevent insider threats. He points out that while organizations may trust their employees and contractors, people are not always security-minded, which can lead to trouble. He also mentions the presence of malicious individuals, although they are fewer in number.

Terry shares statistics that reveal a gap between organizations' perception of their data security and the reality of lacking comprehensive strategies as the trio explores the potential of AI in data security, with a focus on the limitations of AI in making complex decisions.

Terry emphasizes the importance of human intelligence and oversight, arguing that AI is not yet capable of determining the best course of action in certain scenarios. He gives an example of using AI to compare web application firewalls and points out that AI may not have the context or intelligence to identify what is missing if it hasn't been done before.

The group also discusses the balance between security and convenience, particularly in areas such as the medical field. They consider the advantages and risks of feeding AI with medical data and the potential for AI to find solutions that humans may not have considered.

The conversation sheds light on some important strategies and best practices as well. To dive deeper into this topic and gain valuable insights from industry experts, we encourage you to listen to the full episode.

Note: This story contains promotional content. Learn more.

Guest: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow [@Imperva]

On Linkedin | https://www.linkedin.com/in/terry-ray/

On Twitter | https://twitter.com/TerryRay_Fellow

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Press Release: Shadow AI set to drive new wave of insider threats

Blog: 7 Facts About Insider Threats That Should Make you Rethink Data Security

Research: Forrester Insider Threats Drive Data Protection Improvements

Are you interested in telling your Brand Story?
https://www.itspmagazine.com/telling-your-story

Sharing a Cryptographic Sandwich with the DevOps and SecOps Community | A SandboxAQ Brand Story with Marc Manzano

21 augusti 2023 | 34 min

In this Brand Story podcast episode, host Sean Martin is joined by guest Marc Manzano from SandboxAQ. They explore the importance of future-proofing cryptography and the emerging field of quantum-resistant cryptography.

The conversation revolves around the challenges of migrating to new cryptographic algorithms and the unknowns surrounding this process. They discuss how NIST is leading the way in defining new standards and the need for organizations to prepare for the upcoming changes. Marc introduces Sandwich, a meta library developed by SandboxAQ, which provides cryptographic agility and an easy-to-use API for secure application development with cryptography capabilities built-in. Marc explains how developers can download and build Sandwich, customize it with specific ingredients or features, and integrate it into their application development environment.

In addition to Sandwich, the Security Suite by SandboxAQ is highlighted as a tool to help organizations modernize cryptography management. It provides visibility into where and how cryptography is used, along with modules for observability, compliance, and remediation. The Security Suite also offers optimization of cryptographic operations to reduce resource consumption and improve performance.

Sean and Marc also touch on the challenges organizations face in understanding and implementing encryption and the collaboration between developers and security teams in managing encryption within the broader engineering and security operating environment. They discuss how Sandwich can help overcome hurdles and elevate security posture, allowing developers to focus on application development while the framework takes care of security.

Overall, this episode provides insights into the evolving field of quantum-resistant cryptography, the importance of secure application development with cryptography at its core, and the role of tools like Sandwich and the Security Suite in enhancing cybersecurity practices, all aiming to educate listeners on the challenges and solutions in cryptography management.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest:

Marc Manzano, Senior Director - Quantum Security, SandboxAQ [@SandboxAQ]

On Linkedin | https://www.linkedin.com/in/marcmanzano/

On Twitter | https://twitter.com/marcmanzano

Resources

Learn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2en

Read the Sandwich Press Release: https://itspm.ag/sandbonpda

Sandwich on Github: https://itspm.ag/sandbo3zq1

Learn more about Sandwich: https://itspm.ag/sandboqao6

Try SandboxAQ Security Suite: https://itspm.ag/sandbob3gy

Read the Security Suite Press Release: https://itspm.ag/sandboxb3e744

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Navigating the Cybersecurity Playground Amidst Alarms Sounding During the DEF CON DC101 Panel | A Conversation With Kirsten Renner | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

21 augusti 2023 | 40 min

In this episode of the Redefining CyberSecurity podcast, host Sean Martin along with guests Kirsten Renner and Marco Ciappelli, share their experiences and insights from DEF CON, the annual hacking conference taking place in Las Vegas, Nevada.

Kirsten reflects on her nerves and excitement about speaking on the welcome panel at DEF CON, which was interrupted multiple times by alarms. Despite the interruptions, Kirsten highlights the positive reception from the audience and the approachability of well-known figures like Dark Tangent (DT) - (aka Jeff Moss). The conversation emphasizes the importance of engaging with others at conferences like DEF CON and offers tips on how to approach and interact with people.

Kirsten also talks about the car hacking village, including the unique experiences like a Tesla being pummeled and hacked for a capture the flag (CTF) prize. The hosts and guest discuss the culture of badges at DEF CON, with the car hacking badges being functional and allowing participants to plug them into their cars.

They mention the inclusiveness and welcoming nature of the DEF CON community and the impact of the research and content being presented.

Throughout the episode, there is a comical element as Kirsten shares her experiences of speaking on stage during the alarm interruptions and the humorous interactions with the audience. The conversation also touches on Kirsten's son's involvement at DEF CON and the excitement of collecting badges, which are powered and customizable, adding to the overall sense of community and engagement at the conference.

This episode offers a glimpse into the excitement, challenges, and camaraderie of attending and speaking at DEF CON, while emphasizing the importance of inclusiveness and the impact of the research being presented. Listen now to get a sense of this year's event - and be sure to follow Kirsten and the rest of the car hacking village crew to learn more about creating a safe and secure connected car ecosystem.

About The Car Hacking Village
The primary goal of the Car Hacking Village is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today. Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees. Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come.

Breaches of automotive systems have been in the forefront of the global media for more than a year. Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry, the National Highway Traffic Safety Administration, Congress, the Department of Homeland Security, and consumers.

Car Hacking Village plays an important role for researchers interested in the safety and security of the more than one billion vehicles on the road worldwide. In 2015, over 16.5 million vehicles were sold in the United States. On average, motor vehicles are driven over 15,000 miles annually and consumers spend upwards of 730 hours per year in their cars.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

Guest: Kirsten Renner, Community Volunteer at DEF CON 101

On Linkedin | https://www.linkedin.com/in/krenner/

On Twitter | https://twitter.com/Krenner

On YouTube | https://www.youtube.com/playlist?list=PLxjvVVSu5Q3-ttIUdxxyCvJiN-TXuJ7j0

This Episode’s Sponsors

Resources

DEF CON 101 - Welcome to DEF CON Panel: https://forum.defcon.org/node/246130

More info about the DEFCON31 Car Hacking Village Badge: https://www.youtube.com/watch?v=yvvOl6LfodQ

Live from the Car Hacking Village Interview (hack a Tesla Y): https://www.youtube.com/watch?v=2YyyTkMdWik

ITSP Black Hat 25 & DEF CON 30 Live Streaming Coverage with ITSPmagazine with Car Hacking Village: https://www.youtube.com/watch?v=1jMXUIW9FRE

Sean and Kristen with their Car Hacking Village badge: https://twitter.com/Krenner/status/1028385017037115392?s=20

Kristen on DC101 Panel (photo): https://twitter.com/bigrinnyo/status/1689807935096930304?s=20

Car Hacking Village website: https://www.carhackingvillage.com/

Car Hacking Village Talks | https://www.carhackingvillage.com/talks

At DEF CON: https://forum.defcon.org/node/240928

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

From Deception to Connection: Exploring the Ethical Dimensions of Cybersecurity | A Conversation About Cyber Deception and the Cyber 9/12 Strategy Challenge with Rob Black and Marco Ciappelli | Redefining CyberSecurity with Sean Martin

17 augusti 2023 | 49 min

Guests:

Rob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]

On LinkedIn | https://www.linkedin.com/in/rob-black-30440819/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this thought-provoking episode of the Redefining CyberSecurity podcast, host Sean Martin engages in a deep conversation with guests Rob Black and Marco Ciappelli about the challenges and complexities of cybersecurity. The discussion revolves around the need to define the ultimate goal of cybersecurity and the potential impact on society, privacy, and human connection. They raise important questions about what it means to be a responsible cyber actor, exploring the clash between freedom of speech and content control.

The trio discuss the difficulty of finding a balance between preventing harm and protecting fundamental rights.

Deception emerges as a fascinating topic, with the conversation digging into the potential of using deceptive tactics to deter and disrupt cyber attackers. They ponder the ways in which attackers' decision-making can be influenced and their experiences manipulated to make it more challenging for them to succeed.

The conversation also takes a philosophical turn, contemplating the existential threat posed by AI and the metaverse. They explore the potential loss of authentic human connection in a virtual world and the implications for society.

Throughout the episode, they emphasize the importance of taking a comprehensive and strategic approach to cybersecurity, going beyond technology and considering psychological, social, and ethical factors. This conversation challenges conventional notions of cybersecurity and urges listeners to consider the broader implications and ethical dilemmas inherent in the digital realm.

Get ready for some thought-provoking insights that will surely encourage you to further explore the complexities of cybersecurity and its impact on society.

____

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____

Resources

UK Cyber 9/12 Strategy Challenge (Website): ukcyber912.co.uk

The Tularosa study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception (2019) Ferguson-Walter et al, Proceedings of the 52nd Hawaii International Conference on System Sciences 2019: https://hdl.handle.net/10125/60164

Friend or Faux: Deception for Cyber Defence, (2017) Ferguson-Walter K, LaFon D, Shade T in Journal of Information Warfare (2017) 16.2 28-42: https://www.jinfowar.com/journal/volume-16-issue-2/friend-or-faux-deception-cyber-defense

Design Thinking for Cyber Deception (2021) - Ashenden D, Black R, Reid I and Henderson S, Proceedings of the 54th Hawaii International Conference on System Sciences 2021: https://hdl.handle.net/10125/70853

Cyber Security: Using Cyber Deception to Fight Off Our Attackers — Who is Our End of Level Boss? (Article): https://medium.com/@rob_black/cyber-security-using-cyber-deception-to-fight-off-our-attackers-who-is-our-end-of-level-boss-c6d2697eada

____

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Follow the Money | From Bugs to Bad Intentions: Evolving Perspectives on Product Security | A Conversation with Allison Miller | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin

11 augusti 2023 | 33 min

Guest: Allison Miller, Faculty at IANS [@IANS_Security] and CISO (Chief Information Security Officer) and VP of Trust at Reddit [@Reddit]

On LinkedIn | https://www.linkedin.com/in/allisonmiller

On Twitter | https://twitter.com/selenakyle
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, as part of our Chats on the Road series to Black Hat USA 2023 in Las Vegas hosts Sean Martin and Marco Ciappelli chat with Allison Miller to discuss the parallels and differences between the fraud and cybersecurity teams, focusing particularly on how each measures success and handles challenges. Sean highlights the fraud team's clear metric of money, starting and ending their processes with it, and contrasts it to the security team's reliance on metrics like MTTx (Mean Time to Detect, Respond, etc.). He's curious about how the fraud team optimizes their processes and wonders if there are lessons that security teams can glean from them.

Allison appreciates the methodologies of fraud teams, especially their use of sampling to understand the magnitude of problems. She explains how fraud teams utilize backend data, machine learning, AI, and statistics to discern risk factors. Then, they test these models on forward-looking data, a methodology akin to red teaming in cybersecurity. She emphasizes the importance of continuous testing to ensure confidence in their detection capabilities. A point of difference she highlights is that fraud models have a high degree of confidence due to rigorous testing, while in cybersecurity, a lot of trust is placed on tool outputs without similar rigorous testing.

Marco emphasized the importance of building trust among teams. He stated that without trust, metrics could be misleading, and the overall effectiveness of processes might decline. He urged teams to ensure that they not only trust the data but also their colleagues, suggesting that this trust fosters better communication, understanding, and ultimately, results.

Sean expresses his wish for the cybersecurity world to be more integrated into applications, like the fraud teams are. Allison notes that fraud teams naturally fit into transaction processes because that's where money moves. For cybersecurity, the most natural integration point would be during authentication, but it's a risky move since blocking legitimate users would significantly impair their experience. Despite the challenges, Allison sees potential in fusion between fraud and security, especially in areas like API abuse. Both teams could benefit immensely from mutual collaboration in such areas.

Allison concludes that while direct involvement of security teams within applications may be a stretch, collaboration with fraud teams can still provide valuable insights. For example, in the realm of retail and payment, insights into API abuse can be a significant area for cooperative efforts between the two teams.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Application Security Posture Management | Beyond the Hamster Wheel: Innovations in App Security | A Brand Story Conversation from Black Hat USA 2023 | A Brinqa Story with Alex Babar

10 augusti 2023 | 27 min

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Alex Babar. Alex introduces listeners to Brinqa, a platform that centralizes vulnerability and security findings across various domains, such as infrastructure and cloud security, emphasizing the relevance of application security.

The conversation includes Sean's insights about the challenges of differentiating application systems from the past and the complexities of the modern cloud and API-driven environments. Sean emphasizes the importance of understanding the dynamics of application risk management, bringing up the distinction between security posture and application security posture management (ASPM).

As the discussion progresses, Alex highlights the increasing visibility of the term 'ASPM' within the security domain. Drawing from his experience at Black Hat, he underscores the saturation of detection tools and the challenge of streamlining vast amounts of data from different sources. Alex notes the prominence of terms like 'application security posture', suggesting a clear industry trend. He elucidates the role of ASPM, which not only centralizes data but also correlates it with business contexts, thereby aiding in risk prioritization.

The podcast takes a deeper dive as Sean probes the challenges that security professionals might face in integrating this new space into their existing frameworks and programs. Alex offers valuable advice, urging organizations to self-reflect on their risk reduction strategies and to maintain a healthy balance between detecting and fixing vulnerabilities.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Alex Babar, VP, Solutions at Brinqa [@brinqa]

On LinkedIn | https://www.linkedin.com/in/alexbabar/

On Twitter | https://x.com/alxbbr

Resources

Learn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdp

Hear more stories from Brinqa: www.itspmagazine.com/directory/brinqa

For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Beyond the Silos: The Evolution of Threat Intelligence | Taking an Intelligence-Driven Approach to Security Operations | A Brand Story Conversation from Black Hat USA 2023 | A Cyware Story with Willy Leichter

10 augusti 2023 | 30 min

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Willy Leichter as he sheds light on his extensive experience spanning over 24 years in the security realm. With a keen focus on cyclical patterns of security, he underscores the unique position of Cyware, a brand that has worked assiduously to bridge silos across industries. While discussing the broader vision of threat intelligence, he underscores its potential in predicting and mitigating attacks proactively.

Join Wily and Sean and they dig into the complexities of threat intelligence, highlighting the importance of clear notifications and the stories behind them. Sean recalls his experiences as a product manager building an enterprise SIEM solution, shedding light on the challenges of orchestrating bidirectional data exchanges due to the diversity of data formats. This reflection underscores the need for a more streamlined and scalable approach.

Willy discusses Cyware's role in addressing these challenges. He explains how Cyware assists teams and systems in understanding and acting upon various threats. The conversation also touches on the role of Artificial Intelligence (AI) in improving integrations and managing threats. A significant portion of the discussion focuses on the potential of bidirectional threat intelligence sharing, emphasizing its advantage over the typical one-way sharing that's more common.

As the episode progresses, the concept of threat intelligence as a service is introduced. In a digital age where cyber threats are continually evolving, Sean and Willy stress the need for a united front in defense. They advocate for a collaborative approach, emphasizing the benefits of collective defense in an industry where real-time sharing and coordination are paramount.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Willy Leichter, VP of Marketing at Cyware [@CywareCo]

On LinkedIn | https://www.linkedin.com/in/willyleichter/

Resources

Learn more about Cyware and their offering: https://itspm.ag/cywaremja9

For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Budgets and Breakthroughs: Navigating Proactive Security and Other Cybersecurity Trends | Exclusive Previews from the Omdia Analyst Summit with Eric Parizo | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin

7 augusti 2023 | 29 min

Guest: Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]

On Linkedin | https://www.linkedin.com/in/ericparizo/

On Twitter | https://twitter.com/EricParizo
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, as part of our Chats on the Road series to Black Hat USA 2023 in Las Vegas host Sean Martin and guest Eric Parizo discuss the upcoming Omdia Analyst Summit at Black Hat USA.

Eric, the Managing Principal Analyst for the Omdia Cybersecurity Research Team, shares insights into the summit's agenda and the exciting research they have been working on. The summit covers a range of topics, including economic challenges in cybersecurity, proactive security, SASE, IoT and OT security, data security, managed security services, and AI in cybersecurity.

They also touch on budget allocation and how organizations are shifting their resources and investing in external security capabilities. While security budgets are generally holding steady or increasing, the economic uncertainty may impact the second half of the year. The conversation highlights the importance of demonstrating ROI and value in existing security spend.

The concept of proactive security takes center stage, as Eric explains that it involves finding and addressing threats before they impact an organization.

They discuss the three broad categories of security solutions: preventative, reactive, and proactive. Proactive security is seen as the missing piece in the cybersecurity puzzle, allowing organizations to get ahead of security problems and reduce overall risk. Eric teases the attendees of the summit with the promise of exploring specific proactive solutions and the potential for proactive security platforms that bring together various proactive capabilities.

Throughout the conversation, Sean and Eric provide a sneak peek into the summit's agenda, emphasizing the importance of the topics being discussed and the cutting-edge research being presented. The episode showcases the expertise and knowledge of Eric as a leading analyst in the cybersecurity field and offers valuable insights for security leaders and professionals.

Hosted by Sean Martin, the Redefining CyberSecurity Podcast provides listeners with thought-provoking discussions on cybersecurity topics.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

Omdia Analyst Summit: https://www.blackhat.com/us-23/omdia-analyst-summit.html

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations | A Conversation with Kate Esprit and Cat Self from MITRE | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

7 augusti 2023 | 36 min

Guests:

Cat Self, Principal Adversary Emulation Engineer, MITRE [@MITREcorp]

On Linkedin | https://www.linkedin.com/in/coolestcatiknow/

On Twitter | https://twitter.com/coolestcatiknow

Kate Esprit, Senior Cyber Threat Intelligence Analyst at MITRE [@MITREcorp]

On Linkedin | https://www.linkedin.com/in/kate-e-2b262695/

____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

Post: https://medium.com/mitre-engenuity/managed-services-evaluations-round-2-2023-attribution-and-speed-and-efficiency-oh-my-59aa207641fa

____________________________

Episode Notes

In this new Chats on the Road to Black Hat USA 2023 on the ITSPmagazine Podcast Network, hosts Sean and Marco are joined by Cat and Kate from MITRE to discuss the world of adversary emulation and its importance in improving cybersecurity. The conversation covers MITRE's role as an industry thought leader and their focus on making the cyber world a safer place. They explain how MITRE ATT&CK, a framework based on observations from blue and red engagements, led to the development of ATT&CK evaluations, which aim to raise the standard of the industry and provide transparency.

The hosts and guests emphasize the need for transparency in adversary emulation and how MITRE releases their methodology, results, and code to make the practice more accessible.

The group also discusses the challenges faced in aligning emulation plans with the diverse and unique solutions deployed by different vendors and the importance of maintaining the integrity of what the adversaries would actually do.

The conversation also touches on the differences between adversary emulation and simulation. While emulation replicates the actions and techniques of specific adversaries, simulation allows for more flexibility and blends different components of multiple adversaries.

The hosts and guests also explore the power and responsibility that comes with conducting adversary emulation, drawing parallels to superheroes like Batman and Spider-Man.

About the session — Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations

Batman once said, "you either die a hero or live long enough to see yourself become the villain." What if there was a way to become a cyber villain for the greater good? For the last 5 years, the MITRE ATT&CK Evaluations team has been improving the industry by "becoming the villain." We study some of the world's most advanced threat actors, develop a scenario, build malware and tools, then execute the operations against major EDR vendors. And the best part? Not only do we get the business justification of becoming a villain to advance defenders, but our code is also open-sourced.

Using a Latin American APT as our real-world villain, this talk will showcase how to merge CTI and red development capabilities for adversary emulation.

First, our cyber threat intelligence team (CTI) demonstrates how to evaluate reports with the sufficient technical data needed to emulate the adversary's usage of particular techniques. We will build a scenario, create CTI diagrams based on our analysis, address gaps in data, and create alternative attack methods for the red team.

Next, the red team enters the scene to collaborate with the CTI team. They begin building malware, tools, and infrastructure. Translating approved open-source CTI reporting into code, we will walk through process injection, persistence, hands-on-keyboard discovery, and lateral movement for the emulation. Finally, it is time to launch the attack and see how our defenders respond, discern where to search for clues, and help them uncover our plot.

To coincide with this presentation, our code, research, and emulation plans will be publicly released. We hope this empowers the community to use our "become the villain" methodology to improve defenses. Helping defenders discern where to look for our footprints is how we justify our villainous acts.

Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____________________________

Resources

Becoming a Dark Knight: Adversary Emulation Demonstration for ATT&CK Evaluations: https://www.blackhat.com/us-23/briefings/schedule/index.html#becoming-a-dark-knight-adversary-emulation-demonstration-for-attck-evaluations-33209

Podcast: https://itspmagazine.simplecast.com/episodes/mitre-att-ck-a-conversation-at-the-edge-with-katie-nickels-fred-wilmot-and-ryan-kovar

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

The Art of Attack—Enhancing Defense Strategies: Unleashing the Power of Autonomous Pen Testing | A Brand Story Conversation from Black Hat USA 2023 | An Horizon3.ai Story with Snehal Antani

7 augusti 2023 | 33 min

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with Snehal Antani to discuss proactive security and autonomous pentesting. Snehal shares his expertise on the importance of blue teams proactively verifying their security posture and fixing exploitable vulnerabilities on their own terms and timeline. He emphasizes the need for a bias for action and highlights the value of offense informing defense.

The conversation digs into how Horizon3.ai's technology helps blue teams automate specific workflows, such as account resets and incident response processes. Snehal explains how the platform can be used to tune security controls and improve overall effectiveness. He discusses the impact of Horizon3.ai on the cybersecurity skills and expertise of its users, allowing them to focus on more challenging and creative aspects of ethical hacking.

Snehal also explores the role of storytelling in cybersecurity, particularly when communicating with executive teams and the board. They discuss the importance of framing cybersecurity issues in the language of business continuity and uptime, making the impact tangible and relatable to board members.

The discussion provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders. Snehal emphasizes the need for organizations to be proactive and take immediate action to remediate vulnerabilities. Also highlighted is the value of understanding the art of attack in order to become better defenders.

Overall, this episode offers a thought-provoking conversation on proactive security, autonomous pen testing, and the evolving role of security practitioners. It provides practical insights and strategies for improving security posture and effectively communicating its importance to executive stakeholders.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]

On LinkedIn | https://www.linkedin.com/in/snehalantani/

On Twitter | https://twitter.com/snehalantani

Resources

Learn more about Horizon3.ai and their offering: https://itspm.ag/horizon3ai-bh23

For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Future of Malware Should Define The Future of Malware Defense: Disrupting Cyber Attack Communication with the Adversary Infrastructure Platform | A Brand Story Conversation from Black Hat USA 2023 | A HYAS Story with David Ratner

7 augusti 2023 | 33 min

In this Brand Story podcast episode, as part of our Black Hat USA conference coverage, host Sean Martin connects with David Ratner to discuss the innovative approach of the Adversary Infrastructure Platform to cybersecurity. The platform focuses on understanding and disrupting communication between attackers and their command and control infrastructure, allowing for quicker detection and response to attacks. It can even identify and shut down masked communication attempts.

The conversation emphasizes the platform's ease of deployment and integration into existing security architectures, making it accessible for organizations of all sizes. David discusses HYAS's research on the future of malware, including the use of generative AI and polymorphic malware. This research aims to stay ahead of evolving threats, helping organizations build effective defenses.

The conversation covers HYAS's research notes on Black Mamba and EyeSpy, which highlight their commitment to understanding attacks and building the right intelligence into the Adversary Infrastructure Platform to detect future threats.

The conversation also explores how the platform provides visibility and observability for CISOs, addressing the concerns of not knowing what is happening in real time within their environments.

The Adversary Infrastructure Platform allows CISOs to implement a comprehensive strategy for prevention and business resiliency, giving them confidence in their ability to detect and respond to anomalous activity.

One of the key strengths of the platform is its flexibility across different devices and network environments. It can be deployed to guard against various operating systems and even IoT and OT devices sending beacons to command and control systems, ensuring comprehensive protection regardless of the devices or connectivity methods being used.

Overall, David provides listeners with insights into the Adversary Infrastructure Platform and its role in enhancing cybersecurity. He highlights the platform's effectiveness in detecting and responding to attacks, its ability to provide real-time visibility, and its flexibility in deployment.

Listen in to gain a better understanding of how the platform works, its research-driven approach, and its potential to improve an organization's security posture.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: David Ratner, CEO at HYAS [@hyasinc]

On LinkedIn | https://www.linkedin.com/in/davidhratner/

On Twitter | https://twitter.com/davidhratner

Resources

Learn more about HYAS and their offering: https://itspm.ag/hyasl3si

EyeSpy Proof of Concept: https://www.hyas.com/blog/eyespy-proof-of-concept

For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Exploitation of Humans by AI Assistants | A Conversation with Matthew Canham and Ben Sawyer | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

4 augusti 2023 | 36 min

Guests:

Matthew Canham, CEO, Beyond Layer Seven, LLC

On Linkedin | https://www.linkedin.com/in/matthew-c-971855100/

Website | https://drmatthewcanham.com/

Ben Sawyer, Professor, University of Central Florida [@UCF]

On Linkedin | https://www.linkedin.com/in/bendsawyer/

On Twitter | https://twitter.com/bendsawyer

Website | https://www.bendsawyer.com/
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

Welcome to a fascinating new episode where we delve deep into the confluence of cybersecurity, psychology, and philosophy in the realm of artificial intelligence. In anticipation of their insightful presentation at Black Hat Las Vegas 2023, our hosts Marco and Sean had an engaging conversation with Ben and Matthew, shedding light on the astonishingly rapid developments of AI and the accompanying cybersecurity implications.

Within the last few months, the GPT-4 and ChatGPT language models have captivated the world. There is a growing perception that the line between AI and sentience is becoming increasingly blurred, nudging us into uncharted territories. However, one must question if this is genuinely the case, or merely what we want or are predisposed to perceive.

Ben and Matthew's research outlines the fundamental "cognitive levers" available to manipulate human users, a threat vector that is more nuanced and insidious than we ever imagined.

In their upcoming Black Hat talk, they aim to reveal how AI can exploit our cognitive biases and vulnerabilities, reshaping our perceptions and potentially causing harm. From social engineering to perceptual limitations, our digital realities are at a risk we have never seen before.

Listen in as Marco and Sean explore a captivating debate around the nature of reality in the context of our interaction with AI. What we think is real, may not be real after all. How does that affect us as we continue to interact with increasingly sophisticated AI? In a world that often feels like a simulation, are we falling prey to AI's exploitation of our human cognitive operating rules?

Marco and Sean also introduce us to the masterminds behind this groundbreaking research, Ben Sawyer, with his background in Applied Experimental Psychology and Industrial Engineering, and Matthew Canham, whose work spans cognitive neuroscience and human interface design. Their combined expertise results in a comprehensive exploration of the intersection between humans and machines, particularly in the current digital age where AI's ability to emulate human-like interactions has advanced dramatically.

This thought-provoking episode is a must-listen for anyone interested in the philosophical, psychological, and cybersecurity implications of AI's evolution. The hosts challenge you to think about the consequences of human cognition manipulation by AI, encouraging you to contemplate this deep topic beyond the immediate conversation.

Don't miss out on this thrilling journey into the unexplored depths of human-AI interaction.

Subscribe to our podcast, share it with your network, and join us in pondering the questions this conversation raises. Be part of the ongoing dialogue around this pressing issue, and we invite you to stay tuned for further discussions in the future.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

Me and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants: https://www.blackhat.com/us-23/briefings/schedule/index.html#me-and-my-evil-digital-twin-the-psychology-of-human-exploitation-by-ai-assistants-32661

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

I Was Tasked With Enrolling Millions of Developers in 2FA - Here's What Happened at GitHub | A Conversation with John Swanson | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

3 augusti 2023 | 23 min

Guests:

John Swanson, Director, Security Strategy, GitHub [@github]

On LinkedIn | https://www.linkedin.com/in/swannysec/

On Twitter | https://twitter.com/swannysec
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this Chats on the Road to Black Hat USA, hosts Sean and Marco are joined by John Swanson, the Director of Security Strategy at GitHub. The conversation revolves around the challenges and importance of implementing two-factor authentication (2FA) for developers on the GitHub platform.

John shares insights into the role of GitHub in protecting developers and the software ecosystem, emphasizing the need for collaboration and involving various perspectives in the project team. The discussion touches on the guiding principles that rallied the team and the importance of balancing security outcomes with usability. They explore the role of culture in driving effective security practices and creating a safe and healthy environment. John highlights the need to build and maintain a healthy culture around security, ensuring two-way trust between internal employees and customers.

The conversation also explores how to measure success through traditional metrics and indicators, as well as the importance of team engagement and positivity. The hosts express their excitement for John's upcoming presentation at the Black Hat conference, where he will discuss 2FA for 100 million developers on the GitHub platform. The conversation provides valuable insights into the challenges and successes of implementing security technologies while considering the human factor, offering a glimpse into the real-world implementation of 2FA and the efforts made by GitHub to improve security without compromising usability.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

I Was Tasked With Enrolling Millions of Developers in 2FA - Here's What Happened: https://www.blackhat.com/us-23/briefings/schedule/#i-was-tasked-with-enrolling-millions-of-developers-in-fa---heres-what-happened-32925

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities | A Conversation with Pedro Adão and Marco Squarcina | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

2 augusti 2023 | 30 min

Guests:

Pedro Adão, Associate Professor, Instituto Superior Técnico, Universidade de Lisboa [@istecnico

On Linkedin | https://www.linkedin.com/in/pedro-ad%C3%A3o-b5b792/?

Marco Squarcina, Senior Scientist, TU Wien [@tu_wien]

On Linkedin | https://www.linkedin.com/in/squarcina/?originalSubdomain=at

Website | https://minimalblue.com/
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast and Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this Chats on the Road to Black Hat USA, hosts Sean and Marco are joined by guests Pedro and Marco to explore the vulnerabilities and challenges of web security. The conversation begins with an explanation of the Double Submit and Synchronized Token patterns used to protect against CSRF (cross site request forgery) attacks. They discuss the limitations of these patterns, particularly when it comes to the integrity of cookies.

The guests highlight the potential for attackers to modify cookies and the need for better solutions. The conversation then unpacks the complexities of web security, including the difficulties of maintaining backward compatibility and the challenges of multiple components and parties involved in web development, delivery, and operations. They address the importance of revising the security of subdomains and implementing security mechanisms like HSTS (HTTP strict transport security) with the inclusive domain directive.

The conversation also raises philosophical questions about the responsibility of companies and the development community in addressing web security, as well as the role of legislation in this space. The group emphasizes the need for better platforms and frameworks that prioritize security from the start.

The conversation concludes with a discussion on the importance of ongoing research, reporting vulnerabilities to developers, and finding solutions to improve the overall security of web applications. Listeners can expect to gain a deeper understanding of web security challenges and the ongoing efforts to address vulnerabilities and improve the security of the internet ahead of Pedro's and Marco's research presentation at Black Hat USA 2023.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____

Resources

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities: https://blackhat.com/us-23/briefings/schedule/#cookie-crumbles-unveiling-web-session-integrity-vulnerabilities-32551

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Aerospace Village: Build—Inspire—Promote | A Hacker Summer Camp 2023 Event Coverage Conversation from DEFCON with Steve Luczynski and Lillian Ash Baker | Redefining CyberSecurity with Sean Martin and Marco Ciappelli

2 augusti 2023 | 39 min

Guests:

Steve Luczynski, Senior Manager / Critical Infrastructure Security, Accenture Federal Services [@Accenture] and Chairman of the Board for the Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/steveluczynski/

On Twitter | https://twitter.com/cyberpilot22

Lillian Ash Baker, Product Security Engineer, Boeing and Call for Papers Organizer for the Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/zap-bang/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the ITSPmagazine podcast, hosts Sean and Marco are joined by guests Steve Luczynski and Lillian Ash Baker to discuss the Aerospace Village 2023 at DEF CON during Hacker Summer Camp in Las Vegas. The conversation highlights the diverse range of topics covered in the village, including CubeSat resilience, ransomware resilience, and attack chains for low orbit satellites.

The guests emphasize the involvement of government agencies like the White House and TSA, as well as industry giants like Boeing and Lockheed. The hosts express their excitement for the hands-on activities at the village, such as capture the flag events, and the opportunity to learn from experts in the field.

They also discuss the importance of inspiring and promoting cybersecurity in the aviation and space sector, particularly for students and newcomers. The presence of SpaceX and their partnership with the village is highlighted as well. Listen to get a comprehensive overview of the Aerospace Village, showcasing the intersection of cybersecurity, aviation, and space, and the opportunity for attendees to engage with experts and participate in hands-on activities.

The conversation also take a trip down memory lane, looking at the history of the village and its evolution over the years, highlighting the increasing number of submissions and the involvement of government agencies. The guests discuss their respective roles in the village and share their perspectives on the importance of cybersecurity in the aerospace industry. The hosts express their enthusiasm for the presentations and the chance to connect with professionals in the field. They also reflect on the growth and impact of the village, noting the increasing interest and participation from students and researchers.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Aerospace Village (Website): https://www.aerospacevillage.org/defcon-31

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Houston, We Have a Problem: Analyzing the Security of Low Earth Orbit Satellites with Johannes Willbold | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

1 augusti 2023 | 27 min

Unleashing End-User Productivity Through Secure Browsing: What is the Enterprise Browser? | A Their Story Conversation from Black Hat USA 2023 | An Island.io Story with Brian Kenyon

1 augusti 2023 | 46 min

In this Their Story podcast episode, as part of our Black Hat USA conference coverage, hosts Sean Martin and Marco Ciappelli connect with Brian Kenyon, the Chief Strategy Officer at Island, to unpack the intricate world of enterprise browsers. Together, they explore the pressing need for robust web security and the challenges that orbit it. As the conversation unfurls, they navigate the evolution of browsers, their pivotal role in today's work operations, and how modern frameworks like Chromium have replaced relics like Flash and Silverlight, simplifying web backend and significantly enhancing a consistent user experience.

The trio brings to light the persistent problem of technical debt within enterprise environments, where the existence of outdated applications and frameworks continues to be a daunting issue. They assert the need for an enterprise browser capable of maintaining compatibility with older systems while simultaneously keeping pace with the advancements of the digital era. In addition, the dialogue expands to include the integration of browser technologies in cloud-based applications like Salesforce and ServiceNow, and the challenges inherent in applying policies and ensuring data security within such environments.

The pivotal value of an enterprise browser emerges strongly throughout the discussion, highlighting its ability to augment productivity and provide unique cybersecurity solutions. The conversation orbits around the value of an enterprise browser integrating with an organization's identity and access management systems, yielding granular control over access and actions within applications. Furthermore, Brian draws attention to the deployment flexibility of an enterprise browser, with its ability to be utilized across an entire organization or targeted towards specific departments or teams.

In a concluding note, Sean, Marco, and Brian emphasize the pivotal role of end-user experience in enhancing productivity and the transformative role browsers play in this scenario. They discuss the additional functionality that an enterprise browser can offer - such as built-in copy and paste palettes, PDF editors, and password managers — and caution about potential risks tied to browser extensions, underscoring the need for visibility, governance, and control in this area while allowing the end-users to drive the requests to ensure they get their work done.

A secure enterprise browser, such as the one offered by Island.io, is pivotal in transforming the business narrative, where security ceases to be a mere protective measure and becomes a business enabler. By ensuring a seamless and secure web browsing experience, it aligns with the company's strategic objectives, directly contributing to desired outcomes and fostering an environment where safety and efficiency coexist, driving the business towards new heights of digital innovation.

Ultimately, this episode provides valuable insights into the challenges and benefits of leveraging an enterprise browser within the evolving digital landscape, offering a thought-provoking, informative, and practical discourse for organizations striving to enhance their web security and improve end-user experiences.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Brian Kenyon, Chief Strategy Officer at Island [@island_io]

On LinkedIn | https://www.linkedin.com/in/brianmkenyon/

Resources

Learn more about Island.io and their offering: https://itspm.ag/island-io-6b5ffd

What if the browser was designed for the enterprise? See for yourself at Black Hat - Visit Booth #1474 https://itspm.ag/islandl724

For more Black Hat USA 2023 coverage: https://itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli

31 juli 2023 | 33 min

Guest: Fredrik Heiding, Research Fellow at Harvard University [@Harvard]

On Linkedin | https://www.linkedin.com/in/fheiding/
____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this Chats on the Road to Black Hat USA, hosts Sean and Marco discuss the use of AI in hacking and cybersecurity with guest Frederick Heiding, specifically large language models, such as GPT-3 and GPT-4 (ChatGPT). They explore the concept of using AI to create realistic phishing emails that are difficult to detect, and how cybercriminals can exploit this technology to deceive individuals and organizations.

The episode also looks at the ease with which AI can generate content that appears real, making it a powerful tool in the hands of attackers. The trio discuss the potential dangers of AI-powered phishing emails and the need for more sophisticated spam filters that can accurately detect the intent of these emails, providing more granular information and recommended actions for users.

Throughout the episode, there is a recognition of AI as a tool that can be used for both good and bad purposes, emphasizing the importance of ethics and the ongoing race between cybercriminals and cybersecurity professionals. The conversation also touches on the positive applications of AI in detecting and preventing phishing attacks, showcasing the efforts of the "good guys" in the cybersecurity world. They discuss the potential for AI to help in blocking phishing emails and providing more granular information and recommended actions for users.

About the Session

AI programs, built using large language models, make it possible to automatically create realistic phishing emails based on a few data points about a user. They stand in contrast to "traditional" phishing emails that hackers design using a handful of general rules they have gleaned from experience.

The V-Triad is an inductive model that replicates these rules. In this study, we compare users' suspicion towards emails created automatically by GPT-4 and created using the V-triad. We also combine GPT-4 with the V-triad to assess their combined potential. A fourth group, exposed to generic phishing emails created without a specific method, was our control group. We utilized a factorial approach, targeting 200 randomly selected participants recruited for the study. First, we measured the behavioral and cognitive reasons for falling for the phish. Next, the study trained GPT-4 to detect the phishing emails created in the study after having trained it on the extensive cybercrime dataset hosted by Cambridge. We hypothesize that the emails created by GPT-4 will yield a similar click-through rate as those created using V-Triad. We further believe that the combined approach (using the V-triad to feed GPT-4) will significantly increase the success rate of GPT-4, while GPT-4 will be relatively skilled in detecting both our phishing emails and its own.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____________________________

Resources

Devising and Detecting Phishing: Large Language Models (GPT3, GPT4) vs. Smaller Human Models (V-Triad, Generic Emails): https://www.blackhat.com/us-23/briefings/schedule/#devising-and-detecting-phishing-large-language-models-gpt-gpt-vs-smaller-human-models-v-triad-generic-emails-31659

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

The Art of Building Security Products: Balancing Innovation and User-Friendly Design | A Conversation with Laurent Hausermann | Redefining CyberSecurity with Sean Martin

26 juli 2023 | 51 min

Guest: Laurent Hausermann, Entrepreneur

On Linkedin | https://www.linkedin.com/in/laurenthausermann/

On Twitter | https://twitter.com/lhausermann

Website | https://cyberbuilders.substack.com/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin and guest Laurent Hausermann discuss the process of building security products. They emphasize the importance of understanding customer needs and pain points before developing a product. Laurent shares his experience in the IoT security space and the significance of gathering feedback from potential customers. The conversation highlights the role of a product manager in championing the value and experience of a product, without overselling it to security practitioners. They discuss the challenges of marketing security products and the need for realistic expectations.

The discussion explores the user experience of security products, from installation to operational ease. They discuss the importance of a well-defined product development process and the role of the product manager in bridging user experience, technology, and business. They touch on the evolving nature of product management in a world where almost everything is built using a SaaS model. They also discuss the concept of time to value, emphasizing the need for quick delivery of value to users. They also address the role of product marketing in promoting the product and supporting sales, including the creation of collateral such as sales decks, briefs and papers, user testimonials, and webinars.

The conversation concludes by discussing the organizational structures and responsibilities for product management and product marketing. Sean and Laurent highlight the need for a clear understanding of the product manager's role and the distinction between product management and product marketing. They emphasize the importance of a collaborative product development process, where the product manager serves as a bridge between various aspects of the product.

Overall, this episode provides valuable insights into the world of building security products, emphasizing the importance of considering customer needs, user experience, and marketing strategies. The conversation is informative and thought-provoking, offering practical advice and discussing the challenges faced by security product teams. The host, Sean Martin, and guest, Laurent Hausermann, bring their expertise and experiences to the discussion, making it engaging and relevant for listeners in the cybersecurity industry.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Inspiring Post | Unlocking the Secrets of Cybersecurity Product Teams: https://cyberbuilders.substack.com/p/unlocking-the-secrets-of-cybersecurity

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Book | Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program | A Conversation with Author Ryan Leirvik | Redefining CyberSecurity with Sean Martin

19 juli 2023 | 49 min

Guest: Ryan Leirvik, CEO of Neuvik [@Neuvik]

On LinkedIn | https://www.linkedin.com/in/leirvik/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining Cybersecurity podcast, host Sean Martin discusses the fundamentals of risk management in cybersecurity with Ryan Leirvik, author of "Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program." The conversation centers around the importance of understanding risk management in cybersecurity, categorizing assets, and identifying what's important to the business versus what's important to the individual.

They also discuss the need to use frameworks like NIST-CSF to define and categorize risks and the importance of responding quickly to active threats and having a plan in place for recovery. Sean and Ryan provide practical advice for creating a sustainable cyber program that prioritizes risk management and explain how to set the stage for conversations about cybersecurity with stakeholders. Overall, the episode provides valuable insights into risk management in cybersecurity and how to prioritize and protect critical assets.

ABOUT THE BOOK

When it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner’s guide lays down those foundational components, with real client examples and pitfalls to avoid.

A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.

This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.

Who This Book Is For

CISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program (Book): https://www.amazon.com/Understand-Manage-Measure-Cyber-Risk-dp-1484293185/dp/1484293185/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

AI, Cyber Warfare, and Beyond: Understanding Cybersecurity's Future | Our Traditional Conversation With Black Hat GM, Steve Wylie | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin

18 juli 2023 | 42 min

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650
____________________________

This Episode’s Sponsors

runZero | https://itspm.ag/runzervvyh

____________________________

Episode Notes

Black Hat USA 2023 conference's keynote sessions promise engaging and insightful conversations. Steve Wylie, the General Manager, highlighted one of the key discussions that will occur during the event, a fireside chat between Jen Easterly, the director of Cybersecurity and Infrastructure Agency (CISA), and Viktor Zhora, who is responsible for defending Ukraine's digital infrastructure. Easterly, having been appointed in 2021, participated in a Black Hat keynote stage three weeks later, where she effectively discussed her vision for the collaboration of hackers, government, and the private sector. Now, after a couple of years in her role, she's expected to bring in more nuanced perspectives.

The discussion will focus on the pressing issues faced by the cybersecurity world, including the war in Ukraine and the country's efforts to defend its digital infrastructure. This fireside chat is set to foster insightful exchanges from two significant figures, each from different governments, giving attendees a unique view into real-world security operations.

The Thursday morning keynote will feature Kemba Walden, the Acting National Cyber Director for the Executive Office of the President. Her contributions to major cybersecurity initiatives, such as the implementation of Executive Order 14028, make her an exciting addition to the conference. This order, which aimed to improve the nation's cybersecurity, addressed significant issues like public-private cooperation, sharing of intelligence between agencies, and supply chain security.

As the conference unfolds, more technical discussions will also take place. Wylie mentioned the Black Hat briefings which are typically quite technical and provide insights into the current cybersecurity landscape. One notable briefing includes James Kettle's session, "Smashing the State Machine: The True Potential of Web Race Conditions," highlighting an unexpected flaw in web applications. Other sessions cover important topics such as the recent Viacom satellite attack in Ukraine and global DDoS trends, as observed by the FBI.

The Black Hat USA 2023 conference offers a diverse range of topics for attendees, from policy-related big-picture conversations to more technical, detail-oriented discussions, plus hands-on activities taking place in the Arsenal. There's also an entrepreneur track, where innovative solutions are pitched to judges and are on display in the business hall.

Black Hat USA 2023 aims to provide both overarching perspectives and in-depth analyses to ensure a comprehensive understanding of today's cybersecurity challenges.

Stay tuned for all of our Black Hat USA 2023 coverage: https://www.itspmagazine.com/bhusa

____________________________

Resources

Black Hat USA 2023 Trainings: https://blackhat.com/us-23/training/schedule/index.html

Black Hat USA 2023 Briefings: https://blackhat.com/us-23/briefings.html

For more Black Hat USA 2023 Event information, coverage, and podcast and video episodes, visit: https://www.itspmagazine.com/black-hat-usa-2023-cybersecurity-event-coverage-in-las-vegas

Are you interested in telling your story in connection with our Black Hat coverage? Book a briefing here:
👉 https://itspm.ag/bhusa23tsp

Want to connect you brand to our Black Hat coverage and also tell your company story? Explore the sponsorship bundle here:
👉 https://itspm.ag/bhusa23bndl

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Implementing Meaningful Information Security Metrics | A Conversation with Allie Mellen and Jeff Pollard | Redefining CyberSecurity with Sean Martin

12 juli 2023 | 48 min

Guests:

Allie Mellen, Senior Analyst at Forrester [@forrester]

On Linkedin | https://www.linkedin.com/in/hackerxbella/

On Twitter | https://twitter.com/hackerxbella

Jeff Pollard, VP & Principal Analyst at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/jpollard96/

On Twitter | https://twitter.com/jeff_pollard2

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this new episode of Redefining CyberSecurity with Sean Martin, Allie Mellen, and Jeff Pollard engage in an in-depth conversation exploring security metrics' critical role and power in the infoSec decision-making processes. Throughout the dialogue, listeners can gain an understanding of the importance of implementing relevant metrics, such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR), for tracking growth within cybersecurity contexts. However, there’s much more to metrics than just these two figures.

Both Allie and Jeff emphasize that metrics should be perceived not merely as numerical values but as valuable guideposts aiding decision-making. This perspective, attributed to the Lean Startup philosophy by Eric Ries, encourages using metrics to guide future actions, understand current decisions, or evaluate past outcomes. They stress that metrics should have a genuine purpose and contribute meaningfully rather than just providing quantitative data.

Furthermore, the conversation underscores the relevance of metrics to the decision-making audience. Allie and Jeff agree that metrics should differentiate between what matters only to your team and what's necessary for strategic decisions in the broader organization. They become truly impactful by ensuring metrics support decision-making and reach the right audience, whether it's senior leadership, the security program, or the tactical metric practitioners.

Storytelling's role is highlighted as vital in presenting these metrics to various stakeholders, making the data more meaningful, understandable, and actionable. The conversation extends the notion of metrics, applying concepts like readmission rates, commonly used in healthcare, to measure incident recurrence in cybersecurity.

The trio also spotlights the need for a synergistic relationship between the Security Operations Center (SOC) and Vulnerability Risk Management (VRM). Such a relationship fosters improved security posture through effective incident management and prevention, with Allie reasoning that translating data into something meaningful for other business units is crucial.

Touching upon individual metrics in the context of career progression, both Allie and Jeff emphasize the necessity for individuals to define their career-oriented metrics based on their personal goals and organizational expectations. This understanding can help leaders prove their program's success and influence others.

The conversation ultimately underscores the importance of the right data sources for calculating meaningful metrics. Without the correct data, generating truly impactful and actionable metrics becomes impossible. Jeff cites an example of a financial organization that used a unique metric to measure insider risk, emphasizing the complexities and challenges of deriving meaningful and actionable cybersecurity metrics.

There’s a lot to unpack in this conversation. Listen to the entire episode so you don’t miss a beat.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

The Lean Startup: https://theleanstartup.com/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Moonlighter: A CTF Challenge in Space | Hack-a-Sat 4 and the State of Space Cybersecurity | A Conversation with Logan Finch, Jason Williams, Aaron Myrick | Redefining CyberSecurity with Sean Martin

29 juni 2023 | 43 min

Guests:

Logan Finch, Principal Engineer at Cromulence [@cromulencellc]

On Linkedin | https://www.linkedin.com/in/logan-finch/

On Twitter | https://twitter.com/hack_a_sat

Jason Williams, Co-Founder and CEO of Cromulence [@cromulencellc]

On Linkedin | https://www.linkedin.com/in/jason-williams-5858c3

On Twitter | https://twitter.com/hack_a_sat

Aaron Myrick, Project Leader at The Aerospace Corporation [@AerospaceCorp]

On Linkedin | https://www.linkedin.com/in/aaron-myrick-677b8474/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity with Sean Martin, Logan Finch, Jason Williams, Aaron Myrick discuss the history and evolution of the Hack-A-Sat program, which aims to bridge the gap between the cybersecurity and aerospace communities and showcase the capabilities of extreme programming and hacking to secure space systems. The Moonlighter CTF challenge is a key part of the program, which emulates real-world attacks on space systems, and the guests share insights on the different disciplines involved in securing space systems.

This episode also explores the ethical considerations of hacking and cybersecurity, the importance of diversity in the space and cybersecurity industries, and the need for collaboration between the different communities to create a holistic approach to securing space and satellite systems. The group highlights the importance of a new mindset and approach to securing these systems, which are critical to our lives and the economy, and showcases the capabilities of the cybersecurity and aerospace communities.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Hack-a-Sat CTF Website: https://hackasat.com/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

ITSPmagazine On-Location at Infosecurity Europe 2023, London | Day Three Catch-Up | Redefining CyberSecurity with Sean Martin and Hacking Your Potential with Frankie Thomas

22 juni 2023 | 12 min

ITSPmagazine On-Location at Infosecurity Europe 2023, London | Day Two Catch-Up on Day Three Morning 🤔 | Redefining CyberSecurity with Sean Martin and Marco Ciappelli

22 juni 2023 | 8 min

ITSPmagazine On-Location at Infosecurity Europe 2023, London | Day One Evening Catch-Up | Redefining CyberSecurity with Sean Martin and Marco Ciappelli

22 juni 2023 | 10 min

Building a Better Defense with Attack Surface Management | A Brand Story from Infosecurity Europe 2023, London, England | A NetSPI Story with Nabil Hannan

21 juni 2023 | 23 min

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nabil Hannan, the field CISO at NetSPI, to discuss Attack Surface Management (ASM) and how it has evolved in recent years to become the minimum cybersecurity benchmark that organizations need. ASM provides a more targeted approach to vulnerability management, allowing testers to focus on building a platform with automation that identifies areas that need attention and validates them.

Sean and Nabil also cover API security, the challenges of authentication and authorization, and the need for organizations to prioritize building secure-by-design frameworks. Nabil stresses the importance of understanding an organization's external perimeter and what exposures might exist, as well as the need for good cybersecurity hygiene that starts with good cybersecurity basics before bringing others in to help with the problem.

ASM is an important element in modern cybersecurity with its role as the first line of defense reinforces the critical need to have a continuous view of an organization's external-facing perimeter.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-story

Guest: Nabil Hannan, Field Chief Information Security Officer (CISO) at NetSPI [@NetSPI]

On Linkedin | https://www.linkedin.com/in/nhannan/

Resources

Learn more about NetSPI: https://itspm.ag/netspi-hcjv

Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverage

Catch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

____________________________

If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).

Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndl

For more ITSPmagazine advertising and sponsorship opportunities:

👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Active Directory Cyber Resilience: Managing Permissions to Prevent Cybersecurity Threats | A Brand Story from Infosecurity Europe 2023, London, England | A Quest Software Story with Chris Thorpe

21 juni 2023 | 19 min

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Chris Thorpe from Quest Software to discuss operational and AD resilience and how organizations can manage permissions to prevent cybersecurity threats.

The conversation covers how AD is a vital system and a single point of failure for the organization and therefore is a prime target for bad actors. Given the continued rise in cybersecurity threats, organizations should assume that accounts have already been compromised and should aim to work towards blocking access at choke points before their tier zero assets can be reached.

Sean and Chris also discuss the importance of audit trails to track changes and to find the origin of a compromise, emphasizing that AD, as a specialist product, requires a specialist solution.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-story

Guest: Chris Thorpe, UK&I Technical Channel Manager at Quest Software [@Quest]

On Linkedin | https://www.linkedin.com/in/chris-thorpe-52488b25/

Resources

Learn more about Quest: https://itspm.ag/quest-adp23

Recommended Podcast | Cyber Resilience with Defense in Depth: Maximizing Security in Hybrid Active Directory Environments | A Their Story Conversation from RSA Conference 2023 | A Quest Story with Sergey Medved and Matthew Vinton: https://itsprad.io/redefining-cybersecurity-168

Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverage

Catch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

____________________________

If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).

Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndl

For more ITSPmagazine advertising and sponsorship opportunities:

👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Security Analytics for Continuous Threat Exposure Management: Making Better IT Decisions Through the Lens of an Attacker | A Brand Story from Infosecurity Europe 2023, London, England | A Cymulate Story with Nir Loya

21 juni 2023 | 19 min

Live on-location from Infosecurity Europe 2023, Sean Martin connects with Nir Loya from Cymulate to discuss the launch of their new solution for organizations to run an informed continuous threat exposure management (CTEM) program.

When you have the insights presented through the lens of the attacker and mapped to a CTEM program, you have an opportunity to drive better IT decisions to securely enable the business. The Cymulate Exposure Analytics solution has a quantifiable impact across all five of the CTEM program pillars and on a business’s ability to reduce risk by understanding, tracking, and improving its security posture with the following CTEM Alignment:

Scoping: Understand by organizational segment, the risk posture of business systems and security tools and its risk to immediate and emergent threats to define the highest impact programs needed to reduce or manage risk scores and tolerance
Discovery: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impact
Prioritization: Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibility
Validation: Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data. Immediate threat and security control efficacy data can be used to answer questions such as “Are we at risk to this emergent threat?”, “Do we have the necessary capabilities to protect us when under attack?”.
Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profiles

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-story

Guest: Nir Loya, VP of Product at Cymulate [@Cymulateltd]

On LinkedIn | https://www.linkedin.com/in/nir-loya-dahan/

Resources

Learn more about Cymulate: https://itspm.ag/cymulate-ltd--s2k4

Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverage

Catch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

____________________________

If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).

Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndl

For more ITSPmagazine advertising and sponsorship opportunities:

👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

The True Meaning of Operational Resilience: What Cybersecurity Leaders Can Learn From IT and Infrastructure Operations | A Brand Story from Infosecurity Europe 2023, London, England | A Semperis Story with Simon Hodgkinson

21 juni 2023 | 19 min

Supply Chain and Third-Party Risks: Who's Going to Manage These Balls of Yarn? | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Bridget Kenyon

21 juni 2023 | 17 min

Modernising the Legal Framework for Information Age | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Rob Black

20 juni 2023 | 22 min

Why Current Security Tools Don't Address ‘Zero-Day’ Exploits | A Brand Story from Infosecurity Europe 2023, London, England | An Ericom Story with Ravi Pather

20 juni 2023 | 26 min

Helping Security Teams Achieve More By Doing Less Through Automated Security Validation | A Brand Story from Infosecurity Europe 2023, London, England | A Pentera Story with Steve Smith

20 juni 2023 | 18 min

Visualizing and Prioritizing Risk Management in Cybersecurity: A Data-Driven Approach | A Brinqa Brand Story with CEO Amad Fida

15 juni 2023 | 41 min

Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin

14 juni 2023 | 51 min

Guest: Jason Haddix, CISO and Hacker in Charge at BuddoBot Inc [@BuddoBot]

On LinkedIn | https://www.linkedin.com/in/jhaddix/

On Twitter | https://twitter.com/Jhaddix

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this Redefining CyberSecurity Podcast, we provide an in-depth exploration of the potential implications of large language models (LLMs) and artificial intelligence in the cybersecurity landscape. Jason Haddix, a renowned expert in offensive security, shares his perspective on the evolving risks and opportunities that these new technologies bring to businesses and individuals alike. Sean and Jason explore the potential risks of using LLMs:

🚀 Prompt Injections
💧 Data Leakage
🏖️ Inadequate Sandboxing
📜 Unauthorized Code Execution
🌐 SSRF Vulnerabilities
⚖️ Overreliance on LLM-generated Content
🧭 Inadequate AI Alignment
🚫 Insufficient Access Controls
⚠️ Improper Error Handling
💀 Training Data Poisoning

From the standpoint of offensive security, Haddix emphasizes the potential for LLMs to create an entirely new world of capabilities, even for non-expert users. He envisages a near future where AI, trained on diverse datasets like OCR and image recognition data, can answer private queries about individuals based on their public social media activity. This potential, however, isn't limited to individuals - businesses are equally at risk.

According to Haddix, businesses worldwide are rushing to leverage proprietary data they've collected in order to generate profits. They envision using LLMs, such as GPT, to ask intelligent questions of their data that could inform decisions and fuel growth. This has given rise to the development of numerous APIs, many of which are integrated with LLMs to produce their output.

However, Haddix warns of the vulnerabilities this widespread use of LLMs might present. With each integration and layer of connectivity, opportunities for prompt injection attacks increase, with attackers aiming to exploit these interfaces to steal data. He also points out that the very data a company uses to train its LLM might be subject to theft, with hackers potentially able to smuggle out sensitive data through natural language interactions.

Another concern Haddix raises is the interconnected nature of these systems, as companies link their LLMs to applications like Slack and Salesforce. The connections intended for data ingestion or query could also be exploited for nefarious ends. Data leakage, a potential issue when implementing LLMs, opens multiple avenues for attacks.

Sean Martin, the podcast's host, echoes Haddix's concerns, imagining scenarios where private data could be leveraged and manipulated. He notes that even benign-seeming interactions, such as conversing with a bot on a site like Etsy about jacket preferences, could potentially expose a wealth of private data.

Haddix also warns of the potential to game these systems, using the Etsy example to illustrate potential data extraction, including earnings of sellers or even their private location information. He likens the data leakage possibilities in the world of LLMs to the potential dangers of SQL injection in the web world. In conclusion, Haddix emphasizes the need to understand and safeguard against these risks, lest organizations inadvertently expose themselves to attack via their own LLMs.

All OWASP Top 10 items are reviewed, along with a few other valuable resources (listed below).

We hope you enjoy this conversation!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

The inspiring Tweet: https://twitter.com/Jhaddix/status/1661477215194816513

Announcing the OWASP Top 10 for Large Language Models (AI) Project (Steve Wilson): https://www.linkedin.com/pulse/announcing-owasp-top-10-large-language-models-ai-project-steve-wilson/

OWASP Top 10 List for Large Language Models Descriptions: https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/

Daniel Miessler Blog: The AI attack Surface Map 1.0: https://danielmiessler.com/p/the-ai-attack-surface-map-v1-0/

PODCAST: Navigating the AI Security Frontier: Balancing Innovation and Cybersecurity | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation about AI security and MITRE Atlas with Dr. Christina Liaghati: https://itsprad.io/redefining-cybersecurity-163

Learn more about MITRE Atlas: https://atlas.mitre.org/

MITRE Atlas on Slack (invitation): https://join.slack.com/t/mitreatlas/shared_invite/zt-10i6ka9xw-~dc70mXWrlbN9dfFNKyyzQ

Gandalf AI Playground: https://gandalf.lakera.ai/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Managing the Current Demands of a Cyber Workforce Whilst Looking to Secure the Workforce of the Future | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Erhan Temurkan

14 juni 2023 | 23 min

Managing the Current Demands of a Cyber Workforce Whilst Looking to Secure the Workforce of the Future | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Paul Watts

14 juni 2023 | 30 min

Securing the Modern Business Riddled with Legacy Technology | Protecting Active Directory On-Premises and Azure AD in the Cloud | A Semperis Brand Story with Guido Grillenmeier and Daniel Lattimer

14 juni 2023 | 36 min

Anticipating The Next Decade of Bot-Enabled Threats | Exploring 10 Years of Imperva Bad Bot Reports | An Imperva Brand Story With Karl Triebes

14 juni 2023 | 54 min

Introducing 'Hacking Your Potential Podcast' | A Conversation with Podcast Host Frankie Thomas | ITSPmagazine Podcast Network with Sean Martin and Marco Ciappelli

14 juni 2023 | 47 min

Why Security Culture Eats Strategy for Breakfast | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Robin Bylenga

13 juni 2023 | 28 min

Can Augmented and Virtual Reality Improve Cybersecurity? The Role AR/VR Plays in an InfoSec Program | A Conversation with Dr. Stacy Thayer and Dr. Darius Hines-Cross | Redefining CyberSecurity with Sean Martin

7 juni 2023 | 54 min

Guests:

Dr. Stacy Thayer, Senior Manager, Marketing Research and Engagement at Netography [@netography] and Adjunct Professor of CyberPsychology at Norfolk State University [@Norfolkstate]

On LinkedIn | https://www.linkedin.com/in/stacythayer/

Dr. Darius Hines-Cross, Security Assigned Expert at Splunk [@splunk]

On LinkedIn | https://www.linkedin.com/in/dariushinescross/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining Cybersecurity on ITSPmagazine Podcast Network, host Sean Martin is joined by Dr. Stacy Thayer and Dr. Darius Hines-Cross to explore how virtual and augmented reality can be used in cybersecurity to improve business operations. Throughout the conversation, the group discusses the possibilities and ethical implications of using these technologies. They speculate on how virtual and augmented reality can be used to improve cybersecurity operations, such as training and simulations.

The experts explore the wide range of implications and opportunities that virtual and augmented reality offer in various industries, including the healthcare industry to help draw some analogies to other business operations. In another example, virtual reality can allow individuals to experience alternate worlds and places that may not be physically accessible. However, the group also discusses the potential dangers of crafted reality, where the reality is still controlled by someone else. They also discuss how virtual classrooms could be used to improve student participation in courses.

During the episode, the group also touches on the challenges of implementing such technology and the importance of doing research and risk analysis before investing. Small and medium-sized businesses are also discussed, with emphasis on the potential risks associated with implementing technology without proper security concerns. The podcast ends by stressing the opportunities and challenges of using virtual and augmented reality in various industries, including cybersecurity, and how technology can be used ethically to improve society.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

New Opportunities and Risks in Cybersecurity | A Conversation with John Chambers | Redefining CyberSecurity with Sean Martin

7 juni 2023 | 41 min

Guest: John Chambers, Founder and CEO at JC2 Ventures [@JC2Ventures]

On Linkedin | https://www.linkedin.com/in/johnchambersjc/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

https://www.itspmagazine.com/redefining-cybersecurity-podcast

___________________________

Episode Notes

On this episode of Redefining Cybersecurity, John Chambers - former CEO of Cisco and current CEO of JC2 Ventures - speaks with host Sean Martin about the intersection of cybersecurity and risk with AI, the state of enterprise budgets for cybersecurity, innovation in the tech industry, and the need for education and innovation hubs. Chambers warns that companies need a well-thought-out plan when it comes to AI strategies and cybersecurity strategies, emphasizing that those without plans may experience difficulties raising funds and suffer from stock declines. He notes the complexities arising from cybersecurity attacks, specifically those leveraging AI, and highlights the importance of getting ahead of the issue. Chambers also talks about the need for companies to evolve and emphasizes the importance of innovation.

Later in the conversation, Chambers and Martin shift to the need for education and innovation hubs, discussing how these hubs are shifting from being limited to only the coasts. They discuss how the industry playbook is similar to previous movements in cloud and internet technology, but the speed of change and disruption has evolved. Chambers highlights the changes occurring in West Virginia and notes the emergence of a new crop of cybersecurity professionals entering the field.

The episode concludes with Chambers emphasizing the need for a change in education to achieve long-term success in the industry, with a focus on sharing knowledge and innovation throughout the country. Overall, the episode provides listeners with insights on the future of cybersecurity and innovation, the importance of having a well-planned strategy for both fields, and the need for education and innovation hubs to achieve success.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Application Security Audit Adventure: Unpacking Penetration, Whitebox, and Blackbox Testing | A Conversation with Andrew Woodhouse and Dr. Mario Heiderich | Redefining CyberSecurity Podcast With Sean Martin

30 maj 2023 | 53 min

Infosecurity Europe 2023 Keynote Sneak Peek | Deciphering Cybersecurity Readiness: A Global Perspective | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Ian Hill

23 maj 2023 | 28 min

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]

On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!

____________________________

Episode Notes

In this Chats on the Road to Infosecurity Europe Conference podcast episode, Ian Hill, a cybersecurity veteran with 25 years in the field, and current Director of Information and Cybersecurity at Upp Corporation, shares his knowledge and experiences. He provides valuable insights into compliance, readiness, and the global challenges that affect cybersecurity.

A main focus is the interplay between compliance and security. Hill emphasizes the importance of prioritizing a robust security strategy that organically leads to compliance, rather than letting compliance requirements dictate security measures. This perspective offers a redefined take on building an effective cybersecurity framework.

The conversation also explores the concept of readiness in cybersecurity. In a domain where technology continually outpaces regulations, understanding what constitutes readiness is not straightforward. However, the discussion highlights its importance in preparing organizations to respond to evolving threats.

The conversation pivots to get a view of global cybersecurity, discussing the cross-border challenges that organizations face in our interconnected world. Hill underscores the implications of navigating diverse laws, cultural attitudes, and standards in a global company, and points to an increasing need for international cooperation to manage the complex, ever-changing threat landscape.

Have a listen. Enjoy. And be sure to catch Ian's keynote presentation and panel discussion during the conference.

____________________________

Resources

Learn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23

Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverage

Catch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B

____________________________

If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).

Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndl

For more ITSPmagazine advertising and sponsorship opportunities:

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

What to Expect At Infosecurity Europe Conference 2023 | ITSPmagazine Event Coverage: Infosecurity Europe 2023, London, England | A Conversation with Nicole Mills and Julia Clarke

16 maj 2023 | 31 min

An RSA Conference USA 2023 Recap | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Linda Gray Martin and Cecilia Murtagh Marinier

16 maj 2023 | 24 min

Beyond the Code: The Human Side of Cybersecurity and Social Engineering | A Conversation with Aunshul Rege | Redefining CyberSecurity Podcast With Sean Martin

10 maj 2023 | 45 min

Guest: Aunshul Rege, Director at The CARE Lab at Temple University [@TU_CARE]

On Linkedin | https://www.linkedin.com/in/aunshul-rege-26526b59/

On Twitter | https://twitter.com/Prof_Rege

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp

___________________________

Episode Notes

Welcome to a riveting new episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin! Today, we're diving into the fascinating world of social engineering and the crucial role of education in understanding cybersecurity. Join us in this engaging conversation with Aunshul Rege from Temple University, who does amazing work in helping students comprehend the importance of cybersecurity and how social engineering plays a vital part in it.

Imagine a world where computer science students and liberal arts students come together to tackle cybersecurity challenges from different angles. Aunshul Rege is an associate professor at the Department of Criminal Justice at Temple University, who has a unique journey starting as a software engineer and eventually realizing that computer science wasn't enough to answer the who, why, and how of cyber attacks. Her passion for understanding human behavior, sociology, and cybersecurity led her to explore the liberal arts side of cybersecurity.

In this episode, Aunshul talks about her innovative teaching methods, where she pushes her students to collaborate across disciplines and explore the importance of social engineering in cyber attacks. From shoulder surfing activities to discussing ethics and multidisciplinary teamwork, her students learn to appreciate the different skill sets and perspectives they bring to the table.

But it's not just about the technical aspect of cybersecurity. Aunshul's approach to teaching focuses on building students' understanding of human behavior and psychology in cyber attacks, emphasizing the value of social engineering in both the attack and defense aspects of cybersecurity.

As you listen to this fascinating conversation, you'll discover the powerful impact of merging computer science and liberal arts perspectives, the importance of ethics in cybersecurity, and how Aunshul's unique teaching methods help students appreciate their role in the ever-evolving world of cybersecurity.

So, get ready to be inspired by Aunshul's story and her innovative approach to cybersecurity education. You won't want to miss this captivating episode that challenges our understanding of cybersecurity and the critical role of social engineering in it. And don't forget to share this episode, subscribe to the podcast, and join us for more insightful conversations on Redefining Cybersecurity.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

The CARE Lab: https://sites.temple.edu/care/

Summer Social Engineering Event: https://sites.temple.edu/socialengineering/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Cybersecurity Chameleons: Adapting to an AI-Driven World | A Conversation with Tom Eston | Redefining CyberSecurity Podcast With Sean Martin

8 maj 2023 | 42 min

Guest: Tom Eston, VP of Consulting & Cosmos at Bishop Fox [@bishopfox]

On LinkedIn | https://www.linkedin.com/in/tomeston/

On Twitter | https://twitter.com/agent0x0

On Mastodon | https://infosec.exchange/@agent0x0

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp

___________________________

Episode Notes

In this new Redefining CyberSecurity podcast episode, Tom Eston and Sean Martin debate the value of certifications such as the CISSP. Tom emphasizes that, in his area of offensive security, experience, cultural fit, and ability to learn are more important than certifications or formal education. The two also discuss the role of internships in providing real-world experience and hands-on learning opportunities for aspiring professionals.

The conversation also touches on the importance of finding a niche within the cybersecurity field. Tom highlights the need for specialization and encourages listeners to explore different areas and technologies to find what excites them the most. He also stresses the importance of learning the fundamentals before diving deep into a specific subject. Sean and Tom consider how job descriptions may evolve to embrace specialization and the need for experts in different aspects of cybersecurity.

Tom and Sean also discuss the role of AI in cybersecurity, both as a tool to assist in detection and response, and as a potential risk itself. Tom believes that learning how to interface with AI and understanding its capabilities is crucial for professionals in the industry. While AI can be an efficient assistant, it is essential not to rely solely on its output, as human analysis and verification remain vital in ensuring accuracy and security.

Listen to this episode and you might begin to determine what your cyber chameleon might look like.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Shared Security Podcast: https://www.youtube.com/c/SharedSecurityPodcast

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Business of Security — Budgeting for Minimum Viable Security | ITSPmagazine Event Coverage: RSAC 2023 Broadcast Alley | A Conversation with Sarah Freeman, Megha Kalsi, Kristy Westphal | Redefining CyberSecurity Podcast with Sean Martin

1 maj 2023 | 38 min

The Fog of More, the Risk of Cybersecurity Commoditization, and the Race to the Bottom | A Their Story Conversation from RSA Conference 2023 | A Schellman Story with Michael Parisi

1 maj 2023 | 28 min

Stronger Together: The Power of Relationships in Defending the Digital Lives of Executives | A Their Story Conversation from RSA Conference 2023 | A BlackCloak Story with Chris Pierson

30 april 2023 | 27 min

This Their Story podcast episode features Chris Pierson, the co-founder of BlackCloak as Marco Ciappelli and Sean Martin discuss into the importance of relationships and human empathy in the cybersecurity field, as well as the challenges of cutting through the noise in the industry.

Chris Pierson presents the importance of protecting corporate executives and their personal lives, devices, and homes, ultimately ensuring their peace of mind. The trio explore the significance of human relationships in the cybersecurity industry, emphasizing the need for trust and understanding between vendors and clients. They also highlight the importance of human empathy in developing cybersecurity products and services that address the unique needs of different users. They also discuss the challenges of balancing privacy and security, while also considering the unique needs of clients in different sectors.

Pierson also unveils BlackCloak's latest innovation – the CISO Protection Dashboard. This powerful tool helps Chief Information Security Officers and their teams gain valuable insights into the digital lives of their executives.

Don't miss out on this informative and thought-provoking episode that delves deep into the world of digital executive protection. Be sure to tune in to learn about Black Cloak's innovative dashboard and how they involve their clients in the development process.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest:

Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Redefining Trust in Business Relationships: How AI and Natural Language Processing are Transforming Third Party Risk Assessment | A Their Story Conversation from RSA Conference 2023 | A VISO TRUST Story with Paul Valente and Russell Sherman

30 april 2023 | 31 min

In this Their Story podcast episode, Paul Valente and Russell Sherman discuss the challenges faced by both small and large enterprises when sharing data and managing risk with business partners and third party providers. They share their experiences working together in the past where they needed to balance addressing security concerns with closing deals. The duo highlights the importance of proper scoping and understanding the context of a business relationship to help assess inherent risks.

Paul and Russell also share details of their third party risk management platform which allows users to quickly scope and define attributes of a business relationship, providing an inherent risk rating. The platform uses over 800 data points and references over 25 frameworks, streamlining the process for both the assessor and the assessed. By utilizing natural language processing (NLP) and artificial intelligence (AI), the platform is able to analyze collected data, automate manual aspects of the review process, and provide valuable insights to help make better, faster, and more contextually-relevant informed decisions.

The pair further emphasize the importance of reducing friction in the assessment process, which led them to focus on eliminating the need for lengthy questionnaires and instead utilizing existing artifacts to assess a company's security posture. This innovative approach reduces the burden on both the assessor and the assessed while providing a more accurate and comprehensive view of a company's cyber risk.

Overall, this episode provides valuable insights into how technology is transforming the traditional third-party cyber risk assessment process and paving the way for a more efficient and secure future.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guests:

Paul Valente, CEO & Co-founder at VISO TRUST [@VISOTrust]

On LinkedIn | https://www.linkedin.com/in/pauldvalente/

Russell Sherman, Co-founder and CTO at VISO TRUST [@VISOTrust]

On LinkedIn | https://www.linkedin.com/in/neverenoughinfo/

On Twitter | https://twitter.com/russellsherman

Resources

Learn more about VISO TRUST and their offering: https://itspm.ag/visotrust8x4i

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The ROC Revolution: Risk Management Reimagined with Business Context Overlays in the Risk Operations Center | A Their Story Conversation from RSA Conference 2023 | A Brinqa Story with Mayuresh Ektare

30 april 2023 | 16 min

Driving Innovation and Protecting Growth: The Intricate Relationship Between Information Technology (CTO) and Information Security (CISO) | A Their Story Conversation from RSA Conference 2023 | An Imperva Story with Kunal Anand

29 april 2023 | 28 min

The rapid evolution of technology has ushered in the API revolution in cybersecurity, transforming the way organizations navigate an AI-driven threat and security landscape. As CTOs and CISOs grapple with the delicate balancing act of managing risk and innovation, they must adapt to the demands of securing a modernized world. This postmodern paradigm shift in cybersecurity necessitates a comprehensive understanding of emerging trends and cutting-edge solutions to effectively safeguard our increasingly interconnected digital ecosystem.

Dive into this captivating podcast episode featuring Kunal Anand, the CTO and CISO of Imperva, as he discusses the evolving world of cybersecurity and the impact of emerging technologies such as artificial intelligence. Alongside host Sean Martin, Kunal shares his experiences as both a CTO and CISO, highlighting the importance of peer-to-peer collaboration and the integration of modern technologies in the cybersecurity landscape.

Kunal and Sean delve into the significance of APIs in modern applications and the challenges of securing them in the face of ever-increasing data breaches. They also explore the transformative power of AI in both offensive and defensive security, including its role in enhancing productivity and effectiveness in cybersecurity efforts crossing all cybersecurity roles from analyst to executive.

Kunal also shares his insights into the future of cybersecurity and the need for the industry to embrace AI and other emerging technologies. This discussion offers valuable perspectives for anyone interested in understanding the evolving challenges and opportunities in the cybersecurity world. Don't miss this chance to learn from someone who thinks differently, thinks creatively, and thinks broadly about the challenges we face and the paths we can take to overcome them.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest:

Kunal Anand, CTO and CISO at Imperva [@Imperva]

On Linkedin | https://www.linkedin.com/in/kunalanand/

On Twitter | https://twitter.com/ka

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Protecting Data and All Paths to It: Enabling Innovation with Quick Time to Value and Low Total Cost of Ownership with Security Built In | A Their Story Conversation from RSA Conference 2023 | An Imperva Story with Pam Murphy

29 april 2023 | 29 min

Cyber Resilience with Defense in Depth: Maximizing Security in Hybrid Active Directory Environments | A Their Story Conversation from RSA Conference 2023 | A Quest Story with Sergey Medved and Matthew Vinton

26 april 2023 | 27 min

In this Their Story podcast, Sean Martin talks with Matthew Vinton and Sergey Medved from Quest about the challenges associated with Active Directory (AD) and the importance of these systems in a company's overall security methodology and posture.

Active Directory remains an integral part of an organization’s IT infrastructure as it is the pillar of identity that most organizations use to enable their workforce, partners, and business processes. The trio discusses how Quest helps companies manage their AD environment across a variety of functional areas like assessing the environment, detecting changes, putting in preventive controls, and guiding response and recovery.

They also cover the growing challenges security leaders face concerning AD and the gap between the people in the trenches and business leaders who may not understand the inherent importance of AD. Exacerbating this reality is the ongoing security talent shortage, where few new entries into the field learn the technology as it is not as forward-looking when compared to Azure.

About the Cybersecurity risk management for Active Directory from Quest

Microsoft Active Directory (AD) is under attack. That’s why cybersecurity risk management is so important. With 95 million attempted AD attacks every day, it should be no surprise to hear AD was the target of another cybercrime. But these concerns aren’t contained to on-prem AD; in 2021 alone, there were more than 25 billion Azure AD attacks. It’s clear cybersecurity risk management needs to be a consideration, and even if the issues you’ve encountered aren’t intentional or nefarious, you still need to be prepared for the worst.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guests:

Matthew Vinton, Strategic Systems Consultant at Quest [@Quest]

On Linkedin | https://www.linkedin.com/in/matthew-vinton/

On Twitter | https://twitter.com/Mister_momentum

Sergey Medved, VP, Product Management and Marketing at Quest [@Quest]

On Linkedin | https://www.linkedin.com/in/sergeym/

Resources

Learn more about Quest: https://itspm.ag/quest-adp23

Learn more about the Quest Cybersecurity for Active Directory Solution: https://itspm.ag/quest-pp49

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Five Pillars of CyberSecurity: Preparing for Continuous Compliance | A Their Story Conversation from RSA Conference 2023 | A VigiTrust Story With Mathieu Gorge

26 april 2023 | 22 min

Augmenting the InfoSec Analyst | ITSPmagazine Event Coverage: RSAC 2023 Broadcast Alley | A Conversation with Leah McLean, Diana Kelley, and Davi Ottenheimer | Redefining CyberSecurity Podcast With Sean Martin

26 april 2023 | 40 min

It’s Difficult to Secure the Invisible: Reinventing Asset Management for Modern Challenges in IT, IoT, and OT | A RunZero Brand Story with Huxley Barbee

21 april 2023 | 41 min

In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.

Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.

Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.

The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.

Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]

On LinkedIn | https://www.linkedin.com/in/jhbarbee/

On Twitter | https://twitter.com/huxley_barbee

On Mastodon | https://infosec.exchange/@huxley

Resources
Learn more about RunZero and their offering: https://itspm.ag/runzervvyh

Catch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbee

BSides NYC Podcast: https://itsprad.io/event-coverage-1388

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The Mainframe Advantage: Robust Security Meets Infrastructure Modernization | A Rocket Software and KRI Security Brand Story with Phil Buckellew and Cynthia Overby

21 april 2023 | 49 min

Navigating the AI Security Frontier: Balancing Innovation and Cybersecurity | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Dr. Christina Liaghati

21 april 2023 | 28 min

Guest: Dr. Christina Liaghati, AI Strategy Execution & Operations Manager for MITRE’s AI and Autonomy Innovation Center [@MITREcorp]

On LinkedIn | https://www.linkedin.com/in/christina-liaghati/

On Twitter | https://twitter.com/CLiaghati

At RSAC | https://www.rsaconference.com/experts/dr%20christina%20liaghati

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

In this Chats on the Road to RSA Conference podcast episode, listeners are treated to an insightful discussion between Dr. Christina Liaghati, Sean Martin, and Marco Ciappelli about the evolving landscape of AI security, its impact on various sectors, and the proactive steps being taken to address emerging threats. Dr. Liaghati shares her unique experiences working with government sponsors and her involvement in the development of MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems), a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research. ATLAS is modeled after the MITRE ATT&CK framework and its tactics and techniques are complementary to those in ATT&CK.

The conversation highlights how the rapid adoption of AI systems, combined with the lack of understanding of the risks involved, has led to new vulnerabilities and threats that need to be addressed. Listeners are also offered a glimpse into the challenges presented by the integration of AI into various systems, the need for collaboration between the AI and cybersecurity sectors, and the importance of understanding the new threat landscape created by AI adoption. Dr. Liaghati shares real-life examples of attacks on AI systems, emphasizing the need for constant vigilance and collaboration between industry, government, and academia to tackle these challenges.

The conversation also digs deeper into the potential consequences of AI deployment in high-stakes environments, such as finance and healthcare, and the importance of allocating resources to red teaming to identify vulnerabilities and secure these critical systems. By examining the current state of AI security and discussing the steps being taken to ensure its future, this episode provides an engaging and informative look at the complex interplay between AI, cybersecurity, and the systems we rely on every day.

____________________________

Resources

Session | Hardening AI/ML Systems - The Next Frontier of Cybersecurity: https://www.rsaconference.com/USA/agenda/session/Hardening%20AIML%20Systems%20-%20The%20Next%20Frontier%20of%20Cybersecurity

Learn more about MITRE Atlas: https://atlas.mitre.org/

MITRE Atlas on Slack (invitation): https://join.slack.com/t/mitreatlas/shared_invite/zt-10i6ka9xw-~dc70mXWrlbN9dfFNKyyzQ

Learn more about MITRE ATT&CK framework: https://attack.mitre.org/

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

The Looming Identity Crisis: Learning to Embrace the Human-AI Symbiosis in Cybersecurity and Identity | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Rohit Ghai

21 april 2023 | 26 min

Fostering a Better Understanding of Networking Within the Information Security Community to Build Stronger Cyber Defenses | A Conversation with Justin Elze and Mick Douglas | Redefining CyberSecurity Podcast With Sean Martin

21 april 2023 | 48 min

Guests:

Justin Elze, CTO at TrustedSec [@TrustedSec]

On LinkedIn | https://www.linkedin.com/in/justinelze/

On Twitter | https://twitter.com/HackingLZ

Mick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]

On LinkedIn | https://linkedin.com/in/mick-douglas

On Twitter | https://twitter.com/bettersafetynet

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this new Redefining Cybersecurity Podcast episode, Justin Elze, Mick Douglas, and Sean Martin delve into the importance of understanding networking concepts in the realm of cybersecurity. They discuss the misconceptions surrounding networking knowledge and how it often becomes cumbersome for people to learn. They highlight the underappreciated areas of networking that are frequently encountered in enterprise environments, such as DNS issues, virtual machines, VLANs, and more. The conversation also touches on the OSI model and the need for a structured approach to learning and adapting to various enterprise environments.

The episode highlights how the shift to cloud-based solutions and remote work has made certain aspects of networking easier while also changing the landscape of network security. The discussion examines the importance of understanding and implementing effective security controls based on the organization's needs and threat surface rather than relying on outdated or ritualistic practices. The trio further explores the concept of abstraction versus understanding the intricate details of IT security policy and controls.

Justin and Mick also talk about the need for a standard body of knowledge for cybersecurity professionals when it comes to networking concepts. They emphasize that while it's not necessary to be a networking expert, a deeper understanding of core concepts can significantly improve the effectiveness of network defense. By fostering a better understanding of networking within the information security community, professionals can better identify and address potential vulnerabilities and misconfigurations within their environments.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Past of the Future: Pioneering Decryption with AI and Quantum Physics | A Their Story Conversation from RSA Conference 2023 | A SandboxAQ Story with Clément Jeanjean

20 april 2023 | 49 min

In this Their Story podcast episode, Clément Jeanjean, Senior Director at SandboxAQ, joins Sean Martin and Marco Ciappelli to discuss the company's unique mission to combine quantum physics and artificial intelligence to address some of the world’s most difficult problems in three main industries: simulation, cybersecurity, and quantum sensing. Jeanjean delves into how SandboxAQ can significantly reduce the time it takes to develop new drugs, improve cybersecurity with quantum-resistant cryptography management, and create innovative sensing capabilities in healthcare and terrestrial navigation.

The conversation also covers the timeline and risks associated with the arrival of quantum computers, particularly regarding the current and future states of cryptography. Jeanjean emphasizes the growing consensus that fault-tolerant quantum computers may be available within 8 to 12 years, highlighting the challenges that major organizations face in migrating to post-quantum cryptography, which can take up to 10 years for mature organizations – possibly longer for less mature organizations.

Jeanjean also describes the various industries that have started moving towards quantum-resistant cryptography, such as financial services, healthcare, telecommunications, and the public sector. He explains the need for companies to gain visibility and control over their cryptographic assets and how SandboxAQ is helping them build an inventory and prepare for the migration to post-quantum cryptography.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest:

Clément Jeanjean, Senior Director, SandboxAQ [@SandboxAQ]

On Linkedin | https://www.linkedin.com/in/clementjeanjean/

On Twitter | https://twitter.com/clemjohnjohn

Resources

Learn more about SandboxAQ and their offering: https://itspm.ag/sandboxaq-j2en

Try SandboxAQ Security Suite: https://itspm.ag/sandbob3gy

Read the Security Suite Press Release: https://itspm.ag/sandboxb3e744

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

From Tech Silos to Cyber Synergy: Smarter Vulnerability Management with Brinqa | A Their Story Conversation from RSA Conference 2023 | A Brinqa Story with Dimitri Vlachos

20 april 2023 | 12 min

In this Their Story podcast episode, Sean Martin and Marco Ciappelli are joined by Dimitri Vlachos, CMO at Brinqa, a company focused on vulnerability risk management. Dimitri discusses how the Brinqa platform helps businesses consolidate their findings and vulnerabilities from various tools, manage the remediation process, and communicate risk to business owners. The platform aims to mature cybersecurity programs by breaking down siloed views and enabling security leaders to discuss vulnerabilities in the context of business impact.

The conversation highlights the importance of translating cybersecurity issues into business terms and emphasizes the need for consolidation and effective communication between different teams and tools. Dimitri shares how Brinqa is addressing this challenge by helping organizations tie their various cybersecurity tools together and better align their cybersecurity strategies with business objectives.

During the RSA Conference, Dimitri expects to see growing interest in consolidating and managing security tools more effectively. He also anticipates an increasing number of professionals looking to change traditional vulnerability management approaches and better address the risks associated with different tools. If you are intrigued by the conversation, you can find Brinqa in the North Hall during the conference or book a meeting with the team to learn more.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest:

Dimitri Vlachos, CMO at Brinqa [@brinqa]

On Linkedin | https://www.linkedin.com/in/dvlachos/

On Twitter | https://twitter.com/DimitriVlachos

Resources

Learn more about Brinqa and their offering: https://itspm.ag/brinqa-pmdp

Connect with Brinqa during RSA Conference: https://itspm.ag/brinqa6gp5

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

The C-Suite Culture Compass: A Diplomat's Guide to Cyber Leadership and Culture | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Dana Linnet

20 april 2023 | 29 min

Guest: Dana Linnet, President and CEO of The Summit Group DC

On LinkedIn | https://linkedin.com/in/dana-linnet-5bb2a85

At RSAC | https://www.rsaconference.com/experts/Dana%20Linnet

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

In this Chats on the Road to RSA Conference podcast episode, former US diplomat Dana Linnet speaks about her transition from diplomacy to cybersecurity, highlighting her experiences and the lessons she learned along the way.

Joining hosts Sean Martin and Marco Ciappelli, Linnet offers insights into how culture plays a crucial role in addressing cyber threats. She discusses her time as a government CISO (Chief Information Security Officer) and ISSO (Information System Security Officer), which began during the early days of cybersecurity. She also discusses her involvement in establishing the NATO Cybersecurity Center of Excellence (CCOE) in Estonia after the nation experienced cyber-attacks from neighboring Russia and how important it is for governments to listen to people who know more than they do about cybersecurity.

As the conversation turns to the importance of culture in cybersecurity and how human behavior is a critical factor in preventing cyber-attacks, Linnet highlights the importance of information sharing, learning from digital threats, and adapting to the ever-changing cyber landscape. The hosts and Dana also discuss personal responsibility in cybersecurity and the need for leaders to take ownership of the problem.

The conversation highlights Linnet’s upcoming panel at RSA Conference. Focused on the topic of leadership culture in cybersecurity, the panel will dive into the role of boards and C-suites in leading and nurturing a security-conscious culture. The panel also touches on the value of diverse backgrounds in the cybersecurity industry, the challenges of changing culture, and how companies need to address the cultural gap between what they know and what they do.

Tune in to learn from Linnet’s experiences and get a fresh perspective on the intersection of cybersecurity, culture, and leadership. Don't forget to follow all of ITSPmagazine’s RSA Conference coverage. Be sure to share and subscribe to Redefining CyberSecurity Podcast to keep up with the latest trends in technology and cybersecurity.

____________________________

Resources

Session | How to Create a Breach-Deterrent Culture of Cybersecurity, from Board Down: https://www.rsaconference.com/USA/agenda/session/How%20to%20Create%20a%20BreachDeterrent%20Culture%20of%20Cybersecurity%20from%20Board%20Down

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

Ethical Dilemmas in the Age of AI: Balancing AI Advancements and Cybersecurity | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Justin "Hutch" Hutchens

20 april 2023 | 28 min

Guest: Justin "Hutch" Hutchens, Director of Security Research & Development at Set Solutions [@setsolutionsinc] and a cybersecurity instructor for the University of Texas at Austin [@UTAustin]

On LinkedIn | https://www.linkedin.com/in/justinhutchens/

On Twitter | https://twitter.com/sociosploit

On YouTube | https://www.youtube.com/channel/UCGx0Wq45QB3pKHUzsX8R0Zg

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

In this captivating episode as part of our RSA Conference Coverage Chats on the Road series, Justin Hutchens, a seasoned expert in information security and AI, and hosts Sean Martin and Marco Ciappelli discuss the potential benefits and risks of integrating artificial intelligence (AI) and natural language processing (NLP) into various aspects of our lives. Justin shares his journey in AI, from attempting to crack financial markets to exploring its potential in social engineering.

Hutchens will be delivering a talk at RSA about the weaponization of large language models for fully autonomous social engineering systems and potential mitigation strategies. He will also lead a "birds of a feather" session on the ethics surrounding AI, touching on topics such as societal impacts, mental health, and job displacement.

The podcast delves into the perception and limitations of AI, emphasizing that it should be seen as a tool rather than a solution. Hutchens highlights the risks of integrating AI into business processes and shares his thoughts on the importance of human intervention to ensure the accuracy and safety of AI-generated outputs. He also mentions the possible advantages of using AI in security operations and its challenges in operational decision-making.

The conversation underscores the need for ongoing discussions covering the importance of ethics in AI, the rapid acceleration of AI development, its potential societal impacts, and understanding the necessity of balancing business objectives with societal concerns. Join this enlightening conversation as the trio discuss the power and responsibility that come with using AI and explore ways to mitigate the risks associated with integrating AI into organizations' workflows.

Don't forget to follow all of ITSPmagazine’s RSA Conference coverage. Be sure to share and subscribe to Redefining CyberSecurity Podcast to keep up with the latest trends in technology and cybersecurity.

____________________________

Resources

Session | Artificial Intelligence: Balancing Rapid Innovation with Ethics: https://www.rsaconference.com/USA/agenda/session/Artificial%20Intelligence%20Balancing%20Rapid%20Innovation%20with%20Ethics

Session | CatPhish Automation - The Emerging Use of AI in Social Engineering: https://www.rsaconference.com/USA/agenda/session/CatPhish%20Automation%20-%20The%20Emerging%20Use%20of%20AI%20in%20Social%20Engineering

Previous RSAC Presentations: https://www.rsaconference.com/experts/Justin%20Hutchens

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

Rebooting Cybersecurity: A Revived Conference Takes Center Stage in New York City | ITSPmagazine Event Coverage: BSides NYC 2023 | A Conversation with Lead Organizer, Huxley Barbee

14 april 2023 | 13 min

Guest:

Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]

On LinkedIn | https://www.linkedin.com/in/jhbarbee/

On Twitter | https://twitter.com/huxley_barbee

On Mastodon | https://infosec.exchange/@huxley

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

____________________________

Episode Notes

In this podcast episode, Huxley Barbee, a security evangelist at RunZero and lead organizer for BSides NYC, talks about reviving the major security conference after a hiatus through the pandemic.

With a record-breaking 127 submissions for talks, the conference will feature speakers from around the world discussing red and blue team topics, as well as various other aspects of the InfoSec industry. The event will also offer hands-on workshops, villages focused on career development, and resume reviews for students and professionals.

Taking place at John Jay College in Manhattan, the conference aims to be as accessible as possible, offering tickets at just $15 and automatically refunding students who register with a .edu email address. The conference theme, "The Reboot," invites attendees to rethink cybersecurity, with a keynote speech by Lance James on rebooting our thinking in the industry.

Don't forget to share and subscribe to Redefining CyberSecurity and our On-Location event coverage podcasts to keep up with the latest trends in technology and cybersecurity.

____________________________

Resources

BSides NYC: https://bsidesnyc.org/

____________________________

Are you interested in sponsoring an ITSPmagazine Channel or promoting your event?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

The Five Most Dangerous New Attack Techniques | Demystifying The Top Emerging Cyber Threats | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with SANS Instructors Katie Nickels and Johannes Ullrich

14 april 2023 | 26 min

Guests:

Katie Nickels, Certified Instructor and Director of Intelligence Operations at SANS Institute [@sansforensics] and Red Canary [@redcanary]

On LinkedIn | https://www.linkedin.com/in/katie-nickels/

On Twitter | https://twitter.com/likethecoins

On Mastodon | https://infosec.exchange/@likethecoins

Johannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]

On LinkedIn | https://www.linkedin.com/in/johannesullrich/

On Twitter | https://twitter.com/sans_isc

On Mastodon | https://infosec.exchange/@jullrich

____________________________

Host:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

In this new RSA Conference Coverage podcast episode with ITSPmagazine, cybersecurity experts and SANS instructors, Katie Nickels and Johannes Ullrich, delve into the "Five Most Dangerous New Attack Techniques" panel, a discussion they've been part of for the past few years. They shed light on how they identify these top techniques by examining their increasing prevalence and potential impact. Joined by an outstanding panel of experts, including Heather Mahalik, a mobile technology specialist, and Steve Sims, an offensive security guru, they offer unique insights from different sides of the industry while also highlighting the importance of practical, hands-on advice and defense strategies against these threats.

The panel emphasizes the importance of practical, hands-on advice and defense strategies to combat these emerging threats. Furthermore, Johannes shares valuable information about the Internet Storm Center's role in monitoring attacks and disseminating knowledge within the cybersecurity community.

Tune in to this must-listen episode for a sneak peek of the latest attack techniques, evolving defense mechanisms, and the collaborative efforts of the cybersecurity community that will be presented during the panel so you can stay one step ahead of the attackers.

Don't forget to share and subscribe to ITSPmagazine's RSA Conference Coverage to keep up with the latest trends in technology and cybersecurity.

____________________________

Resources

Session | The Five Most Dangerous New Attack Techniques: https://www.rsaconference.com/USA/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques

Internet Storm Center Diaries: https://isc.sans.edu/

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

The Importance of Software Bill-of-Materials (SBOMs) | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Allan Friedman

11 april 2023 | 41 min

CT Cubed At The RSAC 2023's Aerospace Village | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Henry Danielson, Adam Scheuer, and Chris McDaniels

10 april 2023 | 33 min

Guests:

Henry Danielson, Volunteer at AeroSpace Village [@SecureAerospace]

On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/

On Twitter | https://twitter.com/hdanielson

Adam Scheuer, Executive Vice President at CT Cubed Inc. [@CTcubed]

Chris McDaniels, CEO at CT Cubed Inc. [@CTcubed]

On LinkedIn | https://www.linkedin.com/in/mcdanielsc/

____________________________

Hosts

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

Welcome to this exciting episode where we take you on a journey to the RSA Conference in San Francisco, and even to space! In this episode, we get to explore the Aerospace Village and learn about the fascinating work of the group CT Cubed, all of whom are volunteers doing good things for society in aerospace. Our guests, Adam, Chris, and Henry share their stories and backgrounds, which have led them to their current roles.

The Aerospace Village at RSA Conference features many sub-villages and exciting activities, such as the work being done by CT Cubed. They focus on realistic training for engineering and analytical work, in addition to training, to keep current in the aerospace industry. Their work has led to the creation of a system of systems called the Mouse, which allows for realistic training of students in the aerospace field.

But that's not all! As Sean Martin, Marco Ciappelli and our guests discuss, there is a lot of activity happening in space, and we get the pleasure of connecting with some of the folks working on this topic through ITSPmagazine. It's one thing to read a book, watch it on TV, or listen to someone's story, but it's even cooler to get hands-on experience with it. And that's exactly what the Aerospace Village at RSA Conference provides.

So come join us on this thrilling journey to space and the Aerospace Village at RSA Conference, and learn about the exciting work being done by CT Cubed. Don't forget to share and subscribe to our podcast for more exciting episodes like this one!

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

Catch the video here: https://youtu.be/U7B_wUN8Pe8

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-society-podcast

Be sure to share and subscribe!

The Importance of Trust in Cybersecurity | Building Effective Teams and Communication | A Crucial Conversation With Billy Spears

6 april 2023 | 47 min

Artificial Intelligence and Machine Learning: The Double-Edged Swords in Fraud Wars | A Conversation with Cem Dilmegani | Redefining CyberSecurity Podcast With Sean Martin

4 april 2023 | 53 min

Guest: Cem Dilmegani, Principal Analyst at AIMultiple [@aimultiple]

On LinkedIn | https://www.linkedin.com/in/cem-dilmegani/

On Twitter | http://twitter.com/dilmegani

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this podcast episode, Cem Dilmegani and Sean Martin discuss the various types of fraud that exist and how machine learning can be utilized by both fraudsters and companies to outsmart each other.

The conversation delves into the world of fraud and its impact across various domains, from financial systems to advertising and even healthcare. The discussion highlights how fraudsters are using sophisticated techniques, such as machine learning and automation, to bypass rules-based systems and carry out illicit transactions or manipulate user behavior.

The conversation shifts to the financial services industry, where Cem explains how illicit actors might use automation to transfer funds through smaller transactions to avoid detection or bypass sanctions. They also discuss the challenges faced by banks in identifying fraudulent transactions and the complexities involved when dealing with nation-state actors.

Sean brings up the concept of open-source intelligence (OSINT) in the cybersecurity world and wonders if there's a similar database for fraud rules and vulnerabilities in the financial world. Cem explains that while OSINT might not be as powerful in the world of fraud, fraudsters can still find ways to exploit systems and bypass controls.

Throughout the conversation, intriguing use cases are presented, such as ad fraud in the B2B tech industry, where competitors employ machine-generated clicks and utilize bots to drain marketing budgets, or the concept of "feature fraud," where malicious actors manipulate user feedback to drive companies in the wrong direction.

The episode also delves into the challenges faced by the healthcare industry, including insurance fraud, where patients are overcharged for services or billed for therapies they never received. In the financial services realm, fraudsters resort to account takeovers, complex transaction models, and even shell entities to bypass security measures.

The discussion also highlights the ever-evolving world of fraud, emphasizing the need for businesses and industries to leverage advanced technologies, like AI and machine learning, to stay ahead of the curve and protect themselves from these sophisticated threats. This episode is a must-listen for anyone interested in understanding the simple complexities of fraud and the countermeasures that can be employed to mitigate its impact.

Tune in now and stay ahead of the curve!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Cloud Security Podcast: https://www.cloudsecuritypodcast.tv

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Data Privacy Divide: Navigating Transatlantic Data Protection Perspectives | A Conversation with Maria D'Avanzo and Lyndon Marquez | Redefining CyberSecurity Podcast With Sean Martin

4 april 2023 | 51 min

Guests:

Maria D'Avanzo, Chief Evangelist Officer at Traliant [@traliant]

On LinkedIn | https://www.linkedin.com/in/maria-d-avanzo/

Lyndon Marquez, Corporate Counsel at Life Extension [@LifeExtension]

On LinkedIn | https://www.linkedin.com/in/lyndonmarquez

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this podcast episode, Lyndon Marquez, Maria D'Avanzo, and Sean Martin engage in an insightful discussion about data privacy, regulations like GDPR, and how companies approach these issues.

Lyndon Marquez highlights the differences between the U.S. and Europe in terms of their approach to privacy and data handling. He explains that GDPR was a significant milestone that helped companies focus on data protection, even though it may have initially seemed like overkill. Marquez emphasizes that striking a balance between business needs and regulatory requirements is crucial.

Maria D'Avanzo shares her experience of implementing privacy programs at Cushman. She notes that GDPR was a key factor in driving organizations to prioritize privacy as a standalone function. D'Avanzo also discusses the challenges of navigating between business goals and data protection requirements, emphasizing the importance of having an appropriate privacy program in place.

Sean Martin raises questions about the current state of privacy and data protection, wondering if companies have mastered GDPR or if there's still room for improvement. Both D'Avanzo and Marquez agree that the mindset towards data privacy in the U.S. still has a long way to go before it reaches the level of awareness seen in Europe.

The conversation also touches on the role of board members in addressing privacy concerns, the potential impact of new legislation, and the challenges smaller companies face in implementing security and privacy measures. They explore the importance of looking at data privacy from a risk perspective, making it relatable for decision-makers, and ensuring appropriate measures are in place.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A CISO Is Like a Cyber First Responder | Leadership Insights from Successful Cybersecurity Executives Nicole Darden Ford and Aric Perminter | Redefining CyberSecurity Podcast With Sean Martin

1 april 2023 | 37 min

Guests:

Nicole Darden Ford is Vice President, Global Information Security and Chief Information Security Officer at Rockwell Automation [@ROKAutomation]

On LinkedIn | https://www.linkedin.com/in/nicole-darden-ford/

On Twitter | https://twitter.com/Nicoledgray

Aric K. Perminter, Founder & Chairman of Lynx Technology Partners [@LynxPartners] and Board Member at International Consortium of Minority Cybersecurity Professionals (ICMCP) / Cyversity [@OneCyversity]

On LinkedIn | https://www.linkedin.com/in/aricperminter/

On Twitter | https://twitter.com/aricperminter

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this podcast episode, Sean Martin, the host of the Redefining CyberSecurity Podcast, speaks with Nicole Darden Ford, the Vice President, Global Information Security, and Chief Information Security Officer at Rockwell Automation, and Aric Perminter, Founder & Chairman of Lynx Technology Partners, about the role of a Chief Information Security Officer (CISO) ranging from business defense to national security.

The trio discusses the importance of understanding what is being protected and why it is important in industries such as healthcare, retail, banking, and critical infrastructure. They also talk about the need for cybersecurity professionals to be like cyber first responders and the importance of communicating risk in a financial context. Additionally, the conversation delves into the pressures and hardships that come with being a CISO and how those that take on the role can maintain a positive attitude and feel good about the work they do. Both Nicole and Aric emphasize the importance of caring for one's team, being personable, and having the passion and courage to do what is necessary to protect an organization's data and infrastructure. They also share stories of successful initiatives they have undertaken as CISOs, such as uplifting the competency and training program for a cybersecurity team and enabling a team to work from home during the COVID-19 pandemic.

Overall, the conversation sheds light on the complex and challenging role of a CISO and the importance of effective cybersecurity leadership for the benefit of the team, the program, and the organization.

Enjoy the conversation! And don't forget to subscribe and share!

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3

ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Unveiling Tomorrow's Cybersecurity Game-Changers | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Cecilia Murtagh Marinier

30 mars 2023 | 33 min

Guest: Cecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/

On Twitter | https://twitter.com/CMarinier

____________________________

Hosts

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

Welcome to another thrilling episode of ITSPmagazine's RSA Conference US 2023 Coverage Podcast, hosted by Sean and Marco. In today's episode, we dive into an engaging conversation with Cecilia Marinier from the RSA Conference, who is responsible for managing the suite of innovation programs, and those aimed at college students. This captivating discussion will give you a deeper understanding of the exciting things happening in the world of cybersecurity innovation.

Cecilia shares insights into the Innovation Sandbox contest, an 18-year-old cornerstone event of the conference that has seen billions of dollars of investments and produced numerous successful companies. With a 150% increase in submissions this year, the top 10 companies have been announced, showcasing a diverse range of backgrounds and problem-solving approaches.

In addition to the Innovation Sandbox, we learn about Launchpad, an event that focuses on earlier stage startups, where three entrepreneurs pitch to venture capitalists. The venture capitalists themselves come from varied backgrounds, bringing unique perspectives and valuable questions to the table.

We also explore the Early Stage Expo, where 50 startups showcase their solutions, and a series of informative content sessions aimed at those interested in becoming entrepreneurs. The RSA Conference is committed to innovation, and this episode highlights the passion and excitement behind it.

Join Sean and Marco as they ask Cecilia about the criteria for selecting participants for the Innovation Sandbox and Launchpad events. We discover the importance of having a strong team, a novel approach to solving a problem, and the ability to demonstrate the potential for significant market impact.

If you're eager to learn about the future of cybersecurity innovation, this conversation is a must-listen. Don't miss out on this episode packed with valuable insights, and be sure to share it with others, subscribe to the podcast, and join us for more captivating discussions.

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

Catch the video here: https://youtu.be/U7B_wUN8Pe8

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in sponsoring an ITSPmagazine Channel?

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-society-podcast

Be sure to share and subscribe!

Safeguarding the C-Suite | Pioneering the Future of the Executive Digital Protection Revolution | A Their Story Conversation from RSA Conference 2023 | A BlackCloak Story With Chris Pierson and Daniel Floyd

28 mars 2023 | 44 min

Welcome to another exciting episode of our podcast, where we dive into the fascinating world of cybersecurity and explore the challenges faced by businesses and individuals alike. Today, we have an extraordinary story to share, one that sheds light on the ever-evolving landscape of cyber threats and the innovative solutions being developed to protect us. We're talking about BlackCloak, a cutting-edge cybersecurity company that's changing the game when it comes to digital executive protection. So buckle up, sit back, and prepare to be amazed as we unravel the incredible story of BlackCloak and its mission to safeguard the digital lives of corporate executives and high-profile individuals. And don't forget to subscribe and share our show so that you and your network can stay ahead of the curve in this rapidly changing world of cybersecurity.

In today's episode, we're joined by BlackCloak's co-founder, Dr. Chris Pierson, and their Chief Information Security Officer, Daniel Floyd. Both of these experts bring decades of experience in system architecture, security operations, and cybersecurity strategy to the table. As they discuss the unique challenges faced by executives and their families in the age of remote work, it becomes apparent that traditional cybersecurity measures are no longer enough.

The conversation delves into the critical need for digital executive protection that extends beyond the four walls of a company. This is where BlackCloak steps in, providing comprehensive protection for executives and their families in their personal lives without infringing on their privacy. The aim is to create a hardened target around these high-profile individuals and their loved ones, safeguarding their homes, devices, and personal data from malicious cybercriminals.

As our guests share real-world examples of high-profile breaches, such as Twilio and Uber, it becomes evident that the personal lives of executives are increasingly becoming the soft underbelly of companies' cybersecurity defenses. By targeting executives through phishing attacks and exploiting their personal devices, cybercriminals are finding ways to bypass corporate security measures and access sensitive information.

In response to these evolving threats, BlackCloak offers an innovative solution that bridges the gap between corporate and personal cybersecurity. By taking a proactive approach and addressing the unique challenges faced by executives and their families, BlackCloak is redefining digital protection and shaping the future of cybersecurity as we know it.

Don't miss out on this thrilling episode as we delve into the cutting-edge world of BlackCloak and learn how they're revolutionizing the way we think about cybersecurity. Remember to subscribe to our show and share it with your friends and colleagues so that everyone can stay informed and protected in this ever-changing digital landscape.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guests:

Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

Daniel Floyd, CISO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/daniel-n-floyd/

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Connect with BlackCloak during RSA Conference: https://itspm.ag/blackcvnk8

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

What to Expect At RSA Conference USA 2023 | ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA | A Conversation with Linda Gray Martin and Britta Glade

22 mars 2023 | 46 min

Cloud Security for the Next Generation of Companies | A Conversation with Taylor Hersom and Ashish Rajan | Redefining CyberSecurity Podcast With Sean Martin

18 mars 2023 | 54 min

Guests: Taylor Hersom, Founder at Eden Data [@edendatainc]

On LinkedIn | https://linkedin.com/taylorhersom

On Twitter | https://twitter.com/taylorhersom

Ashish Rajan, CISO, CyberSecurity Influencer, SANS [@SANSInstitute] Trainer for Cloud Security, and Host of the Cloud Security Podcast [@CloudSecPod]

On LinkedIn | https://www.linkedin.com/in/ashishrajan/

On Twitter | https://twitter.com/hashishrajan

On TikTok | https://www.tiktok.com/@hashishrajan

On YouTube | https://www.youtube.com/channel/UCRrWf6aQnFbdS7WRlv_o0Tw

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

___________________________

Episode Notes

Join Sean, Ashish, and Taylor, as they discuss the evolution of cloud computing, cloud security, and their experiences in the field. The conversation explores the different types of cloud services, the shift from on-premises to cloud infrastructure, and the growing need for professionals with specific cloud security knowledge.

The guests address the challenge of shadow IT, where people within an organization use cloud services without the knowledge of the IT team or leadership. They stress the importance of collaboration, focusing on a "security champions" program that bridges the gap between security professionals and developers. They emphasize building security from the beginning rather than patching holes later and highlight the importance of adapting to the ever-changing landscape of cloud security.

They also discuss the use of ChatGPT as a learning tool, its potential impact on the security community, and its potential benefits and risks, exploring the possibility of using ChatGPT for compliance and its impact on external auditors. While acknowledging the potential benefits of ChatGPT, they caution against overreliance on technology and stress the importance of maintaining critical thinking, problem-solving, and respect within the security community.

The podcast concludes with an emphasis on the importance of culture, collaboration, and trust in cybersecurity. The guests note the role of security champions programs in bridging knowledge gaps and highlight the need to customize security frameworks like NIST for specific IT environments. They touch on the softening stigma around cybersecurity and point out that people already practice security in their daily lives, encouraging them to apply the same mindset to their digital work.

Listen up and comment on this episode to share your thoughts with the community.

____________________________

Resources

Cloud Security Podcast: https://www.cloudsecuritypodcast.tv

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

National Guard as a Cyber Defense Organization | A Conversation With Dr. Hunter LaCroix and Marco Ciappelli | Redefining CyberSecurity Podcast With Sean Martin

8 mars 2023 | 50 min

Guests: Dr. Hunter LaCroix, Adjunct Professor, University of Maryland Global Campus [@umdglobalcampus] and EMT Firefighter Rescue Technician Hazmat Specialist, State of Maryland [@StateMaryland]

On LinkedIn | https://www.linkedin.com/in/hunter-l-035498234/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, Sean Martin is joined by Dr. Hunter LaCroix and Marco Ciappelli to discuss the intersection of emergency management and cybersecurity. Dr. LaCroix argues that there is a significant disconnect between the two areas, with emergency management professionals not considering cyber attacks as a true area of disaster. This is despite increasing cybercriminal activity targeting local and state governments and their supporting critical infrastructure. The conversation points out that there is a need for a cyber capability that develops around the physical disaster response framework, similar to the response we often see when a natural disaster occurs.

States such as Ohio and California have implemented cybersecurity volunteer reserves and cybersecurity watch centers, respectively. The National Guard units also assist local entities during cyber incidents and play a vital role in emergency management relationships. Pre-existing relationships with the National Guard can be leveraged and building public-private partnerships is critical in cybersecurity incident response. The private sector and cybersecurity professionals trust the National Guard to be a leader in local and state cybersecurity incident response. Still, there is a widespread problem at the local and state level of operations and a lack of broader implementation and utilization of these services.

Dr. LaCroix has written about this topic, with a book being published shortly. You can read the abstract for the book below.

Book Abstract

Cybersecurity is a national priority for the Homeland Security enterprise. Yet, despite a prioritization at the federal level, municipal and state governments have struggled to incorporate the National Guard in cyber incident response. Cyber incidents strain municipalities and states, which have spent significant resources to mitigate cyber threats. The glaring gap in the National Guard’s role in municipal and state cyber incident response warrants two key questions as to why the National Guard isn’t more readily used. “Is it cost prohibitive to use National Guard assets when compared to private entities?” Or “is there an underlying sociological disconnect regarding the National Guard’s role in cyber disaster when compared to physical disasters.”? Both questions and the National Guard’s role have largely been under-examined by Homeland Security professionals and academia requires additional examination.

This dissertation seeks to study via a sequential mixed method approach answers to both questions. First, using a quantitive analysis method examining case studies this study seeks to examine if “it is less expensive for municipal and state governments to use the National Guard instead of private sector assistance for cyber incident responses?" Sequentially if it is less expensive, this dissertation seeks to utilize a survey-based questionnaire from associations of National Guard and Emergency response personal to answer, “is there and underlying sociological misperceptions that contribute to National Guard’s underutilization for cyber disasters when compared to their role in traditional disaster response?”

This study achieved complimenting results: with quantitative testing affirming the initial hypothesis regarding the National Guard’s cost effectiveness versus private sector entities in case studies examined. This led to qualitative studies using surveys to examine possible misperceptions of the National Guard’s role in cyber incident response for municipal and state level operations. Surveys revealed both a lack of understanding and disconnect between the National Guard’s role in cyber incident response when compared it is normal role in physical disasters. This research creates opportunity and future growth for homeland Security professionals to prioritize the understanding and growing role of the National Guard for public and private enterprise at the municipal and state level of cyber incident response.

____________________________

Resources

Book: Coming (Date: TBD)

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Overcoming the 5 Areas Where CISOs Tend to Struggle | Discussing the Biggest Mistakes CISOs are Making | A Crucial Conversation With Matthew Rosenquist

2 mars 2023 | 50 min

Evolution of the CISO | A Conversation With Patricia Muoio | Redefining CyberSecurity Podcast With Sean Martin

24 februari 2023 | 43 min

The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security | Part 2 Of 2 | An Imperva Brand Story With Peter Klimek

23 februari 2023 | 40 min

The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security | Part 1 Of 2 | An Imperva Brand Story With Gabi Stapel

16 februari 2023 | 23 min

The December 2021 log4j vulnerability was a major event in the cybersecurity world. When it was released and exposed to the internet, it caused an explosion in attacks with five and a half million attacks per day and up to 25,000 sites attacked per hour. The vulnerability affects any system running that version of Java lookup and could be at risk, even if it is only exposed internally to insiders. The attackers initially used scanning and checking to see which sites were vulnerable, and then it was automated. Attack tools were created to make it easier for attackers to reach as many targets as possible. Public awareness campaigns have been effective, but vulnerabilities can reappear due to the prevalence of the software. 72% of organizations still had some level of vulnerability to log4j as of October 2022.

As captured in this episode, remediation is not a one-and-done solution, as seen with Log4j, where organizations would fix the problem, and then it would come right back due to the prevalence of the software and how deep it went. The importance of API security is emphasized since 15% of the numbers were coming from APIs. The need to check and document new things added to the system is crucial to maintain proper documentation and be up on remediation. In short, software supply chain security is critical.

Note: This story contains promotional content. Learn more.

Guest: Gabi Stapel, Content Manager @ Imperva Threat Research [@Imperva]

On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/

On Twitter | https://twitter.com/GabiStapel

Resources

Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Blog: Log4j: One Year Later

Solution page: Stopping software supply chain attacks

Learning center: Supply Chain Attack

Learning center: Zero-day (0day) exploit

National Telecommunications and Information Administration: Software Bill of Materials

National Telecommunications and Information Administration: Vulnerability-Exploitability eXchange

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Challenges With The Alphabet Soup Of Security | A Conversation With Mehran Farimani And Jay Thoden Van Velzen | Redefining CyberSecurity Podcast With Sean Martin

10 februari 2023 | 55 min

Developing Cybersecurity Leadership Capabilities And Scaling The Competency Of Your Team | A Crucial Conversation With Dutch Schwartz

10 februari 2023 | 49 min

Rating 2022 Cybersecurity Predictions | A No Holds Barred Conversation About Realities Of Our Cyber Society With Matthew Rosenquist | Redefining CyberSecurity Podcast With Sean Martin

30 januari 2023 | 76 min

Managing Human Cyber Risk | A Conversation About Aligning Cybersecurity Culture To The Organization's Strategy With Lance Spitzner | Redefining CyberSecurity Podcast With Sean Martin

9 januari 2023 | 39 min

Why Protecting Your Business Data Is More Like Securing A Museum Than A Bank | Demystifying Data Protection | An Imperva Brand Story With Terry Ray

20 december 2022 | 49 min

Military Experience Sets The Stage For Cybersecurity Success In Corporate Sector | A Crucial Conversation With Billy Pugh

15 december 2022 | 45 min

Community Member Contributor: William Pugh
Security Consultant at AWS [@awscloud]
On LinkedIn | https://www.linkedin.com/in/billy-pugh/

Hosts
Sean Martin
Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli
Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

______________________

Episode Description

Companies looking to strengthen their cybersecurity programs would do well to look toward military veterans who are transitioning to the corporate sector. Veterans come equipped with the necessary experience and a cybersecurity paradigm that sets them up for success in helping protect vital digital assets.

A vital part of that paradigm is the ambiguity of cybersecurity. New technologies keep emerging that need protection by applying security controls. At the same time, cybercriminals constantly change their tactics, exploiting known weaknesses and bypassing common controls.

Both the military and the corporate world also face a dearth of security talent and often have to throw professionals with little experience at the cybersecurity ambiguity challenges. Private companies and public organizations thus need professionals who are accustomed to working under the pressure of ambiguous scenarios with limited resources to support them.

______________________

For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcast

To access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22

To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs

______________________

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Just How Defensible Is Your InfoSec Program? | A Conversation About Security Awareness And Culture With Javvad Malik And Marco Ciappelli | Redefining CyberSecurity Podcast With Sean Martin

8 december 2022 | 50 min

Guests
Javvad Malik
Lead Security Awareness Advocate at KnowBe4 [@KnowBe4]
On LinkedIn | https://www.linkedin.com/in/javvad/
On Mastodon | https://infosec.exchange/@Javvad
On Twitter | https://twitter.com/J4vv4D
On TikTok | https://www.tiktok.com/@j4vv4d
On YouTube | https://www.youtube.com/infoseccynic

Marco Ciappelli
Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

Host
Sean Martin
Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors
Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc
Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

Security awareness and security culture are talked about a lot in the community. In this episode, we get into the nitty gritty of both of these topics, hearing about them via real-world stories and discussing them in the context of real-life analogies. A program is just a program unless it can be understood, measured, and defended from all angles.

As one example discussed in this episode, there's no point in just teaching people to spot a phishing email because phishing now comes in text messages, on social media, direct messages on Twitter or Instagram, on Discord channels, even in your WhatsApp messages. There's no way you can train everyone on every single channel out there. A better option is to teach them about the red flags, give them knowledge about how the bad actors will approach their targets, and what some of the signs are to look out for. Help them understand that if you're careful, then you won't fall victim to it. One analogy used to help illustrate this point comes in the form of the crosswalks in London where information is shared with the street crosser at the point when/where they are crossing as opposed to trying to train the traveler weeks in advance of visiting London.

This is one of the many, many points that our guest, Javvad Malik, shares with us during this episode.

Enjoy and learn!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Securing Multiple Cloud And SaaS Environments Requires A New Paradigm | A Crucial Conversation With Frank Kim

1 december 2022 | 39 min

Security-As-Code | Integrating Security Testing Into The SDLC | A Conversation With Andy Rappaport | Redefining CyberSecurity Podcast With Sean Martin

23 november 2022 | 57 min

CyberSecurity Flips The Bird And Moves To InfoSec.Exchange | How The Mastodon Social Platform Can Play A Key Role In Exchanging Ideas, Challenges, And Solutions | A Conversation With Jerry Bell | Redefining CyberSecurity Podcast With Sean Martin

18 november 2022 | 43 min

Why Privacy Compliance Is A Challenge For Many Organizations | Prepare To Meet Varying Compliance Requirements | Part 2 | An Imperva Brand Story With Kate Barecchia

11 november 2022 | 36 min

In the first episode of this two-part series, we looked at the history of privacy law and regulation and we explored how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business. We also dissected the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.

In this second episode, we take a closer look at actionable strategies and steps organizations can take to operationalize data privacy compliance and how to leverage data privacy initiatives to create a stronger security posture. As we explore these challenges, we begin to uncover the realities of the increased complexity that comes with each decision the business makes to create, collect, store, process, and share sensitive information throughout multiple business systems, applications, and geographies. While there is a clear need to protect the data from being inappropriately accessed by authorized or unauthorized users, a better strategy can be found in the simplification of the business systems and processes thereby avoiding (or at least reducing) the exposure to compliance and security risk.

Whatever the drivers are behind your business outcomes and IT operations decisions, having an outcome in mind for privacy and security will give you something to shoot for. Whether it's creating the strongest posture possible or simply checking the boxes for compliance, at least you know where you're going and can begin to head down that path. Clarity and consistency in action brings improved preparedness and increased confidence to the conversation, which leads to more positive outcomes all the way around.

Note: This story contains promotional content. Learn more.

Guest
Kate Barecchia
Deputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/

Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Product: Imperva Data Security Fabric

Data Discovery Solution: Data discovery and classification

Data Security Solution: Sensitive and personal data security

Webinar: What Security Professionals Need to Know About Privacy in 2023

Whitepaper: A data-centric cybersecurity framework for digital transformation

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Practicing Information Security As A Small And Medium Sized Business | Why CyberSecurity Is Everybody's Business | A Conversation With Scott Schober | Redefining CyberSecurity Podcast With Sean Martin

10 november 2022 | 41 min

How CISOs Can Recruit And Retain IT Security Teams While Also Fulfilling Their Own Careers | A Crucial Conversation With Megan McCann

7 november 2022 | 45 min

The Hybrid SOC | A Conversation With LeAnn Cary, Yolanda Craig, Sunday Oludare Ogunlana, And Jay Jay Davey | Second Annual SOC Analyst Appreciation Day | On Location Coverage Podcast With Sean Martin And Marco Ciappelli

29 oktober 2022 | 48 min

Speaking InfoSec To The Board | Why CyberSecurity Should Be A Board-Level Discussion | A Conversation With Deborah Blyth And Merlin Namuth | Redefining CyberSecurity Podcast With Sean Martin

28 oktober 2022 | 44 min

Why Privacy Compliance Is A Challenge For Many Organizations | Prepare To Meet Varying Compliance Requirements | Part 1 | An Imperva Brand Story With Kate Barecchia

26 oktober 2022 | 41 min

Cyberattacks On Complex Supply Chains Are Difficult, But Not Impossible, To Resolve | A Crucial Conversation With Mark Weatherford

21 oktober 2022 | 42 min

Global supply chains have grown much more complex than simply figuring out how to get products and services from Point A to Point B. Companies also depend on second-tier, third-tier, and even nth-tier vendors they don’t know and have no relationship with for the services and components they require to operate.

Cyberattacks on software across these complex supply chain ecosystems have resulted in disruptions, defects, and diversions that are difficult to identify and resolve—one weak link in the chain can bring the entire ecosystem to a halt.

In this episode, Mark Weatherford—CSO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center—examines the importance of understanding vendor cybersecurity postures, not only primary suppliers but also their suppliers as well. Weatherford also discusses how enterprise software components can come from vendors all over the world and how global events can impact supply chains. Weatherford then presents why the jobs of CISOs are so difficult in defending supply chains, along with a few tips for organizations to protect their operations.

_______________________

Community Member Contributor: Mark Weatherford
CSO at AlertEnterprise [@AlertEnterprise] and Chief Strategy Officer at the National Cybersecurity Center [@NATLCyberCenter]
On Twitter | https://twitter.com/marktw
On LinkedIn | https://www.linkedin.com/in/maweatherford/

Host: Sean Martin
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

______________________

For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcast

To access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22

To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs

______________________

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Future Of The Cybersecurity Market Is Rooted In The Outcome We Are Trying To Achieve | A Conversation With William Kilmer | Redefining CyberSecurity Podcast With Sean Martin

19 oktober 2022 | 43 min

Reliant — Resilient — Recoverable | Exploring Space Security And The Hack-a-Sat Capture The Flag Event | A Conversation With Logan Finch And Jason Williams | Redefining CyberSecurity Podcast With Sean Martin

3 oktober 2022 | 44 min

Advocate Security For Your Customers By Ensuring The Safety Of Your Products | A Crucial Conversation With Alex Kreilein

3 oktober 2022 | 52 min

CISOs and InfoSec teams in charge of product security realize how the drive for innovation can speed up their organization's product release philosophy. Software development teams want applications to continuously expand functionality to solve more customer pain points and go to market before the competition.

But it’s just as vital for CISOs and InfoSec teams to be product security advocates for customers—to ensure their accounts and sensitive data are safe from bad actors.

In this episode, Alex Kreilein, a Senior Technical Program Manager for Microsoft, discusses what it takes for CISOs and InfoSec teams to become security advocates for customers by ensuring the safety of software products. Kreilein also examines the importance for CISOs and InfoSec teams to understand the objectives of the software development team and to interject product security early into the software development lifecycle. Kreilein then presents why accuracy in security testing is more important than finding vulnerabilities and how it’s critical to establish one team across security and developer teams—by making success metrics transparent and allowing team members to hold each other accountable.

_______________________

Community Member Contributor: Alex Kreilein
Senior Technical Program Manager, Microsoft [@Microsoft / @msftsecurity]
On Twitter | https://twitter.com/AK3R303
On LinkedIn | https://www.linkedin.com/in/alexkreilein/

Host: Sean Martin
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

______________________

For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcast

To access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22

To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs

______________________

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Solving Modern-Day SOC Challenges | A Conversation With Chaz Lever | Second Annual SOC Analyst Appreciation Day | On Location Coverage Podcast With Sean Martin And Marco Ciappelli

22 september 2022 | 40 min

DDoS: An Old Problem Taking On New Forms As Attack Vectors Evolve | Exploring The Imperva DDoS Threat Landscape Report | An Imperva Brand Story With David Elmaleh

14 september 2022 | 52 min

The “waves” of ransom-driven DDoS — Distributed Denial of Service — attacks continue to come as the attack vectors, techniques, and targets continue to evolve. Where does this leave us? Let's look to the DDoS Threat Landscape Report from Imperva to glean some answers.

As we connect with David Elmaleh, during this episode, we quickly realize there is a lot to catch up on — past, present and future — for what appears to be a never-ending problem in DDoS. Attacks seems to be be repeatedly targeting the same victims and are coming more quickly and running for shorter periods. Don't be fooled, however, the financial impact due to the unplanned and seemingly-uncontrolled downtime is wreaking havoc on industries and organizations all around the globe.

In addition to leveraging new techniques, bad actors are also using advanced technologies — artificial intelligence, the Internet of Things (IoT), and 5G to name but a few — to do their dirty deeds. They are investing in these technologies to help them scale their operations to reach more targets with fewer resources. On the other side of this coin, the bad actors' deep understanding of these technologies and the new, modern architectures and infrastructures that companies are building with them, makes them prime targets as well. The expanded business capabilities using these advanced technologies equate to expanded attack surface for the DDoS slingers to target.

We cover a lot from the first 2 quarters of this quarterly report while also getting to hear what some real-world cases from Imperva customers sound and look like.

It's time we found a way to handle these distributed attacks. Have a listen to hear what your business can do to mitigate this risk.

Note: This story contains promotional content. Learn more.

Guest
David Elmaleh
Director, Product Management | Edge Cloud Security at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/davidelmaleh/

Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Explore the DDoS Threat Landscape Report Q2 2022: https://itspm.ag/impervqi54

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Vulnerable, Targeted, And Exploited IoT Devices: Take The Necessary Steps To Discover Assets And Remediate The Risk | A Crucial Conversation With Brian Contos

14 september 2022 | 51 min

Automated Security Validation With Red Team Penetration Testing Software | There Is A Silver Lining | A Pentera Brand Story With Aviv Cohen

9 september 2022 | 50 min

This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software. Arik fused the two mindsets and had an a-ha moment that 'I can do everything that I'm doing here with people and I can do it in software. I can shrink wrap a red team in a box of software and give every enterprise in the world the ability to red team irrespective of their budget. I can give every business the power of a big red team army, delivered through software.'

This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believes that it is important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.

The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.

Note: This story contains promotional content. Learn more.

Guest
Aviv Cohen
Chief Marketing Officer at Pentera [@penterasec]
On Linkedin | https://www.linkedin.com/in/avivco/

Resources
Be sure to visit Pentera at https://itspm.ag/pentera-tyuw to learn more about their offering.

Meet Pentera Labs: https://itspm.ag/penteri67a

Browse the cybertoon series: https://itspm.ag/penttoon

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

From Fighting Crime As A Former Federal Prosecutor To Protecting Cyberspace As The CSO At A Multi-National Tech Company | A Conversation With Huawei USA CSO Andy Purdy | Redefining CyberSecurity Podcast With Sean Martin

1 september 2022 | 38 min

Pentesting Done Right | It's Time To Re-Imagine Your Penetration Testing Program To Achieve Outcomes Over Activity | A Bugcrowd Brand Story With Justin Kestelyn

31 augusti 2022 | 41 min

What Every CISO Needs To Know About Crisis Management Planning | A Crucial Conversation With Jasper Ossentjuk

31 augusti 2022 | 47 min

Device Security, Consumer Privacy, And The Internet Of Things | Mapping International Laws And Regulations To The Internet | A Conversation With David Rogers | Redefining CyberSecurity Podcast With Sean Martin

26 augusti 2022 | 43 min

Diving Deeper Into The Who, What, When, Why, And How Of Breaking Into Cybersecurity | Chapter 2 | A Level Effect Brand Story With Anthony Bendas, Will Nissler, And Sidney Crout

24 augusti 2022 | 50 min

The Flip Side Of Cybersecurity | Law & Policy | A Conversation With K Royal, PhD, JD | Redefining CyberSecurity Podcast With Sean Martin

24 augusti 2022 | 43 min

The Convergence Of Operational Technology (OT) Security With Information Technology (IT) Security | A Crucial Conversation With Rock Lambros

23 augusti 2022 | 45 min

A Conversation With Giora Engel | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

13 augusti 2022 | 21 min

A Conversation With Ian Tabor @MintyNet | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

13 augusti 2022 | 24 min

A Conversation With Laz | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

13 augusti 2022 | 23 min

A Conversation With Saman Fatima | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

13 augusti 2022 | 24 min

Chloé Messdaghi And Phillip Wylie | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

13 augusti 2022 | 37 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Tracy Z. Maleeff @InfosecSherpa | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

12 augusti 2022 | 25 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Chloé Messdaghi and Nick Misner | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

12 augusti 2022 | 39 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Richard Stiennon | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

12 augusti 2022 | 22 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Allie Mellen @hackerxbella | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

12 augusti 2022 | 21 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Tim Lekan And Tim Saleck | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

12 augusti 2022 | 19 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | George Platsis | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

11 augusti 2022 | 29 min

Everything Is Driven By Code And Code Is Controlled By APIs: Taking Application Security To The Next Level Through Research, Assessments, Scanning, And Training | A Checkmarx Origin Brand Story With Renny Shen And Bryant Schuck

11 augusti 2022 | 44 min

Application development has become an extremely complex endeavor, with multiple components involved ranging from open source libraries to shared cloud services and microservices accessed through APIs. The only thing more difficult than building an advanced application is securing it. But it doesn't need to be that way.

This is where Checkmarx comes in. With a focus on application and API security assessments, scanning, and training, DevOps and AppSec teams can work together to reduce the complexity in application development and delivery, ensuring that time-to-market requirements are met alongside the equally-important functional and security requirements.

"A lot of where we focus for the future is staying on top of how applications are changing... and how customers are building their applications." ~Bryant

The team at Checkmarx didn't just develop a set of strong capabilities and stop there, they continue to follow the engineering trends, IT Ops trends, and continue to meet the needs of the modern application and the modern DevOps environment. With this, they recognize that the environment is under constant change - that organizations are forever transforming. This means everything that makes the business run is also changing - the apps, the cloud, the containers, the libraries, and the microservices, as just a few examples.

"When it really comes down to focus, if you have a single platform, there's a lot of awesome things that you can do with that data." ~Bryant

Similarly, as the environments expand and become even more complex, it's critical to have a single view into defining, managing, and ensuring success throughout the entire app development lifecycle. Complexity is the enemy of security. Reducing complexity is what Checkmarx is after.

"That's why I really like about Checkmarx as a company. It is a whole culture and mission, just not selling security, but actually helping our customers." ~Renny

Listen in as we get to hear from Renny and Bryant about the origin and journey of Checkmark - past, present, and future.

Note: This story contains promotional content. Learn more.

Guests
Renny Shen
Director of Product Marketing at Checkmarx [@Checkmarx]
On Linkedin | https://www.linkedin.com/in/renny-shen/

Bryant Schuck
Senior Product Manager at Checkmarx [@Checkmarx]
On Linkedin | https://www.linkedin.com/in/bryant-schuck/

Resources
Learn more about Checkmarx and their offering: https://itspm.ag/checkmarx-i9o5

Watch the video version and listen to the audio version of this conversation at: https://itspmagazine.com/their-stories/everything-is-driven-by-code-and-code-is-controlled-by-apis-securing-apps-through-research-assessments-scanning-and-training-a-checkmarx-origin-story-with-renny-shen-and-bryant-schuck

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Car Hacking Village At DEF CON 30 | Chats On The Road | A Conversation With Justin | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

11 augusti 2022 | 23 min

The Car Hacking Village continues to evolve, bringing new systems and simulators into the village for hackers to get their hands on. There are also some talks taking place on the village YouTube channel for those interested in research and other engaging conversations and presentations.

About The Car Hacking Village
The primary goal of the Car Hacking Village is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today. Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees. Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come.

Breaches of automotive systems have been in the forefront of the global media for more than a year. Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry, the National Highway Traffic Safety Administration, Congress, the Department of Homeland Security, and consumers.

Car Hacking Village plays an important role for researchers interested in the safety and security of the more than one billion vehicles on the road worldwide. In 2015, over 16.5 million vehicles were sold in the United States. On average, motor vehicles are driven over 15,000 miles annually and consumers spend upwards of 730 hours per year in their cars.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Justin
Car Hacking Village Lead [@CarHackVillage]
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Car Hacking Village website: https://www.carhackingvillage.com/

Car Hacking Village Talks | https://www.carhackingvillage.com/talks

At DEF CON: https://forum.defcon.org/node/240928

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Chloé Messdaghi, Jake Williams, And Bryson Bort | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 47 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Jake Flynn | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 21 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | David Rogers | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 26 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Andrea Mijuskovic And Philippe Humeau | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 25 min

Book | Reinventing Cybersecurity | A Conversation With Authors Jasmine Henry, Dr. Meg Layton, And Angela Marafino | Redefining CyberSecurity With Sean Martin

10 augusti 2022 | 47 min

The book, Reinventing Cybersecurity, is the first cybersecurity book written entirely by women and non-binary experts and is a game-changing guidebook for cybersecurity practitioners at all career stages, from analyst to C-Suite. That's a lot. Yet, it is so much more than this.

About The Book
Written by Latha Maripuri, Jasmine Henry, Aubrey Stearn, Carla Sun, Lonye Ford, Dr. Meg Layton, Tracy Bannon, Breanne Boland, Alison Gianotto, Carlota Sage, Lisa Hall, Rin Oliver, Joyous Huggins, Yvie Djieya, Angela Marafino, Coleen Shane, Rachel Harpley, Ashleigh Lee, and Amy Devers.

Reinventing Cybersecurity is the first cybersecurity book written entirely by women and non-binary experts and is a game-changing guidebook for cybersecurity practitioners at all career stages, from analyst to C-Suite. It is a collection of original stories on cybersecurity topics such as boardroom presentations, risk management, incident response, and navigating the C-suite; and insights on navigating imposter syndrome, systemic bias, and hiring.

Reinventing Cybersecurity explores a central theme of redefinition with diverse expert perspectives on the industry’s technical and interpersonal aspects. Readers will discover how to reinvent their career through professional development regardless of age or circumstance, refocus approaches to common challenges, and reimagine ideas for the future.

In the latest JupiterOne Press book, readers will discover practical guidance for addressing cybersecurity challenges that span the technical, the interpersonal, and strategic aspects of the industry. Each story unearths a unique aspect of the cybersecurity industry, ranging from intimate to epic, grounded to far future, hopeful to determined.

Jasmine's chapter is on rebellious leadership and knowledge graphs
Angela's chapter challenges commonly-held beliefs about imposter syndrome
Dr. Meg writes about teaching, community, and the shared responsibility of security

____________________________

Guests
Jasmine Henry
Field Security Director at JupiterOne [@jupiterone]
On Twitter | https://twitter.com/jasminehenry10
On LinkedIn |https://www.linkedin.com/in/jasminehenry10/

Dr. Meg Layton
Security Architecture and Engineering at Children's National Hospital [@ChildrensNatl]
On Twitter | https://twitter.com/Vamegabyte
On LinkedIn | https://www.linkedin.com/in/meglayton/

Angela Marafino
Customer Product Manager, Security & Compliance at Microsoft [] and Host of The Hacker Book Club and Co-Host of the Focal Point Podcast on ITSPmagazine
On Twitter | https://www.twitter.com/megatronAL
On LinkedIn | https://www.linkedin.com/in/angela-marafino
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/angela-marafino

____________________________

This Episode’s Sponsors

Imperva: https://itspm.ag/imperva277117988
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw
Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc

____________________________

Resources

Book | Reinventing Cybersecurity: https://www.amazon.com/dp/B09YH8K2M4/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Retail Hacking Village At DEF CON 30 | Chats On The Road | A Conversation With Fox3455 | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 27 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Alissa Valentina Knight | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 33 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Vandana Verma | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 20 min

Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | Mikko Hypponen | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

10 augusti 2022 | 25 min

Turning App Deployment Times From Days And Weeks To Hours Or Less | An AppViewX Brand Story With Muralidharan Palanisamy

9 augusti 2022 | 37 min

Cloud Village At DEF CON 30 | Chats On The Road | A Conversation With Jayesh Singh Chauhan | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

9 augusti 2022 | 25 min

After More Than Two Decades, Where Are We On The Road To Better Cyber Defenses? | A Conversation With VC Bob Ackerman | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

8 augusti 2022 | 30 min

Aerospace Village At DEF CON 30 | Chats On The Road | A Conversation With Kaylin Trychon | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

8 augusti 2022 | 27 min

"Striker, listen, and you listen close: flying a plane is no different than riding a bicycle, just a lot harder to put baseball cards in the spokes." - Rex Kramer [Airplane! the movie]

It's a lot harder to secure these giant flying computer systems as well. The same is true for pretty much every vessel and communications system represented in the Aerospace Village. Join us and our guest, Kaylin Trychon, as we take a journey into what visitors can expect at this year's village.

About the Aerospace Village
Aerospace is a cornerstone of our global infrastructure and economy. While passenger safety is at an all-time high, the increasing adoption of connected technologies exposes aircraft, airports, satellites, and the interdependent aerospace ecosystem to new types of risks. The consequences of cybersecurity failure in a ground, air, or space-based system can impact human life and public safety; a crisis of confidence in the trustworthiness of air travel can undermine economic and (inter)national security.

MISSION: Build, inspire, and promote an inclusive community of next-generation aerospace cybersecurity expertise and leaders.

VALUES: The aerospace industry, security researchers, and the public share a common goal: safe, reliable, and trustworthy aviation and space operations.

GOAL: The Aerospace Village is a diverse community of hackers, engineers, pilots, policy leaders and more from across both the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel, which is highly dependent on secure aviation and space operations.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Kaylin Trychon
Communications Director at the Aerospace Village [@SecureAerospace]
On LinkedIn | https://www.linkedin.com/in/kaylintrychon/
On Twitter | https://twitter.com/KaylinTrychon
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Aerospace Village DEF CON Schedule: https://aerospacevillage.org/events/upcoming-events/def-con-30/

Aerospace Village website: https://aerospacevillage.org/

On LinkedIn | https://www.linkedin.com/company/aerospace-village/

At DEF CON: https://forum.defcon.org/node/240500

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

IoT Village At DEF CON 30 | Chats On The Road | A Conversation With Rachael Tubbs | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

6 augusti 2022 | 24 min

Everything is connected these days — from coffee machines to home security cameras to drones. And they all could use a good ole hacking. Regardless of your hacking skills level, join the IoT Village crew for good vibes and tons of stuff to get your hands on.

Join us and our guest, Rachael Tubbs, as we get into the vibe of all things IoT Village at DEF CON 2022!

About the IoT Village
IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Loudmouth Security.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Rachael Tubbs
Marketing and Events Lead at Independent Security Evaluators [@ISEsecurity]
On LinkedIn | https://www.linkedin.com/in/rachael-tubbs-1a1085135/
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

IoT Village DEF CON Schedule: https://www.iotvillage.org/defcon.html

IoT Village website: https://www.iotvillage.org/

On LinkedIn | https://www.linkedin.com/showcase/iotvillage

At DEF CON: https://forum.defcon.org/node/239789

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

From Hackathon To Hacked: Web3’s Security Journey | Chats On The Road | A Conversation With Nathan Hamiel | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

6 augusti 2022 | 33 min

Web3 is a live experiment that is happening now. Around us. To us. By us. How will it affect privacy and security? Let's find out.

In this conversation with Black Hat speaker, Nathan Hamiel, we explore the definition and promise of Web3 and its impact — positive and negative — on society.

About the Session "From Hackathon to Hacked: Web3's Security Journey":
If there's one prediction you can make with certainty, it's that security in the Web3/blockchain space will get a whole lot worse before it gets better. We have the perfect cocktail of inexperience mixed with emerging technology playing out in full public view with large sums at stake and the permanence of immutable transactions. The result is predictable. An environment free from constraints can seem like an innovation paradise, but when the stakes are so high, you have to get everything right the first time because there may not be a next time. We tend to forget that what we see from this space are experiments playing out in production, and the time between exploitation and losing millions of dollars worth of value can be measured in seconds. So, how did we get here? Is it all doom and gloom? What can be done?

This talk is a grounded look at the factors contributing to the security failures we've witnessed, free from the hype and hatred associated with the space. We look at the similarities and differences between the development of this new technology and more traditional applications and how some of the attacks manifested. Better testing and tools aren't enough to solve the problem. We discuss actionable steps projects and chains can use today to address these issues and make the ecosystem safer for projects and users.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Nathan Hamiel
Senior Director of Research at Kudelski Security [@KudelskiSec]
On LinkedIn | https://www.linkedin.com/in/nathanhamiel/
On Twitter | https://twitter.com/nathanhamiel
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Session | From Hackathon to Hacked: Web3's Security Journey: https://www.blackhat.com/us-22/briefings/schedule/index.html#from-hackathon-to-hacked-webs-security-journey-26692

Kudelski Security Research Blog: https://research.kudelskisecurity.com/

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Social Engineering Community Village At DEF CON 30 | Chats On The Road | A Conversation With Stephanie "snow" Carruthers | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

4 augusti 2022 | 27 min

What's old is new again. With a fresh new pair of amazing co-founders, the social engineering community will come together to make some calls, have some laughs, and discuss the morals and ethics of getting someone to do something they wouldn't have otherwise done.

In this Chats on the Road to Las Vegas, we have the privilege of chatting with the new Social Engineering Community Village at DEF CON, Stephanie "Snow" Carruthers. Join us to get the low-down on what's staying the same, what's new, and what's certain to be a fantastic time.

About the Social Engineering Community Village
The Social Engineering Community is formed by a group of individuals who have a passion to enable people of all ages and backgrounds interested in Social Engineering with a venue to learn, discuss, and practice this craft. We plan to use this opportunity at DEF CON to present a community space that offers those elements through panels, presentations, research opportunities, and contests in order to act as a catalyst to foster discussion, advance the craft and create a space for individuals to expand their network.

Snow and JC plan to accomplish the above by bringing together passionate individuals to have a shared stake in building this community with the goal to continuously grow and iterate members of the Social Engineering Community in various roles to all have an opportunity to give back equally.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Stephanie "Snow" Carruthers
Co-Founder of the new Social Engineering Community (SEC), a DEF CON village [@sec_defcon]
On Twitter | https://twitter.com/_sn0ww
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Social Engineering Community Village DEF CON Schedule: https://www.se.community/village-schedule/

Social Engineering Community Village website: https://www.se.community/

On LinkedIn | https://www.linkedin.com/company/social-engineering-community/

On YouTube | https://www.youtube.com/channel/UCFlepVHh7k5rBRTXwDrHyJA

At DEF CON: https://forum.defcon.org/node/240918

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

AppSec Village At DEF CON 30 | Chats On The Road | A Conversation With Chris Kubecka, Liora Herman, And Erez Yalon | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

4 augusti 2022 | 27 min

Applications run the world. They provide an interface to the rest of the technologies and data we create, share, and make decisions with. Sometimes these interfaces come in the form of a user interface (UX), sometimes in the form of an API. In both cases, they offer a path to the systems and information we hold dear to us.

In this Chats on the Road to DEF CON, we connect with the co-founders and organizers of the AppSec Village along with their keynote speaker at the village this year. This is a conversation about the real-world that you won't want to miss.

About the AppSec Village
Welcome to AppSec Village, where red, blue and purple teamers, come together learn from the best of the best on how to exploit software vulnerabilities and how to secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.

Our mission is to promote diverse voices and perspectives in an inclusive environment driven for and by the appsec community to increase education and awareness of application security methods and practices.

About Chris Kubecka's Keynote: Wartime AppSec
To understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.

Come on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guests

Chris Kubecka
CEO at HypaSec NL [@HypaSec] and Keynote speaker at AppSec Village at DEF CON 30
On LinkedIn | https://www.linkedin.com/in/chris-kubecka/
On Twitter | https://twitter.com/SecEvangelism

Liora Herman
Founder and Queen of Details at AppSec Village [@AppSec_Village] and Head of Field and Channel Marketing, EMEA & APAC at Pentera [@penterasec]
On LinkedIn | https://www.linkedin.com/in/liorarherman/
On Twitter | https://twitter.com/tzionit411
On Facebook | https://www.facebook.com/liorarherman
On YouTube | https://www.youtube.com/c/AppSecVillage/

Erez Yalon
Founder and Mayor at AppSec Village [@AppSec_Village] and VP of Security Research at Checkmarx [@Checkmarx]
On LinkedIn | https://www.linkedin.com/in/erezyalon/
On Twitter | https://twitter.com/ErezYalon

____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

AppSec Village DEF CON Schedule: https://www.appsecvillage.com/events/dc-2022

AppSec Village website: https://www.appsecvillage.com/

On LinkedIn | https://linkedin.com/company/appsecvillage

On YouTube | https://www.youtube.com/c/AppSecVillage/

At DEF CON: https://forum.defcon.org/node/240922

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The Relationship Between Roles — When Data Engineering Meets CyberSecurity | A Conversation With Saman Fatima | Redefining CyberSecurity Podcast With Sean Martin

4 augusti 2022 | 41 min

Blue Team Village At DEF CON 30 | Chats On The Road | A Conversation With muteki And OMENScan | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

3 augusti 2022 | 38 min

ICS Village At DEF CON 30: Chats On The Road | A Conversation With Bryson Bort And Tom VanNorman | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

3 augusti 2022 | 36 min

The ICS Village is one of the first DEF CON villages we ever connected with. A lot has changed over the years, including the threats faced by critical infrastructure entities around the world. Let's find out what to expect at this year's village.

About the ICS Village
High profile industrial control system (ICS) security issues have grabbed headlines and sparked change throughout the global supply chain. The ICS Village allows defenders of any experience level to understand the unique failure modes of these systems and how to better prepare and respond to the changing threat landscape.

Interactive simulated ICS environments, such as Hack the Plan(e)t and Howdy Neighbor, provide safe yet realistic environments to preserve safe, secure, and reliable operations. The ICS Village brings a compelling experience for all experience levels and types, with IT and industrial equipment. Our interactive learning approach invites you to get hands on with the equipment to build your skills.

We bring you real components such as programmable logic controllers (PLC), human-machine interfaces (HMI), remote telemetry units (RTU), and actuators to simulate a realistic environment by using commonly used components throughout different industrial sectors. You will be able to connect your machine to the different industrial components and networks and try to assess these ICS devices with common security scanners to sniff the industrial traffic, and more!

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guests
Bryson Bort
Co-Founder of the ICS Village [@ICS_Village]
On LinkedIn | https://www.linkedin.com/brysonbort
On Twitter | https://mobile.twitter.com/brysonbort
On YouTube | https://youtube.com/c/ICSVillage

Tom VanNorman
Founding member of the ICS Village
On LinkedIn | https://www.linkedin.com/in/thomasvannorman/
On Twitter | https://twitter.com/Tom_VanNorman
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

ICS Village Website: https://www.icsvillage.com/

ICS Village at DEF CON 30 Schedule: https://www.icsvillage.com/schedule-def-con-30

ICS Village 360 Tour: https://www.exhibitstudiosmedia.com/tours/21396_ics_360_tour/

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Trying To Be Everything To Everyone: Let’s Talk About Burnout | A Conversation With Stacy Thayer | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

29 juli 2022 | 43 min

The industry recognizes there is a problem with staff being overworked and reaching a point of burnout. What is the definition of burnout, and how can we spot the signs? Perhaps we need to look at this from a different angle to begin to make some progress in this area.

In this conversation with Black Hat speaker, Dr Stacy Thayer, we explore the history, definition, and progress we are making as we attempt to deal with burnout and the overarching challenges of employee experience.

About the session, "Trying to Be Everything to Everyone: Let’s Talk About Burnout"
Research shows computer security professionals describe the computer security industry as a high-risk yet high-reward profession with negative effects on the workforce. There is an estimated 805,000 computer security professionals working in the US, but meeting the business demand for computer security professionals would require 62% industry growth. This leaves those in the field understaffed and highly stressed, ultimately leading to burnout. Stress and burnout can lead to mental fatigue, which can negatively impact motivation and engagement. It can also cause diminishing focus and performance levels, and have a negative impact on operational security, satisfaction, and performance, both in the office and at home. This talk will discuss the existing research on burnout in the computer security industry and will discuss what really causes burnout, why it happens, and what you can do to mitigate it, including setting healthy boundaries, avoiding guilt, realistic ways to manage anxiety, and honest self-talk so you can identify what is needed to refill your energy and passion.

I will discuss how to recognize burnout in hidden places and explore the root causes of it.

I will address what to do about it – going beyond simply meditation, exercise, and healthy eating. If it was that easy, we would all be doing that. This talk is unique in that it will utilize a knowledge of practical psychology to keep it real and use behavioral change models as a guide for reducing burnout. How do you find motivation, appreciation, and time for yourself when it feels like the world around you is demanding you give more? You will leave this talk with a better understanding of how burnout happens, your personal relationship to burnout, and an idea of what to do to help reduce, relieve, and manage it.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Stacy Thayer
Ph.D, Clinical and Organizational/Business Psychology, Norfolk State University [@Norfolkstate]
On LinkedIn | https://www.linkedin.com/in/stacythayer/
On Twitter | https://twitter.com/DrStacyThayer
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Session | Trying to Be Everything to Everyone: Let’s Talk About Burnout: https://www.blackhat.com/us-22/briefings/schedule/#trying-to-be-everything-to-everyone-lets-talk-about-burnout-28230

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Fully Trained Jedi You Are Not | A Conversation With Adam Shostack | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

28 juli 2022 | 40 min

While many in the InfoSec industry try to be all things to all people, sometimes that just isn't a winning strategy? What is? Let's have a chat with Adam Shostack to find out.

About the session, "A Fully Trained Jedi, You Are Not"

As software organizations try to bring security earlier in the development processes, what can or should regular software or operations engineers know about security? Taking as given that we want them to build secure systems, that demands a shared understanding of the security issues that might come up, and agreement on what that body of knowledge might entail. Without this knowledge, they'll keep building insecure systems. With them, we can have fewer recurring problems that are trivially attackable.

Training everyone at a firm is expensive. Even if the training content is free, people's time is not. If you have 1,000 people, one hour per person is half a person year (before any overhead). So there is enormous pressure to keep it quick, ensure it meets compliance standards like PCI, and … the actual knowledge we should be conveying is almost an afterthought. We need to design knowledge scaffolding and tiered approaches to learning, and this talk offers a structure and tools to get there.

We don't need every developer to be a fully trained Jedi, and we don't have time to train everyone to that level or even as much as we train security champs. So what could we ask everyone to know, and how do we determine what meets that bar?

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Adam Shostack
President at Shostack & Associates
On LinkedIn | https://www.linkedin.com/in/shostack/
On Twitter | https://twitter.com/adamshostack
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Session | A Fully Trained Jedi, You Are Not: https://www.blackhat.com/us-22/briefings/schedule/#a-fully-trained-jedi-you-are-not-26650

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Open Threat Hunting Framework: Enabling Orgs To Build, Operationalize, And Scale Threat | A Conversation With John Dwyer | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

28 juli 2022 | 37 min

Threat hunting is all the rage. But what the heck is it? "Ask 10 InfoSec professionals to define threat hunting, and you'll get 11 different answers," writes John Dwyer in his Black Hat session abstract. Will we get to hear the 12th definition in this episode?

About the session, "The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting"

"Ask 10 infosec professionals to define threat hunting and you'll get 11 different answers." Threat hunting is one of those interesting components of cybersecurity where everyone knows they should be doing it but not everyone can fully articulate what threat hunting is.

In our roles as threat hunters, we're lucky enough to be witness to, and evaluate, the hunt programs of Fortune 100 companies, state and national governments, and partners and MSPs. This experience has shown us that one person's definition of threat hunting does not necessarily equal another's.

If you do an Internet search for "how to build a threat hunting program" there are plenty of results and some include great insights into what makes a threat hunting program effective. However, while resources do exist, they're often tied to a specific vendor or a particular product and the best way to hunt using it. There's useful information, but you're left trying to find a way to make the proposed processes and techniques work for your environment and not the one driven by the vendor.

"If you don't like the road you're walking, start paving another one." It's with that in mind that we're releasing a threat hunting framework that can help organizations start a threat hunting program as well as improve threat hunting operations for existing programs that's free and not tied to any particular technology.

This framework will enable organizations to take control of building a threat hunting program by providing a clear path to operationalizing threat hunting as well as a well-defined threat hunting process to ensure threat hunters are set up for success.
We've responded to far too many incidents that could have been prevented with solid threat hunting operations and we hope this project can help prevent future incidents.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
John Dwyer
Head of Research at IBM X-Force [@IBM | @XForceIR | @IBMSecurity]
On LinkedIn | https://www.linkedin.com/in/john-dwyer-xforce/
On Twitter | https://twitter.com/TactiKoolSec
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Session | The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting: https://www.blackhat.com/us-22/briefings/schedule/#the-open-threat-hunting-framework-enabling-organizations-to-build-operationalize-and-scale-threat-hunting-26702

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

A Keynote Conversation With Chris Krebs: Black Hat At 25: Where Do We Go From Here? | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

25 juli 2022 | 42 min

During his keynote at Black Hat 2022, former CISA Director, Chris Krebs, will reflect on 25 years of the information security community, discussing today’s risks and trends and what they mean for tomorrow’s network defenders. We get a sneak peek into some of these items during this Chats on the Road to Las Vegas.

Chris Krebs is a Founding Partner of Krebs Stamos Group, founded in 2020 alongside Alex Stamos. He was the first director of U.S. Cybersecurity and Infrastructure Security Agency (CISA), leading the nation’s civilian cyber defense and business resilience and risk management efforts. He will give his talk “Black at 25: Where Do We Go from Here?” on Wednesday, Aug. 10 at 9 a.m.

About the keynote, "Black Hat at 25: Where Do We Go from Here?"
For twenty-five years, the InfoSec community and industry have been gathering here in the desert. For twenty-five years, we have chipped away at underlying insecurities in the technologies we use every day with new vulnerability research and adversary insights. For twenty-five years we’ve seen vendors and software firms roll out new products and protections. With the last twenty-five years as prologue and as we look forward to the next twenty-five years, we have to ask ourselves: are we on the right track?

We certainly aren’t set up for success, given society’s insatiable and almost pathological need to connect everything. We’re constantly serving up more attack surface to the bad guys and always cleaning up after business decisions that we know will drive bad security outcomes. All the while factors out of our hands – namely global market realities and shifting geopolitical dynamics – wreck nearly overnight carefully orchestrated business plans and national strategies. The last few years of geopolitical chaos and autocratic retrenchment might look like the good ol’ days by the end of the 2020s.

This talk will work through today’s risk trends and what they mean for tomorrow’s network defenders, suggesting along the way the needed shifts in both mindset and action to successfully deliver better outcomes while recognizing that we’re going to be forever operating in a contested information environment. To rip off a Mitch Hedberg joke (RIP), maybe over the next twenty-five years we can build a safer, more resilient technological future where systems and infrastructure behave more like escalators: when they break, they turn into stairs.

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Chris Krebs
Founding Partner, Krebs Stamos Group [@KrebsStamos]
On LinkedIn | https://www.linkedin.com/in/christopherckrebs/
On Twitter | https://twitter.com/C_C_Krebs
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb
Pentera | https://itspm.ag/pentera-tyuw

____________________________

Resources

Keynote | Black Hat at 25: Where Do We Go from Here?
https://www.blackhat.com/us-22/briefings/schedule/index.html#keynote-chris-krebs-28699

____________________________

For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Let's Repeat the Future and See How that Works Out for Us | Home Network Security has Become Top-of-Mind for Cyber Executives | A Their Story Conversation from RSA Conference 2023 | A BlackCloak Story With Chris Pierson and Daniel Floyd

21 juli 2022 | 31 min

Why The World Needs A Global CSIRT: Introducing CSIRT.global | A Conversation With Eward Driehuis And Lennaert Oudshoorn | Redefining CyberSecurity Podcast With Sean Martin

21 juli 2022 | 42 min

Vulnerabilities are discovered every day. Once found, they make their way into any number of databases that can be used to help organizations take action to put a patch in place... if one is available. But what about the case where the weakness is actively exposed or being exploited? This is where CSIRT.global comes in.

Born from the work being done at the Dutch International for Vulnerability Disclosure (DIVD), a team of volunteers have decided to take things to the next level, helping organizations take action when action matters most ... when a vulnerability exists, when that vulnerability is being exploited in the wild, and when an organization is prone to (or is under) attack. That's when the email is sent from CSITR.global to the affected organization, letting them know what the team uncovered.

"We don't send marketing emails. We don't send emails promoting conferences. When a company gets an email from us, it really means something.” ~Eward

There's a lot going on in this process, from scanning the entire global Internet for every system exposed, identifying vulnerabilities on those systems, and mapping the proof of concept to those two results to determine whether or not an organization is vulnerable or is showing signs of having been compromised. The next piece of the puzzle is figuring out who or what is behind the IP address that was scanned and flagged. This isn't always easy given how IP addresses are assigned and looked up. The next piece of the puzzle is even harder, in that CSIRT.global needs to find a way to contact the affected entity that lives behind the IP address ... which department or person should receive the info and what is their email address? Good luck finding that in a pinch. And, to top it all off, the receiving party needs to trust that the email they received from CSIRT.gloal is both legitimate and must be taken seriously. The process is rooted in information and built on trust - which is one of the main reasons they sought and receive support from the Dutch government.

It's this full circle scenario that delivers the real value provided by this group. It can scale to a global nature, but requires the help of the global community. Listen in to hear more about how this works, how to get involved, and how this non-profit organization is redefining cybersecurity.

____________________________

Guests
Eward Driehuis
Founder at 3Eyes Security and Chairman at CSIRT.global
On LinkedIn | https://www.linkedin.com/in/ewarddriehuis/
On Twitter | https://twitter.com/e3huis

Lennaert Oudshoorn
CSIRT Coordinator And Webmaster at Dutch Institute for Vulnerability Disclosure (DIVD) [@DIVDnl]
On Twitter | https://twitter.com/lennaert89
On LinkedIn | https://www.linkedin.com/in/lennaertoudshoorn/

____________________________

This Episode’s Sponsors

Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc

____________________________

Resources

CSIRT.global: https://csirt.global/ & https://www.divd.nl/

DIVD: https://www.divd.nl/ and on LinkedIn: https://www.linkedin.com/company/divd-nl/

May Contain Hackers (MCH2022) Hacker Conference: https://mch2022.org/#/

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Application And API Security: Sometimes We See The Risk — Sometimes It's Hidden Inside An API | A Live Stream Panel With Kristy Westphal And Giora Engel | Redefining CyberSecurity Podcast With Sean Martin

19 juli 2022 | 43 min

Our Traditional Conversation With Black Hat GM, Steve Wylie, To Kick Off Our Las Vegas Hacker Summer Camp 2022 Coverage | Las Vegas Black Hat 2022 And DEF CON 30 Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli

18 juli 2022 | 41 min

From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | Part 2 | An Imperva Brand Story With Ryan Windham

18 juli 2022 | 28 min

As we continue this 2nd part of the conversation, we immediately kick things off with Gremlins and quickly move into real-world scenarios where bad bots wreak havoc by enabling high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs.

Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, skewed marketing analytics, and degraded online services.

The implications of account takeover (ATO) are also extensive, where successful attacks can lock customers out of their account, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.

How can organizations — actually, the people in them that keep the business running — distinguish between real, authentic traffic versus something that's being driven by a bot? That's exactly what we talk about.

We hope you enjoy this Part 2 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.

About the 2022 Imperva Bad Bot Report
Leveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.

Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.

Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.

Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.

Note: This story contains promotional content. Learn more.

Guest
Ryan Windham
VP of Application Security at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/rwindham/

Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Imperva Bad Bot Report 2022: https://itspm.ag/impervwurd

Want the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-story

Be sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windham

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

From Technology To Buzzwords To Marketing; From Conversations To Friendships To Mergers And Acquisitions | Key Learnings From RSA Conference 2022 | Redefining CyberSecurity With Eward Driehuis

30 juni 2022 | 48 min

The Real-World Value Of Telling Stories And The Role Of Visual Art In Ethical Hacking Videos | A Conversation With YouTuber SecAura | Redefining CyberSecurity Podcast With Sean Martin

30 juni 2022 | 40 min

SecAura is an amateur YouTuber whose post I came across caught my attention. SecAura creates free educational videos for ethical hacking and does so while going the extra mile to hand-craft many of the animations used in the videos. All of this is done outside of the 9-5 job SecAura has as a penetration tester. Realizing that the technical subjects needed diagrams and that these elements were a core part of the videos being created, SecAura decided to hand-craft the animations for each of the subjects being prepared, teaching himself all that was required to do so while constantly trying to improve with each video released.

SecAura aims to have every video released be at the top of its game in terms of teaching someone who knows very little about a subject and getting them to a great foundational and applicable position just from watching his videos. He also hopes to extend the community and help to create the next generation of cybersecurity professionals by providing them with real, practical skills, backed by the theory!

About SecAura [from Twitter]
By day I work as a pentester, and in the evening, I compete in CTFs/cyber things. I have always loved teaching, and wanted to give back to the cyber community the best I can, so I made my YouTube Channel.

It was a treat speaking with SecAura, learning about the creativity, passion, and production that goes into the making each of these videos, and how they can be used by those looking to enter the field of information security, preparing for a job interview, looking to grow their skills as they aspire to take on new roles or perhaps even get promoted at their job.

So many uses cases — lots of great content — all from a super cool human.

____________________________

Guest
SecAura
Ethical Hacking Content Creator
On Twitter | https://twitter.com/secaura_
On LinkedIn | https://www.linkedin.com/in/sec-aura-57736422a/
On YouTube | https://www.youtube.com/channel/UCx89Lz24SEPZpExl6OfQ0Gg

____________________________

This Episode’s Sponsors

Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc

News Release: https://www.hhs.gov/about/news/2022/04/06/hhs-ocr-seeks-public-comment-on-recognized-security-practices-sharing-civil-money-penalties-monetary-settlements-under-hitech-act.html

____________________________

Resources

More information about SecAura: https://twitter.com/secaura_/status/1518241710412808192

The new SQLi video discussed during the conversation: UNLEASH THE POWER OF SQL INJECTION | A beginners guide: https://www.youtube.com/watch?v=_Y4MpvB6o7s

VIDEO: Web Fundamentals for Cyber Security | HTTP for Hackers | 0x01 (Animated): https://www.youtube.com/watch?v=ro-5AjgoPc4

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | Part 1 | An Imperva Brand Story With Ryan Windham

27 juni 2022 | 31 min

A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.

The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.

During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.

What's driving a lot of this rise in bad bots? More and more services are moving online.

We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.

About the 2022 Imperva Bad Bot Report
Leveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.

Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.

Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.

Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.

Note: This story contains promotional content. Learn more.

Guest
Ryan Windham
VP of Application Security at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/rwindham/

Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988

Imperva Bad Bot Report 2022: https://itspm.ag/impervwurd

Want the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-story

Be sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windham

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Chats On The Road: From France To Colorado To Las Vegas | Founders' Journey To Make The World Of Information Security Better Through Information Sharing | A CrowdSec Brand Story With CEO Philippe Humeau

24 juni 2022 | 27 min

Making The World A Better Place Through Software | A WSO2 Brand Story About The Founders' Vision And Mission And The Journey To Bring The Asgardeo IDaaS To Market With Michael Bunyard

22 juni 2022 | 45 min

The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.

Starting a business built on the premise of offering open-source software wasn't something IBM wanted to do a couple of decades ago. That didn't stop WSO2's founder and CEO, Sanjiva Weerawarana, from taking his mission in life and turning it into an operational reality for his company, creating and helping foundations and non-profits in Sri Lanka and around the world along the way.

It was this initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.

Developers don't have to be identity experts. They don't even have to write identity-specific code. They modify the code already in the web page or mobile app by cutting and pasting the bits of code, templates, and workflows that Asgardeo provides.

The use cases are many - both directly a part of a single application and as part of other services where identity is built in.

Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.

Note: This story contains promotional content. Learn more.

Guest
Michael Bunyard
Vice President and Head of Marketing, IAM at WSO2 [@wso2] Asgardeo [@asgardeo]
On Linkedin | https://www.linkedin.com/in/michaelbunyard/
On Twitter | https://twitter.com/mickeydb

Resources
Learn more about WSO2 Asgardeo and their offering: https://itspm.ag/asgardeo-by-wso2-u8vc

Create seamless login experiences for your application in minutes: https://itspm.ag/asgardmn1x

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

The Zoom Effect: A Framework for Security Program Transformation | RSA Conference 2022 Coverage | Redefining CyberSecurity With Heather Ceylan and Ariel Chavan

15 juni 2022 | 43 min

Redefining Information Security Programs | RSA Conference 2022 Coverage | Redefining CyberSecurity With Mari Galloway And James Leslie

7 juni 2022 | 50 min

Security Implications Of Voice As The New Keyboard | What To Expect At RSA Conference 2022 | A Conversation With Voice Researcher And Disruptive Research Strategist, Rébecca Kleinberger

4 juni 2022 | 39 min

Building A Cloud-Based Pentesting Platform | What To Expect At RSA Conference 2022 | A Conversation With The Hacker Factory Podcast Host Phillip Wylie

3 juni 2022 | 16 min

Why, And How, We Need To Fundamentally Rethink Our Approach To Cybersecurity | A Conversation With Larry Clinton | Redefining CyberSecurity Podcast With Sean Martin

1 juni 2022 | 46 min

The Only Constant | What To Expect At RSA Conference 2022 | A Keynote Conversation With Rohit Ghai CEO RSA

31 maj 2022 | 36 min

Defining A Recognized Security Practice And CyberSecurity Safe Harbor | HHS’ Office For Civil Rights Seeks Public Comment On HITECH Act Provisions | A HITRUST Community Brand Story With John Houston And Michael Parisi

23 maj 2022 | 52 min

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?

Maybe a smart question: Is there an opportunity to be smarter?

While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.

John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.

Listen in to learn more about the RFI and the role you can have in shaping its outcome.

Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.

Note: This story contains promotional content. Learn more.

____________________________

Guests

John Houston
Vice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]
On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/

Michael Parisi, VP of Adoption, @HITRUST
____________________________

Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfi

Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.

____________________________

Resources

Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

____________________________

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

How Secure Can An Internet Be? | The SCION Internet Architecture | Redefining CyberSecurity With Researcher Nicola Rustignoli From ETH Zürich

23 maj 2022 | 48 min

What if we could create the Internet architecture from scratch? You might think that this is a crazy endeavor, but that's exactly what a research team in Zurich, Switzerland, is doing. And for good reason.

In today's episode, we are joined by Nicola Rustignoli, a research assistant at the Network Security Group at ETH Zürich, to take a look at the history of the Internet, its purpose, the challenges it has introduced, and the path forward to an Internet that allows for its intent to be met while maintaining scalability, control, and resiliency. Nicola works on making the Internet more secure and reliable with the SCION Architecture and by helping to start the SCION Foundation.

SCION was born as a research project 11 years ago, from the research question: how secure can an Internet be? There's a lot to learn from this project.

About the SCION Architecture
SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.

Why a clean-slate design? Why can't we adopt existing solutions? Is it easy to "replace" the Internet?

Listen in to learn more about this exciting program.

____________________________

Guest
Nicola Rustignoli
Research Assistant at ETH Zürich and Founding Engineer at the SCION Association.
On LinkedIn | https://www.linkedin.com/in/nicola-rustignoli-830b7512/
On Twitter | https://twitter.com/Nicorusti
On YouTube | https://www.youtube.com/channel/UCATqViXMlA0cCroLuoJVAGw

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more about SCION: https://scion-architecture.net/
On LinkedIn: https://www.linkedin.com/company/78769571
On Twitter: https://twitter.com/SCIONassociatio
On Facebook: https://www.facebook.com/SCIONinternet

SCION Day 2022 videos: https://scion-architecture.net/pages/scion_day_2022/

“The Complete Guide to SCION” is coming out with Springer Verlag in June 2022. An old version is open access and available on scion-architecture.net

The White House & 50 more countries recently released a Declaration for the Future of Internet: https://www.whitehouse.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet_Launch-Event-Signing-Version_FINAL.pdf

The FCC recently launched an inquiry about routing security: https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

RSA Conference 2022 | A BlackCloak Brand Story About Supply Chain Security, Hacking Back, And MySpace With Dr Chris Pierson

23 maj 2022 | 36 min

Dr Chris Pierson has held many roles and has been a regular speaker at RSA Conference over the years. What's he up to this year as the event goes back to in-person engagements?

As the CEO of BlackCloak, Chris Pierson is looking forward to connecting with peers, partners, customers, and prospects as the world of executive cybersecurity heats up. In addition to seeing friends old and new, Dr Pierson has two sessions in which he will be participating. He shares some insights into both of these sessions. Here's a snippet for each:

Collateral Damage: Prepping Your Organization for a Supply Chain Attack
Supply chain risks can allow a backdoor into a company. This learning lab will focus on a fast moving scenario that examines risks to a company from hardware and software and will focus on the (1) risk assessment, (2) governance, and (3) response and isolation phases. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate. A Learning Lab with James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP

Hacking Back – To Be or Not to Be?
Are there options to hack back for ransomware attacks? Without deterrence for ransomware attacks it is unlikely there will be changes to the risk equation that hackers think through. We’ll discuss legal, ethical, operational, and security issues surrounding hacking back and give some insight into potential pitfalls for getting attribution incorrect or causing collateral damage. A law track session with Giorgi Gurgenidze, Founder, GSI Partners and James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP.

Chris has some other things up his sleeve as well. Can you say MySpace? 🤔

Note: This story contains promotional content. Learn more.

Guest
Chris Pierson
On Linkedin 👉 https://www.linkedin.com/in/drchristopherpierson/
On Twitter 👉 https://twitter.com/drchrispierson

____________________________

Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Connect with BlackCloak at RSA Conference: https://itspm.ag/94949a

Watch the video here: https://youtu.be/rqu47E8ryXY

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverage

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
👉 https://itspm.ag/rsac22sp

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Mapping The Cybercrime Ecosystem | What To Expect At RSAC 2022 | A Conversation With Tal Goldstein And Michael Daniel

18 maj 2022 | 41 min

For our second Chats On The Road to RSA Conference 2022, we talk about a critical cybersecurity initiative led by the World Economic Forum and the Cyber Threat Alliance. It is about mapping the cybercrime ecosystem and its corresponding panel during this year's conference.

Sean and Marco are honored to introduce and tease this important upcoming session on their traditional "Chats On The Road to RSA Conference 2022" with guests: Michael Daniel & Tal Goldstein.

About the session:
“Although cybercrime is now a national security threat, our understanding of the cybercriminal ecosystem remains limited. The industry needs a holistic map to conduct effective disruption, allocate resources efficiently, and impose meaningful costs on criminal actors. The WEF has initiated a project to develop this map. This panel will discuss the mapping project’s results to date and where it is going.”

RSAC 2022 Panel With

Michael Daniel
Moderator | President and Chief Executive Officer, Cyber Threat Alliance

Tal Goldstein
Panelist | Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre for Cybersecurity

Amy Hogan-Burney
Panelist | Associate Counsel and General Manager, Digital Crimes Unit, Microsoft

Derek Manky
Panelist | Chief of Security Insights & Global Threat Alliances, Fortinet

Tune in and be sure to join us for more from RSA Conference USA 2022!

____________________________

Guests
Michael Daniel
President and Chief Executive Officer, Cyber Threat Alliance [@CyberAlliance]
On LinkedIn | https://www.linkedin.com/in/j-michael-daniel-7b71a95/
On Twitter | https://twitter.com/CyAlliancePrez

Tal Goldstein
Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre [@wef] for Cybersecurity [@WEFCybersec]
On LinkedIn | https://www.linkedin.com/in/tal-goldstein-a7191296/

____________________________

This Episode’s Sponsors

HITRUST: 👉https://itspm.ag/itsphitweb

CrowdSec: 👉https://itspm.ag/crowdsec-b1vp

Blue Lava: 👉https://itspm.ag/blue-lava-w2qs

BlackCloak 👉https://itspm.ag/itspbcweb

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76

RSAC Session | Mapping the Cybercriminal Ecosystem: https://www.rsaconference.com/USA/agenda/session/Mapping%20the%20Cybercriminal%20Ecosystem

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverage

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
👉 https://itspm.ag/rsac22sp

Governance, Risk, And Compliance: Protecting The Business With Policies, Controls, And Audits | A Live Stream Panel With Kouadjo Bini | Redefining CyberSecurity With Sean Martin

13 maj 2022 | 46 min

Knowledge Is Different Than Information | Investing In The CyberSecurity Crowd Means Investing In Businesses, Society, And Humanity | A CrowdSec Brand Story With CEO Philippe Humeau And Hacker-Maker Phillip Wylie

2 maj 2022 | 64 min

How can an industry have so much data and information yet still lack the knowledge necessary to make quick, meaningful, impactful decisions? There could be many reasons, but one is no longer a missing intelligence-sharing platform.

In this second chapter of our conversation with CrowdSec CEO, Philippe Humeau, we invite The Hacker Maker, Phillip Wylie, to bring his penetration testing experience and insights. Together we explore the value of investing in the cybersecurity community information sharing platform as a way to do way more than protect your organization. By doing so, we can help secure other businesses and whole communities in the neighbors around you, such as a local hospital that could experience an attack that you've already seen on your network.

The value of investing in the security knowledge sharing economy directly impacts IT operations, security operations, businesses, society, and, therefore, humanity.

Join us for a philosophical yet fun, thought-provoking conversation that will likely prompt you to not only share this podcast with your friends, colleagues, and peers but also start sharing your cybersecurity insights with your digital neighbors through the power of the CrowdSec platform.

Note: This story contains promotional content. Learn more.

Guests
Philippe Humeau
CEO at CrowdSec [@Crowd_Security]
On Linkedin | https://www.linkedin.com/in/philippehumeau/
On Twitter | https://twitter.com/philippe_humeau

Phillip Wylie
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/phillip-wylie

____________________________

Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.
On Linkedin 👉https://www.linkedin.com/company/crowdsec/
On Twitter 👉https://twitter.com/Crowd_Security

Free access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321

Watch the video here: https://itspmagazine.com/their-stories/investing-in-the-crowd-means-investing-in-society-and-humanity-a-crowdsec-story-with-philippe-humeau-and-phillip-wylie

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Autonomous Datacenters On Rails | A Conversation With Amir Levintal About The Complexities, Risk Exposure, Safety Standards, And Protection Measures For Railway Systems | Redefining CyberSecurity With Sean Martin

25 april 2022 | 48 min

The rise of digitalization has led to more interconnected rail systems. While this has propelled forward our trains and metros at some seriously high speed, it has also dramatically expanded the threat landscape.

In response, governments around the world are racing to implement measures that promote technological advancements for these rail systems whilst assuring that the systems are protected and secure. Sure, it's easy to think about providing timely service, operating efficiently, delivery comfort, keeping up constant communications, and more – but what really matters is that these digital data centers remain safe as they travel between and arrive at various stations both out in the sticks and in the heart of the cities.

Where does this leave rail companies? What steps should they take in the event of a cyberattack?

Listen in as Sean speaks with Amir Levintal as they get on track as they dig into the elements of the rail systems from the sensors to the tracks to the WiFi and more. It doesn't take long before they jump the rails to test the boundaries of reality.

____________________________

Guest
Amir Levintal
CEO and CoFounder of Cylus Cybersecurity [@cylus_security]
On LinkedIn | https://www.linkedin.com/in/amir-levintal/
On Twitter | https://twitter.com/amirlevintal

____________________________

This Episode’s Sponsors

____________________________

Resources

Understanding IEC 62443: https://www.iec.ch/blog/understanding-iec-62443

European Standard CLC/TS 50701 Railway applications - Cybersecurity: https://www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/

Train of Consequences: The Real Cost of Rail Cybersecurity Incidents: https://www.cylus.com/post/the-real-cost-of-rail-cybersecurity-incidents

The Long-Term Effects of Log4Shell on Railway Systems: https://www.cylus.com/post/log4shell-effect-railway-systems

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Catch 22 | Consumers Hate Sharing Their Data, But There's No Other Option | An Imperva Brand Story About The Findings In The Imperva Global Consumer Survey With Terry Ray

22 april 2022 | 40 min

What To Expect At RSA Conference USA 2022 | ITSPmagazine Event Coverage: RSAC 2022 San Francisco, USA | A Conversation With Linda Gray Martin, Britta Glade, And Cecilia Murtagh Marinier

21 april 2022 | 46 min

Secure Access And Authorization: Keeping Precious Resources Safe From Prying Eyes And Bad Actors | A Live Stream Panel With Shinesa Cambric And John Sapp Jr | Redefining CyberSecurity With Sean Martin

19 april 2022 | 51 min

Higher Education And Regulated Research Community Of Practice (RRCoP) | 5 Goals To Raise The Security And Compliance Posture Of Academic Institutions | Redefining CyberSecurity With Carolyn Ellis, Erik Deumens, And Michael Parisi

15 april 2022 | 42 min

When it comes to implementing efficient and effective information security programs, higher education institutions can use all the help they can get. That's where the RRCoP community comes in.

In today's episode, our guests, Carolyn Ellis, Erik Deumens, and Michael Parisi talk through the goals of the RRCoP community and the impact is has on the higher education cybersecurity community as they work hard to raise the security and compliance posture for their institutions.

The 5 RRCoP Goals

Goal 1: Build a Community
The Regulated Research Community of Practice (RRCoP) builds a network of people able to help each other in implementing an affordable but effective cybersecurity and compliance program at academic institutions.

Goal 2: Collect and Share Resources
Establish a leadership training and development program accelerating availability of distributed university resources.

Goal 3: Advocate and Negotiate
Develop representation through strategic partnerships with industry and government entities.

Goal 4: Manage Change
The Department of Defense modified the DFARS clause to mandate that NIST 800-171 be followed for data classified and marked as CUI in 2017. The next evolution of this program, CMMC, has already undergone significant changes now called CMMC 2.0. Other agencies, for example, Department of Education, have indicated that they are considering following a similar path to safeguard data.

Goal 5: Simplify Compliance
A collective and streamline approach to compliance lowers the barrier to entrance for expansion of supported regulations by individual institutions.

____________________________

Guests

Carolyn Ellis
CMMC Program Manager at UC San Diego [@ucsandiego]
On LinkedIn | https://www.linkedin.com/in/carolynellis1/

Erik Deumens
Research Computing Director, Information Technology at University of Florida [@UF]
On LinkedIn | https://www.linkedin.com/in/deumens-erik-164167146/

Michael Parisi, VP of Adoption, @HITRUST

____________________________

This Episode’s Sponsors

Book: https://www.rothstein.com/product/critical-infrastructure-risk-assessment-the-definitive-threat-identification-and-threat-reduction-handbook/

____________________________

Resources

Regulated Research Community of Practice: https://www.regulatedresearch.org/

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Balancing Reward Over Risk | Evolving CyberSecurity Through Systems Engineering And Committee Collaboration | Redefining CyberSecurity With Howard Miller And Ron Ross

4 april 2022 | 39 min

Large-Scale Data Analytics For Cybersecurity And Solving Real-World Grand Challenges | Redefining CyberSecurity With Professor David Bader

31 mars 2022 | 39 min

Book | Critical Infrastructure Risk Assessment: The Definitive Threat Identification And Threat Reduction Handbook | Redefining CyberSecurity With Ernie Hayden

31 mars 2022 | 45 min

In a world where everything is connected and interdependent, complexity has become part of our very way of life, and it must be part of our way of thinking. But, especially when we look at infrastructure security, the boundaries between analog and digital, physical and cyber, are simply not there anymore.

In today's conversation, we discuss the importance of looking at our society, economy, and security as a complex system of interdependent subsystems. Everything is connected, and we are not just referring to IoT.

From bridges to nuclear plants, to the President's car, and all the way up to space, the security assessment of critical infrastructure is not a checklist but a mindset.

About The Book
As a manager or engineer have you ever been assigned a task to perform a risk assessment of one of your facilities or plant systems? What if you are an insurance inspector or corporate auditor? Do you know how to prepare yourself for the inspection, decided what to look for, and how to write your report?

This is a handbook for junior and senior personnel alike on what constitutes critical infrastructure and risk and offers guides to the risk assessor on preparation, performance, and documentation of a risk assessment of a complex facility. This is a definite “must read” for consultants, plant managers, corporate risk managers, junior and senior engineers, and university students before they jump into their first technical assignment.

____________________________

Guest
Ernie Hayden
On LinkedIn | https://www.linkedin.com/in/enhayden/
Publisher's Twitter | https://twitter.com/RothsteinPub
____________________________

Resources

____________________________

This Episode’s Sponsors

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Business Continuity: Building And Operationalizing A Functional Disaster Recovery Plan | A Live Stream Panel With Dr Rebecca Wynn And Gayle Anders | Redefining CyberSecurity With Sean Martin

29 mars 2022 | 50 min

Every organization has exposure to risk. Every organization experiences events that cross over the risk threshold to quickly realize they are facing an incident head-on.

It's how the organization prepares for these situations that matter most. Preparation is so much more than recognizing that a disaster might occur. It's also more than having a documented plan draft months (maybe even years ago) that, if activated, would prove worthless—or worse—counterproductive such that the disaster turns into an all-out crisis. A disaster doesn't need to result in a crisis, and that's what we will cover in this episode—how to keep the business running without killing the business in the process.

Join us for this session as we explore the following points:
◾️ What is a disaster?
◾️ Goals of a disaster recovery plan
◾️ How to build a functional plan
◾️ Who builds it?
◾️ Who validates it?
◾️ What is in the plan
◾️ How does a BC/DR plan fit into your IT/IS programs (IR, for example)
◾️ Testing/Tabletop exercises

____________________________

Guests

Dr Rebecca Wynn
Chief Cybersecurity Strategist & CISO at Click Solutions Group
On LinkedIn | https://www.linkedin.com/in/rebeccawynncissp

Gayle Anders
Global Business Continuity Program Manager at Netflix [@netflix]
On LinkedIn | http://linkedin.com/in/gayle-anders-business-continuity-professional

____________________________

This Episode’s Sponsors

Archer: https://itspm.ag/rsaarchweb

____________________________

Resources

____________________________

Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/business-continuity-building-and-operationalizing-a-functional-disaster-recovery-plan-redefining-cybersecurity-with-sean-martin

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Creating A Data Security Strategy And Operationalizing A Mature Data Security Program | A Live Stream Panel With Chris Daskalos And Andy Rappaport | Redefining CyberSecurity With Sean Martin

24 mars 2022 | 50 min

Book | Security Yearbook: A Complete History And Directory Of The Entire Cybersecurity Industry | Redefining CyberSecurity With Richard Stiennon

14 mars 2022 | 41 min

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.

In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.

About the book
Security Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!

The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.

Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.

A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.

Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.

There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.

The biggest difference in the directory this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor’s health. Successful vendors grow.

Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.

____________________________

Guest

Richard Stiennon
Chief Research Analyst at IT-Harvest [@cyberwar]
On Twitter | https://twitter.com/stiennon
On LinkedIn | https://www.linkedin.com/in/stiennon/
On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug

____________________________

This Episode’s Sponsors

https://twitter.com/hackinglz/status/1497035113170886656

____________________________

Resources

Security Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry
- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/
- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/

Connect with Richard at IT-Harvest: https://it-harvest.com/

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

How To Create Effective Security Cultures | Redefining CyberSecurity With Dutch Schwartz And Rock Lambros

8 mars 2022 | 43 min

The Playbook To Defend Against Aggressive Cyber Ops: Preparing For A Cyber Crisis As The Crisis Strikes | Redefining CyberSecurity With Mick Douglas

26 februari 2022 | 37 min

There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days."

How is that helpful?

It isn't. It could actually be counter-productive.

With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.

That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.

____________________________

Guest

Mick Douglas
InfoSec Innovations | SANS Principal Instructor | IANS Faculty
On Twitter | https://twitter.com/bettersafetynet
On LinkedIn | https://www.linkedin.com/in/mick-douglas/

____________________________

This Episode’s Sponsors

Imperva: https://itspm.ag/rsaarchweb

Archer: https://itspm.ag/itsphitweb

____________________________

Resources

Inspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960

National Council of ISACs: https://www.nationalisacs.org/

Other social posts mentioned:
https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBd

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Book | Can. Trust. Will. Hiring For The Human Element In The New Age Of Cybersecurity | Redefining Security With Leeza Garber And Scott Olson

24 februari 2022 | 45 min

If the goal is to fill a role and keep it filled, we may be missing the point of hiring and retaining top talent.

More than ever, investing in the human element of cybersecurity is paramount. How we staff and maintain our cyber teams will determine the success of the individuals, the team, and the program.

In today's conversation, we connect with two authors, Leeza Garber and Scott Olson, to talk about this topic in-depth, as we explore the catalyst behind the writing of their book, Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity.

About the Book
Cyberthreats evolve at a staggering pace, and effective cybersecurity operations depend on successful teams. Unfortunately, statistics continue to illustrate that employers are not finding the people they need.

The Can. Trust. Will. system guides the C-Suite, HR professionals and talent acquisition to build unbeatable cybersecurity teams through advanced hiring processes and focused on-boarding programs. Additionally, this book details how successful cybersecurity ecosystems are best built and sustained, with expert analysis from high-level government officials, Fortune 500 CSOs and CISOs, risk managers, and even a few techies.

Those already in the field (and newbies) will glean invaluable knowledge about how to find their most effective position within a cybersecurity ecosystem. In a tech-driven environment, cybersecurity is fundamentally a human problem: and the first step is to hire for the human element.

Are you looking to fill roles? Or are you looking for people? This nuanced difference can make all the difference.

Listen in.

____________________________

Guests

Leeza Garber
Founder, Leeza Garber Esq Consulting LLC & Can. Trust. Will. LLC
On Twitter | https://twitter.com/leezagarber
On LinkedIn | https://www.linkedin.com/in/leeza-garber/

Scott Olson
Co-Founder, Can. Trust. Will. LLC
On LinkedIn | https://www.linkedin.com/in/scottolsonexec/

____________________________

This Episode’s Sponsors

Imperva: https://itspm.ag/rsaarchweb

____________________________

Resources

Book: Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity: https://www.amazon.com/Can-Trust-Will-Element-Cybersecurity-ebook/dp/B09H1V8LHL/

Cyber Seek: https://www.cyberseek.org/

Previous podcast with Scott Olson: Be Fascinated: What It Takes To Find Fulfillment And To Be A Good Leader | Redefining Security With Scott Olson

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

St. Joseph's Health | Cybersecurity & Vendor Risk Management: Why It Matters | Redefining CyberSecurity With Ebony Riley And Jesse Fasolo

14 februari 2022 | 46 min

How And When To Put Standards To Work — And Not | Redefining CyberSecurity With Alyssa Miller And Accidental CISO

1 februari 2022 | 52 min

Maritime Intelligence | OSINT And The Ocean | Redefining CyberSecurity With Rae Baker

27 januari 2022 | 41 min

The Blindspot Of Infosec Training | Redefining CyberSecurity With Eric Thomas

20 december 2021 | 45 min

The Real Story About LOG4J - No FUD - No Clickbait - No BS | A Special ITSPmagazine Redefining CyberSecurity Webcast Panel With Alyssa Miller, Katie Nickels, Eric Thomas, And Mark Nunnikhoven

17 december 2021 | 61 min

Cloud Transformation And Security | Redefining CyberSecurity With Helen Oakley

15 november 2021 | 26 min

The Psychology Of Cybersecurity And The Value Of Thinking Outside The Box | Redefining CyberSecurity With Morgan Wright

10 november 2021 | 51 min

The Relationship Between Roles — When Product Management Meets Information Security | Redefining CyberSecurity With Christie Chaffee

4 november 2021 | 34 min

Should We Stop Requiring CISOs To Have A CISSP? Let’s Talk About It | Redefining CyberSecurity With Brian Bobo

30 september 2021 | 42 min

We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!

Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.

From The LinkedIn Post
I don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.

____________________________

Guest
Brian Bobo
On LinkedIn | https://www.linkedin.com/in/brianbobo/

____________________________

This Episode’s Sponsors

____________________________

Resources

LinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Be Fascinated: What It Takes To Find Fulfillment And To Be A Good Leader | Redefining CyberSecurity With Scott Olson

30 augusti 2021 | 56 min

Leadership can make or break an organization's chance for success, and eventually, it will. It doesn't matter what company, organization, or community teams you lead—all you do and how you do it matters for the end result.

Given the nature of the function within the cybersecurity industry, someone may think that their style needs to be more decisive than most; that maybe they even and get some "wild cards" due to the uniqueness of their role. The truth is that there is no "uniqueness" in this industry, and the basic rules of effective leadership work the same for all. You are either a good leader, or you are not.

Today's conversation extends well beyond cybersecurity as our guest, Scott Olson, brings to bear the realities of what it takes to be a leader in any industry, in any function, and find fulfillment in a leadership position. Becoming a leader doesn't happen magically. It also doesn't require you to excel in the roles you lead or know what it feels like to be in any position you oversee. Instead, it involves understanding and embracing the big picture and transitioning your sense of self-worth when needed.

"The mistake that we make in the leadership industry is that we think behaviors correlate to performance: here are the ten things that great leaders do; here are the five things that great leaders avoid. I'm an influenced leader. I'm a charismatic leader. I'm a servant leader. People don't follow you because you're a specific type of leader. People don't even follow because they like you. What I've found is that people follow you if they know you like them if they know that you value them, that you see who and what they are, that you appreciate what they're capable of, and that you appreciate that they are doing what you need." —Scott Olson

What does "being fascinated" have to do with good leadership? Have a listen to find out.

____________________________

Guest
Scott Olson
On LinkedIn: https://www.linkedin.com/in/scottolsonexec/
____________________________

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

Semperis: https://itspm.ag/semperis-1roo

____________________________

Resources

The book, Can.Trust.Will. Hiring For The Human Element in the New Age of Cybersecurity., will be published here: https://www.businessexpertpress.com/

Podcast | Trust, Gratitude, Mentorship And Other Lessons From A Spy Recruiter | A Conversation With Robin Dreeke | Tech Done Different With Ted Harrington: https://itspmagazine.simplecast.com/episodes/trust-gratitude-mentorship-and-other-lessons-from-a-spy-recruiter-a-conversation-with-robin-dreeke-tech-done-different-with-ted-harrington

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

What Does It Take To Be A CISO? | A Living Social Thread From A Deputy CISO Fresh On The Job At A Billion-Dollar Crypto Company | Redefining CyberSecurity With J.M. Porup

19 augusti 2021 | 36 min

CyberSecurity Futures | Aston Martin's Road To Zero Threats | Redefining CyberSecurity At InfoSec London With Robin Smith

6 augusti 2021 | 34 min

The Role Of General Counsel For Incident Response Planning And Handling | Redefining CyberSecurity With Cody Wamsley And James Yarnall

5 juli 2021 | 45 min

Ethical Issues In Cybersecurity Research And Practice | Redefining CyberSecurity With Kevin Macnish And Jeroen Van Der Ham

25 juni 2021 | 41 min

Practical Cybersecurity Architecture: A Guide To Creating And Implementing Robust Designs For Cybersecurity Architects | Redefining CyberSecurity With Diana Kelley And Ed Moyle

15 juni 2021 | 39 min

What is an architecture? Is it a document? A process? A policy? A map? A discipline? A mindset? When you hear what it is, you may have to re-evaluate how you approach your cybersecurity program. Are you ready?

“The ideal architect should be a man of letters, a skillful draftsman, a mathematician, familiar with historical studies, a diligent student of philosophy, acquainted with music, not ignorant of medicine, learned in the responses of jurisconsults, familiar with astronomy and astronomical calculations.” ― Vitruvius

About the Book
Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.

With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.

By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.

Guests
Diana Kelley
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/diana-kelley

Ed Moyle
On Twitter 👉 https://twitter.com/securitycurve
On Linkedin 👉 https://www.linkedin.com/in/edmoyle/

This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988

____________________________

Resources
Book — Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects: https://www.amazon.com/Practical-Cybersecurity-Architecture-implementing-cybersecurity/dp/1838989927

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Automated Feeds Are Killing The CTI Community; I Only Want Human Created Threat Intel!!! | Redefining CyberSecurity With CyberSquarePeg And Andy Piazza

7 juni 2021 | 35 min

Supply Chain Resilience In A Time Of Techtonic Geopolitical Shifts | Redefining CyberSecurity With Andrea Little Limbago

26 maj 2021 | 20 min

The State Of Worldwide Cybersecurity From The People Who Run It | Redefining CyberSecurity With Dr. Reem Faraj AlShammari

24 maj 2021 | 17 min

Don’t Be Afraid Of A Crisis And Don’t Let The Crisis Define You | Redefining CyberSecurity With Parham Eftekhari

17 maj 2021 | 33 min

It's #TableTopTuesday On Twitter | What Serious Silliness Did We Spot While Redefining CyberSecurity With Meg Hargrove?

4 maj 2021 | 37 min

Unless there's a plan that's been practiced, one's gut reaction is probably how things will roll when an incident occurs. #TableTopTuesday on Twitter from Meg Hargrove captures some of those "moments" — let's discuss.

Before we do, though, do any of these sound like your go-to first step during a cyber incident?
- “Brown alert”
- “Cry for a minute”
- “Update resume”

While there may get a chuckle from someone looking in on a fake situation presented on social media, incident response is no joking matter when real life is at stake. And that's why I wanted to have a conversation with @cybersecmeg — what she is doing with #TableTopTuesday on Twitter is nothing short of brilliant: present an incident use case and get feedback from the community for how they would respond.

There's no single right nor wrong answer, of course. And, the conversation doesn't just stop abruptly with an answer either — there's some good dialog from the community, presenting some solid options and some meaningful back-and-forth as the scenario unfolds.

Take this scenario, for example:

Credentials for your AWS cloud environment have been accidentally left hard coded into a PUBLIC GitHub repository. You check your cloud portal and find $75K worth of spend not created by your org. What do you do?

Well, time us up. The incident is happening. What do you do? What should you do?

First, listen to this chat with Meg and then check out the #TableTopTuesday threads to start planning and practicing.

Guest
Meg Hargrove, Cybersecurity Incident Response Manager (@cybersecmeg on Twitter)

This Episode’s Sponsors

https://twitter.com/cybersecmeg/status/1384603498323582976

____________________________

Resources
Inspiration for this conversation:

https://twitter.com/cybersecmeg/status/1379523065999155201

https://twitter.com/cybersecmeg/status/1376981399719321604

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

The Relationship Between Roles — PR/Media Relations And Information Security | Redefining CyberSecurity With Melanie Ensign And Ed Amoroso

19 april 2021 | 38 min

The Connection Between Product Quality Assurance And Application Security In Business | Redefining CyberSecurity With Tom Morrissey And Cassio Goldschmidt

9 april 2021 | 47 min

Nowadays, every company is pretty much a technology company, and as such, they all should have some understanding of quality assurance (QA). Also, an understanding of information security would be nice. The question is, how and where do these two worlds collide?

And, is that security world AppSec or DevSecOps? Or is it something completely different?

The QA role often approaches testing an application through user stories and use cases, working toward verifying that it does everything it is supposed to do. On the other hand, an application security team often comes to the situation from a different perspective; they try to get the system to do something it is not supposed to do, going beyond the user interface and breaking free from documented user scenarios.

While these two perspectives may differ significantly, there is still a ton of shared vision for reaching the end goal: rooting out as many bugs as they can to deliver the best possible product. They also share some common challenges as they try to connect and work with the line-of-business owners, architects, IT, operations, and engineering teams.

With this in mind, what, specifically, are the synergies, and how can these two teams help each other succeed? Should they be working together, or does it make sense for them to remain separate?

Tune in to this episode with guests: Tom Morrissey (a long-time QA and engineering director) and Cassio Goldschmidt (a very active application security expert and OWASP leader) reach back to the past to help us understand how QA has evolved and what lessons the application security professionals can learn from their history.

Guests
Tom Morrissey, Director of Software Engineering

Cassio Goldschmidt, Sr. Director & CISO at ServiceTitan | OWASP Chapter Leader (@CassioGold on Twitter)

This Episode’s Sponsors

____________________________

Resources
Learn more about OWASP: https://owasp.org/ (@owasp on Twitter)

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

The Relationship Between Roles: Human Resources And Information Security | HR Is The Organization's Communications Super Glue | Redefining CyberSecurity Culture With Dora Ross, Global Security Culture Specialist

16 mars 2021 | 34 min

The human resources department within any organization is well-positioned to feel the pulse and monitor a company's culture—teams, divisions, and the organization as a whole. Because of this, it could be the ideal ally to the InfoSec team. But is it? Let's find out.

Consider the lifecycle of an employee. The initial company awareness, gaining familiarity with its brand, exploring its job opportunities, moving on to the next role, all the way to retirement—or perhaps even getting fired. Of course, there's everything in-between as well, including annual performance reviews, salary and compensation discussions, workplace behavior and related training, ongoing education, promotions, and more.

At each stop along their journey and throughout each of the phases within the candidate/employee journey, HR has an opportunity to help shape the company's culture by reinforcing fundamental principles, operational ethics, and the related policies and actions. Just as we should be baking information security into the products—as early, and as often as possible—we should follow this same model for building our workforce and the company culture in which they exist.

There's an opportunity for InfoSec and HR to collaborate to present and discuss the value of good information security hygiene: using a password manager, connecting through a VPN, paying attention to potential leaks or loss of data, and thinking critically during a security awareness training event—these are just a few examples.

The importance of security shouldn't begin once the person becomes an employee; the organization can demonstrate their investment in InfoSec well before the jobs are posted and the interviews start.

On the other side of the equation, there's an opportunity to maintain security and safety for the organization by encouraging a now-former employee to continue to carry with them the lessons they've learned as they move on to another company or retire into the sunset.

Easy to say, but is it that simple? How are HR departments holding on with all the new responsibilities piling up on their desk lately? Can they take one more role without a fundamental redefinition of their role within a company?

There's so much to be gained here. This is definitely a conversation worth listening to, especially if you are in HR, InfoSec, or are an employee (I think that captures everyone, doesn't it?).

Enjoy!

NOTE: This episode is part of our "Building Better Security Relationships" series. Catch the last episode with Legal Counsel here: http://itsprad.io/redefining-security-411

Guests
Dora Ross, Global Security Culture Specialist

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

Key Resources: https://itspm.ag/keyresources-2876

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Taking The Insanity Out Of Incident Response | Take Control Of Your Security Operations Center | Redefining CyberSecurity With Melissa Duncan And Kristy Westphal

11 februari 2021 | 43 min

We know that SOC team members are burning out as they try to protect companies, yet many InfoSec programs repeat the same strategies expecting different results. Can we take insanity out of the incident response?

That's a good question. One that we're not going to answer, but one that we will discuss and hopefully encourage you all to think about with us as we try to get to the root of the problem: what needs to change.

In this podcast, we will shed some light on how SOC teams could modify their programs to embrace risk-based alerting and response enabled by information, and by doing so, filtering out as much noise as possible.

To do so, Sean Martin is joined by two seasoned security operations and incident response professionals:

Melissa Duncan, who is responsible for developing security content, incident response procedures, and response automation, and Kristy Westphal, who uses her hands-on experience to design, implement and manage security and operational risk programs by bringing her passion for trying to — YES! — take the insanity out of incident response.

Join us for our journey as we explore how to pivot your SOC from the monotonous audit-based checking-of-boxes to a program that can manage real, high-priority, risk-based events to which your team can successfully respond.

Yes, you better believe that it is actually possible to run a SOC free from insanity. It's time to break from the same 'ole routine to try something different. The real-life in-the-trenches SOC experiences recounted by Kristy and Melissa can help your program get a bit more creative and bring those needed changes to light—for the security team and for the business goals too.

Perhaps a reset on one or more parts of your program will reinvigorate you and bring a renewed passion for what you do. Or, maybe not. In that case, we'll see you later as you tick that next checkbox.

Let's see how you feel after listening to this one.

Guests
Melissa Duncan, VP of Security Content and Response Automation at Union Bank

Kristy Westphal, VP of CyberSecurity Incident Response Team at Union Bank

This Episode’s Sponsors

Key Resources: https://itspm.ag/keyresources-2876

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Patents Versus Progress: The State Of Technology And Innovation Protection | Redefining CyberSecurity With Joanna Chen And Puya Partow

1 februari 2021 | 35 min

Information Security Automation: Can You Automate Security Culture? | Redefining CyberSecurity With Tomasz Bania

19 januari 2021 | 27 min

The amount of work security teams have to handle is increasing exponentially and takes a severe toll on their ability to keep up with the threats. Thankfully, there is technology. Bring on security automation!

Automation sounds simple enough, right? But is it? And do security teams automate the right things?

When considering security automation, it's natural to look at the opportunity purely from a security operations perspective: responding to an incident, taking care of alerts, and looking into threat intelligence. But there's much more to it than that.

What are some of the basics of automation that teams get right?

What impact does that automation have on protection, detection, monitoring, and response?

How can security automation drive value not only for the InfoSec team but for the business overall?

When you dive deeper into this, you'll hopefully realize there are many IT- and business-related processes that you can—and should—be automating and integrating into your InfoSec program regularly. That's what we do in this episode with Dolby Labs' Tomasz Bania.

Tomasz presents some examples for how organizations can take a set of single actions, bringing them all together to potentially get to a point where you are doing the entire end-to-end process, leveraging a fully-automated—or, at least, a mostly-automated—implementation.

In this episode, we get into some real-world cases that InfoSec teams can take and operationalize. We also take the opportunity to talk about the relationship amongst business types, their level of maturity, and whether or not there is such thing as "automation culture." If there is, can we actually automate that too?

If you want, even more, be sure to catch Tomasz's RSAC 365 session (link below).

Guest
Tomasz Bania, Cyber Defense Manager at Dolby Laboratories

This Episode’s Sponsors:

RSA Security: https://itspm.ag/itsprsaweb

____________________________

Resources
RSAC 365 Session: Scaling Your Defenses: Next Level Security Automation for Enterprise

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

The Relationship Between Roles: Legal Counsel And Information Security | Redefining CyberSecurity With Cody Wamsley And Diego Fernández

14 januari 2021 | 36 min

Way too often, we think of cybersecurity professionals as if they come from another galaxy; Aliens, with no understanding of the business and not much to contribute to it. Well, it's not true. In this series, we explain why.

There are exciting intersections between law, compliance, security, privacy, contracts, and business. It's time we talk about the value of building a strong relationship between information security and the legal team.

Suppose things were not already uneasy; to make things even more interesting, let's consider policy differences around the world. These can impact how organizations define and run their business, collect and store their data, protect their information and systems, and demonstrate that they are doing the "right thing." Toss in the 3rd-party vendor ecosystem, and now we're having fun. Unless, of course, the InfoSec and legal teams are working in silos, unknowingly causing the other team angst and pain—or worse—actively working against each other, bringing disruption to operational efficiencies and harm to the overall business.

Legal processes have been around for donkeys years. InfoSec practices, not so much. So, how do two lawyers familiar with security and privacy law (among other things)—and that also have a hand in information security practices—view the relationship between the two roles?

We're glad you asked. Have a listen to find out.

Guests
Cody Wamsley, Associate at Dorsey & Whitney LLP (@codywamsley on Twitter)

Diego Fernández, Partner IP, IT & Privacy - RegTech- Marval, O'Farrell & Mairal (@DferDiego on Twitter)

This Episode’s Sponsors:

RSA Security: https://itspm.ag/itsprsaweb

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

PCI-DSS Version 4 Is In The Works—What Impact Might It Have On Security Operations And The Business' Bottom Line | Redefining CyberSecurity One-On-One With Mitch Parker

1 december 2020 | 26 min

Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?

There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.

This probably makes sense to many reading this. But what's missing from this equation? More than you may think.

To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.

There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.

Guest
Mitch Parker, CISO, Indiana University Health (@mitchparkerciso on Twitter)

Resources

3 blogs related to the pending v4 PCI-DSS standard:

This Episode’s Sponsors:

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

No Hollywood Ending Here: Prepare For A Doomsday Cybersecurity Conversation | Redefining CyberSecurity With Marcus J. Ranum

16 november 2020 | 40 min

We've had enough conversations about the relationship between technology, cybersecurity, and technology to know that people have different expectations, hopes, and visions. Some utopian, some dystopian, and some are Marcus J. Ranum.

We met Marcus J. Ranum a few years ago during an ISSA Los Angeles Summit, where we had an inspiring and thought-provoking conversation about the idea of needing the equivalent of a Geneva Convention for cybersecurity. Given the many twists and turns the conversation had, it was at that point that we knew Marcus had a different perspective on cyber life, as many other professionals do.

Jump ahead a few years to our partnership with ISSA International and we find ourselves with the opportunity to have an extended Luminaries Series chat with Marcus—this time looking at things through the lens of our Redefining Security channel. We take a look at the past, where Marcus was instrumental in bringing to life the first information security firewalls, and from there, we leaped into the present and the future. Buckle up, because it is not a pleasant stroll in the park, and it got pretty dark, very quickly.

In 1976, when Marcus "got into computing," the deployment of systems involved running a wire to a terminal, plugging it in, and enabling the operating system. And, when we say "enabling the operating system" we mean actually building a kernel for your system that you were going to run it on, configuring the hardware, and configuring the device drivers that you needed in the operating system for the hardware that you were going to run everything on.

"We didn't have all these gigantic driver frameworks as we do nowadays. Everything was kind of low and slow, and lean and mean… it had to be because there wasn't infinite amounts of memory nor infinite amounts of processing power. And that had a direct effect on the way security evolved." —Marcus J. Ranum

Fast forward 40+ years—where have we landed—where are we headed?

As you will hear, Marcus has a very dark view of the future of security; a future that involves software engineers, hardware engineers, increased complexity, ongoing abstraction, and an overall lack of comprehension of how things work. This story may be ripe for the picking for a Hollywood flick to hit your favorite streaming service. However, it may not be the traditional Hollywood ending that you might expect.

Come on, join us for this journey. It's one you won't want to miss being part of.

Is there hope for the future of technology and humanity?

Maybe. Maybe not.

Guest(s)
Marcus J. Ranum

Resources
Book: The Myth of Homeland Security by Marcus Ranum: https://www.amazon.com/Myth-Homeland-Security-Marcus-Ranum/dp/0471458791

Book: Huawei and Snowden Questions: https://openlibra.com/en/book/the-huawei-and-snowden-questions

This Episode’s Sponsors:

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Simplifying Information Security And Making It A Business Driver | Redefining CyberSecurity With Joshua Scott

12 oktober 2020 | 35 min

Cybersecurity and business haven't played the same game — mostly because they did not understand each other. Thankfully, these days, security can not only be the business protector but a driving force for growth.

We often hear stories about digital transformation and moving on-premises data centers to the cloud, but seldom get to listen to some of the specifics for many of these business-defining projects. Who's involved and how are these critical relationships established and maintained are essential factors to understand the real value an InfoSec team can bring to the business.

CISOs and their business peers that fail to connect the dots between cyber risk management and the business objectives can actually be doing the business a disservice, namely with the language, the jargon, and the mysteriousness about what both sides are trying to accomplish. Let's face it, many organizations don't realize it, but they are making things too complicated.

Listen to today's story to hear how our guest, Joshua Scott (former Realtor.com’s CISO), supported the business, making things really simple to understand while providing quick feedback that allowed the organization to move things along and grow.

Ultimately, it was about establishing relationships and open communications across the organization that reduced operational burden while also reducing the potential impact of a threat.

"Really getting the organization to care about security was hard; it was really hard. That's why I started focusing on understanding what was important to them."—Joshua Scott.

Guest
Joshua Scott, former CISO, Realtor.com

This Episode’s Sponsors:

RSA Security: https://itspm.ag/itsprsaweb

____________________________

To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity

Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction

Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships

Zero To Trust In 60 Seconds | The Race To Overcoming Our Cybersecurity Challenges | Redefining CyberSecurity With Siân John, Zulfikar Ramzan, Chris Roberts, And Francesco Cipollone

22 september 2020 | 49 min

Zero Trust sounds impressive and futuristic, but it isn't really a new concept — and what does it actually mean? It is not that different from past trust models such as Trust But Verify and Least Privilege.

So, here we are once again, stating the obvious: if we don't think differently about the problems we face, we're not going to be able to solve them.

Security practitioners and managers are bombarded by marketing messages that require decoding and interpretation, and how to make a decision is more than a matter of trust v literally. Do they listen to analysts, vendors, auditors, their peers, or their gut?

Security professionals and their teams are expected to keep up with the changes as new industry reports come out and new technologies are brought to market. Still, they are often forced to continuously think differently about the problems they face in a confusing, distracting, and counterproductive way. This is simply not good for our industry nor our businesses' security.

In today's episode, we muse and question the status quo that has characterized our industry for the past 20 years. We go beyond this debate and beyond the Zero Trust concept to look at how organizations should evaluate not just their tech stack but also their teams, operations, and processes. We reflect on where trust fits in, how it plays a crucial role in a security program, and why it isn't binary in nature.

Yes, you must think differently, but it's not a good idea to rely on others to think differently for you. Think for yourself and your organization — as you are the one that knows what matters the most for your business.

Then, put your thinking cap on and enjoy this episode of Redefining Security.

"You have this perfect plan, but then you hit the real world and no plan survives contact with the enemy." —Dr. Zulfikar Ramzan

"Why do we keep doing this? We continue to chase technology. Why do we not think about the human? Why do we think about the process and procedures? Zero Trust would be great if we could actually know where the hell all the data was inside an environment." —Chris Roberts

"We are our own worst enemy. We produce something that is beautiful in our head, but it doesn't work in practice." —Francesco Cipollone

"We're always looking for the easy button as an industry and then blame vendors when they buy the easy button and it doesn't work." —Siân John

Guest(s)
Siân John | Zulfikar Ramzan | Chris Roberts | Francesco Cipollone

This Episode’s Sponsors: