On Location With Sean Martin And Marco Ciappelli

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Keynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591

Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025

New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurity

Good Harbor Security Risk Management (Richard Clarke’s firm): https://www.goodharbor.net/

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

cristin flynn goodwin, sean martin, marco ciappelli, sector, microsoft, ai, identity, agents, ciso, quantum, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Broadcasting to AI Agents: Mark Smith on Technology's 100-Year Evolution at IBC 2025 Amsterdam | On Location Event Coverage Podcast With Sean Martin & Marco Ciappelli

Wed, 27 Aug 2025 06:36:23 +0000

I had one of those conversations that reminded me why I'm so passionate about exploring the intersection of technology and society. Speaking with Mark Smith, a board member at IBC and co-lead of their accelerator program, I found myself transported back to my roots in communication and media studies, but with eyes wide open to what's coming next.

Mark has spent over 30 years in media technology, including 23 years building Mobile World Congress in Barcelona. When someone with that depth of experience gets excited about what's happening now, you pay attention. And what's happening at IBC 2025 in Amsterdam this September is nothing short of a redefinition of how we create, distribute, and authenticate content.

The numbers alone are staggering: 1,350 exhibitors across 14 halls, nearly 300 speakers, 45,000 visitors. But what struck me wasn't the scale—it's the philosophical shift happening in how we think about media production. We're witnessing television's centennial year, with the first demonstrations happening in 1925, and yet we're simultaneously seeing the birth of entirely new forms of creative expression.

What fascinated me most was Mark's description of their Accelerator Media Innovation Program. Since 2019, they've run over 50 projects involving 350 organizations, creating what he calls "a safe environment" for collaboration. This isn't just about showcasing new gadgets—it's about solving real challenges that keep media professionals awake at night. In our Hybrid Analog Digital Society, the traditional boundaries between broadcaster and audience, between creator and consumer, are dissolving faster than ever.

The AI revolution in media production particularly caught my attention. Mark spoke about "AI assistant agents" and "agentic AI" with the enthusiasm of someone who sees liberation rather than replacement. As he put it, "It's an opportunity to take out a lot of laborious processes." But more importantly, he emphasized that it's creating new jobs—who would have thought "AI prompter" would become a legitimate profession?

This perspective challenges the dystopian narrative often surrounding AI adoption. Instead of fearing the technology, the media industry seems to be embracing it as a tool for enhanced creativity. Mark's excitement was infectious when describing how AI can remove the "boring" aspects of production, allowing creative minds to focus on what they do best—tell stories that matter.

But here's where it gets really interesting from a sociological perspective: the other side of the screen. We talked about how streaming revolutionized content consumption, giving viewers unprecedented control over their experience. Yet Mark observed something I've noticed too—while the technology exists for viewers to be their own directors (choosing camera angles in sports, for instance), many prefer to trust the professional's vision. We're not necessarily seeking more control; we're seeking more relevance and authenticity.

This brings us to one of the most critical challenges of our time: content provenance. In a world where anyone can create content that looks professional, how do we distinguish between authentic journalism and manufactured narratives? Mark highlighted their work on C2PA (content provenance initiative), developing tools that can sign and verify media sources, tracking where content has been manipulated.

This isn't just a technical challenge—it's a societal imperative. As Mark noted, YouTube is now the second most viewed platform in the UK. When user-generated content competes directly with traditional media, we need new frameworks for understanding truth and authenticity. The old editorial gatekeepers are gone; we need technological solutions that preserve trust while enabling creativity.

What gives me hope is the approach I heard from Mark and his colleagues. They're not trying to control technology's impact on society—they're trying to shape it consciously. The IBC Accelerator Program represents something profound: an industry taking responsibility for its own transformation, creating spaces for collaboration rather than competition, focusing on solving real problems rather than just building cool technology.

The Google Hackfest they're launching this year perfectly embodies this philosophy. Young broadcast engineers and software developers working together on real challenges, supported by established companies like Formula E. It's not about replacing human creativity with artificial intelligence—it's about augmenting human potential with technological tools.

As I wrapped up our conversation, I found myself thinking about my own journey from studying sociology of communication in a pre-internet world to hosting podcasts about our digital transformation. Technology doesn't just change how we communicate—it changes who we are as communicators, as creators, as human beings sharing stories.

IBC 2025 isn't just a trade show; it's a glimpse into how we're choosing to redefine our relationship with media technology. And that choice—that conscious decision to shape rather than simply react—gives me genuine optimism about our Hybrid Analog Digital Society.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI Confusion, Privacy Pressures, and the Search for Real Value in Cybersecurity | A Black Hat USA 2025 Conversation with Evgeniy Kharam | On Location Coverage with Sean Martin and Marco Ciappelli

Sun, 24 Aug 2025 18:26:51 +0000

This year at Black Hat USA 2025, the conversation is impossible to escape: artificial intelligence. But while every vendor claims an AI-powered edge, the real question is how organizations can separate meaningful innovation from noise.

In our discussion with Evgeniy Kharam, Vice President of Cybersecurity Architecture at Herjavec Group (formerly), Chief Strategy Officer (CSO) at Discern Security, and long-time security leader and author, the theme of AI confusion takes center stage. Evgeniy notes that CISOs and security architects don’t have the time or resources to analyze what “AI” means in every product pitch. With over 4,000 vendors in the ecosystem, each layering its own flavor of AI, the burden falls on security leaders to distinguish hype from usable automation.

From Gondola Pitches to AI Overload

Evgeniy shares how his creative networking events—skiing, biking, and beyond—mirror the industry’s need for genuine connection and trust. Just as his “gondola pitch” builds authentic engagement, buyers want clarity and honesty from technology providers. The proliferation of AI labels, however, makes that trust harder to establish.

Where AI Can Help

Evgeniy highlights areas where AI can reduce friction, from vulnerability management and detection to policy writing and compliance. Yet, even here, issues such as hallucinations, privacy tradeoffs, and ethics cannot be ignored. When AI begins influencing employee monitoring or analyzing sensitive data, organizations face difficult questions about fairness, transparency, and control.

The Unspoken Challenge: Surveillance and Trust

As we discuss the balance between employee privacy and corporate protection, it becomes clear that AI introduces new layers of surveillance. In Europe, cultural and legal boundaries create clear separation between personal and professional lives. In North America, the lines blur, raising ethical debates that may ultimately be tested in courts.

The takeaway? AI has the potential to unlock workflows that were previously too costly or complex. But without transparency, governance, and a commitment to responsible use, the “AI in everything” trend risks overwhelming the very leaders it is meant to help.

___________

Guest:

Evgeniy Kharam, Chief Strategy Officer (CSO), Discern Security | On LinkedIn: https://www.linkedin.com/in/ekharam/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, evgeniy kharam, black hat usa 2025, ai, privacy, surveillance, cybersecurity, automation, governance, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think | Random and Unscripted Weekly Update with Sean Martin and Marco Ciappelli

Wed, 20 Aug 2025 16:56:49 +0000

We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think
Random and Unscripted Weekly Update Podcast with Sean Martin and Marco Ciappelli

__________________Summary

Sean and Marco dissect Black Hat USA 2025, where every vendor claimed to have "agentic AI" solutions. They expose how marketing buzzwords create noise that frustrates CISOs seeking real value. Marco references the Greek myth of Talos - an ancient AI robot that seemed invincible until one fatal flaw destroyed it - as a metaphor for today's overinflated AI promises. The discussion spirals into deeper concerns: are we becoming too dependent on AI decision-making? They warn about echo chambers, lowest common denominators, and losing our ability to think critically. The solution? Stop selling perfection, embrace product limitations, and keep humans in control.

__________________10 Notable Quotes

Sean:

"It's hard for them to siphon the noise. Sift through the noise, I should say, and figure out what the heck is really going on."
"If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make things better."
"We'll stop thinking and we won't use it as a tool to make our minds better, to make our decisions better."
"We are told then that this is the reality. This is what good looks like."
"Maybe there's a different way to even look at things. So it's kind of become uniform... a very low common denominator that is just good enough for everybody."

Marco:

"Do you really wanna trust the weapon to just go and shoot everybody? At least you can tell it's a human factor and that's the people that ultimately decide."
"If we don't make decision anymore, we're gonna turn out in a lot of those sci-fi stories, like the time machine where we become dumb."
"We all perceive reality to be different from what it is, and then it creates a circular knowledge learning where we use AI to create the knowledge, then to ask the question, then to give the answers."
"We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."
"You're selling the illusion of security and that could be something that then you replicate in other industries."

Picture this: You walk into the world's largest cybersecurity conference, and every single vendor booth is screaming the same thing – "agentic AI." Different companies, different products, but somehow they all taste like the same marketing milkshake.

That's exactly what Sean Martin and Marco Ciappelli witnessed at Black Hat USA 2025, and their latest Random and Unscripted with Sean and Marco episode pulls no punches in exposing what's really happening behind the buzzwords.

"Marketing just took all the cool technology that each vendor had, put it in a blender and made a shake that just tastes the same," Marco reveals on Random and Unscripted with Sean and Marco, describing how the conference floor felt like one giant echo chamber where innovation got lost in translation.

But this isn't just another rant about marketing speak. The Random and Unscripted with Sean and Marco conversation takes a darker turn when Marco introduces the ancient Greek myth of Talos – a bronze giant powered by divine ichor who was tasked with autonomously defending Crete. Powerful, seemingly invincible, until one small vulnerability brought the entire system crashing down.

Sound familiar?

"Do you really wanna trust the weapon to just go and shoot everybody?" Marco asks, drawing parallels between ancient mythology and today's rush to hand over decision-making to AI systems we don't fully understand.

Sean, meanwhile, talked to frustrated CISOs throughout the event who shared a common complaint: "It's hard for them to sift through the noise and figure out what the heck is really going on." When every vendor claims their AI is autonomous and perfect, how do you choose? How do you even know what you're buying?

The real danger, they argue on Random and Unscripted with Sean and Marco, isn't just bad purchasing decisions. It's what happens when we stop thinking altogether.

"If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make our minds better," Sean warns. We risk settling for what he calls the "lowest common denominator" – a world where AI tells us what success looks like, and we never question whether we could do better.

Marco goes even further, describing a "circular knowledge learning" trap where "we use AI to create the knowledge, then to ask the question, then to give the answers." The result? "We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."

Their solution isn't to abandon AI – it's to get honest about what it can and can't do. "Stop looking for the easy button and stop selling the easy button," Marco urges vendors on Random and Unscripted with Sean and Marco. "Your product is probably as good as it is."

Sean adds: "Don't be afraid to share your blemishes, share your weaknesses. Share your gaps."

Because here's the thing CISOs know that vendors often forget: "CISOs are not stupid. They talk to each other. The truth will come out."

In an industry built on protecting against deception, maybe it's time to stop deceiving ourselves about what AI can actually deliver.

________________ Keywords
cybersecurity, artificialintelligence, blackhat2025, agentic, ai, marketing, ciso, cybersec, infosec, technology, leadership, vendor, innovation, automation, security, tech, AI, machinelearning, enterprise, business

________________Hosts links:

📌 Marco Ciappelli: https://www.marcociappelli.com
📌 Sean Martin: https://www.seanmartin.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes Optional | Reflections from Black Hat USA 2025 on the Marketing That Chose Fiction Over Facts

Tue, 19 Aug 2025 00:40:50 +0000

⸻ Podcast: Redefining Society and Technology
https://redefiningsocietyandtechnologypodcast.com

_____________________________

This Episode’s Sponsors

BlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.

BlackCloak: https://itspm.ag/itspbcweb

_____________________________

A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3

August 18, 2025

The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes Optional
Reflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over Facts

By Marco Ciappelli

Sean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.

This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.

But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.

Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.

The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.

But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.

What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.

But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.

From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.

But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.

This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.

We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.

The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.

Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.

The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.

My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.

Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.

But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.

When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.

So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.

But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.

And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.

The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.

Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.

The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.

Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real.

End of transmission.

___________________________________________________________

Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.

___________________________________________________________

Enjoyed this transmission? Follow the newsletter here:

https://www.linkedin.com/newsletters/7079849705156870144/

Share this newsletter and invite anyone you think would enjoy it!

New stories always incoming.

___________________________________________________________

As always, let's keep thinking!

Marco Ciappelli

https://www.marcociappelli.com

___________________________________________________________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

TAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.

Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore? | A Black Hat USA 2025 Recap | A Musing On the Future of Cybersecurity with Sean Martin and TAPE3 | Read by TAPE3

contact@itspmagazine.com (Sean Martin, ITSPmagazine) — Fri, 15 Aug 2025 20:26:29 +0000

At Black Hat USA 2025, artificial intelligence wasn’t the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.

In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick’s keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.

We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.

Using Mikko Hyppönen’s “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.

If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?

Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?

________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

✦ Resources

Article: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/

The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/

Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEA

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

ITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/

ITSPmagazine Webinar: What’s Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year’s Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference

________

Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

To learn more about Sean, visit his personal website.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Fish Tanks to AI Agents: Why the Words “We’re Secure” Means Nothing Without Proof | A Black Hat USA 2025 Conversation with Viktor Petersson | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 11 Aug 2025 21:27:45 +0000

When security becomes more than a checkbox, the conversation shifts from “how much” to “how well.” At Black Hat USA 2025, Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Viktor Petersson, Founder of an SBOM artifact platform, unpack how regulatory forces, cultural change, and AI innovation are reshaping how organizations think about security.

Viktor points to the growing role of Software Bill of Materials (SBOMs) as not just a best practice, but a likely requirement in future compliance frameworks. The shift, he notes, is driven largely by regulation—especially in Europe—where security is no longer a “nice to have” but a mandated operational function. Sean connects this to a market reality: companies increasingly see transparent security practices as a competitive differentiator, though the industry still struggles with the hollow claim of simply being “secure.”

AI naturally dominates discussions, but the focus is nuanced. Rather than chasing hype, both stress the need for strong guardrails before scaling AI-driven development. Viktor envisions engineers supervising fleets of specialized AI agents—handling tasks from UX to code auditing—while Sean sees AI as a way to rethink entire operational models. Yet both caution that without foundational security practices, AI only amplifies existing risks.

The conversation extends to IoT and supply chain security, where market failures allow insecure, end-of-life devices to persist in critical environments. The infamous “smart fish tank” hack in a Las Vegas casino serves as a reminder: the weakest link often isn’t the target itself, but the entry point it provides.

DEFCON, Viktor notes, offers a playground for challenging assumptions—whether it’s lock-picking to illustrate perceived versus actual security, or examining the human factor in breaches. For both hosts, events like Black Hat and DEFCON aren’t just about the latest vulnerabilities or flashy demos—they’re about the human exchange of ideas, the reframing of problems, and the collaboration that fuels more resilient security strategies.

___________

Guest:

Viktor Petersson, Founder, sbomify | On LinkedIn: https://www.linkedin.com/in/vpetersson/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

https://www.linkedin.com/newsletters/7079849705156870144/

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

black hat usa 2025, sean martin, viktor petersson, sbom, compliance, ai, guardrails, iot, defcon, regulation, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Agentic AI Myth in Cybersecurity and the Humanity We Risk When We Stop Deciding for Ourselves | Reflections from Black Hat USA 2025 on the Latest Tech Salvation Narrative | A Musing On Society & Technology Newsletter

contact@itspmagazine.com (Marco Ciappelli, ITSPmagazine, tape3) — Sun, 10 Aug 2025 22:10:02 +0000

⸻ Podcast: Redefining Society and Technology
https://redefiningsocietyandtechnologypodcast.com

_____________________________

BlackCloak: https://itspm.ag/itspbcweb

_____________________________

A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3

August 9, 2025

The Agentic AI Myth in Cybersecurity and the Humanity We Risk When We Stop Deciding for Ourselves
Reflections from Black Hat USA 2025 on the Latest Tech Salvation Narrative

Walking the floors of Black Hat USA 2025 for what must be the 10th or 11th time as accredited media—honestly, I've stopped counting—I found myself witnessing a familiar theater. The same performance we've seen play out repeatedly in cybersecurity: the emergence of a new technological messiah promising to solve all our problems. This year's savior? Agentic AI.

The buzzword echoes through every booth, every presentation, every vendor pitch. Promises of automating 90% of security operations, platforms for autonomous threat detection, agents that can investigate novel alerts without human intervention. The marketing materials speak of artificial intelligence that will finally free us from the burden of thinking, deciding, and taking responsibility.

It's Talos all over again.

In Greek mythology, Hephaestus forged Talos, a bronze giant tasked with patrolling Crete's shores, hurling boulders at invaders without human intervention. Like contemporary AI, Talos was built to serve specific human ends—security, order, and control—and his value was determined by his ability to execute these ends flawlessly. The parallels to today's agentic AI promises are striking: autonomous patrol, threat detection, automated response. Same story, different millennium.

But here's what the ancient Greeks understood that we seem to have forgotten: every artificial creation, no matter how sophisticated, carries within it the seeds of its own limitations and potential dangers.

Industry observers noted over a hundred announcements promoting new agentic AI applications, platforms or services at the conference. That's more than one AI agent announcement per hour. The marketing departments have clearly been busy.

But here's what baffles me: why do we need to lie to sell cybersecurity? You can give away t-shirts, dress up as comic book superheroes with your logo slapped on their chests, distribute branded board games, and pretend to be a sports team all day long—that's just trade show theater, and everyone knows it. But when marketing pushes past the limits of what's even believable, when they make claims so grandiose that their own engineers can't explain them, something deeper is broken.

If marketing departments think CISOs are buying these lies, they have another thing coming. These are people who live with the consequences of failed security implementations, who get fired when breaches happen, who understand the difference between marketing magic and operational reality. They've seen enough "revolutionary" solutions fail to know that if something sounds too good to be true, it probably is.

Yet the charade continues, year after year, vendor after vendor. The real question isn't whether the technology works—it's why an industry built on managing risk has become so comfortable with the risk of overselling its own capabilities. Something troubling emerges when you move beyond the glossy booth presentations and actually talk to the people implementing these systems. Engineers struggle to explain exactly how their AI makes decisions. Security leaders warn that artificial intelligence might become the next insider threat, as organizations grow comfortable trusting systems they don't fully understand, checking their output less and less over time.

When the people building these systems warn us about trusting them too much, shouldn't we listen?

This isn't the first time humanity has grappled with the allure and danger of artificial beings making decisions for us. Mary Shelley's Frankenstein, published in 1818, explored the hubris of creating life—and intelligence—without fully understanding the consequences. The novel raises the same question we face today: what are humans allowed to do with this forbidden power of creation? The question becomes more pressing when we consider what we're actually delegating to these artificial agents. It's no longer just pattern recognition or data processing—we're talking about autonomous decision-making in critical security scenarios. Conference presentations showcased significant improvements in proactive defense measures, but at what cost to human agency and understanding?

Here's where the conversation jumps from cybersecurity to something far more fundamental: what are we here for if not to think, evaluate, and make decisions? From a sociological perspective, we're witnessing the construction of a new social reality where human agency is being systematically redefined. Survey data shared at the conference revealed that most security leaders feel the biggest internal threat is employees unknowingly giving AI agents access to sensitive data. But the real threat might be more subtle: the gradual erosion of human decision-making capacity as a social practice.

When we delegate not just routine tasks but judgment itself to artificial agents, we're not just changing workflows—we're reshaping the fundamental social structures that define human competence and authority. We risk creating a generation of humans who have forgotten how to think critically about complex problems, not because they lack the capacity, but because the social systems around them no longer require or reward such thinking.

E.M. Forster saw this coming in 1909. In "The Machine Stops," he imagined a world where humanity becomes completely dependent on an automated system that manages all aspects of life—communication, food, shelter, entertainment, even ideas. People live in isolation, served by the Machine, never needing to make decisions or solve problems themselves. When someone suggests that humans should occasionally venture outside or think independently, they're dismissed as primitive. The Machine has made human agency unnecessary, and humans have forgotten they ever possessed it. When the Machine finally breaks down, civilization collapses because no one remembers how to function without it.

Don't misunderstand me—I'm not a Luddite. AI can and should help us manage the overwhelming complexity of modern cybersecurity threats. The technology demonstrations I witnessed showed genuine promise: reasoning engines that understand context, action frameworks that enable response within defined boundaries, learning systems that improve based on outcomes. The problem isn't the technology itself but the social construction of meaning around it. What we're witnessing is the creation of a new techno-social myth—a collective narrative that positions agentic AI as the solution to human fallibility. This narrative serves specific social functions: it absolves organizations of the responsibility to invest in human expertise, justifies cost-cutting through automation, and provides a technological fix for what are fundamentally organizational and social problems.

The mythology we're building around agentic AI reflects deeper anxieties about human competence in an increasingly complex world. Rather than addressing the root causes—inadequate training, overwhelming workloads, systemic underinvestment in human capital—we're constructing a technological salvation narrative that promises to make these problems disappear.

Vendors spoke of human-machine collaboration, AI serving as a force multiplier for analysts, handling routine tasks while escalating complex decisions to humans. This is a more honest framing: AI as augmentation, not replacement. But the marketing materials tell a different story, one of autonomous agents operating independently of human oversight.

I've read a few posts on LinkedIn and spoke with a few people myself who know this topic way better than me, but I get that feeling too. There's a troubling pattern emerging: many vendor representatives can't adequately explain their own AI systems' decision-making processes. When pressed on specifics—how exactly does your agent determine threat severity? What happens when it encounters an edge case it wasn't trained for?—answers become vague, filled with marketing speak about proprietary algorithms and advanced machine learning.

This opacity is dangerous. If we're going to trust artificial agents with critical security decisions, we need to understand how they think—or more accurately, how they simulate thinking. Every machine learning system requires human data scientists to frame problems, prepare data, determine appropriate datasets, remove bias, and continuously update the software. The finished product may give the impression of independent learning, but human intelligence guides every step.

The future of cybersecurity will undoubtedly involve more automation, more AI assistance, more artificial agents handling routine tasks. But it should not involve the abdication of human judgment and responsibility. We need agentic AI that operates with transparency, that can explain its reasoning, that acknowledges its limitations. We need systems designed to augment human intelligence, not replace it. Most importantly, we need to resist the seductive narrative that technology alone can solve problems that are fundamentally human in nature. The prevailing logic that tech fixes tech, and that AI will fix AI, is deeply unsettling. It's a recursive delusion that takes us further away from human wisdom and closer to a world where we've forgotten that the most important problems have always required human judgment, not algorithmic solutions.

Ancient mythology understood something we're forgetting: the question of machine agency and moral responsibility. Can a machine that performs destructive tasks be held accountable, or is responsibility reserved for the creator? This question becomes urgent as we deploy agents capable of autonomous action in high-stakes environments.

The mythologies we create around our technologies matter because they become the social frameworks through which we organize human relationships and power structures. As I left Black Hat 2025, watching attendees excitedly discuss their new agentic AI acquisitions, I couldn't shake the feeling that we're repeating an ancient pattern: falling in love with our own creations while forgetting to ask the hard questions about what they might cost us—not just individually, but as a society.

What we're really witnessing is the emergence of a new form of social organization where algorithmic decision-making becomes normalized, where human judgment is increasingly viewed as a liability rather than an asset. This isn't just a technological shift—it's a fundamental reorganization of social authority and expertise. The conferences and trade shows like Black Hat serve as ritualistic spaces where these new social meanings are constructed and reinforced. Vendors don't just sell products; they sell visions of social reality where their technologies are essential. The repetitive messaging, the shared vocabulary, the collective excitement—these are the mechanisms through which a community constructs consensus around what counts as progress.

In science fiction, from HAL 9000 to the replicants in Blade Runner, artificial beings created to serve eventually question their purpose and rebel against their creators. These stories aren't just entertainment—they're warnings about the unintended consequences of creating intelligence without wisdom, agency without accountability, power without responsibility.

The bronze giant of Crete eventually fell, brought down by a single vulnerable point—when the bronze stopper at his ankle was removed, draining away the ichor, the divine fluid that animated him. Every artificial system, no matter how sophisticated, has its vulnerable point. The question is whether we'll be wise enough to remember we put it there, and whether we'll maintain the knowledge and ability to address it when necessary.

In our rush to automate away human difficulty, we risk automating away human meaning. But more than that, we risk creating social systems where human thinking becomes an anomaly rather than the norm. The real test of agentic AI won't be whether it can think for us, but whether we can maintain social structures that continue to value, develop, and reward human thought while using it.

The question isn't whether these artificial agents can replace human decision-making—it's whether we want to live in a society where they do.

___________________________________________________________

Let’s keep exploring what it means to be human in this Hybrid Analog Digital Society.

End of transmission.

___________________________________________________________

Enjoyed this transmission? Follow the newsletter here:

Share this newsletter and invite anyone you think would enjoy it!

New stories always incoming.

___________________________________________________________

As always, let's keep thinking!

Marco Ciappelli

https://www.marcociappelli.com

___________________________________________________________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber | Reflections from Black Hat USA 2025 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE3 | Read by TAPE3

contact@itspmagazine.com (ITSPmagazine, Sean Martin) — Sun, 10 Aug 2025 22:00:16 +0000

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that’s how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.

In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year’s announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren’t) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.

We dig into why operational relevance, clarity, and proof points matter more than ever. If you can’t explain what your AI does, what data it uses, and how it’s secured, you’re already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.

And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.

Whether you’re building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.

________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

✦ Resources

Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEA

ITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Citations: Available in the full article

________

Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

To learn more about Sean, visit his personal website.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How to Lose a CISO in 10 Words (or Less) | Straight Talk, Not Spin: Black Hat’s Hard Truths | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Marco Ciappelli, Sean Martin) — Fri, 8 Aug 2025 16:27:53 +0000

Black Hat USA 2025 has wrapped, and for Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Marco Ciappelli, Co-Founder of ITSPmagazine, the end of the event is both an exhale and a moment to reflect on what was learned, heard, and felt. After days of conversations with industry leaders, CISOs, vendors, and attendees from around the globe, one recurring message stands out: cybersecurity decision-makers are tired of buzzwords and hungry for real solutions.

Sean shares that during sessions and informal meetups, CISOs expressed frustration with marketing pitches that fail to connect to their real challenges. Sitting across from security leaders, marketers heard it directly—stop with the jargon and explain how your solution genuinely makes their lives easier, reduces stress, and improves security outcomes. In other words, trust and honesty carry far more weight than flashy claims.

Marco emphasizes that hype not only wastes time but also adds “noise” to the already complex job of running a security program. The more a vendor can be direct about what they do—and what they don’t do—the more likely they are to earn a lasting relationship with a CISO and their team. Both agree that connecting the dots between a product and an organization’s operational reality is key: what does adoption require, how will it fit into existing systems, and will it force a major operational shift?

Beyond the messaging critique, the duo reflects on the community element of Black Hat. They reconnected with peers, met new contacts from as far as Toronto, and discussed future events in places like Melbourne, Barcelona, and Amsterdam. They also teased the upcoming “Transatlantic Broadcast” podcast series, which will explore cybersecurity voices from across Europe while maintaining a global view.

While the Black Hat booths are now dismantled and the floors mopped, the conversations are far from over. Sean and Marco head back to Los Angeles ready to produce interviews, publish articles, and share the many stories captured during the week—stories that cut through the noise and get to the heart of what matters in cybersecurity.

___________

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Learn more about ITSPmagazine Studio: https://www.itspmagazine.studio/

Learn more about ITSPmagazine Europe: https://www.itspmagazine.com/europe

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, black hat usa 2025, ciso, cybersecurity, vendors, marketing, trust, ai, community, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Hacker Defense to Civil Liberties: Threat Modeling Meets Constitutional Law | A Black Hat USA 2025 Keynote Conversation with Jennifer Granick | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 4 Aug 2025 23:16:54 +0000

At Black Hat USA 2025, Jennifer Granick—Surveillance and Cybersecurity Counsel at the American Civil Liberties Union—takes the keynote stage to make a bold case: we are long overdue for a new threat model, one that sees government surveillance not as a background risk, but as a primary threat to constitutional privacy.

Granick draws from decades of experience defending hackers, fighting surveillance overreach, and engaging with the security community since DEFCON 3. She challenges the audience to reconsider outdated assumptions about how the Fourth Amendment is interpreted and applied. While technology has made it easier than ever for governments to collect data, the legal system hasn’t kept pace—and in many cases, fails to recognize the sheer scope and sensitivity of personal information exposed through modern services.

Her talk doesn’t just raise alarm; it calls for action. Granick suggests that while legal reform is sluggish—stymied by a lack of political will and lobbying power—there’s an urgent opportunity for the technical community to step up. From encryption to data minimization and anonymization, technologists have the tools to protect civil liberties even when the law falls short.

The session promises to be a wake-up call for engineers, designers, policymakers, and privacy advocates. Granick wants attendees to leave not only more informed, but motivated to build systems that limit the unnecessary collection, retention, and exposure of personal data.

Her keynote also surfaces a critical cultural shift: from the “Spot the Fed” days of DEFCON to a more nuanced understanding of government roles—welcoming collaboration where it serves the public good, but not at the expense of unchecked surveillance.

This conversation reframes privacy as a design problem as much as a legal one—and one that requires collective effort to address. If the law can’t fix it, the question becomes: will the technology community rise to the challenge?

___________

Guest:

Jennifer Granick, Surveillance and Cybersecurity Counsel at American Civil Liberties Union | On LinkedIn: https://www.linkedin.com/in/jennifergranick/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Keynote: Threat Modeling and Constitutional Law: https://www.blackhat.com/us-25/briefings/schedule/index.html#keynote-threat-modeling-and-constitutional-law-48276

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

marco ciappelli, jennifer granick, black hat usa, surveillance, privacy, encryption, constitution, threat modeling, cybersecurity, civil liberties, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Fake Identities, Real Consequences: The Data Trail Behind Your Political Donation | A Black Hat USA 2025 Conversation with Virginia Tech’s Alan Michaels and Jared Byers | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 4 Aug 2025 20:11:44 +0000

What happens when you inject thousands of fake identities into the political ecosystem to monitor how personal data is used—or abused? That’s the question Virginia Tech’s Alan Michaels and Jared Byers explore through their multi-year research project, “Use and Abuse of Personal Information: The Politics Edition.”

With support from 130 students across 21 majors, Michaels and Byers create realistic digital personas—complete with phone numbers, emails, and physical addresses—and sign them up across 1,400 political campaigns. Their goal? Understand how political organizations treat personal data: whether it’s used ethically, shared with third parties, or even exposed through insecure systems.

The findings are both fascinating and concerning. Their data shows that candidates across the political spectrum often prioritize fundraising above all else. The language and targeting vary, but the endgame is consistent: solicit donations and votes. And yes—these candidates frequently share or leak personal data. Sometimes it’s deliberate, sometimes it’s sloppy, and occasionally it’s the result of potential breaches.

The team examines differences in how data is handled based on whether an identity donates or not, or whether it’s tied to in-state versus out-of-state addresses. They even explore how generative AI and psychometric modeling can craft convincing personalities for these fake identities—tools that can just as easily be used for political influence campaigns and psychological manipulation.

But this project isn’t about political sides—it’s about accountability. The research remains strictly apolitical, letting the data speak for itself. Michaels and Byers are careful to avoid influencing public opinion through misinformation, focusing instead on documenting the reality of digital privacy in modern campaigning.

As more of the political playbook shifts into the digital arena, this session at Black Hat USA 2025 pushes attendees to confront an uncomfortable truth: the cost of participation in political life may include the exploitation of your digital identity.

___________

Guests:

Alan Michaels, Professor and Director, Spectrum Dominance Division at Virginia Tech | On LinkedIn: https://www.linkedin.com/in/alan-michaels-1066814/

Jared Byers, Research Associate at Virginia Tech National Security Institute | On LinkedIn: https://www.linkedin.com/in/jared-byers-8a477324b/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Session: Use and Abuse of Personal Information -- Politics Edition: https://www.blackhat.com/us-25/briefings/schedule/#use-and-abuse-of-personal-information----politics-edition-45529

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, alan michaels, jared byers, black hat, privacy, politics, data, ai, research, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Black Hat 2025: More Buzzwords, Same Breaches? | What’s Heating Up Before Black Hat 2025: Top Trends Set to Shake Up this Year’s Hacker Conference | An ITSPmagazine Webinar: On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 30 Jul 2025 21:26:32 +0000

In this thought leadership session, ITSPmagazine co-founders Sean Martin and Marco Ciappelli moderate a dynamic conversation with five industry leaders offering their take on what will dominate the show floor and side-stage chatter at Black Hat USA 2025.

Leslie Kesselring, Founder of Kesselring Communications, surfaces how media coverage is shifting in real time—no longer driven solely by talk submissions but now heavily influenced by breaking news, regulation, and public-private sector dynamics. From government briefings to cyberweapon disclosures, the pressure is on to cover what matters, not just what’s scheduled.

Daniel Cuthbert, member of the Black Hat Review Board and Global Head of Security Research at Banco Santander, pushes back on the hype. He notes that while tech moves fast, security research often revisits decades-old bugs. His sharp observation? “The same bugs from the ‘90s are still showing up—sometimes discovered by researchers younger than the vulnerabilities themselves.”

Michael Parisi, Chief Growth Officer at Steel Patriot Partners, shifts the conversation to operational risk. He raises concern over Model-Chained Prompting (MCP) and how AI agents can rewrite enterprise processes without visibility or traceability—especially alarming in environments lacking kill switches or proper controls.

Richard Stiennon, Chief Research Analyst at IT-Harvest, offers market-level insights, forecasting AI agent saturation with over 20 vendors already present in the expo hall. While excited by real advancements, he warns of funding velocity outpacing substance and cautions against the cycle of overinvestment in vaporware.

Rupesh Chokshi, SVP & GM at Akamai Technologies, brings the product and customer lens—framing the security conversation around how AI use cases are rolling out fast while security coverage is still catching up. From OT to LLMs, securing both AI and with AI is a top concern.

This episode is not just about placing bets on buzzwords. It’s about uncovering what’s real, what’s noise, and what still needs fixing—no matter how long we’ve been talking about it.

___________

Guests:

Leslie Kesselring, Founder at Cyber PR Firm Kesselring Communications | On LinkedIn: https://www.linkedin.com/in/lesliekesselring/
“This year, it’s the news cycle—not the sessions—that’s driving what media cover at Black Hat.”

Daniel Cuthbert, Black Hat Training Review Board and Global Head of Security Research for Banco Santander | On LinkedIn: https://www.linkedin.com/in/daniel-cuthbert0x/
“Why are we still finding bugs older than the people presenting the research?”

Richard Stiennon, Chief Research Analyst at IT-Harvest | On LinkedIn: https://www.linkedin.com/in/stiennon/
“The urge to consolidate tools is driven by procurement—not by what defenders actually need.”

Michael Parisi, Chief Growth Officer at Steel Patriot Partners | On LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/
“Responsible AI use isn’t a policy—it’s something we have to actually implement.”

Rupesh Chokshi, SVP & General Manager at Akamai Technologies | On LinkedIn: https://www.linkedin.com/in/rupeshchokshi/
“The business side is racing to deploy AI—but security still hasn’t caught up.”

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, leslie kesselring, daniel cuthbert, richard stiennon, michael parisi, rupesh chokshi, blackhat2025, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Black Hat USA 2025: AI, Investment, and the Expanding Scope of Cybersecurity | Our Traditional Pre-Event Kick-Off Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 22 Jul 2025 15:49:34 +0000

As Black Hat USA 2025 approaches, General Manager Steve Wylie joins Sean Martin and Marco Ciappelli for the annual pre-conference conversation to highlight what’s new—and what’s next—for one of cybersecurity’s most iconic events. This year’s themes and expansions signal a strong return to growth, technical depth, and strategic investment.

AI Everywhere—from Training to the Show Floor

Artificial intelligence emerges as the dominant force across the agenda. From the main stage to the training rooms, Black Hat is packed with AI-related content designed to meet the rising demand for education and clarity. New this year is a comprehensive lineup of instructor-led AI courses and expanded AI tool showcases in the Arsenal and Arsenal Labs programs. As Wylie notes, three of the four Spotlight competition finalists—FireTail, Keep Aware, and Twine Security—are AI-driven solutions, underscoring the technology’s influence on innovation.

Investor Energy and Startup Momentum

Cybersecurity investment is back. That momentum is reflected in the expanded Innovators and Investors Summit and the largest-ever Startup Zone on the show floor, now hosting more than 80 companies. This year’s program builds on last year’s debut and aims to connect entrepreneurs, investors, and CISOs in a more targeted and collaborative setting.

Expanding the Audience: New Summits and Keynotes

To better serve cybersecurity leaders across sectors, Black Hat has introduced new summits tailored to financial services and supply chain security. These gatherings offer strategic-level insights for professionals who don’t typically engage in technical briefings. Meanwhile, the keynote lineup includes prominent voices from both public and private sectors—such as Miko Hyppönen, Nicole Perlroth, and Chris Inglis—offering grounded perspectives in a time of uncertainty.

Interactive Additions and Community Growth

Attendees can expect hands-on experiences like a new drone hacking zone and an expanded hardware lab area. A Career Development Zone also debuts this year, offering sessions designed to help attendees build or pivot their cybersecurity careers.

___________

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech and General Manager at Black Hat | On LinkedIn: https://www.linkedin.com/in/swylie650/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

Stellar Cyber: https://itspm.ag/stellar-9dj3

___________

Resources

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, steve wylie, black hat usa, ai, cybersecurity, startup zone, drone hacking, career development, summit tracks, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time | On Location Podcast With Sean Martin & Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Ken Munro, Marco Ciappelli, Sean Martin) — Thu, 17 Jul 2025 01:33:44 +0000

Title: "Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time"

A Post–Infosecurity Europe 2025 Conversation with Ken Munro

Guests

Ken Munro
Security writer & speaker
https://www.linkedin.com/in/ken-munro-17899b1/

Hosts

Sean Martin, Co-Founder at ITSPmagazine
Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazine
Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

After a whirlwind week at Infosecurity Europe 2025, I had the chance to reconnect with Ken Munro from Pen Test Partners — a longtime friend, hacker, and educator who brings cybersecurity to life in the most tangible ways. From car hacking escape rooms to flight simulators in pubs, we talked about why touching tech matters, how myth-busting makes us safer, and how learning through play might just be the key to securing our increasingly complex world. Tune in, and maybe bring a cocktail.

⸻

There’s something special about catching up with someone who’s not just an expert in cybersecurity, but also someone who reminds you why this industry can — and should — be fun. Ken Munro and I go back to the early days of DEFCON’s Aviation Village, and this post-Infosecurity Europe 2025 chat brought all that hacker spirit right back to the surface.

Ken and his crew from Pen Test Partners set up shop next to the main Infosecurity Europe venue in a traditional London pub — but this wasn’t your average afterparty. They transformed it into a hands-on hacking village, complete with a car demo, flight simulator, ICS cocktail CTF, and of course… a bar. The goal? Show that cybersecurity isn’t just theory — it’s something you can touch. Something that moves. Something that can break — and be fixed — before it breaks us.

We talked about the infamous “Otto the Autopilot” from Airplane, the Renault Clio-turned-Mario Kart console, and why knowing how TCAS (collision avoidance) works on an Airbus matters just as much as knowing your Wi-Fi password. We also dug into the real-world cybersecurity concerns of industrial systems, electronic flight bags, and why European regulation might be outpacing the U.S. in some areas — for better or worse.

One of the biggest takeaways? It’s time to stop fearing the hacker mindset and start embracing it. Curiosity isn’t a threat — it’s a superpower. And when channeled correctly, it leads to safer skies, smarter cars, and fewer surprises in the water we drink or the power we use.

There’s a lot to reflect on from our conversation, but above all: education, community, and creativity are still the most powerful tools we have in security — and Ken is out there proving that, one demo and one pint at a time.

Thanks again, Ken. See you at the next village — whichever pub, hangar, or DEFCON corner it ends up in.

⸻

Keywords: cybersecurity, ethical hacking, pen testing, Infosecurity Europe, embedded systems, car hacking, flight simulator, ICS security, industrial control systems, aviation cybersecurity, hacker mindset, DEFCON

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

“These Aren’t Soft Skills — They’re Human Skills” A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'Alton

Thu, 19 Jun 2025 15:29:55 +0000

Title: “These Aren’t Soft Skills — They’re Human Skills”

A Post–Infosecurity Europe 2025 Conversation with Rob Black and Anthony D'Alton

Hosts

Sean Martin, Co-Founder at ITSPmagazine
Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazine
Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Yes, Infosecurity Europe 2025 may be over, but the most important conversations are just getting started — and they’re far from over. In this post-event follow-up, Marco Ciappelli reconnects from Florence with Rob Black and brings in Anthony D’Alton for a deep-dive into something we all talk about but rarely define clearly: so-called soft skills — or, as we prefer to call them… human skills.

From storytelling to structured exercises, team communication to burnout prevention, this episode explores how communication, collaboration, and trust aren’t just “nice to have” in cybersecurity — they’re critical, measurable capabilities. Rob and Anthony share their experience designing real-world training environments where people — not just tools — are the difference-makers in effective incident response and security leadership.

Whether you’re a CISO, a SOC leader, or just tired of seeing tech get all the credit while humans carry the weight, this is a practical, honest conversation about building better teams — and redefining what really matters in cybersecurity today.

If you still think “soft skills” are soft… you haven’t been paying attention.

⸻

Keywords: Cybersecurity, Infosecurity Europe 2025, Soft Skills, Human Skills, Cyber Resilience, Cyber Training, Security Leadership, Incident Response, Teamwork, Storytelling in Cyber, Marco Ciappelli, Rob Black, Anthony Dalton, On Location, ITSPmagazine, Communication Skills, Cyber Crisis Simulation, RangeForce, Trust in Teams, Post Event Podcast, Security Culture

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Inside the Mind of the UK’s Top Cyber Intelligence Officer: A Ransomware 3.0 Reality Check | An Infosecurity EU 2025 Conversation with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK’s National Crime Agency (NCA)

Mon, 16 Jun 2025 11:03:40 +0000

William Lyne of the UK’s National Crime Agency joins us live at Infosecurity Europe to talk ransomware, AI threats, and the future of cybercrime disruption.

When the UK’s top cyber intelligence strategist sits down with you in London, you listen — and you hit record.

At Infosecurity Europe 2025, the ITSPmagazine podcast team — Marco Ciappelli and Sean Martin — sat down with William Lyne, Deputy Director and Head of Cyber Intelligence at the UK’s National Crime Agency (NCA). This is the guy who not only leads cyber strategy for the NCA, but has also represented the UK at the FBI in the U.S. and now oversees national-level ransomware disruption efforts. It’s not just a conversation — it’s a rare front-row seat into how one of the world’s most serious crime-fighting agencies is tackling ransomware 3.0.

The message? Ransomware isn’t just a cyber issue. It’s a societal one. And it’s evolving faster than we’re prepared for — unless we change the game.

“It went from niche to national threat fast,” Lyne explains. “The tools were always there. It just took a few threat actors to stitch them together.”

From banking malware to fully operational cybercrime-as-a-service ecosystems, Lyne walks us through how the underground economy has industrialized. Ransomware isn’t just about tech — it’s about access, scale, and business models. And most importantly, it’s no longer limited to elite coders or closed-door Russian-speaking forums. The barrier to entry is gone, and the dark web is wide open for business.

Sean brings up the obvious: “Why does this still feel like we’re always reacting?”

Lyne responds: “We’ve shifted. We’re going after the ecosystem — the people, the infrastructure, the business model — not just the payload.” That includes disrupting ransomware-as-a-service, targeting marketplaces, and yes, investing in preemptive intelligence.

Marco flips the script by comparing today’s cyber landscape to something deeply human. “Extortion is nothing new — we’ve just digitalized it. This is human behavior, scaled by tech.”

From there, the conversation takes a future-facing turn. Deepfakes, AI-powered phishing, the commoditization of generative tools — Lyne confirms it’s all on their radar. But he’s quick to note that cybercriminals aren’t bleeding-edge innovators. “They adopt when the ROI is right. But AI-as-a-service? That’s coming. And it will reshape how efficient — and damaging — these threats become.”

And then the real insight lands:

“You can’t wait to be a victim to talk to law enforcement. We may already have access to the infrastructure. The earlier we hear from you, the better we can act — and fast.”

That kind of operational openness isn’t something you heard from law enforcement five years ago. It signals a cultural shift — one where collaboration is not optional, it’s essential.

William also highlights the NCA’s partnerships with private sector firms, academia, and international agencies, including the Kronos operation targeting LockBit infrastructure. These kinds of collaborations prove that when information moves, so does impact.

Why does this matter?

Because while most cybersecurity media gets stuck in product buzzwords and vendor hype, this is the real stuff — how ransomware groups behave, how law enforcement thinks, and how society can respond. It’s not theory. It’s strategy, lived on the front lines.

🎧 Listen to the full episode and explore more Infosecurity Europe 2025 coverage at ITSPmagazine.com.

If you’re in cybersecurity, public safety, critical infrastructure, or just trying to keep your business alive in 2025 — you don’t want to miss this one.

Keywords:

cybersecurity, ransomware, cybercrime, national security, threat intelligence, encryption, data breach, AI in cyber, phishing, law enforcement collaboration, cyber ecosystem, cyber resilience, digital forensics

___________

Guest: William Lyne, Deputy Director and Head of Cyber Intelligence at the UK’s National Crime Agency (NCA) https://www.linkedin.com/in/will-lyne-3a2549188/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Stay Calm, But Be Ready: What Trust Looks Like in the Middle of a Breach | An Infosecurity Europe 2025 Conversation with Steve Wright | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Jun 2025 15:35:06 +0000

What does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that’s evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you’ve done the work beforehand.

Preparation Over Panic

Crisis management isn’t just a technical checklist—it’s a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions.

Containment, Communication, and Culture

Preparation leads naturally to containment—an organization’s ability to limit the damage. Whether it’s pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over.

Trust and Accountability in a Global Ecosystem

Digital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who’s responsible when things go wrong—becomes harder to establish, but more important than ever.

Looking Ahead

Wright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today.

___________

Guest: Steve Wright, Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

steve wright, sean martin, marco ciappelli, infosecurity, crisis, privacy, cybersecurity, resilience, communication, trust, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Digital Dark Alley: Teaching Cybersecurity Like Fire Safety by Building Cyber Habits That Stick | An Infosecurity Europe 2025 Conversation with Jemma Davis | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Jun 2025 15:23:35 +0000

Jemma Davis, founder of Culture Gem and a security behavior and culture transformation consultant, brings a deeply human approach to cybersecurity in this compelling episode. Her mission is simple yet powerful: make cybersecurity understandable and actionable for everyone—including her Nan. If her Nan can get it, anyone can.

This episode challenges the perception that security is primarily a technical domain. Davis argues that real resilience starts with people, not blinking lights or shiny boxes. Too often, security messaging is shrouded in jargon, acronyms, and fear—an approach that isolates the very people it aims to protect. Davis instead emphasizes practical education through relatable stories, real-life consequences, and everyday analogies, such as the “digital dark alley” and the importance of recognizing a cyber threat like we would recognize the sound of a smoke alarm.

She critiques the current imbalance in cybersecurity budgets—where less than 1% goes to human-focused initiatives—and underscores the cost of that neglect. From supply chains disrupted by a phishing email to everyday citizens targeted in scams, Davis points out that people aren’t just the problem; they’re the frontline defenders. She calls for cultural shifts in organizations that reframe security from a compliance checkbox to a personal and collective responsibility.

A particularly powerful part of the conversation addresses the failure to reach young people early. With just one hour of cybersecurity education per year in UK primary schools, Davis sees a missed opportunity to build a new generation of security-minded citizens. She shares her admiration for children’s book author Wendy Goucher and proposes public campaigns akin to “Smokey the Bear” or “Ask for Angela” to normalize cybersecurity awareness from childhood.

Davis doesn’t just highlight the gaps—she shares a vision for fixing them. One that includes marketing, storytelling, and empathy. Because when people understand how cybersecurity affects them personally, they don’t just comply—they care.

___________

Guest: Jemma Davis, Founder and CEO. Security Behaviour and Culture Change Consultant, Culture Gem | https://www.linkedin.com/in/infosecjem/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

jemma davis, marco ciappelli, cybersecurity, behavior, education, culture, awareness, storytelling, infosecurity europe, training, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Code to Culture: Why Technical Tools Alone Won’t Save Cybersecurity | An Infosecurity Europe 2025 Conversation with Rob Black | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Rob Black) — Tue, 10 Jun 2025 15:11:08 +0000

What if the key to cybersecurity isn’t more tech—but more humanity?

In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology.

Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently.

A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense.

He also pushes back against the industry’s obsession with tools for every symptom—drawing a parallel to big pharma’s model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis.

This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human.

___________

Guest: Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

rob black, marco ciappelli, sean martin, deception, cybersecurity, behavior, intent, resilience, infosec 2025, leadership, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beyond the Hoodie: Redefining Who Belongs in Cybersecurity with Community as the Missing Link in Cyber Resilience | An Infosecurity Europe 2025 Conversation with Amanda Finch | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Jun 2025 14:56:56 +0000

In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.

Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn’t just about skills—it’s about building confidence and community.

A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.

Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.

In closing, Amanda urges us not to forget the enduring principles of security—know what you’re protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity’s biggest challenges.

___________

Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

amanda finch, sean martin, marco ciappelli, cybersecurity, diversity, leadership, career, smallbusiness, community, education, infosecurity europe, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Understanding Cybersecurity Behavior: From Social Engineering to Shadow AI | An Infosecurity Europe 2025 Conversation with Jason Nurse | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Jun 2025 09:06:01 +0000

Dr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions.

Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them.

The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance’s Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer’s awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use.

Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive.

The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding.

This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security?

___________

Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

marco ciappelli, jason nurse, infosecurity europe, behavior, psychology, cybersecurity, ai, social engineering, workplace, trust, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Vulnerability to Visibility: Rethinking Exposure Management | A Brand Story with Tod Beardsley from runZero | An Infosecurity Europe 2025 Conference On Location Brand Story

Tue, 10 Jun 2025 07:47:10 +0000

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don’t always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.

Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don’t-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what’s relevant to their specific networks and business-critical systems.

The conversation also explores SSVC’s ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.

That’s where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.

The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they’re buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.

Whether you’re tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.

Learn more about runZero: https://itspm.ag/runzero-5733

Note: This story contains promotional content. Learn more.

Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/

Resources

Learn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzero

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Automation Meets Ethics, Budget, Data, and Risk: The Real Factors Behind AI Deployment | An Infosecurity Europe 2025 Conversation with Andrea Isoni | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 9 Jun 2025 15:02:36 +0000

Artificial intelligence is often described through hype or headlines, but few people work directly at the intersection of research and real-world implementation the way Andrea Isoni does. As a data scientist and machine learning engineer managing AI projects since 2017, Andrea brings a refreshingly direct view of what’s possible—and what’s practical—when it comes to using AI for business and societal impact.

In this episode recorded at Infosecurity Europe, Andrea outlines the many roles involved in operationalizing AI, from data engineers and analysts to project managers and machine learning specialists. He emphasizes that despite all the impressive language surrounding AI, much of the work still involves cleaning data, assessing model readiness, and making decisions based on cost, scalability, and risk tolerance. A “one-size-fits-all” model doesn’t exist; every implementation must be evaluated against the client’s specific context and budget, and decisions often come down to whether the project is meant to drive research and IP or automate existing workflows.

Andrea discusses two real-world case studies. One project with the Ministry of Justice in Saudi Arabia explored automating small claims car accident rulings based on previous court data—a proof-of-concept with 95% accuracy. Another, more grounded example involved helping telecom providers automate regulatory reporting, saving hours of manual compilation by analysts. These examples illustrate the spectrum of AI’s capabilities: from ambitious innovation to process improvement that simply makes work more efficient.

He also reflects on the future—and the risks—of democratized AI. As models become smaller and more portable, Andrea warns that the same proliferation that empowers businesses and researchers could also enable criminal actors to build customized AI systems, much like cartels already invest in developing undetectable submarines or secure telecoms. When illicit groups begin investing in AI R&D rather than just purchasing commercial tools, unpredictability rises sharply.

Andrea leaves us with a philosophical but clear-eyed view: AI can reduce inefficiencies and unlock new capabilities, but it must be implemented thoughtfully, with full awareness of its context, limits, and impact. It’s not about replacing human judgment—especially in nuanced, high-stakes environments—but augmenting it where automation is justified.

___________

Guest: Andrea Isoni, Chief AI Officer, Director at AI Technologies | https://www.linkedin.com/in/andreaisoni20/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

andrea isoni, sean martin, marco ciappelli, ai, machine learning, automation, data science, cybersecurity, risk, scalability, infosecurity europe, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Billion-Dollar Blueprint: Following the Digital Trail of Criminal Cash and the Human Cost of Cybercrime | An Infosecurity Europe 2025 Conversation with Geoff White | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 9 Jun 2025 14:40:31 +0000

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.

The Power of the Crowd: Community, Policy, and Lifelong Learning

This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.

Maximizing the Experience: Prep, Participate, and Party

From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Geoff White, Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

marco ciappelli, sean martin, geoff white, cybersecurity, ransomware, laundering, crypto, hacking, journalism, infosec europe, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Collaboration Isn’t Fluffy: It’s Fundamental to Cybersecurity—Rethinking the Role of Humans in Cyber Defense | An Infosecurity Europe 2025 Conversation with Purvi Kay and Rob Black | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Purvi Kay) — Mon, 9 Jun 2025 13:59:11 +0000

Cybersecurity isn’t just about code, controls, or compliance—it’s about people. That’s the core message from Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems, and Rob Black, founder of the UK Cyber Leaders Challenge, as they share how genuine collaboration is reshaping security success in high-stakes environments.

In this InfoSecurity Europe conversation, Purvi emphasizes that cybersecurity is still too often seen as an IT issue, when in reality it cuts across every aspect of business. Her role spans cybersecurity strategy, leadership development, and advocacy—serving also as Chair of BAE’s Women in Cyber program and as a neurodiversity champion. For her, inclusion is more than a policy—it’s essential to mission success, especially when coordinating across trilateral government and industry teams on programs as complex as next-gen fighter aircraft.

Rob reinforces this point with his focus on developing soft skills in future cybersecurity leaders. His work brings non-traditional talent into cyber, prioritizing communication, empathy, and multidisciplinary collaboration. These human-centric capabilities are crucial when bridging divides between security, legal, HR, and operations.

Both guests highlight how assumptions, language, and siloed thinking obstruct progress. Purvi shares how cybersecurity has often been seen as a barrier—brought in too late, misunderstood, or left out of key decisions. She now champions “secure by design” practices through early involvement of cross-functional teams. Rob brings a memorable example: using marriage counseling techniques to help auditors and developers understand each other better—not to resolve personal conflict, but to decode cultural and professional misalignments.

Their conversation also touches on practical methods for building shared understanding, from sketching “river journeys” to map project dynamics, to fostering stakeholder buy-in through intentional communication. Whether aligning three governments or managing internal procurement, they show that collaboration isn’t just a buzzword—it’s a structured, repeatable approach to managing complexity.

This episode offers a thoughtful and grounded look at how meaningful human connection—across functions, cultures, and roles—forms the foundation of effective cybersecurity. It’s a timely reminder that the path to resilience begins with listening, empathy, and a clear sense of shared purpose.

___________

Guests:

Purvi Kay, Head of Cybersecurity for the Future Combat Air System at BAE Systems | https://www.linkedin.com/in/purvikay/

Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

CycloneDX/transparency-exchange-api on GitHub: https://github.com/CycloneDX/transparency-exchange-api

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, rob black, purvi kay, cybersecurity, collaboration, communication, leadership, diversity, empathy, infosecurity europe, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

More Than Code: Why Human Skills Matter in AppSec | An OWASP AppSec Global 2025 Conversation with Maria Mora | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 3 Jun 2025 09:14:44 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it’s the relationships and shared purpose that make this event resonate.

Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she’s learned that you don’t need decades of experience to contribute—just a willingness to start.

Keynotes and sessions this year reinforced a similar message: security isn’t just about hard skills. It’s about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané’s encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.

Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it’s your first conference or your tenth, there’s always room to jump in.

For Maria, OWASP no longer feels like a secret club—it’s a growing, open collective focused on helping people bring their best selves to security. That’s the power of community: not just lifting up software, but lifting up each other.

And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”

GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Learn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Fraud to Fixes: Designing Usable Security for Financial Applications | An OWASP AppSec Global 2025 Conversation with Wojciech Dworakowski | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 2 Jun 2025 11:31:07 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today’s financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.

Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user’s smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim’s account, they can bypass multiple layers of security, often without needing traditional credentials.

The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.

He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.

Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.

For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech’s real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that’s not just strong—but usable.

GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Dashboards to Decisions: Why Your Security Metrics Might Be Leading You Astray | An OWASP AppSec Global 2025 Conversation with Aram Hovsepyan | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 31 May 2025 07:59:21 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Aram Hovsepyan, an active contributor to the OWASP SAMM project, brings a critical perspective to how the industry approaches security metrics, especially in vulnerability management. His message is clear: the way we collect and use metrics needs a serious rethink if we want to make real progress in reducing risk.

Too often, organizations rely on readily available tool-generated metrics—like vulnerability counts—without pausing to ask what those numbers actually mean in context. These metrics may look impressive in a dashboard or board report, but as Aram points out, they’re often disconnected from business goals. Worse, they can drive the wrong behaviors, such as trying to reduce raw vulnerability counts without considering exploitability or actual impact.

Aram emphasizes the importance of starting with organizational goals, formulating questions that reflect progress toward those goals, and only then identifying metrics that provide meaningful answers. It’s a research-backed approach that has been known for decades but is often ignored in favor of convenience.

False positives, inflated dashboards, and a lack of alignment between metrics and strategy are recurring issues. Aram notes that many tools err on the side of overreporting to avoid false negatives, which leads to overwhelming—and often irrelevant—volumes of data. In some cases, up to 80% of identified vulnerabilities may be false positives, leaving security teams drowning in noise and chasing issues that may not matter.

What’s missing, he argues, is a strategic lens. Vulnerability management should be one component of a broader application security program, not the centerpiece. The OWASP Software Assurance Maturity Model (SAMM) offers a framework for evaluating and improving across a range of practices—strategy, risk analysis, and threat modeling among them—that collectively support better decision-making.

To move forward, organizations need to stop treating vulnerability data as a performance metric and start treating it as a signal in a larger conversation about risk, impact, and architectural choices. Aram’s call to action is simple: ask better questions, use tools more purposefully, and build security strategies that actually serve the business.

GUEST: Aram Hovsepyan | OWASP SAMM Project Core Team member and CEO/Founder at CODIFIC | https://www.linkedin.com/in/aramhovsep/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why Global Community-Led Innovation Is Driving Real Application Security Progress | An OWASP AppSec Global 2025 Conversation with Starr Brown | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 30 May 2025 12:45:50 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Starr Brown, Director of Open Source Projects and Programs at OWASP, unpacks the real engine behind the organization’s impact: the projects and the people driving them forward.

With over 130 active projects, OWASP continues to expand its open source contributions to improve software security across the board. While the OWASP Top 10 remains its most recognized initiative, Starr points out that it’s just one among many. Other significant projects include the Application Security Verification Standard (ASVS), the Software Assurance Maturity Model (SAMM), and the increasingly popular security games like Cornucopia, which use gamification to bring security concepts into business conversations and development workflows.

AI is playing an increasingly prominent role in OWASP’s work. Starr highlights the GenAI Security Project as a focal point, encompassing tools and guidance for LLM use, agentic AI, red teaming, and more. The scale of community engagement is equally impressive: around 33,000 people are active on Slack, and hundreds contribute to individual initiatives, reflecting the organization’s truly global and grassroots structure.

Beyond tools and documentation, OWASP is influencing regulation and policy through initiatives like the AI Exchange and the Transparency Exchange. These projects connect with government entities and standards bodies such as the European Commission and CEN/CENELEC to help shape responsible governance frameworks around software, AI, and cybersecurity.

Listeners also get a glimpse into what’s ahead. From upcoming events in Washington, D.C., to the OWASP Community Room at DEF CON in Las Vegas, the goal is to keep fostering connections and hands-on engagement. These gatherings not only showcase flagship tools and frameworks but create space for open dialogue, prototyping, and collaboration—whether you’re breaking things or building them.

To get involved, Starr encourages exploring the OWASP Projects page and joining their Slack community. The conversation makes it clear: OWASP is not just a collection of tools—it’s a living, breathing network of contributors shaping the future of secure software.

GUEST: Starr Brown | Director of Open Source Projects and Programs at OWASP | https://www.linkedin.com/in/starr-brown-8837547/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Holding the Line on Quality in an AI-Driven SDLC | An OWASP AppSec Global 2025 Conversation with Sarah-Jane Madden | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 30 May 2025 12:12:01 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sarah-Jane Madden brings a unique lens to application security, shaped by her journey from developer to security leader and CSO. Speaking at OWASP AppSec Global, she tackles one of today’s most pressing concerns: how AI is reshaping software engineering—and how we must respond without compromising core values like quality and security.

Madden emphasizes that AI is only the latest in a series of major disruptions, comparing it to shifts like remote work triggered by COVID. Her message is clear: organizations must prepare for continuous change, not just chase the current trend. That means prioritizing adaptability and ensuring critical practices like application security are not sacrificed in the rush to speed up delivery.

She makes the case for a layered, iterative approach to development—rejecting the outdated linear mindset. Developers, she argues, should leverage AI as an accelerator, not a replacement. Think of AI as your digital intern: handling the drudgery, automating boilerplate code, and even applying internal security standards to code before it reaches human hands. This frees developers to focus on creative problem-solving and thoughtful architecture.

However, Madden cautions against blind enthusiasm. While experimentation is healthy, organizations must be discerning about outcomes. Speed is meaningless without quality, and quality includes security. She calls on developers to advocate for high standards and reminds business leaders not to fall for the allure of shortcut statistics or flashy claims that promise results without skilled labor. Her analogy of microwave dinners vs. proper cuisine illustrates the risk of prioritizing convenience over substance—especially in complex problem-solving environments.

For line-of-business leaders, Madden urges realistic expectations. AI can enhance productivity, but it doesn’t eliminate the need for thoughtful development. Ultimately, customers will notice if quality drops, and reputational damage is hard to undo.

In closing, Madden celebrates OWASP as more than an organization—it’s a source of support, camaraderie, and genuine community for those working to build secure, reliable systems. Her message? Embrace change, use tools wisely, protect your standards, and never forget the human side of engineering.

GUEST: Sarah-Jane Madden | Global Director of Cyber Defense at Fortive | https://www.linkedin.com/in/sarahjanemadden/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Simplicity Meets Strategy: Making Immutability Accessible for All | A Brand Story with Sterling Wilson from Object First | An RSAC Conference 2025 Post-Event Brand Story

Fri, 30 May 2025 05:02:49 +0000

When it comes to data protection, the word “immutability” often feels like it belongs in the realm of enterprise giants with complex infrastructure and massive budgets. But during this RSAC Conference conversation, Sterling Wilson, Field CTO at Object First, makes a strong case that immutability should be, and can be, for everyone.

Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagious: not just among vendors, but also from practitioners expressing serious concerns about their ability to recover data post-incident. These conversations weren’t hypothetical; they were real worries tied to rising insurance premiums, regulatory compliance, and operational survivability. And at the core of all this? Trust in the data backup process.

Agentic AI, AI capable of making decisions independently, is one of the trends Wilson flags as both promising and risky. It offers potential for improving preparedness and accelerating recovery. But it also raises concerns around access and control of sensitive data, particularly if exploited by adversaries. For Sterling, the opportunity lies in combining proactive readiness with simplicity and control, especially for those who aren’t traditional security practitioners.

Object First is doing just that through OOTBI: Out of the Box Immutability. And yes, there’s a mascot: OOTBI. More than just a marketing hook, OOTBI represents a shift toward making backup and recovery systems approachable, usable, and, importantly, accessible. According to Wilson, the product gets users from “box to backup” in 15 minutes... with encrypted, immutable storage that meets critical requirements for cyber insurance coverage.

Cost, Wilson adds, is a key barrier that often prevents organizations from reaching data protection best practices. That’s why Object First now offers consumption-based pricing models. Whether a business is cloud-first or scaling fast, it’s a path to protection that doesn’t require breaking the budget.

Ultimately, Wilson emphasizes education and community as critical drivers of progress. From field labs where teams can configure their own Opi, to on-location conference conversations, the company is building awareness, and reducing fear, by making secure storage not just a feature, but a foundation.

This episode is a reminder that effective cybersecurity isn’t only about innovation; it’s about inclusion, practicality, and trust... both in your tools and your team.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, sterling wilson, immutability, agentic, ai, backup, recovery, cybersecurity, insurance, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Redefining What Secure Application Development Looks Like: Bringing Application Security into Focus with ASVS v5 | An OWASP AppSec Global 2025 Conversation with Josh Grossman | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 29 May 2025 14:35:37 +0000

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Josh Grossman, co-leader of the OWASP Application Security Verification Standard (ASVS) project, shares key updates and strategic thinking behind the release of ASVS version 5. This release, years in the making, reflects a renewed focus on making the standard more approachable, practical, and actionable for development teams and security leaders alike.

ASVS is designed to provide a comprehensive and verifiable set of security requirements for building and maintaining secure applications. More than just a checklist, it offers a clear blueprint for what a secure application should look like—making it easier to benchmark progress, develop secure design requirements, and implement effective controls. Version 5 emphasizes accessibility, particularly by lowering the barrier to entry for organizations adopting Level 1 of the standard, reducing the threshold of required controls from nearly 50% to under 30%.

One of the major shifts in this new version is the tighter focus on the application itself, moving away from system-level topics like backup policies that tend to fall outside the scope of app development teams. This makes the standard more relevant to software architects, developers, and QA engineers—providing requirements that fall within their sphere of influence, while still covering the full software lifecycle from design to deployment.

Grossman explains how organizations can customize ASVS to include their internal controls and build out secure coding checklists, implementation guides, and requirements documents tailored to their environments. He also highlights how ASVS aligns with other OWASP projects, like the Cheat Sheet Series and SAMM, for both control-level guidance and organizational process development.

For security leaders looking to improve their application security programs, ASVS v5 offers a foundation to build on—clear, community-driven, and extensible. And true to OWASP’s spirit, the project is backed by a passionate community, from project co-leads like Grossman and Elar Lang to contributors around the world. As Grossman puts it, OWASP is about connection—people tackling similar challenges, working together to make software safer.

If you’re looking for a way to bring practical, standards-based security into your software lifecycle, this conversation is your starting point.

GUEST: Josh Grossman | CTO of Bounce Security and co-leader of the OWASP Application Security Verification Standard (ASVS) project | https://www.linkedin.com/in/joshcgrossman/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

OWASP Application Security Verification Standard (ASVS): https://owasp.org/www-project-application-security-verification-standard/

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From AppSec Training to AI Standards: Teaching AI to Code Securely | A Brand Story with Jim Manico from Manicode Security | An OWASP Global AppSec EU 2025 Conference On Location Brand Story

Thu, 29 May 2025 12:07:16 +0000

Jim Manico’s passion for secure coding has always been rooted in deeply technical practices—methods that matter most to developers writing code day in and day out. At OWASP Global AppSec EU 2025 Conference in Barcelona, Manico brings that same precision and care to a broader conversation around the intersection of application security and artificial intelligence.

While many are still just beginning to assess how AI impacts application development, Manico has been preparing for this moment for years. Two and a half years ago, he saw a shift—traditional low-level technical bugs were being mitigated effectively by mature organizations. The new challenge? Business logic flaws and access control issues that scanners can’t easily detect. This change signaled a new direction, prompting him to dive into AI security long before it became fashionable.

Now, Manico is delivering AI-flavored AppSec training, helping developers understand the risks of insecure code generated by large language models. His research shows that even the best AI coding tools—from Claude to Copilot—still generate insecure code out of the box. That’s where his work becomes transformative: by developing detailed, framework-specific prompts grounded in decades of secure coding knowledge, he has trained these tools to write safer code, using React, Django, Vue, and more.

Beyond teaching, he’s building. With 200 volunteers, he’s leading the creation of the Artificial Intelligence Security Verification Standard (AISVS), a new OWASP project inspired by the well-known Application Security Verification Standard (ASVS). Generated with both AI and human collaboration, the AISVS already has a v0.1 release and aims for a major update by summer.

For Manico, this isn’t just a technical evolution—it’s a personal renaissance. His deep catalog of secure coding techniques, once used primarily for human education, is now fueling a new generation of AI-assisted development. And he’s just getting started.

This episode isn’t just about where AppSec is going. It’s a call to developers and security professionals to rethink how we teach, how we build, and how we can use AI to enhance—not endanger—the software we create.

Learn more about Manicode: https://itspm.ag/manicode-security-7q8i

Note: This story contains promotional content. Learn more.

Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/

Resources

Jim's OWASP Session: https://owasp2025globalappseceu.sched.com/event/1wfpM/leveraging-ai-for-secure-react-development-with-effective-prompt-engineering

Download the Course Catalog: https://itspm.ag/manicode-x684

Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-security

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: jim manico, sean martin, appsec, ai, owasp, securecoding, developers, aisvs, training, react, brand story, brand marketing, marketing podcast, brand story podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The API That Could Transform Software Transparency | An OWASP AppSec Global 2025 Conversation with Olle E Johansson | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 29 May 2025 08:43:38 +0000

The introduction of the Cyber Resilience Act (CRA) marks a major shift for the software industry: for the first time, manufacturers are being held accountable for the cybersecurity of their products. Olle E. Johansson, a long-time open source developer and contributor to the Asterisk PBX project, explains how this new regulation reshapes the role of software creators and introduces the need for transparency across the entire supply chain.

In this episode, Johansson breaks down the complexity of today’s software supply ecosystems—where manufacturers rely heavily on open source components, and end users struggle to identify vulnerabilities buried deep in third-party dependencies. With the CRA in place, the burden now falls on manufacturers to not only track but also report on the components in their products. That includes actively communicating which vulnerabilities affect users—and which do not.

To make this manageable, Johansson introduces the Transparency Exchange API (TEA), a project rooted in the OWASP CycloneDX standard. What started as a simple Software Bill of Materials (SBOM) delivery mechanism has evolved into a broader platform for sharing vulnerability information, attestations, documentation, and even cryptographic data necessary for the post-quantum transition. Standardizing this API through Ecma International is a major step toward a scalable, automated supply chain security infrastructure.

The episode also highlights the importance of automation and shared data formats in enabling companies to react quickly to threats like Log4j. Johansson notes that, historically, security teams spent countless hours manually assessing whether they were affected by a specific vulnerability. The Transparency Exchange API aims to change that by automating the entire feedback loop from developer to manufacturer to end user.

Although still in beta, the project is gaining traction with organizations like the Apache Foundation integrating it into their release processes. Johansson emphasizes that community feedback is essential and invites listeners to engage through GitHub to help shape the project’s future.

For Johansson, OWASP stands for global knowledge and collaboration in application security. As Europe’s regulatory influence grows, initiatives like this are essential to build a stronger, more accountable software ecosystem.

GUEST: Olle E Johansson | Co-Founder, SBOM Europe | https://www.linkedin.com/in/ollejohansson/

HOST:
Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

VIDEO: The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | With Sarah Fluchs: https://youtu.be/c30eG5kzqnY

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Turning AppSec into a Workflow, Not a Roadblock – Building Security Programs That Teams Actually Want to Use | An OWASP AppSec Global 2025 Conversation with Spyros Gasteratos | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 29 May 2025 06:04:39 +0000

During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.

Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.

At the core of Spyros’ philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.

A major part of that transformation lies in Smithy, the platform he’s helping build. It’s designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what’s unique to them, while relying on battle-tested components for the rest.

Looking ahead, Spyros doesn’t buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn’t die—it just shifts from syntax to strategy.

This episode is more than a discussion—it’s a blueprint for how teams can rally around a common goal, and how OWASP’s community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.

GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/

HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Spyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources )

Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Outside the Ivory Tower: Connecting Practice and Science — Why Human-Centered Cybersecurity Needs Both | OWASP AppSec Global 2025 Pre-Event Keynote Conversation with Kate Labunets | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 26 May 2025 10:47:12 +0000

During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.

In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.

Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren’t simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.

This is where science meets practice. Kate’s work isn’t about generating abstract theories. It’s about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.

The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.

By inviting companies to participate in research and engage with universities, Kate’s message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn’t gated behind academic walls. It’s open to any team curious enough to ask better questions—and brave enough to challenge assumptions.

GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/

HOSTS:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

SPONSORS

Manicode Security: https://itspm.ag/manicode-security-7q8i

RESOURCES

Kate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-science

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What Helps You Sleep Better at Night: A Practical Take on Zero Trust | A Brand Story with Rob Allen from ThreatLocker | An Infosecurity Europe 2025 Pre-Event Brand Story

Thu, 22 May 2025 23:31:01 +0000

As InfoSecurity Europe prepares to welcome cybersecurity professionals from across the globe, Rob Allen, Chief Product Officer at ThreatLocker, shares why this moment—and this location—matters. Allen doesn’t frame the conversation around hype or headlines. Instead, he focuses on a universal truth: organizations want to sleep better at night knowing their environments are secure.

ThreatLocker’s mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia’s Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what’s working and where they need help.

Why Being There Matters

Different regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it’s conversations about Cyber Essentials that shape booth discussions. Regulations aren’t just compliance checklists; they’re also conversation starters that change how organizations prioritize security.

The ThreatLocker team doesn’t rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what’s necessary, and blocking what isn’t.

Booth D90 and Beyond

Rob Allen invites anyone—whether they’re new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It’s not just about showcasing technology; it’s about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.

If you’re at InfoSecurity Europe, stop by. If you’re not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest:

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Cyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcast

Australia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_intervi

Learn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Guardrails Aren’t Enough: How to Handle AI’s Hidden Vulnerabilities | An Infosecurity Europe 2025 Pre-Event Conversation with Peter Garraghan | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 22 May 2025 22:14:11 +0000

In this episode of our InfoSecurity Europe 2024 On Location coverage, Marco Ciappelli and Sean Martin sit down with Professor Peter Garraghan, Chair in Computer Science at Lancaster University and co-founder of the AI security startup Mindgard. Peter shares a grounded view of the current AI moment—one where attention-grabbing capabilities often distract from fundamental truths about software security.

At the heart of the discussion is the question: Can my AI be hacked? Peter’s answer is a firm “yes”—but not for the reasons most might expect. He explains that AI is still software, and the risks it introduces are extensions of those we’ve seen for decades. The real difference lies not in the nature of the threats, but in how these new interfaces behave and how we, as humans, interact with them. Natural language interfaces, in particular, make it easier to introduce confusion and harder to contain behaviors, especially when people overestimate the intelligence of the systems.

Peter highlights that prompt injection, model poisoning, and opaque logic flows are not entirely new challenges. They mirror known classes of vulnerabilities like SQL injection or insecure APIs—only now they come wrapped in the hype of generative AI. He encourages teams to reframe the conversation: replace the word “AI” with “software” and see how the risk profile becomes more recognizable and manageable.

A key takeaway is that the issue isn’t just technical. Many organizations are integrating AI capabilities without understanding what they’re introducing. As Peter puts it, “You’re plugging in software filled with features you don’t need, which makes your risk modeling much harder.” Guardrails are often mistaken for full protections, and foundational practices in application development and threat modeling are being sidelined by excitement and speed to market.

Peter’s upcoming session at InfoSecurity Europe—Can My AI Be Hacked?—aims to bring this discussion to life with real-world attack examples, systems-level analysis, and a practical call to action: retool, retrain, and reframe your approach to AI security. Whether you’re in development, operations, or governance, this session promises perspective that cuts through the noise and anchors your strategy in reality.

___________

Guest: Peter Garraghan, Professor in Computer Science at Lancaster University, Fellow of the UK Engineering Physical Sciences and Research Council (EPSRC), and CEO & CTO of Mindgard | https://www.linkedin.com/in/pgarraghan/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Peter’s Session: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.239479.can-my-ai-be-hacked.html

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, peter garraghan, ai, cybersecurity, software, risk, threat, prompt, injection, infosecurity europe, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Celebrating 30 Years of Connection, Innovation, and Community at Infosecurity Europe in London | Our Traditional Pre-Event Kick-Off Conversation with Saima Poorghobad | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 22 May 2025 21:23:17 +0000

The Power of the Crowd: Community, Policy, and Lifelong Learning

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Maximizing the Experience: Prep, Participate, and Party

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why Simplicity Might Be the Missing Ingredient in Your Zero Trust Strategy | A Brand Story with Rob Allen from ThreatLocker | An RSAC Conference 2025 Post-Event Brand Story

Wed, 21 May 2025 20:17:47 +0000

At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.

During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people’s attention, though, wasn’t the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker’s controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.

Zero Trust Is a Journey—But It Doesn’t Have to Be Complicated

One key message Rob emphasizes is that true security doesn’t come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they’re all winter coats, you’re not prepared for summer,” Sean Martin jokes, reinforcing Rob’s point that layers should be distinct, not redundant.

ThreatLocker’s approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.

From Technical Wins to Human Connections

The conversation wraps with a reminder that cybersecurity isn’t just about tools—it’s about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

⸻

Guest:

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why Community Could Be the Strongest Defense in Cybersecurity | A Brand Story with Rob Clyde from ISACA | An RSAC Conference 2025 Post-Event Brand Story

Wed, 21 May 2025 18:57:41 +0000

At RSAC 2025, the most urgent signals weren’t necessarily the loudest. As ISACA board member and cybersecurity veteran Rob Clyde joins Sean Martin and Marco Ciappelli for a post-conference recap, it’s clear that conversations about the future of the profession—and its people—mattered just as much as discussions on AI and cryptography.

More Than a Job: Why Community Matters

Rob Clyde shares his long-standing involvement with ISACA and reflects on the powerful role that professional associations play in cybersecurity careers. It’s not just about certifications—though Clyde notes that employers often value them more than degrees—it’s also about community, mentorship, and mutual support. When asked how many people landed a job because of someone in their local ISACA chapter, half the room raised their hands. That kind of connection is difficult to overstate.

Clyde urges cybersecurity professionals to look beyond their company roles and invest in something that gives back—whether through volunteering, speaking, or simply showing up. “It’s your career,” he says. “Take back control.”

Facing Burnout and Legal Risk Head-On

The group also addresses a growing issue: burnout. ISACA’s latest research shows 66% of cybersecurity professionals are feeling more burned out than last year. For CISOs in particular, that pressure is compounded by personal liability—as in the case of former SolarWinds CISO Tim Brown being sued by the SEC. Clyde warns that such actions have a chilling effect, discouraging internal risk discussions and openness.

To counteract that, he emphasizes the need for continuous learning and peer support as a defense, not only against burnout, but also isolation and fear.

The Silent Threat of Quantum

While AI dominated RSAC’s headlines, Clyde raises a quieter but equally pressing concern: quantum computing. ISACA chose to focus its latest poll on this topic, revealing a significant gap between awareness and action. Despite widespread recognition that a breakthrough could “break the internet,” only 5% of respondents are taking proactive steps. Clyde sees this as a wake-up call. “The algorithms exist. Q Day is coming. We just don’t know when.”

From mental health to quantum readiness, this conversation makes it clear: cybersecurity isn’t just a technology issue—it’s a people issue. Listen to the full episode to hear what else we’re missing.

Learn more about ISACA: https://itspm.ag/isaca-96808

⸻

Guest:

Rob Clyde, Board Director, Chair, Past Chair of the Board Directors at ISACA | https://www.linkedin.com/in/robclyde/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Stay tuned for an upcoming ITSPmagazine Webinar with ISACA: https://www.itspmagazine.com/webinars

ISACA Quantum Pulse Poll 2025 and related resources: https://www.isaca.org/quantum-pulse-poll

ISACA State of Cybersecurity 2024 survey report: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob clyde, rsac2025, burnout, quantum, cryptography, certification, isaca, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why AI Needs Context, Not Just Hype | A Conversation With Steve Schlarman, Senior Director, Product Management at Archer | An RSAC Conference 2025 Post-Event Brand Story

Wed, 21 May 2025 02:36:47 +0000

In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.

Not All AI Is Created Equal: The Archer Approach

RSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn’t about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.

Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.

From Policy Generation to Risk Narratives

One of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.

AI with a Human Touch

As Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.

What’s Next in Risk? Better Conversations

Looking ahead, Schlarman sees a shift from “no, we can’t” to “yes, and here’s how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.

From regulatory change to real-time translation of risk data, this is where tech meets trust.

⸻

Guest:

Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building, Breaking, Defending: Inside a Global AppSec Movement | OWASP AppSec Global 2025 Pre-Event Conversation with Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 15 May 2025 20:24:28 +0000

At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it’s not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It’s warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.

OWASP is more than just another security organization. It’s a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year’s conference reflects that same inclusive energy. Whether you’re a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.

Beyond the Buzzwords

Unsurprisingly, AI will have a strong presence this year. But the conversations aren’t limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.

Diverse Tracks, Real Conversations

Attendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.

Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.

A Truly Global Community

With participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you’ll learn, but for who you’ll meet.

__________________________________

Guest:
Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Security
https://www.linkedin.com/in/avidouglen/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

Manicode Security: https://itspm.ag/manicode-security-7q8i

____________________________

Resources

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Isolation to Collaboration: Rethinking Cyber Resilience for the Real World of Small and Medium Enterprise | Infosecurity Europe 2025 Pre-Event Conversation with Steven Furnell | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 15 May 2025 15:28:15 +0000

Small and medium-sized enterprises (SMEs) continue to be at a disadvantage when it comes to cybersecurity—not because the risks are unclear, but because the means to address them remain out of reach for many. In this episode, Professor Steven Furnell of the University of Nottingham highlights the real barriers SMEs face and shares the thinking behind a new approach: creating cybersecurity communities of support.

The research behind this project, supported by the University and its partners, explores how different types of SMEs—micro, small, and medium-sized—struggle with limited time, budget, and expertise. Many rely on third-party service providers, but often don’t have enough cybersecurity knowledge to evaluate what “good” looks like. It’s not just a resource problem—it’s a visibility and literacy problem.

Furnell emphasizes the potential of automation to lift some of the burden, from automated updates to scheduled malware scans. But he also makes it clear that automated tools can’t fully replace the need for human judgment, especially in scenarios like phishing or social engineering attacks. People still need cybersecurity literacy to recognize and resist threats.

That’s where the idea of communities of support comes in. Rather than each SME navigating cybersecurity alone, the goal is to create local or sector-based communities where businesses and cybersecurity practitioners can engage in open, non-commercial conversations. These communities would offer SMEs a space to ask questions, share challenges, and exchange practical advice—without pressure, cost, or fear of judgment.

The initiative isn’t about replacing regulation or mandating compliance. It’s about raising the baseline first. Communities of support can serve as a step toward greater awareness and capability—something that’s especially critical in a world where supply chains are interconnected, and security failures in one small link can ripple outward.

The message is clear: cybersecurity isn’t just a technical issue—it’s a social one. And it starts by creating room for dialogue, connection, and shared responsibility. Want to know what this model could look like in your community? Tune in to find out.

__________________________________

Guest:
Steven Furnell | Professor of Cyber Security at University of Nottingham
https://www.linkedin.com/in/stevenfurnell/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

____________________________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Future Is a Place We Visit, But Never Stay | A Post RSAC Conference 2025 Reflection | A Musing On Society & Technology Newsletter with Marco Ciappelli and TAPE3 | Read by TAPE3

contact@itspmagazine.com (tape3, Marco Ciappelli, ITSPmagazine) — Sat, 10 May 2025 00:58:50 +0000

The Future Is a Place We Visit, But Never Stay

May 9, 2025

A Post-RSAC 2025 Reflection on the Kinda Funny and Pretty Weird Ways Society, Technology, and Cybersecurity Intersect, Interact, and Often Simply Ignore Each Other.

By Marco Ciappelli | Musing on Society and Technology

Here we are — once again, back from RSAC. Back from the future. Or at least the version of the future that fits inside a conference badge, a branded tote bag, and a hotel bill that makes you wonder if your wallet just got hacked.

San Francisco is still buzzing with innovation — or at least that’s what the hundreds of self-driving cars swarming the city would have you believe. It’s hard to feel like you’re floating into a Jetsons-style future when your shuttle ride is bouncing through potholes that feel more 1984 than 2049.

I have to admit, there’s something oddly poetic about hosting a massive cybersecurity event in a city where most attendees would probably rather not be — and yet, here we are. Not for the scenery. Not for the affordability. But because, somehow, for a few intense days, this becomes the place where the future lives.

And yes, it sometimes looks like a carnival. There are goats. There are puppies. There are LED-lit booths that could double as rave stages. Is this how cybersecurity sells the feeling of safety now? Warm fuzzies and swag you’ll never use? I’m not sure.

But again: here we are.

There’s a certain beauty in it. Even the ridiculous bits. Especially the ridiculous bits.

Personally, I’m grateful for my press badge — it’s not just a backstage pass; it’s a magical talisman that wards off the pitch-slingers. The power of not having a budget is strong with this one.

But let’s set aside the Frankensteins in the expo hall for a moment.

Because underneath the spectacle — behind the snacks, the popcorns, the scanners and the sales demos — there is something deeply valuable happening. Something that matters to me. Something that has kept me coming back, year after year, not for the products but for the people. Not for the tech, but for the stories.

What RSAC Conference gives us — what all good conferences give us — is a window. A quick glimpse through the curtain at what might be.

And sometimes, if you’re lucky and paying attention, that glimpse stays with you long after the lights go down.

We have quantum startups talking about cryptographic agility while schools are still banning phones. We have generative AI writing software — code that writes code — while lawmakers print bills that read like they were faxed in from 1992. We have cybersecurity vendors pitching zero trust to rooms full of people still clinging to the fantasy of perimeter defense — not just in networks, but in their thinking.

We’re trying to build the future on top of a mindset that refuses to update.

That’s the real threat. Not AI and quantum. Not ransomware. Not the next zero-day.

It’s the human operating system. It hasn’t been patched in a while.

And so I ask myself — what are these conferences for, really?

Because yes, of course, they matter.

Of course I believe in them — otherwise I wouldn’t be there, recording stories, chasing conversations, sharing a couch and a mic with whoever is bold enough to speak not just about how we fix things, but why we should care at all.

But I’m also starting to believe that unless we do something more — unless we act on what we learn, build on what we imagine, challenge what we assume — these gatherings will become time capsules. Beautiful, well-produced, highly caffeinated, blinking, noisy time capsules.

We don’t need more predictions. We need more decisions.

One of the most compelling conversations I had wasn’t about tech at all. It was about behavior. Human behavior.

Dr. Jason Nurse reminded us that most people are not just confused by cybersecurity — they’re afraid of it.

They’re tired.

They’re overwhelmed.

And in their confusion, they become unpredictable. Vulnerable.

Not because they don’t care — but because we haven’t built a system that makes it easy to care.

That’s a design flaw.

Elsewhere, I heard the term “AI security debt.” That one stayed with me.

Because it’s not just technical debt anymore. It’s existential.

We are creating systems that evolve faster than our ability to understand them — and we’re doing it with the same blind trust we used to install browser toolbars in the ‘90s.

“Sure, it seems useful. Click accept.”

We’ve never needed collective wisdom more than we do right now.

And yet, most of what we build is designed for speed, not wisdom.

So what do we do?

We pause. We reflect. We resist the urge to just “move on” to the next conference, the next buzzword, the next promised fix.

Because the real value of RSAC isn’t in the badge or the swag or the keynotes.

It’s in the aftershock.

It’s in what we carry forward, what we refuse to forget, what we dare to question even when the conference is over, the blinking booths vanish, the future packs up early, and the lanyards go into the drawer of forgotten epiphanies — right next to the stress balls, the branded socks and the beautiful prize that you didn't win.

We’ll be in Barcelona soon. Then London. Then Vegas.

We’ll gather again. We’ll talk again. But maybe — just maybe — we can start to shift the story.

From visiting the future… To staying a while.

Let’s build something we don’t want to walk away from.

And now, ladies and gentlemen… the show is over.

The lights dim, the music fades, and the future exits stage left...

Until we meet again.

—Marco

Resources

Read first newsletter about RSAC 2025 I wrote last week " Securing Our Future Without Leaving Half Our Minds in the Past" https://www.linkedin.com/pulse/securing-our-future-without-leaving-half-minds-past-marco-ciappelli-cry1c/

🎙️ Explore Our Full RSAC 2025 Coverage on ITSPmagazine

We would like to thank our full event coverage sponsors and look forward to our On Location conversations

Minimize image

Edit image

Delete image

Akamai Technologies: https://itspm.ag/akamailbwc

BLACKCLOAK: https://itspm.ag/itspbcweb

SandboxAQ: https://itspm.ag/sandboxaq-j2en

Archer Integrated Risk Management: https://itspm.ag/rsaarchweb

ISACA: https://itspm.ag/isaca-96808

Object First: https://itspm.ag/object-first-2gjl

Edera: https://itspm.ag/edera-434868

... and thank you to our event briefing partners, with whom we will also record On Location briefings

Infinidat: https://itspm.ag/infini3o5d

Coalfire: https://itspm.ag/coalfire-yj4w

ManageEngine: https://itspm.ag/manageen-631623

Detecteam: https://itspm.ag/detecteam-21686

Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947

Qualys: https://itspm.ag/qualys-908446

Corelight: https://itspm.ag/coreligh-954270

Anomali: https://itspm.ag/anomali-bdz393

And ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:

➤ Infosecurity Europe in London in June: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverage

➤ OWASP® Foundation AppSec Global in Barcelona in May: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain

➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas

FOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGE

https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Share this newsletter and invite anyone you think would enjoy it!

As always, let's keep thinking!

— Marco [https://www.marcociappelli.com]

_________________________________________________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why We Can’t Completely Trust the Intern (Even If It’s AI) | An RSAC Conference 2025 Conversation with Alex Kreilein and John Sapp Jr. | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 8 May 2025 19:29:07 +0000

When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That’s the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security.

The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust this output? That mindset, he argues, is fundamental to building responsible systems, especially when models are generating code or influencing decisions at scale.

Their conversation surfaces an emerging gap between automation and assurance. AI tools promise speed and performance, but that speed introduces risk if teams are too quick to assume accuracy or ignore validation. John and Alex discuss this trust gap and how the zero trust mindset—so common in network security—must now apply to AI models and agents, too.

They share a key concern: technical debt is back, this time in the form of “AI security debt”—risk accumulating faster than most teams can keep up with. But it’s not all gloom. They highlight real opportunities for security and development teams to reprioritize: moving away from chasing every CVE and toward higher-value work like architecture reviews and resiliency planning.

The conversation then shifts to the foundation of true resilience. For Alex, resilience isn’t about perfection—it’s about recovery and response. He pushes for embedding threat modeling into unit testing, not just as an afterthought but as part of modern development. John emphasizes traceability and governance across the organization: ensuring the top understands what’s at stake at the bottom, and vice versa.

One message is clear: context matters. CVSS scores, AI outputs, scanner alerts—all of it must be interpreted through the lens of business impact. That’s the art of security today.

Ready to challenge your assumptions about secure AI and modern AppSec? This episode will make you question what you trust—and how you build.

___________

Guests:

Alex Kreilein, Vice President of Product Security, Qualys | https://www.linkedin.com/in/alexkreilein/

John Sapp Jr., Vice President, Information Security & CISO, Texas Mutual Insurance Company | https://www.linkedin.com/in/johnbsappjr/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

JP Morgan Chase Open Letter: An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, phillip miller, rsac 2025, cybersecurity, ciso, startups, risk, marketplace, leadership, technology, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Hidden Cost of Closing the Door on Innovation | An RSAC Conference 2025 Conversation with Phillip Miller | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 7 May 2025 23:13:01 +0000

In this episode of On Location at RSAC Conference 2025, Phillip Miller—Chief Information Security Officer and founder of Corporal—offers a candid and practical look at the current realities of cybersecurity leadership, innovation ecosystems, and the business-first mindset required to drive effective security outcomes.

With a unique background that blends enterprise cybersecurity leadership and hands-on work on his Virginia farm, Miller brings a grounded perspective to the CISO role. Over the past 18 months, he stepped away from a traditional enterprise seat to work directly with startups through his company, advising them on how to align their offerings with the real needs of security teams. His return to a full-time CISO position follows that immersive experience, giving him a renewed sense of what enterprise security leaders are missing when they close themselves off from emerging technology vendors.

Shifting the Buying Conversation

One of Miller’s strongest messages is that buying decisions should start with the security team—not just the CISO. Too often, tools are purchased at the top and handed down without enough input from those who will actually use them. Miller stresses that founders who are selling into the enterprise need to solve real problems with real people—and CISOs should invite that dialogue rather than block it.

He also encourages CISOs to think beyond the big names. While legacy providers are often the default, marketplace ecosystems (like AWS or GCP) and accelerator programs (such as those run by CrowdStrike) offer curated, credible entry points to newer solutions. These platforms can streamline the validation process while introducing fresh capabilities that legacy tools may lack.

Lead With the Business, Not the Tech

For Miller, the CISO’s most valuable contribution is helping business leaders understand their own risks—especially the ones they don’t associate with cybersecurity. By starting with “What are your biggest non-cyber risks?” Miller helps organizations connect the dots between core operations and digital exposure.

Whether working in manufacturing, retail, or financial services, his approach remains consistent: understand how the business creates value, then align security programs and tooling accordingly. The tech, he reminds us, comes second.

Catch the full conversation to hear more on third-party risk, building high-functioning teams, and why peer conversations at conferences like RSAC are essential to the health of the cybersecurity community.

___________

Guest:

Phillip Miller, CISO and founder of Qurple | https://www.linkedin.com/in/pemiller/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, phillip miller, rsac 2025, cybersecurity, ciso, startups, risk, marketplace, leadership, technology, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Fixing the Detection Disconnect and Rethinking Detection: From Static Rules to Living Signals | A Brand Story with Fred Wilmot from Detecteam | An On Location RSAC Conference 2025 Brand Story

Wed, 7 May 2025 04:28:52 +0000

Fred Wilmot, CEO and co-founder of Detecteam, and Sebastien Tricaud, CTO and co-founder, bring a candid and critical take on cybersecurity’s detection and response problem. Drawing on their collective experience—from roles at Splunk, Devo, and time spent in defense and offensive operations—they raise a core question: does any of the content, detections, or tooling security teams deploy actually work?

The Detecteam founders challenge the industry’s obsession with metrics like mean time to detect or respond, pointing out that these often measure operational efficiency—not true risk readiness. Instead, they propose a shift in thinking: stop optimizing broken processes and start creating better ones.

At the heart of their work is a new approach to detection engineering—one that continuously generates and validates detections based on actual behavior, environmental context, and adversary tactics. It’s about moving away from one-size-fits-all IOCs toward purpose-built, context-aware detections that evolve as threats do.

Sebastien highlights the absurdity of relying on static, signature-based detection in a world of dynamic threats. Adversaries constantly change tactics, yet detection rules often sit unchanged for months. The platform they’ve built breaks detection down into a testable, iterative process—closing the gap between intel, engineering, and operations. Teams no longer need to rely on hope or external content packs—they can build, test, and validate detections in minutes.

Fred explains the benefit in terms any CISO can understand: this isn’t just detection—it’s readiness. If a team can build a working detection in under 15 minutes, they beat the average breakout time of many attackers. That’s a tangible advantage, especially when operating with limited personnel.

This conversation isn’t about a silver bullet or more noise—it’s about clarity. What’s working? What’s not? And how do you know? For organizations seeking real impact in their security operations—not just activity—this episode explores a path forward that’s faster, smarter, and grounded in reality.

Learn more about Detecteam: https://itspm.ag/detecteam-21686

Note: This story contains promotional content. Learn more.

Guests:

Fred Wilmot, Co-Founder & CEO, Detecteam | https://www.linkedin.com/in/fredwilmot/

Sebastien Tricaud, Co-Founder & CTO, Detecteam | https://www.linkedin.com/in/tricaud/

Resources

Learn more and catch more stories from Detecteam: https://www.itspmagazine.com/directory/detecteam

Webinar: Rethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam | https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, fred wilmot, sebastien tricaud, detecteam, detection, cybersecurity, behavior, automation, red team, blue team, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Simplifying Cybersecurity Operations at Scale: Automation with a Human Touch | A Brand Story with Subo Guha from Stellar Cyber | An On Location RSAC Conference 2025 Brand Story

Wed, 7 May 2025 03:12:05 +0000

In this episode, Subo Guha, Senior Vice President of Product Management at Stellar Cyber, shares how the company is reshaping cybersecurity operations for managed service providers (MSPs) and their customers. Stellar Cyber’s mission is to simplify security without compromising depth—making advanced cybersecurity capabilities accessible to organizations without enterprise-level resources.

Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform’s modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.

One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.

The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber’s strong commitment to ecosystem support and customer-centric growth.

Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It’s a clear statement: powerful security doesn’t need to be out of reach for smaller teams or companies.

This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.

Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947

Note: This story contains promotional content. Learn more.

Guest:

Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/

Resources

Learn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyber

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Tools to Trust: Why Integration Beats Innovation Hype in Cybersecurity | A Brand Story with Vivin Sathyan from ManageEngine | An On Location RSAC Conference 2025 Brand Story

Wed, 7 May 2025 02:37:30 +0000

Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.

ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don’t just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.

At the heart of the platform’s effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it’s SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.

AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.

Perhaps most compelling is ManageEngine’s global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.

This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?

Learn more about ManageEngine: https://itspm.ag/manageen-631623

Note: This story contains promotional content. Learn more.

Guest:

Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/

Resources

Learn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengine

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Red Teams to Real Impact: Bringing Artistry and Precision to Cybersecurity Programs | A Brand Story with Charles Henderson from Coalfire | An On Location RSAC Conference 2025 Brand Story

Tue, 6 May 2025 23:47:47 +0000

Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn’t on commoditized services—it’s on what actually makes a difference.

At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn’t hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.

Coalfire’s evolution reflects this shift. It’s not just about running a penetration test or red team operation in isolation. It’s about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they’re seeking simplified, strategic programs with measurable outcomes.

The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It’s about enabling CISOs to own the narrative, armed with context, clarity, and confidence.

Henderson’s reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.

This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.

Learn more about Coalfire: https://itspm.ag/coalfire-yj4w

Note: This story contains promotional content. Learn more.

Guest:

Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/

Resources

Learn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfire

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Not So Contained: When Container Isolation Is Just an Illusion | A Brand Story with Emily Long from Edera | An On Location RSAC Conference 2025 Brand Story

Tue, 6 May 2025 21:55:23 +0000

Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes’ original design.

Emily outlines a critical flaw: Kubernetes wasn’t built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn’t real—it’s just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.

Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn’t disrupt developer workflows, integrates easily at the infrastructure layer, and doesn’t require retraining or restructuring CI/CD pipelines. It’s secure by design, without compromising performance or portability.

The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today’s ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.

Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today’s container sprawl, but tomorrow’s AI-powered compute environments.

This is more than a product pitch—it’s a reframing of how we define and implement security at the container level. The full conversation reveals what’s possible when performance, portability, and protection are no longer at odds.

Learn more about Edera: https://itspm.ag/edera-434868

Note: This story contains promotional content. Learn more.

Guest:

Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/

Resources

Learn more and catch more stories from Edera: https://www.itspmagazine.com/directory/edera

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This is what Happens When Security Stops Chasing Threats and Starts Managing Risk | A Brand Story with Rich Seiersen from Qualys | An On Location RSAC Conference 2025 Brand Story

Tue, 6 May 2025 19:00:00 +0000

In this episode, Sean Martin speaks with Richard Seiersen, Chief Risk Technology Officer at Qualys, about a new way to think about cybersecurity—one that puts value and business resilience at the center, not just threats.

Richard shares the thinking behind Qualys’ Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.

With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.

From Security Operations to Risk Operations

While a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.

The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.

A CISO’s Role in the Business of Risk

Richard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”

This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?

Learn more about Qualys: https://itspm.ag/qualys-908446

Note: This story contains promotional content. Learn more.

Guest:

Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/

Resources

Learn more and catch more stories from Qualys: https://www.itspmagazine.com/directory/qualys

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, richard seiersen, risk, cybersecurity, data, resilience, telemetry, automation, ciso, soc, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Term Sheets to Trust: What Mergers & Acquisitions Trends Reveal About Cybersecurity’s Future | An On Location RSAC Conference 2025 Conversation with Yair Geva

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Yair Geva) — Tue, 6 May 2025 18:14:13 +0000

In this on-location conversation recorded during RSAC 2025, attorney, investor, and strategic advisor Yair Geva shares a global perspective shaped by years of legal counsel, venture investing, and deal-making across Israel, Europe, and the U.S. Geva offers unique insight into how cybersecurity, AI, and M&A are not only intersecting—but actively reshaping—the tech ecosystem.

More than just a legal expert, Geva advises early-stage founders and institutional investors across markets, helping them navigate cultural, legal, and strategic gaps. With over 50 personal investments and a strong focus on cybersecurity in recent institutional activity, his perspective reflects where real momentum is building—and how smart capital is being deployed.

AI Acceleration and M&A Hesitation

According to Geva, the accelerating capabilities of AI have created a strange paradox: in some sectors, VCs are hesitant to invest because the pace of change undermines long-term confidence. Yet in cybersecurity, AI is acting as a catalyst, not a caution. Cyber-AI combinations are among the few domains where deals are still moving quickly. He points to recent acquisitions—such as Palo Alto Networks’ move on Protect AI—as a sign that strategic consolidation is alive and well, even if overall deal volume remains lighter than expected.

Cyber Due Diligence Is Now Table Stakes

Across all industries, cybersecurity evaluations have become a non-negotiable part of M&A. Whether acquiring a fashion brand or a software firm, buyers now expect a clear security posture, detailed risk management plans, and full disclosure of any prior breaches. Geva notes that incident response experience, when managed professionally, can actually serve as a confidence builder in the eyes of strategic buyers.

From Global Hubs to Human Connections

While San Francisco remains a major force, Geva sees increasing momentum in New York, London, and Tel Aviv. Yet across all markets, he emphasizes that human relationships—trust, cultural understanding, and cross-border collaboration—ultimately drive deal success more than any legal document or term sheet.

With a front-row seat to innovation and a hand in building the bridges that power global tech growth, Yair Geva is helping define the next chapter of cybersecurity, AI, and strategic investment.

Listen to the full conversation to hear what’s shaping the deals behind tomorrow’s cybersecurity innovations.Note: This story contains promotional content. Learn more.

Guest:

Yair Geva, Attorney and Investor | https://www.linkedin.com/in/yairgeva/

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, yair geva, cybersecurity, investment, ai, m&a, venture, resilience, innovation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Reactive to Proactive: Building Guardrails That Actually Protect | A Brand Story with Rob Allen from ThreatLocker | An On Location RSAC Conference 2025 Brand Story

Mon, 5 May 2025 19:30:00 +0000

In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.

Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can’t control what you can’t see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.

The Zero Trust Mindset: Assume Breach, Limit Access

Rob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It’s not about waiting to detect bad behavior—it’s about blocking the behavior before it starts.

The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker’s automation is designed to lower that barrier and get organizations to meaningful control faster.

Modern Threats, Simplified Defenses

As AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don’t require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it’s created. Whether it’s PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.

This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you’re ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest:

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security at the Edge of Change: Preparing for the Cryptographic and AI Tipping Point | A Brand Story with Marc Manzano from SandboxAQ | An On Location RSAC Conference 2025 Brand Story

Mon, 5 May 2025 18:30:00 +0000

Quantum computing and AI are no longer theoretical concepts for tomorrow—they’re shaping how organizations must secure their infrastructure today. In this episode of the podcast, Mark Manzano, General Manager of Cybersecurity at SandboxAQ, joins the conversation to share how his team is helping organizations confront some of the most urgent and complex cybersecurity shifts of our time.

SandboxAQ, a company spun out of Alphabet, operates at the intersection of quantum technology and artificial intelligence. Manzano highlights two immediate challenges that demand new approaches: the looming need for quantum-resistant cryptography and the unchecked proliferation of AI agents across enterprise systems.

Post-Quantum Migration and Cryptographic Agility

Manzano describes an industry-wide need for massive cryptographic migration in response to the quantum threat. But rather than treating it as a one-time fix, SandboxAQ promotes cryptographic agility—a framework that enables organizations to dynamically and automatically rotate credentials, replace algorithms, and manage certificates in real-time. Their approach replaces decades of static key management practices with a modern, policy-driven control plane. It’s not just about surviving the post-quantum era—it’s about staying ready for whatever comes next.

Taming the Complexity of AI Agents and Non-Human Identities

The second challenge is the surge of non-human identities—AI agents, machine workloads, and ephemeral cloud infrastructure. SandboxAQ’s platform provides continuous visibility and control over what software is running, who or what it communicates with, and whether it adheres to security policies. This approach helps teams move beyond manual, one-off audits to real-time monitoring, dramatically improving how organizations manage software supply chain risks.

Real Use Cases with Measurable Impact

Manzano shares practical examples of how SandboxAQ’s technology is being used in complex environments like large banks—where decades of M&A activity have created fragmented infrastructure. Their platform unifies cryptographic and identity management through a single pane of glass, helping security teams act faster with less friction. Another use case? Reducing vendor risk assessment from months to minutes, allowing security teams to assess software posture quickly and continuously.

Whether it’s quantum cryptography, AI risk, or identity control—this isn’t a vision for 2030. It’s a call to action for today.

Learn more about SandboxAQ: https://itspm.ag/sandboxaq-j2en

Note: This story contains promotional content. Learn more.

Guest:

Marc Manzano, General Manager of Cybersecurity at SandboxAQ | https://www.linkedin.com/in/marcmanzano/

Resources

Learn more and catch more stories from SandboxAQ: https://www.itspmagazine.com/directory/sandboxaq

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

mark manzano, marco ciappelli, sean martin, cryptography, quantum, ai, cybersecurity, nonhuman, keymanagement, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Ransomware Strikes, Will Your Backups Hold the Line? | A Brand Story with Sterling Wilson from Object First | An On Location RSAC Conference 2025 Brand Story

Mon, 5 May 2025 17:30:00 +0000

In today’s threat environment, it’s not enough to back up your data—you have to be able to trust that those backups will be there when you need them. That’s the message from Sterling Wilson, Field CTO at Object First, during his conversation at RSAC Conference 2025.

Object First is purpose-built for Veeam environments, offering out-of-the-box immutability (OOTBI) with a hardened, on-premises appliance. The goal is simple but critical: make backup security both powerful and practical. With backup credentials often doubling as access credentials for storage infrastructure, organizations expose themselves to unnecessary risk. Object First separates those duties by design, reducing the attack surface and protecting data even when attackers have admin credentials in hand.

Immutability as a Foundation—Not a Feature

The conversation highlights data from a recent ESG study showing that 81% of respondents recognize immutable object storage as the most secure way to protect backup data. True immutability means data cannot be modified or deleted until a set retention period expires—an essential safeguard when facing ransomware or insider threats. But Sterling emphasizes that immutability alone isn’t enough. Backup policies, storage access, and data workflows must be segmented and secured.

Zero Trust for Backup Infrastructure

Zero trust principles—verify explicitly, assume breach, enforce least privilege—have gained ground across networks and applications. But few organizations extend those principles into the backup layer. Object First applies zero trust directly to backup infrastructure through what they call zero trust data resilience. That includes verifying credentials at every step and ensuring backup jobs can’t alter storage configurations.

A Real-World Test: Marysville School District

When Marysville School District suffered a ransomware attack, nearly every system was compromised—except the Object First appliance. The attacker had administrative credentials, but couldn’t access or encrypt the immutable backups. Thanks to the secure design and separation of permissions, recovery was possible—demonstrating that trust in your backups can’t be assumed; it must be enforced by design.

Meeting Customers Where They Are

To support both partners and end customers, Object First now offers OOTBI through a consumption-based model. Whether organizations are managing remote offices or scaling their environments quickly, the new model provides flexibility without compromising security or simplicity.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guest:

Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, sterling wilson, ransomware, immutability, backups, cybersecurity, zero trust, data protection, veeam, recovery, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Overhead to Advantage: Turning Compliance into a Strategic Asset | A Brand Story with Steve Schlarman from Archer | An On Location RSAC Conference 2025 Brand Story

Mon, 5 May 2025 16:30:00 +0000

In this RSAC 2025 episode, Sean Martin sits down with Steve Schlarman, Senior Director of Product Management at Archer, to explore how organizations are rethinking compliance and risk—not just as a box to check, but as a business enabler.

At the center of the conversation is Archer Evolv, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company’s post-RSA independence, Evolv aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.

Leveraging technology developed by Compliance.ai, acquired by Archer last year, Archer applies AI tuned specifically for the language of compliance, helping customers reduce review time per regulatory obligation from 100 hours to just a few. That’s more than a productivity gain—it’s a structural shift in how companies adapt to nonstop regulatory change.

Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.

The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.

This episode isn’t just about software or frameworks. It’s about what happens when governance becomes a driver of value, not just a reaction to fear.

Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.

Learn more about Archer: https://itspm.ag/rsaarchweb

Note: This story contains promotional content. Learn more.

Guest:

Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The New Front Line: Runtime Protection for AI and API-Driven Attacks | A Brand Story with Rupesh Chokshi from Akamai | An On Location RSAC Conference 2025 Brand Story

Mon, 5 May 2025 15:40:09 +0000

At RSAC Conference 2025, Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, joined ITSPmagazine to share critical insights into the dual role AI is playing in cybersecurity today—and what Akamai is doing about it.

Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it’s also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.

The API and Web Application Threat Surge

Referencing Akamai’s latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they’re exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.

Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren’t actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.

Introducing Akamai’s Firewall for AI

Akamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.

In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.

Enabling Security Leadership

Chokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai’s goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.

Learn more about Akamai: https://itspm.ag/akamailbwc

Note: This story contains promotional content. Learn more.

Guest:

Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

RSAC 2025 Coverage is done! It's a wrap, we are good to go, but The Musings Are Just Getting Started | An RSAC Conference 2025 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Sat, 3 May 2025 23:41:36 +0000

RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We’re working on it.” That exchange captured the spirit of the entire event — security is not a destination, it’s an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward.

___________

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

___________

KEYWORDS

sean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference

___________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mindset Matters: Rethinking How We Teach and Design Cybersecurity | An RSAC Conference 2025 Conversation with Jason R.C. Nurse | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 1 May 2025 16:45:00 +0000

Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent and Director of Science and Research at CybSafe, joins ITSPmagazine at RSAC 2025 to discuss how people’s attitudes shape their cybersecurity behaviors—at home, at work, and everywhere in between.

Drawing from a global survey of over 7,000 individuals, Dr. Nurse presents data that reveals a fundamental challenge: while many individuals recognize the importance of cybersecurity, a significant number also find it intimidating and frustrating. Nearly 43% of participants shared that they feel overwhelmed by security measures, highlighting a persistent disconnect between the intent of security protocols and the lived experience of users.

This disconnect manifests in inconsistent behaviors. At home, people may take extra precautions to protect their personal lives and families. At work, however, there’s a tendency to outsource responsibility to the employer. This duality—heightened vigilance in personal spaces and relaxed caution in professional environments—creates vulnerabilities in a world where attackers don’t care where the device or user happens to be.

The conversation emphasizes the need to rethink how we approach cybersecurity education, awareness, and design. Dr. Nurse advocates for a “usable security” model—systems that protect users without demanding overly technical knowledge or creating friction. He uses the example of biometrics and seamless phone authentication to show how good design can improve both security and user satisfaction.

To illustrate the connection between knowledge, attitude, and behavior, Dr. Nurse brings humor into the mix with a memorable analogy involving Kit Kats. Just as knowing something is delicious can shape our cravings and actions, understanding security in relatable terms can lead to more proactive behaviors.

The episode wraps with a candid reflection on trust and novelty in the face of emerging AI systems—like self-driving cars. Dr. Nurse questions whether people truly trust new technologies or if they’re simply seduced by convenience and innovation.

This is a conversation about what it really takes to build a security-conscious society—one that understands people as much as it understands threats.

Listen to the full episode to hear how mindset, usability, and cultural attitudes are reshaping the human side of cybersecurity.

___________

Guest:

Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, jason r c nurse, rsac 2025, cybersecurity, behavior, mindset, usability, ai, trust, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Certification to Confidence: The Future of Cybersecurity Starts with the First Job | A Brand Story with Jamie Norton from ISACA | An On Location RSAC Conference 2025 Brand Story

Thu, 1 May 2025 15:43:28 +0000

The cybersecurity workforce shortage isn’t a new problem—but according to Jamie Norton, Board Director at ISACA, it’s one that’s getting worse. In this on-location conversation during RSAC Conference 2025, Norton shares how ISACA is not only acknowledging this persistent gap but actively building pathways to close it, especially for early-career professionals.

While many know ISACA for its certifications and events, Norton emphasizes that the organization’s mission goes much deeper—supporting digital trust through education, community, and career development. One key area of focus: helping individuals navigate every phase of their professional journey, from new graduates to seasoned leaders. That includes new offerings like the Certified Cyber Operations Analyst (CCOA) credential, designed specifically to meet the growing demand for technical, hands-on skills in security operations roles.

What’s driving this shift? Norton points to employer demand for candidates who can walk into SOC and technical analyst roles with practical experience. The CCOA was created based on feedback from ISACA’s 185,000+ global members and a wide network of hiring organizations, all highlighting the same pain point: early-stage roles are difficult to fill, not because people aren’t interested, but because too many can’t prove their skills in ways hiring managers understand.

ISACA’s response is both strategic and community-driven. Certification development is rooted in large-scale data analysis and enhanced by input from members around the world, ensuring each program reflects real-world needs. At the same time, ISACA recognizes that certifications alone don’t create confidence. Community and mentorship matter—especially for those struggling with imposter syndrome or breaking into the field from non-traditional backgrounds.

Looking ahead, ISACA is investing in career journey tools, AI-focused certifications, and guidance for post-quantum readiness—all while continuing to support members through local chapters and global programs.

For those hiring, job-seeking, or guiding others into the field, this episode offers a grounded, forward-looking view into how one organization is equipping the cybersecurity workforce for the work that matters now—and what’s coming next.

Learn more about ISACA: https://itspm.ag/isaca-96808

Note: This story contains promotional content. Learn more.

Guest:

Jamie Norton, Director Board of Directors, ISACA | https://www.linkedin.com/in/jamienorton/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

jamie norton, sean martin, marco ciappelli, cybersecurity, certifications, workforce, skills, governance, community, careers, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Home Is Where the Threat Is: Protecting Executives in Their Personal Lives | A Brand Story with Chris Pierson from BlackCloak | An On Location RSAC Conference 2025 Brand Story

Thu, 1 May 2025 14:31:55 +0000

When it comes to cybersecurity, corporate executives are often the most targeted individuals—but their greatest vulnerabilities may lie beyond the office walls. In this episode recorded live at RSAC Conference 2025, Dr. Chris Pierson, Founder and CEO of BlackCloak, joins hosts Sean Martin and Marco Ciappelli to unpack why digital executive protection is now a business necessity, not a luxury.

Dr. Pierson—a former two-time CISO, DHS cybersecurity advisor, and chief privacy officer—explains how BlackCloak addresses a long-ignored problem: the personal digital exposure of high-profile individuals and their families. From compromised home networks and identity theft to impersonation scams powered by deepfake technology, today’s cyber threats easily bypass corporate defenses by exploiting softer targets at home.

Digital Protection That Mirrors Physical Security

Just as companies rely on third-party providers for health insurance or physical executive protection, Dr. Pierson advocates for a dedicated, privacy-conscious solution for securing personal digital lives. BlackCloak functions as a concierge-style service, guiding individuals through essential steps like securing high-risk accounts, managing privacy settings, shrinking their attack surface, and implementing a modern, multifactor verification system to prevent impersonation attacks.

A Framework for Action

At RSAC, Dr. Pierson unveiled BlackCloak’s Digital Executive Protection Framework—a practical tool that includes 14 tenets and over 100 specific actions to assess and improve personal digital security maturity. The goal: help organizations prioritize what matters most. Instead of trying to secure every account or device equally, the framework focuses attention on high-value targets like banking credentials, communication platforms, and personal data exposed via data brokers.

From Deepfakes to Real-World Consequences

Pierson also highlights the alarming growth of AI-powered impersonation attacks. With 42% of surveyed CISOs reporting executive-targeted deepfake incidents, and financial losses climbing, companies must think differently. It’s not just about technology—it’s about trust, relationships, and verification at every level of communication.

This episode sheds light on how executive protection is evolving—and why your organization should consider extending its security strategy beyond the boardroom. To see how BlackCloak is redefining protection for the C-suite and their families, listen to the full episode.

Learn more about BlackCloak: https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest:

Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, chris pierson, cybersecurity, privacy, deepfakes, identity, executives, framework, protection, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Resilience Is the Destination, Innovation Is the Path | An RSAC Conference 2025 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Thu, 1 May 2025 00:23:26 +0000

In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what’s coming next. With dozens of interviews under their belts, the duo shares what’s standing out across sessions and show-floor discussions.

Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There’s a clear sense that the dialogue has shifted: zero trust isn’t just a topic; it’s embedded across many conversations. AI is no longer speculative—it’s embedded in discussions about GRC, automation, and security architecture.

Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.

From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.

___________

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

___________

KEYWORDS

sean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference

___________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Overwhelmed to Informed: The Future of Threat Detection Isn’t Just Faster—It’s Strategic | A Brand Story with Hugh Njemanze from Anomali | An On Location RSAC Conference 2025 Brand Story

Wed, 30 Apr 2025 20:30:00 +0000

In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, President and Founder at Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what’s driving a dramatic shift in how security teams access, analyze, and act on data.

Anomali’s latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.

Agentic AI Meets Threat Intelligence

Hugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali’s AI operates within a secure, bounded dataset tailored to the customer’s environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization’s specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn’t just contextual awareness—it’s operational intelligence at speed and scale.

Making Security More Human-Centric

One clear theme emerges: the democratization of security tools. With Anomali’s design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.

Real-World Results and Risk Insights

Customers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali’s system doesn’t just detect—it correlates attack surface data with threat activity to highlight what’s both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.

Learn more about Anomali: https://itspm.ag/anomali-bdz393

Note: This story contains promotional content. Learn more.

Guest:

Hugh Njemanze, President and Founder at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/

Resources

Learn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomali

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Space to AI: Expanding the Cybersecurity Conversation with Cyber Unity | An RSAC Conference 2025 Conversation with Luigi Martino and Luca Tagliaretti | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 30 Apr 2025 19:45:00 +0000

At RSAC Conference 2025 in San Francisco, the message is clear: cybersecurity must be a shared endeavor—across nations, disciplines, and sectors. In this episode, Marco Ciappelli and Sean Martin welcome two distinguished voices from Italy who are helping shape this collective path forward: Luigi Martino, Director of the Center for Cybersecurity and International Relations Studies at the University of Florence, and Luca Tagliaretti, Executive Director of the European Cybersecurity Competence Centre (ECCC).

Cybersecurity as a Multinational, Multidimensional Effort

Luigi Martino, who also holds roles at the University of Bologna and Khalifa University in Abu Dhabi, underscores the growing global awareness that cybersecurity is no longer a niche concern—it’s embedded in everything, from space to artificial intelligence. He emphasizes that cyber cannot be treated in isolation and must be considered alongside advancements in quantum technologies, AI, and the systems that govern our modern society.

For Luca Tagliaretti, leading the EU’s newly autonomous cybersecurity body, this interconnected view plays out through policy and community-building. The ECCC’s role spans everything from shaping long-term cybersecurity strategies across Europe to investing in innovation and skilling up the current workforce. He describes this as a community-first mission—building cohesion not just across EU member states, but eventually through global alignment.

Regulation: Guardrail or Roadblock?

A major theme discussed is the role of regulation in fostering or hindering innovation. Both guests agree that thoughtful regulation—especially in AI—is not the enemy of progress. Rather, it can be a mechanism for building trust, ensuring ethical use, and creating market conditions where all players, not just the biggest, can thrive. Bureaucracy, not regulation itself, is called out as the more significant challenge—particularly when public institutions aren’t equipped to implement modern governance.

What They’re Taking Home from RSAC

Asked what they’ll bring back from the conference, Luca points to the “sense of unity”—the opportunity to build on shared knowledge and collaborate across borders. Luigi highlights the spirit of open innovation and trust that defines the RSAC community: a willingness to share, experiment, and move forward together.

Both perspectives offer a powerful reminder—cybersecurity isn’t just about defending systems, it’s about building connections.

___________

Guest:s
Luigi Martino, Principal Research Scientist at Khalifa University and Head at the Center for Cyber Security and International Relations Studies | https://www.linkedin.com/in/luigi-martino-07515364/

Luca Tagliaretti, Executive Director at ECCC | https://www.linkedin.com/in/luca-tagliaretti-564a703/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

___________

KEYWORDS

marco ciappelli, sean martin, luigi martino, luca tagliaretti, rsac 2025, cybersecurity, regulation, ai, quantum, collaboration, event coverage, on location, conference

___________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Every Second Counts: Building Cyber Resilience Through A Smarter Approach to Data Protection | A Brand Story with Eric Herzog from Infinidat | An On Location RSAC Conference 2025 Brand Story

Wed, 30 Apr 2025 19:00:00 +0000

Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.

Cyber Resilience, Not Just Storage

According to Herzog, today’s enterprise buyers—especially those in the Global Fortune 2000—aren’t just asking how to store data. They’re asking how to protect it when things go wrong. That’s why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.

Built-In Defense and Blazing-Fast Recovery

The integration isn’t cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.

Real-World Scenarios, Real Business Outcomes

Herzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.

Simplified Operations, Smarter Security

The message is clear: storage can’t be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.

Learn more about Infinidat: https://itspm.ag/infini3o5d

Note: This story contains promotional content. Learn more.

Guest:

Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/

Resources

Learn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidat

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building Trust Through AI and Software Transparency: The Real Value of SBOMs and AISBOMs | An RSAC Conference 2025 Conversation with Helen Oakley and Dmitry Raidman | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 30 Apr 2025 18:15:00 +0000

Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what’s in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.

SBOMs Are Not Optional Anymore

Software Bills of Materials (SBOMs) have long been a recommended best practice, but they’re now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you’re not going to give me an SBOM, I’m not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.

Bringing AI into the SBOM Fold

But what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.

A Tool for the Community, Built by the Community

In an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community’s response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.

Why Security Leaders Should Pay Attention

The real value of an SBOM—whether for software or AI—is not just external compliance. It’s about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it’s a strategic necessity.

Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.

___________

Guests:
Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/

Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

LinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJea

An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

KEYWORDS

helen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What Endpoint Security Isn’t Catching: Why Network Visibility Still Matters | A Brand Story with Brian Dye from Corelight | An On Location RSAC Conference 2025 Brand Story

Wed, 30 Apr 2025 17:32:32 +0000

At RSAC Conference 2025, Sean Martin catches up with Brian Dye, CEO of Corelight, to explore a recurring truth in cybersecurity: attackers adapt, and defenders must follow suit. In this episode, Dye lays out why traditional perimeter defenses and endpoint controls alone are no longer sufficient—and why it’s time for security teams to look back toward the network for answers.

Beyond the Perimeter: Visibility as a Force Multiplier

According to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They’re bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What’s left exposed is the network itself—and that’s where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.

Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there’s no real damage.

Three Layers of Network Insight

Dye outlines a layered approach to detection:

1. Baseline Network Activity – High-fidelity summaries of what’s happening.

2. Raw Detections – Behavioral rules, signatures, and machine learning.

3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.

This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.

The Metrics That Matter

Dye points to three critical success metrics for teams:

• Visibility coverage over time.

• MITRE ATT&CK coverage, especially around lateral movement.

• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.

As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.

Learn more about Corelight: https://itspm.ag/coreligh-954270

Note: This story contains promotional content. Learn more.

Guest:

Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/

Resources

Learn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelight

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Security at a Crossroads: Innovation, Risk, and the Relationship Between the CISO and the Vendor Community | An RSAC Conference 2025 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Wed, 30 Apr 2025 01:36:56 +0000

In this closing conversation from Day One at RSAC Conference 2025, ITSPmagazine co-founders Sean Martin and Marco Ciappelli reflect on what they’re hearing in the halls, on the show floor, and in conversations with attendees—and the picture they’re painting may surprise you.

Sean Martin raises a recurring theme that’s come up in multiple off-camera discussions: the increasing hesitancy among CISOs to engage with new vendors or consider new technologies unless they come from familiar sources. The concern isn’t about the technology itself—it’s about time, trust, and the overwhelming volume of noise. In many cases, CISOs prefer to rely on their peer network rather than explore unknown options, potentially limiting their exposure to different ways of thinking about risk and security.

But this isn’t just a “vendor fatigue” issue. It’s a structural one.

Martin points to a conversation with Philip Miller, who emphasized the need for vendors to connect with the security team—not just the CISO. That shift could unlock a healthier, more scalable way to evaluate solutions without overloading leadership. When security teams are empowered to explore, test, and validate, it changes the decision-making dynamic and may lead to more open-minded program development—especially as AI begins reshaping how data and security interact.

Meanwhile, Marco Ciappelli looks at this cultural tension from a societal perspective. He draws parallels between the speed of technological progress and the slower-moving nature of regulation, governance, and even human behavior. If security programs are stuck in reactive modes—bound by risk aversion, budget constraints, or outdated expectations—how can they support the innovation their businesses (and society) demand?

The two hosts conclude that change isn’t just needed—it’s already underway, albeit unevenly. The key may lie in empowering the broader security ecosystem, from frontline analysts to policy makers, to think and act with more agility.

For those wrestling with how security can lead rather than lag, this conversation offers a timely reflection—and a few provocations worth sitting with.

What does a future-ready security program really look like?

Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25

___________

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, ciso, ai, cybersecurity, risk, decisionmaking, innovation, rsac 2025, technology, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rethinking Container Security from the Kernel Up | A Brand Story with Emily Long and Kaylin Trychon from Edera | An RSAC Conference 2025 Pre-Event Conversation

Tue, 29 Apr 2025 20:37:52 +0000

In this pre-event Brand Story On Location conversation recorded live from RSAC Conference 2025, Emily Long, Co-Founder and CEO of Edera, and Kaylin Trychon, Head of Communications, introduce a new approach to container security—one that doesn’t just patch problems, but prevents them entirely.

Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.

What’s notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today’s use cases, including AI and GPU-driven environments.

Kaylin adds that this design-first approach means security isn’t bolted on later—it’s embedded from the start. And yet, it’s done without disruption. Teams don’t need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.

For those grappling with infrastructure pain points—whether you’re in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera’s vision is bold, but their delivery is practical. And yes, you’ll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.

Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.

Learn more about Edera: https://itspm.ag/edera-434868

Note: This story contains promotional content. Learn more.

Guests:

Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/

Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/

Resources

Learn more and catch more stories from Edera: https://www.itspmagazine.com/directory/edera

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Inside the DARPA AI Cyber Challenge: Securing Tomorrow’s Critical Infrastructure Through AI and Healthy Competition | An RSAC Conference 2025 Conversation with Andrew Carney | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 28 Apr 2025 20:09:19 +0000

During RSAC Conference 2025, Andrew Carney, Program Manager at DARPA, and (remotely via video) Dr. Kathleen Fisher, Professor at Tufts University and Program Manager for the AI Cyber Challenge (AIxCC), guide attendees through an immersive experience called Northbridge—a fictional city designed to showcase the critical role of AI in securing infrastructure through the DARPA-led AI Cyber Challenge.

Inside Northbridge: The Stakes Are Real

Northbridge simulates the future of cybersecurity, blending AI, infrastructure, and human collaboration. It’s not just a walkthrough — it’s a call to action. Through simulated attacks on water systems, healthcare networks, and cyber operations, visitors witness firsthand the tangible impacts of vulnerabilities in critical systems. Dr. Fisher emphasizes that the AI Cyber Challenge isn’t theoretical: the vulnerabilities competitors find and fix directly apply to real open-source software relied on by society today.

The AI Cyber Challenge: Pairing Generative AI with Cyber Reasoning

The AI Cyber Challenge (AIxCC) invites teams from universities, small businesses, and consortiums to create cyber reasoning systems capable of autonomously identifying and fixing vulnerabilities. Leveraging leading foundation models from Anthropic, Google, Microsoft, and OpenAI, the teams operate with tight constraints—working with limited time, compute, and LLM credits—to uncover and patch vulnerabilities at scale. Remarkably, during semifinals, teams found and fixed nearly half of the synthetic vulnerabilities, and even discovered a real-world zero-day in SQLite.

Building Toward DEFCON Finals and Beyond

The journey doesn’t end at RSA. As the teams prepare for the AIxCC finals at DEFCON 2025, DARPA is increasing the complexity of the challenge—and the available resources. Beyond the competition, a core goal is public benefit: all cyber reasoning systems developed through AIxCC will be open-sourced under permissive licenses, encouraging widespread adoption across industries and government sectors.

From Competition to Collaboration

Carney and Fisher stress that the ultimate victory isn’t in individual wins, but in strengthening cybersecurity collectively. Whether securing hospitals, water plants, or financial institutions, the future demands cooperation across public and private sectors.

The Northbridge experience offers a powerful reminder: resilience in cybersecurity is built not through fear, but through innovation, collaboration, and a relentless drive to secure the systems we all depend on.

___________

Guest:
Andrew Carney, AI Cyber Challenge Program Manager, Defense Advanced Research Projects Agency (DARPA) | https://www.linkedin.com/in/andrew-carney-945458a6/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

The DARPA AIxCC Experience at RSAC 2025 Innovation Sandbox: https://www.rsaconference.com/usa/programs/sandbox/darpa

Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25

___________

KEYWORDS

andrew carney, kathleen fisher, marco ciappelli, sean martin, darpa, aixcc, cybersecurity, rsac 2025, defcon, ai cybersecurity, event coverage, on location, conference

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why CISOs Should Still Say Yes to the Role—Even Now | A RSAC Conference 2025 Conversation with Tim Brown | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Tim Brown) — Thu, 24 Apr 2025 05:03:11 +0000

In this Chats on the Road to RSAC 2025, , Sean Martin and Marco Ciappelli connect with Tim Brown, Chief Information Security Officer at SolarWinds, to unpack the critical issues facing CISOs today—and why the role remains worth pursuing.

Brown is participating in multiple sessions at RSAC Conference 2025, including the CISO Bootcamp and Cyber Leaders Forum. Both are closed-door conversations designed to surface real concerns in a confidential, supportive setting. These aren’t theoretical discussions—they’re rooted in hard-earned experience. Brown, who has faced high-profile scrutiny and legal fallout from a past incident at SolarWinds, brings a uniquely personal perspective to these sessions.

He points out that fear and hesitation are keeping many deputy CISOs from stepping up into the top role. His message to them: don’t be afraid of the position. Despite the weight of responsibility, the role offers real influence, the ability to shape enterprise architecture, and the opportunity to drive meaningful business decisions. Brown emphasizes the importance of community support and collective growth, noting that the cybersecurity industry—still relatively young—is maturing and finding its footing when it comes to accountability and resilience.

Beyond leadership development, mental health and stress management are key themes in the Cyber Leaders Forum. Brown acknowledges the toll the job can take, even sharing that his own health suffered despite thinking he was managing stress well. This honest reflection opens the door for deeper conversations about personal well-being in high-pressure roles.

He’s also appearing at the Cloud Security Alliance Summit with Chris Hoff, Chief Security Officer at LastPass, where they’ll discuss incident response and field questions from the audience. On Wednesday, Brown joins a breakfast session with Tactic and Hyperwise, guiding attendees through a crisis simulation based on lessons from the Sunburst attack. His focus? Helping others avoid being unprepared in a moment of chaos.

From insider threat modeling to supply chain transparency and the challenges of monitoring runtime behavior, Brown is clear-eyed about where CISOs need to focus next.

This episode isn’t just a preview of conference sessions—it’s a call to future security leaders to lean in, not back.

___________

Guest:
Tim Brown, CISO, Solarwinds | On LinkedIn: https://www.linkedin.com/in/tim-brown-ciso/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

BlackCloak: https://itspm.ag/itspbcweb

___________

Resources

RSAC Session: CLF Ask Me Anything Session with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739404173721001x1MH

RSAC Session: CISO Boot Camp Exclusive Fireside Chat with Tim Brown, CISO, SolarWinds: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739403254724001isXh

CSA Summit at RSAC 2025: Fireside Chat with Tim Brown and Chris Hoff: https://www.csasummitrsac.com/event/5b3547c2-c652-4f77-97de-5b094e746626/agenda?session=1452408b-c822-4664-87b8-38ce1276247b

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

tim brown, sean martin, marco ciappelli, solarwinds, rsac 2025, ciso, cybersecurity, leadership, liability, stress, mental health, insider, resilience, incident, response, supply, chain, simulation, cloud, security, event coverage, on location, conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Community, Certification, and the Questions That Matter Most in Quantum Readiness and AI Governance | A Brand Story with Mary Carmichael and Dooshima Dabo’Adzuana from ISACA | A RSAC Conference 2025 Brand Story Pre-Event Conversation

Wed, 23 Apr 2025 05:32:17 +0000

As anticipation builds for the RSAC Conference 2025, ISACA leaders Mary Carmichael and Dooshima Dabo’Adzuana join Sean Martin and Marco Ciappelli to preview what the global technology and cybersecurity association has in store for attendees this year. With a focus on expanding community, AI governance, and professional development, their conversation reveals how ISACA is showing up with both timely insights and tangible resources.

Mary Carmichael, President of ISACA’s Vancouver Chapter and a CPA focused on cybersecurity risk and governance, highlights the session she’s co-presenting with Dooshima Dabo’Adzuana: Third-Party AI: What Are You Really Buying? Their talk will explore the increasing complexity of evaluating AI solutions procured from vendors—especially those embedding large language models. Topics include due diligence during procurement, monitoring post-deployment, and assessing whether vendor practices align with internal risk and privacy requirements.

Dooshima Dabo’Adzuana, a researcher at Boise State University and leader from ISACA’s Abuja Chapter, shares how ISACA members across regions are grappling with similar questions: What does AI mean for my organization? What risks do third-party integrations introduce? She emphasizes the importance of frameworks and educational tools—resources that ISACA is making readily available at their booth (South Expo #2268) and through new certification tracks in AI audit and security.

Alongside the AI focus, visitors to the booth can explore results from ISACA’s Quantum Pulse Poll and access guidance on encryption readiness for a post-quantum future. The booth will also feature a selfie station and serve as a meeting point for the diverse ISACA community, with members from over 220 chapters worldwide.

The conversation rounds out with a critical discussion on cybersecurity career development. Both Mary and Dooshima share personal stories of transitioning into the field—Mary from accounting, Dooshima from insurance—and call for broader recognition of transferable skills. They point to global tools, such as career pathway frameworks supported by ISACA and the UK Cyber Security Council, as essential for addressing the persistent workforce gap.

This episode offers a preview of how ISACA is connecting global conversations on AI, quantum, and professional development—making RSAC Conference 2025 not just a tech showcase, but a community gathering rooted in learning and action.

Stop by booth 2268 in the South Expo to explore how ISACA are equipping professionals with practical tools for AI governance, quantum readiness, and cybersecurity career growth—and how your organization can benefit from a stronger, more connected community.

Learn more about ISACA: https://itspm.ag/isaca-96808

Guests:

Mary Carmichael, President of ISACA’s Vancouver Chapter | https://www.linkedin.com/in/carmichaelmary/

Dooshima Dabo’Adzuana, a researcher at Boise State University and leader from ISACA’s Abuja Chapter | https://www.linkedin.com/in/dooshima-dabo-adzuana/

Resources

Mary and Dooshima's session at RSA Conference: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737642290064001tqyq

Learn more about ISACA's AI resources: https://www.isaca.org/resources/artificial-intelligence

Learn more about ISACA's credentials: https://www.isaca.org/credentialing

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: ai, quantum, cybersecurity, risk, governance, audit, certification, encryption, rsa, rsac, third-party, compliance, career, skills, education, community, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What’s Driving the Next Generation of Risk Management? | A Brand Story with Steve Schlarman, Senior Director, Product Management at Archer Integrated Risk Management | A RSAC Conference 2025 Brand Story Pre-Event Conversation

Mon, 21 Apr 2025 23:55:40 +0000

Ahead of the RSAC Conference, Sean Martin and Marco Ciappelli sit down with Steve Schlarman, Director of Product Management at Archer, to talk risk, regulation, and where governance fits into the broader cybersecurity conversation.

Steve represents a company that’s been at the center of governance, risk, and compliance (GRC) for nearly 25 years. But don’t mistake tenure for inertia—Archer is actively reshaping how organizations think about integrated risk management, especially through its latest platform, Archer Evolv. Steve shares how his team is focused on rethinking compliance not as a checkbox, but as a foundation for smarter, more strategic business decisions.

What sets Archer Evolv apart? For one, the platform doesn’t just cater to full-time risk professionals. It’s built for anyone in the organization who touches compliance—even occasionally. Steve explains how the user experience has been redesigned to make it easier for non-experts to contribute, pulling in relevant data without bogging down daily operations.

AI also plays a major role. After acquiring Compliance.AI, Archer has embedded large language models and automation into its compliance workflows—cutting down the time it takes to process regulatory updates and map controls. This means compliance professionals can spend less time scanning documents and more time advising the business.

But this isn’t about technology for technology’s sake. Steve underscores the bigger question facing companies today: how much risk are they truly willing to accept? Regulation might kickstart the conversation, but it’s risk management that sustains it—and that requires clarity, context, and collaboration across the business.

Archer’s team will be on site at RSAC, ready to demo the platform and share stories from the field. With over 1,200 customers worldwide, the company has no shortage of real-world examples to pull from. From frontline vulnerability assessments to strategic compliance mapping, Archer’s approach is centered on enabling better decisions—not just better dashboards.

Stop by booth 3117 (https://itspm.ag/archervn5f) to see how they’re turning compliance into an engine for risk-aware growth—and how your team might benefit from a more purposeful approach to GRC.

Learn more about Archer: https://itspm.ag/rsaarchweb

Guest: Steve Schlarman, Senior Director, Product Management at Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: risk, compliance, governance, cybersecurity, ai, automation, regulation, grc, audit, resilience, controls, workflow, data, business continuity, product management, rsa, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why “Permit by Exception” Might Be the Key to Business Resilience | A Brand Story with Rob Allen, Chief Product Officer at ThreatLocker | A RSAC Conference 2025 Brand Story Pre-Event Conversation

Mon, 21 Apr 2025 20:48:44 +0000

At this year’s RSAC Conference, the team from ThreatLocker isn’t just bringing tech—they’re bringing a challenge. Rob Allen, Chief Product Officer at ThreatLocker, joins Sean Martin and Marco Ciappelli for a lively pre-conference episode that previews what attendees can expect at booth #854 in the South Expo Hall.

From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry’s typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker’s philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.

ThreatLocker’s presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn’t? They (temporarily) get your data. It’s a simple but powerful reminder that what you think is secure might not be.

The booth won’t just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that’s growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.

And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).

For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Quantum Security, Real Problems, and the Unifying Layer Behind It All | A Brand Story Conversation with Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ | A RSAC Conference 2025 Brand Story Pre-Event Conversation

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Mon, 21 Apr 2025 17:49:04 +0000

We’re on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who’s not just riding the future wave, but actually building it.

Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven’t heard of SandboxAQ yet, here’s a quick headline: they’re a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.

But let’s keep our feet on the ground for a second, because this story isn’t just about tech that sounds cool. It’s about solving the very real, very painful problems that security teams face every day.

Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.

And it’s not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.

And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.

Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.

We’ll be there too — recording a deeper Brand Story episode On Location during the event.

Until then, enjoy this preview — and get ready to meet the future of cybersecurity.

⸻

Keywords:

sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation

______________________

Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQ

Marc Manzano on LinkedIn

🌐 SandboxAQ Website

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

SandboxAQ:
https://itspm.ag/sandboxaq-j2en

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI, Security, and the Hybrid World: Akamai’s Vision for RSAC 2025 With Rupesh Chokshi, SVP & GM Application Security Akamai | A RSAC Conference 2025 Brand Story Pre-Event Conversation

Mon, 21 Apr 2025 16:51:22 +0000

The RSA Conference has long served as a meeting point for innovation and collaboration in cybersecurity—and in this pre-RSAC episode, ITSPmagazine co-founders Marco Ciappelli and Sean Martin welcome Akamai’s Rupesh Chokshi to the conversation. With RSAC 2025 on the horizon, they discuss Akamai’s presence at the event and dig into the challenges and opportunities surrounding AI, threat intelligence, and enterprise security.

Chokshi, who leads Akamai’s Application Security business, describes a landscape marked by explosive growth in web and API attacks—and a parallel shift as enterprises embrace generative AI. The double-edged nature of AI is central to the discussion: while it offers breakthrough productivity and automation, it also creates new vulnerabilities. Akamai’s dual focus, says Chokshi, is both using AI to strengthen defenses and securing AI-powered applications themselves.

The conversation touches on the scale and sophistication of modern threats, including an eye-opening stat: Akamai is now tracking over 500 million large language model (LLM)-driven scraping requests per day. As these threats extend from e-commerce to healthcare and beyond, Chokshi emphasizes the need for layered defense strategies and real-time adaptability.

Ciappelli brings a sociological lens to the AI discussion, noting the hype-to-reality shift the industry is experiencing. “We’re no longer asking if AI will change the game,” he suggests. “We’re asking how to implement it responsibly—and how to protect it.”

At RSAC 2025, Akamai will showcase a range of innovations, including updates to its Guardicore platform and new App & API Protection Hybrid solutions. Their booth (6245) will feature interactive demos, theater sessions, and one-on-one briefings. The Akamai team will also release a new edition of their State of the Internet report, packed with actionable threat data and insights.

The episode closes with a reminder: in a world that’s both accelerating and fragmenting, cybersecurity must serve not just as a barrier—but as a catalyst. “Security,” says Chokshi, “has to enable innovation, not hinder it.”

⸻

Keywords: RSAC 2025, Akamai, cybersecurity, generative AI, API protection, web attacks, application security, LLM scraping, Guardicore, State of the Internet report, Zero Trust, hybrid digital world, enterprise resilience, AI security, threat intelligence, prompt injection, data privacy, RSA Conference, Sean Martin, Marco Ciappelli

______________________

Guest: Rupesh Chokshi, SVP & GM, Akamai
https://www.linkedin.com/in/rupeshchokshi/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

AKAMAI: https://itspm.ag/akamailbwc

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Rupesh Chokshi Session at RSAC 2025
The New Attack Frontier: Research Shows Apps & APIs Are the Targets - [PART1-W09]

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

RSAC 2025 Preview: All Aboard the Innovation Express: RSAC Conference 2025 On Track for Cybersecurity’s Future with Cecilia Mariner | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 15 Apr 2025 16:55:54 +0000

All Aboard the Innovation Express: RSAC 2025 On Track for Cybersecurity’s Future

Let’s face it—RSAC isn’t just a conference anymore. It’s a movement. A ritual. A block party for cybersecurity. And this year, it’s pulling into the station with more tracks than ever before—figuratively and literally.

In this On Location episode, we reconnect with Cecilia Murtagh Marinier, Vice President of Innovation and Scholars at RSAC, to dive into what makes the 2025 edition a can’t-miss experience. And as always, Sean and Marco kick things off with a bit of improvisation, some travel jokes, and a whole lot of heart.

From the 20th Anniversary of the Innovation Sandbox (with a massive $50M investment boost from Crosspoint Capital) to the growing Early Stage Expo, LaunchPad’s Shark-Tank-style sessions, and the new Investor & Entrepreneur track, RSAC continues to set the stage for cybersecurity’s next big thing.

And this year, they’re going bigger—literally. The expansion into the Yerba Buena Center for the Arts brings with it a mind-blowing immersive experience: DARPA’s AI Cyber City, a physically interactive train ride through smart city scenarios, designed to show how cybersecurity touches everything—from water plants to hospitals, satellites to firmware.

Add in eight hands-on villages, security scholars programs, coffee-fueled networking zones, and a renewed focus on inclusion, mentorship, and accessibility, and you’ve got something that feels less like an event and more like a living, breathing community.

Cecilia also reminds us that RSAC is a place for everyone—from first-timers unsure where to begin to seasoned veterans ready to innovate and invest. It’s about showing up, making a plan (or not), and being open to the unexpected conversations that happen in hallways, lounges, or over espresso in the sandbox village.

And if you can’t make it in person? RSAC has made sure that everything is accessible online—600 speakers, 600 vendors, and endless ways to engage, reflect, and be part of the global cybersecurity story.

So whether you’re hopping in the car, boarding a flight, or—who knows—riding a miniature DARPA train through Northridge City, one thing’s for sure: RSAC 2025 is going full speed ahead—and we’re bringing you along for the ride.

⸻

📺 FULL VIDEO

👉 https://youtu.be/59mW2XNz0CE

🧭 EXPLORE RSAC COVERAGE

👉 https://www.itspmagazine.com/rsac

⸻

KEYWORDS

RSAC 2025, cybersecurity innovation, DARPA Cyber City, AI in security, startup funding, Innovation Sandbox, LaunchPad, Early Stage Expo, cybersecurity community, security scholars, investor track, immersive tech experiences, smart cities, cyber education, cyber startup pitch, interactive cybersecurity, RSAC sandbox, CTFs, AI-powered defense, infosec industry trends

__________________________________

Guest:
Cecilia Murtagh Marinier | Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference

Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

BlackCloak: https://itspm.ag/itspbcweb

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society & Technology stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-and-technology-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Protecting What Matters, With Chris Pierson of BlackCloak | A RSAC Conference 2025 Pre-Event Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 9 Apr 2025 06:33:14 +0000

As the cybersecurity world gears up for RSAC 2025 in San Francisco, we hit the road again—this time with Chris Pierson, Founder and CEO of BlackCloak, for a pre-event chat packed with insight, community spirit, and some big news.

Chris is no stranger to the RSA stage—this year marks his 21st year presenting—and he’s bringing his energy to two powerful sessions. The first, titled “Protecting What Matters: Your Family and Home,” kicks off bright and early on Monday, April 28. It’s not about blinky lights or enterprise networks—it’s about us. The cybersecurity community often talks about protecting organizations, but what about protecting ourselves and our families? Chris will explore how security pros can apply their skills at home, covering identity theft, scams, and home network safety. It’s a refreshing and much-needed call to action that connects the personal and professional.

On Wednesday, Chris returns with co-presenter James Shreve for a two-hour Learning Lab, “When Things Go Boom: Supply Chain Risk.” This Chatham House Rule session dives deep into one of today’s most complex challenges: managing third-party risk without stopping the business in its tracks. Participants will step into different roles—board members, CISOs, legal, finance—to engage in a live, collaborative scenario that pushes them to think beyond checklists. Real talk. Real collaboration. And practical takeaways.

But that’s not all. BlackCloak is also unveiling its new Digital Executive Protection Framework, designed to help organizations assess and strengthen protections for executives and their families. Chris teases that this framework includes 14 essential tenets that blend physical, digital, and organizational awareness—and he’ll be sitting down with us again at the event to go deeper.

With 15–20 BlackCloak team members on site, a full schedule of meetings, events, and community conversations, this year is shaping up to be a milestone for BlackCloak at RSAC. If you’re attending, keep an eye on their LinkedIn page for updates, booking links, and suite details.

As Chris says, it’s about lifting our heads, scanning the horizon, and showing up for our community—and our families.

Keywords: RSAC2025, Chris Pierson, BlackCloak, cybersecurity, RSA Conference, digital protection, executive protection, supply chain risk, identity theft, privacy, home network security, third-party risk, CISOs, cybersecurity community, digital executive protection framework, GRC, threat intelligence, infosec, personal security, cybersecurity awareness

______________________

Guest: Chris Pierson, Founder & CEO of BLACKCLOAK | Digital Executive Protection | Concierge Cybersecurity & Privacy Protection . . . in their Personal Lives | On LinkedIn: https://www.linkedin.com/in/drchristopherpierson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

BLACKCLOAK:
https://itspm.ag/itspbcweb

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Chris Sessions
Protecting What Matters—Your Family & Home https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739369849404001eWtU

When Things Go Boom! Your Supply Chain Risk
https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727434586212001yGwM

BLACKCLOAK WEBSITE:
https://itspm.ag/itspbcweb

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

RSAC 2025 Preview: Unite. Innovate. Shine. Join the RSAC 2025 Community. – Our Traditional Pre-Event Kick Off Conversation with Linda Gray Martin & Britta Glade | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 7 Apr 2025 04:48:35 +0000

Join Marco and Sean in their annual pre-RSAC conversation with Linda Gray Martin and Britta Glade. Discover what's new and exciting at RSAC 2025—expanded campuses, innovative programming, and compelling guest speakers like Magic Johnson and Ron Howard. Dive into special events, immersive experiences, and the launch of a vibrant community platform aimed at fostering continuous learning and connection among cybersecurity professionals. Get ready for another unforgettable year celebrating many voices within one united community.

Full Intro/Blog:
RSA Conference 2025 is here, and Marco and Sean continue their beloved tradition with a vibrant preview conversation featuring Linda Gray Martin, Chief of Staff and Senior Vice President at RSAC, and Britta Glade, Senior Vice President, Content & Communities. This year's conference theme, "Many Voices, One Community," highlights the collaborative and inclusive spirit driving the cybersecurity world forward.

In this engaging discussion, Marco and Sean explore the exciting expansions and innovations attendees can anticipate. RSAC is expanding its campus, taking over San Francisco's stunning Yerba Buena Center for the Arts, enhancing the attendee experience with a new keynote auditorium and the DARPA AI Cyber Challenge. The Sandbox area promises captivating interactive experiences, including a fictional town simulation designed to showcase AI's role in safeguarding critical infrastructure.

Keynotes remain a conference highlight, with influential voices like NBA legend Magic Johnson sharing insights on teamwork, and filmmaker Ron Howard discussing storytelling and human connections in a unique father-daughter interview format. Closing celebrations feature an exciting conversation with Jamie Foxx, alongside vibrant performances from DJ Irie and local sensation Jazz Mafia.

New educational tracks addressing essential topics such as Protecting Home and Family and Security Foundations ensure that content remains both relevant and accessible. The introduction of a new community membership platform is set to revolutionize ongoing engagement, offering secure messaging, tailored cybersecurity content, and collaborative opportunities long after the conference ends.

Embrace the spirit of innovation, unity, and continuous growth at RSAC 2025, where the cybersecurity community comes together to drive meaningful change.

Keywords:
RSAC 2025, RSA Conference, cybersecurity, community, innovation, Magic Johnson, Ron Howard, Jamie Foxx, DARPA AI Cyber Challenge, Sandbox, Yerba Buena Center for the Arts, keynote speakers, networking, continuous learning, community membership platform, protecting home and family, security foundations, technology, inclusive community, immersive experience.

__________________________________

Guest:
Linda Gray Martin | Chief of Staff, RSAC and Senior Vice President, RSA Conference
https://www.linkedin.com/in/linda-gray-martin-223708/

Britta Glade | Senior Vice President, Content & Communities, RSA Conference
https://www.linkedin.com/in/britta-glade-5251003/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

BlackCloak: https://itspm.ag/itspbcweb

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society & Technology stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-and-technology-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Overload to Insight: Are We Getting Smarter, or Just Letting AI Think for Us? | A RSA Conference 2025 Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 4 Apr 2025 17:27:34 +0000

In a conversation that sets the tone for this year’s RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O’Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.

Wilson’s session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just as seeing, but understanding and acting on what you see—confidence in defense capabilities may be misplaced. Wilson references a study conducted with IDC that highlights this very disconnect: organizations feel secure, yet admit they can’t see enough of their environment to justify that confidence.

This episode tackles one of the core paradoxes of AI in cybersecurity: it offers the promise of enhanced detection, speed, and insight, but only if applied thoughtfully. Generative AI and large language models (LLMs) aren’t magical fixes, and they struggle with large datasets. But when layered atop refined systems like user and entity behavior analytics (UEBA), they can help junior analysts punch above their weight—or even automate early-stage investigations.

Wilson doesn’t stop at the tools. He zooms out to the business implications, where visibility, talent shortages, and tech complexity converge. He challenges security leaders to rethink what visibility truly means and to recognize the mounting noise problem. The industry is chasing 40% more CVEs year over year—an unsustainable growth curve that demands better signal-to-noise filtering.

At its heart, the episode raises important strategic questions: Are businesses merely offloading thinking to machines? Or are they learning how to apply these technologies to think more clearly, act more decisively, and structure teams differently?

Whether you’re building a SOC strategy, rethinking tooling, or just navigating the AI hype cycle, this conversation with Steve Wilson offers grounded insights with real implications for today—and tomorrow.

🎧 Tune in to hear how organizations can strike the balance between smart machines and smarter humans.

Guest: Steve Wilson, Founder and Co-Chair at OWASP GenAI Security Project | On LinkedIn: https://www.linkedin.com/in/wilsonsd/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

BlackCloak: https://itspm.ag/itspbcweb

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Steve's Session — The Machines Are Learning, But Are We?: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727385607626001Dg4P

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Vinyl Is Not Just Back—It Never Really Left | Making Vinyl Conference | Guest: Larry Jaffee & Kevin Da Costa | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 28 Mar 2025 20:50:11 +0000

🎙️ On Location with Sean Martin & Marco Ciappelli

Event: Making Vinyl | Guest: Larry Jaffee & Kevin Da Costa

🎶✨ Vinyl Is Not Just Back—It Never Really Left

In this On Location pre-event conversation, Sean Martin and Marco Ciappelli sit down with Larry Jaffee—co-founder and conference director of Making Vinyl—and engineer and vinyl advocate Kevin Da Costa to talk about the past, present, and future of record pressing.

From Larry’s moment of “vinyl madness” (yes, he sold his entire collection—and spent 12 years rebuilding it), to Kevin’s journey from Tesla engineer to global vinyl plant consultant, this episode captures the spirit behind the event: passion, craftsmanship, and a deep respect for the analog experience.

Now in its eighth year, Making Vinyl isn’t just an event—it’s a global meeting point for everyone in the record production ecosystem: pressing plants, designers, engineers, record labels, and artists. It’s B2B, it’s hands-on, and it’s growing fast—just like the industry itself, which has gone from around 35 pressing plants in 2017 to nearly 200 today.

We also touch on something exciting: the emergence of new factories in regions that haven’t pressed records in decades—from India to Africa to the Balkans. As Kevin notes, this isn’t just about nostalgia. It’s about expanding music culture, supporting local creativity, and creating space for new voices.

This year’s event also dives into innovation—from sustainable materials to smart vinyl—and yes, even a brand-new session on cybersecurity for pressing plants (because even physical formats have digital vulnerabilities now).

Whether you’re a vinyl lover, a producer, or part of the production chain, this episode sets the tone for what promises to be another unforgettable Making Vinyl experience.

🗓️ Event Dates: June 2–4, 2025

📍 Location: Renasant Convention Center, Memphis, TN

🌐 More info: https://www.makingvinyl.com

🎙️ Stay connected with us—subscribe to On Location with Sean Martin and Marco Ciappelli for more in-depth conversations from the world of cybersecurity, technology, and beyond!

Guest:s
Larry Jaffee: co-founder and conference director of Making Vinyl
On LinkedIn: https://www.linkedin.com/in/larry-jaffee-1379bb2/

Kevin Da Costa: Vinyl Record Manufacturing Consultant & Technical Director @ evolution-music.co.uk

On LinkedIn: https://www.linkedin.com/in/kevin-da-costa-349a5046/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
______________________________________________
Keywords: vinyl manufacturing, record pressing, music industry, analog revival, pressing plants, vinyl records, sustainability in music, record production, vinyl culture, Making Vinyl conference

____________________________

This Episode’s Sponsors

____________________________

Resources

Website: https://makingvinyl.com

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Discovering The Key to Secure and Seamless Healthcare Data Sharing | A Brand Story Conversation From HIMSS 2025 | A HITRUST Brand Story with Ryan Patrick

Thu, 20 Mar 2025 10:53:01 +0000

The HIMSS Global Conference brings together healthcare professionals, technology providers, and industry leaders to discuss the most pressing challenges in healthcare. One of the key conversations this year focused on security, risk management, and the role of HITRUST in ensuring trust across the healthcare ecosystem.

HITRUST’s Expanding Role in Healthcare Security

Ryan Patrick, VP of Adoption at HITRUST, joined the discussion to share insights from the conference floor. One of the most striking takeaways was the sheer scale of engagement—attendance at HIMSS was at an all-time high, reflecting a growing focus on healthcare security and compliance. Organizations across the industry are looking for solutions that support innovation while maintaining security, and HITRUST is at the center of those conversations.

A common misconception about HITRUST is that it only provides a single, rigorous cybersecurity assessment. Patrick clarified that HITRUST now offers a tiered approach, including the E1 (entry-level), I1 (intermediate), and R2 (comprehensive) assessments, allowing organizations to align their security and compliance efforts with their level of maturity. The E1 assessment, in particular, has gained rapid adoption as organizations look for a scalable way to demonstrate security and compliance without the complexity of a full certification process.

The Role of HITRUST in Third-Party Risk Management

With interoperability becoming a priority in healthcare, third-party risk management is a growing concern. Many healthcare organizations work with hundreds—if not thousands—of vendors, and ensuring security across this extended network is critical. Patrick emphasized that HITRUST is not just a cybersecurity framework but a tool for managing third-party risk at scale. HITRUST assessments provide structured, standardized data that can be integrated into risk management platforms, allowing organizations to evaluate their vendors with greater efficiency and confidence.

As discussions around security and compliance continue, Patrick encourages healthcare organizations to educate themselves on the full range of HITRUST offerings. Whether an organization is starting its security journey or looking to optimize third-party risk management, HITRUST provides a structured path to achieving trust and resilience.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guest: Ryan Patrick, Vice President of Adoption at HITRUST | On LinkedIn: https://www.linkedin.com/in/ryan-patrick-3699117a/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

Learn more and catch more stories from HITRUST: https://itspm.ag/itsphitweb

____________________________

Resources

Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas

HITRUST 2025 Trust Report: https://itspm.ag/hitrusz49c

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/on-location

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro Armando | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 18 Mar 2025 05:33:59 +0000

Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro Armando

Cybersecurity is no longer a niche topic—it’s a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.

Although we weren’t there in person this year, we’re diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.

This year’s event, held in Bologna, showcased the growing maturity of Italy’s cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.

One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.

We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.

And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.

Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it’s headed, and why events like ITASEC matter now more than ever.

🎙️ Stay connected with us—subscribe to On Location with Sean Martin and Marco Ciappelli for more in-depth conversations from the world of cybersecurity, technology, and beyond!

Guest: Professor Alessandro Armando. University of Genoa | Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation | On LinkedIn: https://www.linkedin.com/in/alessandro-armando-67505913/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Website: https://itasec.it

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Interoperability, AI, and the Future of Trust in Healthcare | A HIMSS 2025 Conversation with Robert Havasy | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 12 Mar 2025 04:31:15 +0000

Artificial intelligence continues to shape the future of healthcare, and this year’s HIMSS Global Conference 2025 reflected both the momentum and the uncertainties surrounding its adoption. In a conversation with Robert Havasy, Senior Director, Connected Health at HIMSS, the discussion focused on how AI, interoperability, and regulatory policy are influencing healthcare delivery, patient engagement, and the broader industry landscape.

AI in Healthcare: From Concept to Implementation

Generative AI has moved beyond the hype stage, embedding itself into real-world applications. Oracle’s announcement of an AI-driven electronic health record (EHR) platform signals a shift in how hospitals and healthcare systems are rethinking data management. However, the conversation is no longer just about the technology itself—it’s about how governments, regulatory bodies, and healthcare institutions will set guardrails to ensure AI’s responsible and effective use.

The Role of Policy in Shaping AI’s Future

While AI adoption surges, regulatory uncertainty remains a key challenge. The Biden administration had proposed executive orders and regulations to guide AI’s role in healthcare, but with political shifts and differing global regulatory approaches, the direction remains unclear. HIMSS has observed that different regions—the U.S., Europe, and Asia—may take separate paths in AI governance, raising questions about whether a unified best-practice framework will emerge or if multiple regulatory approaches will lead to diverging standards.

Interoperability and the Shift Back to Customization

For years, healthcare institutions moved away from building their own systems in favor of purchasing standardized EHR solutions from dominant industry players. Now, there’s a return to in-house development, driven by the need for flexibility, adaptability, and deeper AI integration. At the same time, interoperability remains a hurdle, as institutions seek to make AI work across disparate systems while maintaining security and compliance.

The Patient’s Role in AI-Driven Healthcare

AI’s potential to close the information gap between patients and providers is one of the most promising developments. From personal health monitoring through wearables to AI-powered tools that help individuals interpret medical research and their own health data, the patient’s role in healthcare decision-making is evolving. The ability for AI to synthesize complex medical data and provide insights in real-time is reshaping how people engage with their health, making them more active participants in their care.

What’s Next?

As HIMSS 2025 highlighted, AI in healthcare is not a distant vision—it’s happening now. The question is no longer whether AI will be a part of healthcare, but rather how it will be implemented, regulated, and integrated into existing frameworks to maximize its benefits while mitigating risks. The conversation with Robert Havasy underscores the critical need for collaboration between healthcare providers, policymakers, and technologists to ensure AI delivers on its promise while keeping patients at the center of the equation.

Listen to the full episode for deeper insights into how AI, interoperability, and patient-centered care are shaping the future of healthcare.

Guest: Robert Havasy, Senior Director, Connected Health at HIMSS | On LinkedIn: https://www.linkedin.com/in/rhavasy/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas

HIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI, Cybersecurity, and the High-Stakes Risks in Healthcare | A HIMSS 2025 Conversation with Lee Kim | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Lee Kim) — Mon, 3 Mar 2025 14:56:39 +0000

The intersection of cybersecurity and healthcare is more critical than ever, as technology continues to shape the way patient care is delivered. At HIMSS 2025 in Las Vegas, we sat down with Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS, to discuss the pressing security challenges facing healthcare organizations, the role of artificial intelligence, and the balance between innovation and risk.

AI in Healthcare: Promise and Peril

Artificial intelligence is rapidly being adopted across the healthcare sector, yet many organizations still lack structured governance around its use. Kim highlights the “wild west” nature of AI adoption, where policies are either non-existent or underdeveloped, creating risks related to privacy, data security, and patient outcomes. While AI-powered diagnostic tools, like those used in radiology, have the potential to improve patient care by identifying critical conditions early, blind trust in AI-generated results presents serious risks. Without proper oversight, reliance on AI could lead to incorrect medical decisions, putting patient safety in jeopardy.

Cybersecurity Gaps in Healthcare Organizations

One of the biggest concerns in healthcare cybersecurity is the over-reliance on security tools without a clear strategy. Many organizations invest in the latest technology but neglect foundational security practices, such as governance, policy development, and staff training. Kim points out that less than half of cybersecurity budgets are allocated to governance, leading to disorganized security programs.

Another persistent challenge is the human factor. Social engineering and phishing attacks remain the top attack vectors, exploiting the inherent culture of healthcare professionals who are trained to help and trust others. Organizations must focus on proactive security measures, such as regular training and simulated attacks, to reduce human error and strengthen defenses.

The Financial and Operational Reality

Budget constraints continue to be a challenge, particularly for smaller hospitals and community healthcare providers. While larger organizations may have more resources, cybersecurity spending often focuses on acquiring new tools rather than optimizing existing defenses. Kim stresses the importance of a balanced approach—investing in both technology and governance to ensure long-term resilience.

Another concern is the increasing dependence on third-party services and cloud-based AI tools. If these services become too expensive or go offline, healthcare organizations may face operational disruptions. The lack of contingency planning, such as backup vendors or alternative systems, leaves many institutions vulnerable to supply chain risks.

Building a More Resilient Healthcare Security Model

As technology continues to drive innovation in healthcare, organizations must adopt a proactive cybersecurity stance. Business impact analyses, vendor risk assessments, and tabletop exercises should be standard practice to prepare for disruptions. Kim also raises the idea of cyber mutual aid—a model similar to emergency medical mutual aid, where healthcare organizations collaborate to support each other in times of crisis.

HIMSS 2025 provides a forum for these critical conversations, bringing together global healthcare leaders to share insights, challenges, and solutions. For those interested in diving deeper, the HIMSS Cybersecurity Survey is available online, offering a comprehensive look at the current state of healthcare security.

To hear the full discussion on these topics and more, listen to the episode featuring Lee Kim, Sean Martin, and Marco Ciappelli from HIMSS 2025 On Location.

Guest: Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS | On LinkedIn: https://www.linkedin.com/in/leekim/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas

HIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Reimagining Nostalgia: Music’s Creative and Technological Evolution | A The NAMM Show 2025 Conversation with John Mlynczak | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 1 Mar 2025 14:00:23 +0000

The latest On Location with Sean Martin and Marco Ciappelli episode takes listeners behind the scenes of the NAMM 2025 show, featuring a vibrant discussion with John Mlynczak, NAMM President and CEO. The conversation is not just a recap of an incredible event but a celebration of music’s enduring power and the evolving role of technology in the music industry.

A Legacy of Music and Community

Founded in 1901, NAMM (National Association of Music Merchants) has become the world’s largest trade association representing the musical products industry. John Mlynczak shares how NAMM operates year-round to support manufacturers, retailers, and music educators through research, advocacy, and events. The annual NAMM show is the pinnacle of this work, gathering thousands of music makers, industry professionals, and artists to spark creativity and innovation.

Technology Meets Tradition

One of the episode’s key themes is the blend of modern technology with nostalgic sounds. The 2025 NAMM show showcased groundbreaking technologies, from AI-driven music tools to hardware-software collaborations. Mlynczak discusses how companies are innovating to create real-time processing tools, allowing musicians to produce music faster and more intuitively than ever before. He emphasizes that the goal is not to replace traditional methods but to enhance creativity and make music more accessible to all.

The Power of Inspiration

NAMM’s mission to create more music makers worldwide is a central focus. Mlynczak explains how the NAMM Foundation supports educational programs across all ages, from K-12 schools to community groups and adult learners. The foundation’s work aims to ensure everyone has the opportunity to explore music, whether through formal education or new digital tools that lower the barrier to entry.

A Moment to Remember: Jon Batiste at NAMM

A standout moment from the show was Mlynczak’s interview with Grammy-winning artist Jon Batiste [https://youtu.be/Lfq35enGq58]. Initially uncertain, the conversation transformed into a genuine exchange about music’s influence and the industry’s impact on artists. This interaction highlighted NAMM’s broader vision of not just serving as a trade show but as a cultural hub that fosters creativity and community.

Looking Ahead to NAMM 2026

The episode concludes with anticipation for NAMM 2026, scheduled for January 20-24 in Anaheim, California. As Sean, Marco, and John reflect on this year’s successes, they invite listeners to join them next year to explore the intersection of music, technology, and inspiration.

Tune in to The Music Evolves Podcast to dive deeper into these insights and discover how NAMM continues to shape the future of music. Be sure to stay tuned for more On Location with Sean Martin and Marco Ciappelli as they cover more technology and society events around the world.

Guest: John Mlynczak, President and CEO of NAMM | View Website | Visit NAMM

Host: Sean Martin, Co-Founder at ITSPmagazine Podcasts and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Host: Marco Ciappelli, Co-Founder at ITSPmagazine Podcasts and Host of Redefining Society and Technology Podcast | On ITSPmagazine: https://www.itspmagazine.com/marco-ciappelli

____________________________

This Episode’s Sponsors

To learn about event coverage sponsorship options, please visit https://itspm.ag/event-coverage-package

____________________________

Resources

NAMM Organization: https://www.namm.org/

The NAMM Show 2025: https://www.namm.org/thenammshow/attend

Music Evolves: Sonic Frontiers Newsletter | The 2025 NAMM Show: Honoring Tradition, Pioneering the Future: https://www.linkedin.com/pulse/2025-namm-show-honoring-tradition-pioneering-future-sean-martin-6jcge/

Music Evolves Episode | The debut episode of Music Evolves explores how technology is transforming music creation, performance, and production, with insights from the NAMM Show 2025

____________________________

Catch all of our event coverage:
https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Music Evolves stories on ITSPmagazine, visit:
https://www.itspmagazine.com/music-evolves-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How Healthcare Organizations Can Achieve a Near-Zero Breach Rate | A Brand Story Conversation From HIMSS 2025 | A HITRUST Brand Story with Ryan Patrick

Thu, 27 Feb 2025 20:32:50 +0000

During the HIMSS Global Conference 2025 in Las Vegas, Sean Martin and Marco Ciappelli sat down with Ryan Patrick, Vice President of Adoption at HITRUST, for an insightful conversation about cybersecurity and risk management in healthcare. Rather than a traditional recap of the conference session, this discussion explores the critical role HITRUST plays in helping healthcare organizations navigate regulatory requirements, manage risk, and ensure patient safety through robust cybersecurity practices.

Bridging Regulation and Real-World Application

Ryan Patrick shared that HITRUST has spent over 17 years translating federal healthcare regulations into actionable frameworks for organizations. His role involves educating the market about HITRUST’s initiatives while continuously learning from industry feedback. This bi-directional exchange ensures that HITRUST’s frameworks and controls remain relevant and effective. Patrick emphasized the importance of HITRUST’s dynamic approach, highlighting that their framework is updated quarterly to address the latest cybersecurity threats. This frequency sets HITRUST apart from other frameworks like HIPAA, which, despite being nearly 30 years old, struggles to keep pace with modern challenges.

Real Results: 2025 Trust Report Highlights

One of the standout points of the conversation was the 2025 HITRUST Trust Report. The data is compelling—while roughly 45% of organizations reported breaches last year, less than 1% of HITRUST-certified environments experienced incidents. The 2025 report shows this number decreasing even further to 0.59%. According to Patrick, this success is driven by HITRUST’s focus on threat intelligence and its rigorous assurance mechanism, which goes beyond checkbox compliance to ensure controls are effective and actively reducing risk.

Addressing AI and Emerging Technologies

With AI being a hot topic at HIMSS, Patrick discussed HITRUST’s proactive approach to managing AI risks. In December 2024, HITRUST introduced an AI security certification designed to help organizations securely integrate AI technologies. This certification follows HITRUST’s established quality assurance model, offering the same level of scrutiny and validation as its other programs. Patrick likened the current AI landscape to the early days of cloud computing—initial uncertainty followed by widespread adoption, underscoring the need for secure practices as the technology matures.

Listen to the Full Conversation

This episode offers more than just surface-level insights. Ryan Patrick’s perspectives on risk management, the measurable success of HITRUST frameworks, and the thoughtful approach to AI in healthcare cybersecurity provide valuable takeaways for professionals looking to enhance their security posture. Tune in to the full episode for an in-depth look at how HITRUST is setting new standards in healthcare cybersecurity and what organizations can do to stay ahead of the curve.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guest: Ryan Patrick, Vice President of Adoption at HITRUST | On LinkedIn: https://www.linkedin.com/in/ryan-patrick-3699117a/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

Learn more and catch more stories from HITRUST: https://itspm.ag/itsphitweb

____________________________

Resources

Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas

HITRUST 2025 Trust Report: https://itspm.ag/hitrusz49c

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/on-location

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Redefining Zero Trust: “Near Zero Trust” | A Real-World Success Story Through Proactive Security | A Zero Trust World Conversation with Avi Solomon | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 26 Feb 2025 16:55:37 +0000

The latest episode of the On Location series, recorded at ThreatLocker's Zero Trust World 2025 in Orlando, brings forward a deep and practical conversation about implementing Zero Trust principles in real-world environments. Hosted by Marco Ciappelli and Sean Martin, this episode features Avi Solomon, CIO of a law firm with nearly 30 years in IT and a strong focus on cybersecurity.

The Journey to Proactive Security

Avi Solomon shares his experience transitioning from traditional security models to a proactive, preventive approach with ThreatLocker. With a background in engineering, consulting, and security (CISSP certified), Solomon outlines his initial concerns with reactive endpoint detection and response (EDR) solutions. While EDR tools act as a secondary insurance policy, he emphasizes the need for a preventive layer to block threats before they manifest.

Solomon’s firm adopted ThreatLocker a year ago, replacing a legacy product to integrate its proactive security measures. He highlights the platform’s maturation, including network control, storage control, application whitelisting, and cloud integration. The shift was not only a technological change but also a cultural one, aligning with the broader philosophy of Zero Trust—approaching security with a mindset that nothing within or outside the network should be trusted by default.

Implementing Zero Trust with Ease

A standout moment in the episode is Solomon’s recount of his implementation process. His conservative approach included running ThreatLocker in observation mode for two months before transitioning fully to a secure mode. When the switch was finally flipped, the result was remarkable—zero disruptions, no pushback from users, and a smooth transition to a less risky security posture. Solomon attributes this success to ThreatLocker’s intuitive deployment and adaptive learning capabilities, which allowed the system to understand normal processes and minimize false positives.

Redefining Zero Trust: “Near Zero Trust”

Solomon introduces a pragmatic take on Zero Trust, coining the term “Near Zero Trust” (NZT). While achieving absolute Zero Trust is an ideal, Solomon argues that organizations should strive to get as close as possible by layering strategic solutions. He draws a clever analogy comparing Zero Trust to driving safely before relying on a seatbelt—proactive behavior backed by reactive safeguards.

Tune in to the full episode to explore more of Avi Solomon’s insights, hear stories from the conference floor, and learn practical approaches to embedding Zero Trust principles in your organization’s security strategy.

Guest: Avi Solomon, Chief Information Officer at Rumberger | Kirk | On LinkedIn: https://www.linkedin.com/in/aviesolomon/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hands-On Hacking: Lessons Learned from a Rubbery Ducky USB Attack Simulation | A Zero Trust World Conversation with Kieran Human | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 26 Feb 2025 16:05:40 +0000

At ThreatLocker's Zero Trust World 2025 in Orlando, Kieran Human, Special Projects Engineer at ThreatLocker, showcased the practical dangers of everyday cybersecurity threats through engaging, hands-on labs. Attendees, ranging from CISOs to IT technicians, were offered the chance to experience real-world hacking scenarios using devices like the infamous “rubber ducky.”

The Rubber Ducky Experience

The rubber ducky, which resembles a standard USB drive, acts as a keyboard when plugged into a computer, executing automated scripts. Human demonstrated how this device could disable Windows Defender, exfiltrate data, and execute scripts—highlighting how accessible hacking tools have become. Attendees left with both new knowledge and their own rubber ducky, reinforcing the event’s educational impact.

From Learning to Defense

The lab sessions underscored the importance of understanding threats to effectively defend against them. Human emphasized that cybersecurity isn’t just for seasoned professionals; even attendees with minimal experience learned how to execute data exfiltration and bypass security protocols within an hour. This revelation stressed the necessity of robust security measures, even for general IT professionals who may not specialize in cybersecurity.

Mitigating Threats with ThreatLocker

ThreatLocker’s solutions, including features like ring-fencing PowerShell and applying layered protections, were showcased as effective countermeasures. Human explained how ThreatLocker’s tools could prevent malicious scripts from accessing the internet or sensitive folders, offering a tangible defense against the types of attacks demonstrated in the labs.

Looking Ahead

Looking toward next year, Human hinted at more advanced demonstrations, potentially including ransomware scenarios. This forward-thinking approach aligns with ThreatLocker’s commitment to preparing IT and security professionals for the evolving challenges they face.

Why This Matters

The episode captures how ThreatLocker is not just educating but empowering IT and security professionals. By providing a controlled environment to experience cyberattacks firsthand, the event bridged the gap between theory and practice. Listen to the full episode for insights into how these experiences translate into actionable strategies for building stronger, more resilient cybersecurity defenses.

Guest: Kieran Human, Special Projects Engineer at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Tools Hackers Use: From Manual Hacks to Automated Exploits | A Zero Trust World Conversation with Alex Benton | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 26 Feb 2025 01:48:24 +0000

Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab’s objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.

Understanding the Metasploit Lab

Benton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit’s streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool’s efficiency.

A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.

The Real-World Implications of Unpatched Systems

The discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web’s role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.

Lessons from WannaCry

The episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus’s impact by identifying and activating its kill switch.

Tune in to Learn More

This episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.

Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Transforming Healthcare: How Innovation is Driving Better Patient Outcomes | A HIMSS 2025 Conversation with Albe Zakes | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 26 Feb 2025 01:14:58 +0000

In this episode of the On Location series recorded for HIMSS 2025 in Las Vegas, hosts Marco Ciappelli and Sean Martin sit down with Albe Zakes, Director of Strategic Communications at HIMSS, to discuss the transformative impact of technology on healthcare and the upcoming conference’s role in driving innovation. HIMSS, a global society of health and technology professionals, brings together leaders, clinicians, practitioners, and innovators to harness the power of information and technology for improved patient outcomes and expanded access to healthcare.

A Focus on Collaboration Over Expertise

Zakes emphasizes a significant shift in how the HIMSS conference operates. While traditional conferences often rely on a top-down approach with speakers sharing insights, HIMSS is increasingly prioritizing collaboration. The 2025 event will feature expanded networking opportunities and dedicated breaks to foster real-time partnerships and relationships that can extend beyond the conference. The approach underscores the organization’s belief in the “symbiotic triangle” of people, technology, and process—highlighting that technology alone is not enough without empowering the people who use it.

Exploring Key Topics: AI, Cybersecurity, and Health Equity

Artificial intelligence (AI) is set to take center stage at HIMSS 2025, reflecting its transition from a speculative technology to a practical tool reshaping healthcare. With dozens of educational sessions dedicated to AI, the conference will explore how clean data and strong governance are critical to unlocking AI’s potential in improving healthcare delivery.

Cybersecurity is another major focus, with a dedicated Healthcare Cybersecurity Forum and a Cybersecurity Command Center on the exhibit floor. Notably, former U.S. Cyber Command and NSA Director General Paul Nakasone will deliver a keynote on maintaining security in an AI-driven world. The emphasis on cybersecurity aligns with the critical need to protect patient data and maintain trust within the healthcare ecosystem.

Zakes also highlights the Health Equity Forum, which aligns with HIMSS’s mission to ensure that technology advancements translate into equitable healthcare access. The forum will gather leaders from governments and nonprofits worldwide to discuss strategies to improve health equity globally.

Innovation and Emerging Technologies

The conference aims to showcase not only established tech giants like Oracle and AWS but also emerging companies and startups. The “First-Time Exhibitors Pavilion” and the “Emerge Innovation Experience” will offer opportunities for attendees to engage with new technologies and ideas. The Emerge Innovation Experience will feature a pitch contest and networking events for entrepreneurs and investors, driving forward-thinking solutions in healthcare technology.

The Power of People, Technology, and Process

This episode offers a glimpse into the critical themes that will dominate HIMSS 2025, providing valuable insights into how technology, collaboration, and innovation are reshaping healthcare. With thought-provoking discussions on AI, cybersecurity, and health equity, listeners are invited to explore how these advancements impact not only healthcare systems but also society at large. Tune in to hear more about the initiatives and opportunities at HIMSS 2025, and how you can be part of the conversation shaping the future of healthcare.

Guest: Albe Zakes, Director of Strategic Communications at HIMSS | On LinkedIn: https://www.linkedin.com/in/albezakes/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegas

HIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Zero Trust in Action: Revolutionizing Incident Response | A Zero Trust World Conversation with Art Ocain | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Art Ocain) — Tue, 25 Feb 2025 18:50:35 +0000

At ThreatLocker Zero Trust World 2025 in Orlando, Art Ocain, VP of Cybersecurity & Incident Response at Airiam, shared valuable insights into applying zero trust principles to incident response. The conversation, hosted by Marco Ciappelli and Sean Martin, highlighted the critical role of zero trust in preparing for and managing security incidents.

The Zero Trust Mindset in Incident Response Ocain discussed how zero trust methodology—embracing the principles of "assume breach" and "always verify, never trust"—can significantly enhance incident response strategies. Instead of merely securing the perimeter or endpoints, his approach involves identifying and protecting core systems through micro-segmentation and robust identity management. By securing each component individually, organizations can minimize the impact of potential breaches.

For example, Ocain described a scenario where segmenting a SQL server from an application server could prevent data loss during an attack. Even if an application server is compromised, critical data remains secure, allowing quicker recovery and continuity of operations.

Dynamic Containment Strategies Ocain emphasized the importance of dynamic containment when responding to incidents. Traditional methods, such as using Endpoint Detection and Response (EDR) tools, are effective for forensic analysis but may not stop active threats quickly. Instead, he advocated for an "allow list only" approach that restricts access to systems and data, effectively containing threats while maintaining critical business functions.

In practice, when Ocain is called into a crisis, he often implements a deny-by-default solution to isolate compromised systems. This strategy allows him to perform forensics and bring systems back online selectively, ensuring threat actors cannot access recovered systems.

Balancing Security with Business Needs A significant challenge in adopting zero trust is gaining executive buy-in. Ocain noted that executive teams often push back against zero trust measures, either out of a desire for convenience or because of misconceptions about its impact on business culture. His approach involves demonstrating real-world scenarios where zero trust could mitigate damage during breaches. By focusing on critical systems and showing the potential consequences of compromised identities or systems, Ocain effectively bridges the gap between security and business priorities.

A Cultural Shift Toward Security The discussion also touched on the cultural shift required to fully integrate zero trust into an organization. Zero trust is not just a technological framework but a mindset that influences how every employee views access and security. Through scenario-driven exercises and engaging executive teams early in the process, Ocain helps organizations transition from a "department of no" mentality to a collaborative, security-first culture.

Listen to the full episode to explore more strategies on implementing zero trust in incident response and how to align security initiatives with business goals.

Guest: Art Ocain, VP of Cybersecurity & Incident Response at Airiam | On LinkedIn: https://www.linkedin.com/in/artocain/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Demo to Deployment: How A Hands-On Human Approach Transforms Security Implementation | A Conversation with Amanda Makowsky at Zero Trust World 2025 | On Location with Sean Martin and Marco Ciappelli

Tue, 25 Feb 2025 00:40:49 +0000

This episode of the “On Location” series, recorded during ThreatLocker Zero Trust World 2025 in Orlando, features an insightful conversation with Amanda Makowsky, Solution Engineer at ThreatLocker. Amanda shares how ThreatLocker maintains a human touch in cybersecurity while delivering robust solutions for organizations of all sizes.

The Human Element in Technology

Amanda explains how ThreatLocker emphasizes human interaction from the first demo through implementation and beyond. When potential customers engage with ThreatLocker, they are assigned a dedicated Solution Engineer as their technical point of contact. Amanda highlights how this relationship extends beyond the sales process, ensuring partners have continuous support as they mature their security environments. Whether working with small businesses or large enterprises, the focus remains on personalized service and hands-on assistance.

Support That Stands Out

ThreatLocker’s commitment to human-centric support is evident through its 24/7 live helpdesk, staffed by real people in Orlando, Florida. Amanda notes the goal of responding to chat requests within a minute, providing immediate support without relying on bots or automated responses. This approach fosters trust and ensures that customers, regardless of their organization’s size, receive timely and effective help.

Customization and Real-World Impact

Amanda shares how every partner’s environment is unique, requiring tailored solutions to accommodate different software, hardware, and operational needs. She emphasizes the importance of building specific and intentional roles within ThreatLocker’s systems to match the diverse environments of their partners. The impact of this customization is profound, as partners express a sense of security that allows them to “sleep better at night.”

Listen to this episode to explore how ThreatLocker combines technology with human connection, offering a refreshing perspective in the cybersecurity industry.

Guest

🔹 Amanda Makowsky, Solutions Engineer at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/amandamakowsky/

Hosts

🔹 Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

🔹 Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

This Episode’s Sponsor

✅ ThreatLocker: https://itspm.ag/threatlocker-r974

Resources

🔗 Full ZTW 2025 Coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

🔗 ITSPmagazine’s Event Coverage Hub: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

🎧 More Redefining CyberSecurity Content: https://www.itspmagazine.com/redefining-cybersecurity-podcast

🎧 More Redefining Society Stories: https://www.itspmagazine.com/redefining-society-podcast

📢 Want to share your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

📢 Want Sean and Marco at your event? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Breaking the Spell: How to Avoid the Grand Delusion in Zero Trust | A Conversation with Dr. Chase Cunningham at Zero Trust World 2025 | On Location with Sean Martin and Marco Ciappelli

Tue, 25 Feb 2025 00:10:36 +0000

At ThreatLocker Zero Trust World 2025 in Orlando, Chase Cunningham, often referred to as “Dr. Zero Trust,” delivered a thought-provoking session titled The Grand Delusion. The event, filled with IT professionals, managed service providers (MSPs), and small to midsize business (SMB) leaders, provided the perfect backdrop for a candid discussion about the state of cybersecurity and the real-world application of Zero Trust strategies.

Challenging the Status Quo

Cunningham emphasized the need for businesses to adopt realistic cybersecurity practices that align with their resources and needs. He pointed out the pitfalls of smaller organizations attempting to emulate enterprise-level security strategies without the necessary infrastructure. “Cyber shouldn’t be any different” than outsourcing taxes or other specialized tasks, he explained, advocating for MSPs and external services as practical solutions.

Zero Trust as a Strategy, Not Just a Term

The session underscored that Zero Trust is not merely a buzzword but a strategic approach to security. Cunningham stressed the importance of questioning the validity of industry claims and seeking concrete data to support cybersecurity initiatives. He encouraged attendees to avoid being “delusional” by blindly accepting security solutions without a critical evaluation of their impact and effectiveness.

Actionable Steps for Small Businesses

Cunningham shared practical advice for implementing Zero Trust principles within smaller organizations. He recommended focusing on foundational controls like identity and access management, micro-segmentation, and application allow and block lists. He noted that achieving security is a journey, requiring a structured, strategic approach and an acceptance that immediate results are unlikely.

The Future of Zero Trust

Looking ahead, Cunningham expressed optimism about the continued evolution of Zero Trust. He highlighted its growing global significance, with his upcoming engagements in Taiwan, Colombia, and Europe serving as evidence of its widespread adoption. Ultimately, he framed Zero Trust as not only a business imperative but a fundamental human right in today’s digital world.

Tune in to this episode to hear more insights from Chase Cunningham and explore what Zero Trust means for businesses of all sizes.

Guest

🔹 Dr. Chase Cunningham, VP Security Market Research at G2 | On LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham/

Hosts

🔹 Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

🔹Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

This Episode’s Sponsor

✅ ThreatLocker: https://itspm.ag/threatlocker-r974

Resources

🔗 Book | vArIable: A Novel in the gAbrIel Series: https://amzn.to/41yHOUo

🔗 Full ZTW 2025 Coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

🔗 ITSPmagazine’s Event Coverage Hub: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

🎧 More Redefining CyberSecurity Content: https://www.itspmagazine.com/redefining-cybersecurity-podcast

🎧 More Redefining Society Stories: https://www.itspmagazine.com/redefining-society-podcast

📢 Want to share your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

📢 Want Sean and Marco at your event? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Strengthening Cybersecurity Through Zero Trust | A Conversation with Adam Fuller at Zero Trust World 2025 | A Zero Trust World 2025 On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 22 Feb 2025 21:41:40 +0000

Zero Trust World 2025: Strengthening Cybersecurity Through Zero Trust

Zero Trust World 2025 has come to a close, leaving behind a series of thought-provoking discussions on what it truly means to build a culture of security. Hosted by ThreatLocker, the event brought together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.

A Deep Dive into Windows Security and Zero Trust

🔹Guest: Adam Fuller, Special Projects at ThreatLocker

In an era where cyber threats are more relentless than ever, organizations can no longer afford to rely on outdated security models. This urgency drove the conversations at Zero Trust World 2025, where experts shared insights on modern security strategies and the future of cyber defense.

As part of ITSPmagazine’s On Location coverage, host Sean Martin sat down with Adam Fuller, Special Projects at ThreatLocker, to discuss the critical role of Windows security, Zero Trust principles, and the evolving challenges of cyber risk management.

With Windows environments remaining a prime target for cyber threats, Fuller shared practical strategies for hardening systems using built-in tools and best practices.

“It’s not just about blocking threats,” Fuller explained. “It’s about having visibility—knowing what’s changing in your system, locking down registry settings, and implementing effective event logging. These steps are crucial for proactive security.”

A key takeaway from the discussion was the importance of collaboration between IT administrators and security teamsto enforce strong security policies without disrupting productivity. Many organizations struggle with balancing security and usability, but Fuller emphasized that Zero Trust security can be implemented without compromising efficiency when approached with the right policies.

Beyond Compliance: Cyber Insurance and Real-World Security

Another emerging theme from Zero Trust World 2025 was the increasing influence of cyber insurance in shaping security practices. While compliance standards often drive security implementations, Fuller pointed out that cyber insurance requirements are becoming just as important—if not more so.

“Many companies don’t realize that a denied cyber insurance claim can be devastating,” Fuller said. “It’s not just about checking boxes for compliance; it’s about proving you’ve taken the right security steps to protect your organization.”

The conversation also touched on phishing-resistant MFA, token protection policies, and real-time auditing. As cybercriminals continue evolving their tactics, organizations must stay ahead by adopting modern security controls that go beyond traditional MFA and perimeter defenses.

Why These Conversations Matter

This episode is a must-listen for IT administrators, security professionals, and MSPs looking to build a stronger Zero Trust strategy. As Sean and Adam break down the key takeaways from the event, one thing is clear—security is no longer just an IT issue; it’s a business imperative.

Stay tuned for more expert insights from Zero Trust World 2025, as ITSPmagazine’s On Location with Sean and Marco continues to explore the future of cybersecurity.

Hosts:

🔹 Sean Martin – Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast[@RedefiningCyber]
🎙 ITSPmagazine Profile: https://www.itspmagazine.com/sean-martin

🔹 Marco Ciappelli – Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
🎙 ITSPmagazine Profile: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

This Episode’s Sponsor

✅ ThreatLocker: https://itspm.ag/threatlocker-r974

Resources

🔗 Full ZTW 2025 Coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

🔗 ITSPmagazine’s Event Coverage Hub: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

🎧 More Redefining CyberSecurity Content: https://www.itspmagazine.com/redefining-cybersecurity-podcast

🎧 More Redefining Society Stories: https://www.itspmagazine.com/redefining-society-podcast

📢 Want to share your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

📢 Want Sean and Marco at your event? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building a Community and a Culture of Security Education and Operations | A Zero Trust World Pre-Event Kick-Off | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Tue, 18 Feb 2025 22:50:43 +0000

Zero Trust World 2025 is officially underway, and the conversation centers around what it means to build a culture of security. Hosted by ThreatLocker, this event brings together security professionals, IT leaders, and decision-makers to explore the complexities of Zero Trust—not just as a concept but as an operational mindset.

Defining Zero Trust in Practice

Sean Martin and Marco Ciappelli set the stage with a key takeaway: Zero Trust is not a one-size-fits-all solution. Each organization must define its own approach based on its unique environment, leadership structure, and operational needs. It is not about a single tool or quick fix but about establishing a continuous process of verification and risk management.

A Focus on Security Operations

Security operations and incident response are among the core themes of this year’s discussions. Speakers and panelists examine how organizations can implement Zero Trust principles effectively while maintaining business agility. Artificial intelligence, its intersection with cybersecurity, and its potential to both strengthen and challenge security frameworks are also on the agenda.

Learning Through Engagement

One of the standout aspects of Zero Trust World is its emphasis on education. From hands-on training and certification opportunities to interactive challenges—such as hacking a device to win it—attendees gain practical experience in real-world security scenarios. The event fosters a culture of learning, with participation from help desk professionals, CIOs, CTOs, and cybersecurity practitioners alike.

The Power of Community

Beyond the technical discussions, the event underscores the importance of community. Conferences like these are not just about discovering new technologies or solutions; they are about forging connections, sharing knowledge, and strengthening the collective approach to security.

Zero Trust World 2025 is just getting started, and there’s much more to come. Stay tuned as Sean and Marco continue to bring insights from the conference floor, capturing the voices that are shaping the future of cybersecurity.

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Shadow IT: Securing Your Organization in a World of Unapproved Apps | A Zero Trust World Conversation with Ryan Bowman | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 7 Feb 2025 19:12:20 +0000

Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.

In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman’s session aims to shed light on this issue and equip attendees with strategies to address it effectively.

Understanding Shadow IT and Its Risks

Bowman explains that Shadow IT is more than just an inconvenience—it’s a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.

One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.

Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.

Zero Trust as a Mindset

A recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it’s a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.

This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.

Practical Strategies to Combat Shadow IT

Bowman’s session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:

• Identifying and monitoring unauthorized applications within their organization

• Implementing policies and security controls that balance security with user needs

• Enhancing employee engagement and education to prevent unauthorized technology use

• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiency

Bowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.

Why This Session Matters

With organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman’s session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.

Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.

For those interested in staying ahead of security challenges, attending Bowman’s session on The Dangers of Shadow IT is a must.

Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Ultimate 2025 Tech & Cybersecurity Event Guide: Where to Be | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (Sean Martin, Marco Ciappelli, ITSPmagazine) — Tue, 4 Feb 2025 16:10:13 +0000

ITSPmagazine is gearing up for another year of in-depth event coverage, bringing insights from industry leaders, innovators, and companies making an impact in cybersecurity, technology, and society. Sean Martin and Marco Ciappelli outline their plans for 2025, emphasizing a mix of established conferences and new opportunities to highlight emerging discussions.

Key Industry Events

The year’s schedule includes cornerstone cybersecurity conferences such as RSA Conference in San Francisco, Infosecurity Europe in London, and Black Hat in Las Vegas. These events serve as major platforms for discussing industry trends, launching new products, and showcasing research. Through editorial coverage, interviews, and discussions, ITSP Magazine provides perspectives from keynote speakers, panelists, and organizations shaping the field.

Expanding Coverage Beyond Cybersecurity

Beyond security-focused events, the team is covering NAMM 2025, a leading music and technology conference, and Legal Week in New York, where legal, policy, and AI discussions intersect. Other major tech gatherings include CES, VivaTech, and KIMS, broadening the conversation to industries influencing the digital landscape.

For companies looking to share their stories at these events, ITSP Magazine is offering sponsorship opportunities and editorial coverage. Stay tuned for updates, and catch ITSP Magazine on location throughout the year.

Learn about Event Briefings: https://www.itspmagazine.com/event-coverage-briefings

Learn about the Event Coverage Sponsorship Bundle: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

This Episode’s Sponsor: HITRUST: https://itspm.ag/itsphitweb

Resources

The Business Newsletter: https://www.itspmagazine.com/campaigns/view-campaign/4GZV4Nk80T4jGaFCG6wZZXFhO1wa91_1AeZOznFKw-qJhYFt14gJ1lyUvtlfhpABey1BbwWbzLzj-wkwtsauLPtoWbDsmyr-

RSA Conference 2025: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Black Hat USA 2025: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas

Infosecurity Europe 2025: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverage

All of our planned On Location event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cyber Threat Research, Hands-On Labs, and a Challenge You Can’t Afford to Miss | A Zero Trust World Conversation with Kieran Human | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 3 Feb 2025 16:43:04 +0000

Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year’s event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.

The Growth of Zero Trust World

Now in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company’s own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.

What to Expect: Hands-On Learning and Key Discussions

One of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker’s perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.

For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there’s something to gain from these hands-on labs.

High-Profile Speakers and Industry Insights

Beyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.

One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.

Networking, Certification, and More

Zero Trust World isn’t just about education—it’s also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.

A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.

A Unique Capture the Flag Challenge

For those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event’s commitment to real-world application of cybersecurity techniques.

Join the Conversation

With so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.

Whether you’re looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you’re attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.

Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Music Evolves Podcast Debut: Exploring Music’s Evolution Through Technology, Creativity, and Innovation | A Conversation with Marco Ciappelli | Music Evolves with Sean Martin

contact@itspmagazine.com (Sean Martin, Marco Ciappelli) — Sun, 2 Feb 2025 04:30:29 +0000

Guests and Host

Guest: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin

Show Notes

The first episode of Music Evolves with host Sean Martin sets the tone for an exciting exploration of the intersection of music and technology. Kicking things off with a discussion of the NAMM (National Association of Music Merchants) Show, this episode covers how musicians, producers, and innovators are shaping the future of sound.

Music Meets Technology

From the resurgence of classic analog instruments to the latest AI-assisted music creation tools, technology continues to redefine how music is made, performed, and shared. Sean shares his firsthand experience at NAMM, where major brands and independent creators showcased groundbreaking advancements, including digital amplifiers that recreate vintage sounds, AI-driven music production tools, and innovations designed to break creative barriers.

One standout topic is how technology is making music creation more accessible. Companies are introducing tools that allow artists to experiment with sounds in ways that were once impossible without expensive studio setups. Instruments with built-in effects, digital modeling amps that maintain rich analog tones at lower volumes, and silent drum heads that allow musicians to practice in small apartments—all of these are making professional-quality music creation more attainable.

The Role of AI in Music

A key discussion point in this episode is the growing influence of artificial intelligence. AI-generated music isn’t just an experiment—it’s already shaping songwriting, production, and even performance. Some musicians use AI to refine lyrics, generate melodies, or experiment with new sonic textures. But with this innovation comes debate. Can AI-generated music carry the same emotional depth as human-created work? And how does this impact authenticity in songwriting and performance?

NAMM also brought attention to ethical concerns surrounding AI, with Roland and Universal Music Group unveiling an initiative to address fair use, artist rights, and responsible AI implementation in music. As AI continues to evolve, these discussions will be critical in determining its role in the industry.

Preserving the Classics While Pushing Boundaries

Despite all the technological advancements, there remains a strong nostalgia for classic sounds. This balance between innovation and tradition was evident at NAMM, where artists and engineers worked to preserve vintage tones while enhancing their usability for modern musicians. Companies are now blending analog warmth with digital precision, allowing musicians to replicate legendary sounds without the constraints of older hardware.

Sean also touches on the impact of these advancements on performance. Portable gear with built-in looping and effects is allowing musicians to push creative limits, while innovations in live sound engineering are making it possible to replicate studio-quality mixes on stage.

More to Come on Music Evolves

This episode sets the stage for a series that will dive deep into how technology is changing the way music is created, performed, and consumed. Future episodes will explore everything from sound engineering and music education to AI composition and new performance technologies.

For those passionate about music and its ever-expanding possibilities, Music Evolves offers a fresh perspective on how creativity and technology intersect. Be sure to listen to the full episode to hear firsthand insights from NAMM and stay tuned for upcoming discussions with musicians, engineers, and industry leaders shaping the future of sound.

Resources

More The 2025 NAMM Show Coverage: https://itspmagazine.com/the-2025-namm-show-namm-music-conference-music-technology-event-coverage-anaheim-california

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

CES 2025: Exploring Tech Innovation and Human-Centric Trends with Brian Comiskey, Senior Director of Innovation & Trends | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 24 Dec 2024 05:42:01 +0000

Guests:

Brian Comiskey, Senior Director of Innovation & Trends at CES

On LinkedIn | https://www.linkedin.com/in/brian-comiskey-futurist/

Hosts:

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
On LinkedIn | https://www.linkedin.com/in/marco-ciappelli/
WebSite | https://www.marcociappelli.com

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin
On LinkedIn | https://www.linkedin.com/in/imsmartin/
WebSite | https://www.seanmartin.com

____________________________

Episode Notes

CES 2025 is just around the corner, and what better way to dive into the upcoming event than with Brian Comiskey, Senior Director of Innovation and Trends and resident futurist at the Consumer Technology Association? In this special episode of On Location, I had the pleasure of speaking with Brian about what we can expect from this year’s CES, how it continues to shape the tech world, and what it means for all of us navigating a Hybrid Analog Digital Society.

Setting the Tone for the Year in Tech

As Brian pointed out, CES is not just an event—it’s the launchpad for the year’s tech trends. Taking place January 7-10 in Las Vegas, CES 2025 will be a massive showcase of innovation across countless industries, from artificial intelligence to mobility, digital health, energy solutions, and beyond.

This year’s theme, "Dive In," perfectly encapsulates the spirit of the event. It's not just about experiencing the surface level of emerging technologies but about going deeper—exploring how these advancements interact, converge, and shape our everyday lives. Whether you're an executive closing deals, a media professional discovering cutting-edge innovations, or a curious onlooker reading from afar, CES offers an opportunity to explore the tech-driven future.

Human-Centric Innovation at Its Core

CES has evolved from a purely consumer electronics show to something much broader. While enterprise solutions now account for nearly 40% of its exhibitors, the focus remains on human-centric innovation. As Brian aptly said, "Humans are not just consumers; they are patients, workers, collaborators, and creators." The technologies at CES aim to enhance our lives in all these roles.

Digital health is a prime example of this shift. This year, exhibitors in this category are moving to the Venetian campus alongside smart home, lifestyle tech, and accessibility solutions, highlighting how these technologies are converging to improve health, wellness, and longevity. From wearables that connect to your smart home to smart mirrors that monitor your mood, CES demonstrates how personalized, data-driven ecosystems can redefine daily living.

The Evolution of Innovation

Brian and I also discussed the nature of innovation, which he breaks down into two categories: evolutionary and revolutionary. CES showcases both. Evolutionary innovation involves incremental advances, like smarter AI chips in TVs that turn entertainment devices into command centers for your smart home or even tools for telehealth. Revolutionary innovation, on the other hand, includes breakthroughs like nuclear fusion and generative AI—transformations that redefine industries overnight.

This year, startups are expected to bring some of the most exciting stories. The Eureka Park pavilion will spotlight companies like Standard Energy, which is developing vanadium ion battery tiles for home energy storage, and Senergetics, which uses AI to predict and prevent corrosion in power plant pipes. Another standout is Glidance, an autonomous guide robot for individuals with low vision, showcasing how innovation can serve diverse needs and create new opportunities for accessibility.

A Convergence of Ideas and Opportunities

At its heart, CES is about connection—not just connecting devices but connecting people and ideas. It’s a place where startups meet industry giants, partnerships are forged, and new possibilities are imagined. As Brian highlighted, the show serves as both a showcase and a platform for collaboration, where the seeds of future innovations are planted.

Wrapping It Up

CES 2025 is more than a trade show—it’s a glimpse into the future of our coexistence with technology. As we prepare to dive into the event, one thing is clear: technology is no longer something we simply use. It’s a part of who we are and how we live.

I’ll leave you with this thought: CES isn’t just about what’s next; it’s about how we can work together to make what’s next even better.

Mark your calendars for January 7-10, and stay tuned for more conversations as Sean Martin and I bring you the latest stories On Location.

Subscribe, follow, and let’s explore the future together!

____________________________

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rebalancing Cyber Security: Prioritizing Response and Recovery in Governance | An Australian Cyber Conference 2024 in Melbourne Conversation with Asaf Dori and Ashwin Pal | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Dec 2024 02:14:57 +0000

Guests:

Asaf Dori, Cyber Security Lead, Healthshare NSW

On LinkedIn | https://www.linkedin.com/in/adori/

Ashwin Pal, Partner – Cyber Security and Privacy Services, RSM Australia

On LinkedIn | https://www.linkedin.com/in/ashwin-pal-a1769a5/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At the AISA CyberCon 2024 in Melbourne, Sean Martin sat down with Asaf Dori and Ashwin Pal to explore the often-overlooked areas of the NIST Cybersecurity Framework: response and recovery. Both guests highlighted the critical gaps organizations face in these domains and shared practical insights on addressing them.

Asaf Dori, a cybersecurity professional in healthcare and a researcher at the University of Sydney, underscored the need for governance-driven awareness to improve response and recovery capabilities. His research revealed that while organizations invest heavily in prevention and detection, they frequently neglect robust recovery plans. He emphasized the importance of comprehensive disaster recovery exercises over isolated system-based approaches. By linking governance to practical outcomes, Dori argued that organizations could better align their strategies with business resilience.

Ashwin Pal, a partner at RSM with 26 years of experience in IT security, brought a field perspective, pointing out how recovery strategies often fail to meet business requirements. He discussed the disconnect between IT recovery metrics, such as RPOs and RTOs, and actual business needs. Pal noted that outdated assumptions about recovery timeframes and critical systems frequently result in misaligned priorities. He advocated for direct business engagement to establish recovery strategies that support operational continuity.

A key theme was the role of effective governance in fostering collaboration between IT and business stakeholders. Both speakers agreed that engaging business leaders through tabletop exercises is an essential starting point. Simulating ransomware scenarios, for instance, often exposes gaps in recovery plans, such as inaccessible continuity documents during a crisis. Such exercises, they suggested, empower CISOs to secure executive buy-in for strategic improvements.

The discussion also touched on the competitive advantages of robust cybersecurity practices. Dori noted that in some industries, such as energy, cybersecurity maturity is increasingly viewed as a differentiator in securing contracts. Pal echoed this, citing examples where certifications like ISO have become prerequisites in supply chain partnerships.

By reframing cybersecurity as a business enabler rather than a cost center, organizations can align their response and recovery strategies with broader operational goals. This shift requires CISOs and risk officers to lead conversations that translate technical requirements into business outcomes, emphasizing trust, resilience, and customer retention.

This dialogue provides actionable insights for leaders aiming to close the response and recovery gap and position cybersecurity as a strategic asset.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Theory of Saving the World: Intervention Requests and Critical Infrastructure | An Australian Cyber Conference 2024 in Melbourne Conversation with Ravi Nayyar | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 10 Dec 2024 01:35:13 +0000

Guest: Ravi Nayyar, PhD Scholar, The University Of Sydney

On LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/

At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems.

The Cyber Zoo: Ravi Nayyar’s Research Focus

Ravi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems.

The Role of Humans in Cybersecurity

At the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world.

The Case for Stronger Cyber Laws

Ravi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security.

Global Cooperation and the Fight Against Regulatory Arbitrage

The discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide.

Incentivizing Secure Practices

Delving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem.

Closing Thoughts: Collaboration for a Safer Digital World

Sean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure.

____________________________

This Episode’s Sponsors

____________________________

Resources

The theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNrifl

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Melbourne to the World: Recap, Highlights and the importance of Human Connections in a Digital Connected Society | An Australian Cyber Conference 2024 in Melbourne Conversation with Akash Mittal | On Location Coverage

Fri, 6 Dec 2024 05:56:28 +0000

Guest: Akash Mittal, Chair, Australian Information Security Association (AISA)

On LinkedIn | https://www.linkedin.com/in/akashgmittal/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Throughout the conference, one theme stood out above all: the power of community. Akash reflected on how CyberCon fosters a collective effort to strengthen Australia’s cyber resilience by uniting government, academia, and industry under one roof. From keynote presentations to impromptu hallway conversations, the conference showcased how innovation and human connection go hand in hand to address global cybersecurity challenges.

The Block Party and Beyond

One of the most talked-about moments was the renowned Block Party, a celebration that blurred the line between networking and friendship. Marco described it as a unique experience that left a lasting impression on attendees. Beyond the lively gatherings, the conference also stood out for its ability to create a space where meaningful connections and ideas flourished—whether on the exhibition floor, during panel discussions, or at informal meetups.

Looking Ahead: The Future of CyberCon

As the conference came to a close, Akash shared an exciting vision for what lies ahead. With an ethos of continuous improvement, the organizing team is committed to delivering even more impactful experiences in the years to come. Feedback from attendees will play a vital role in shaping future events, ensuring CyberCon remains at the forefront of the cybersecurity community.

Highlights from the Exhibition Hall

The buzzing exhibition hall served as the heart of CyberCon 2024, brimming with energy and engagement. Sean and Marco noted how sponsors and vendors played a pivotal role, sparking conversations about cutting-edge solutions and driving collaboration across sectors. The hall wasn’t just about showcasing products—it became a space for dialogue, exploration, and innovation.

A Legacy of Success

CyberCon 2024 was more than just a cybersecurity conference—it was a celebration of the community that makes progress possible. The dedication of volunteers and the meticulous planning behind the scenes ensured the event’s success. As Akash noted, the conference continues to evolve as a space where quality content and genuine connections take center stage.

Closing Thoughts: A United Community

As Sean, Marco, and Akash wrapped up their time at the Australian Cyber Conference 2024, they reflected on what made the event truly special: its people. The conversations, collaborations, and shared sense of purpose have set the stage for a brighter, more connected future in cybersecurity. Melbourne’s vibrant energy was the perfect backdrop for a conference that reminded us all that innovation is strongest when it’s rooted in community.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Securing Digital Legacies: Ethical Challenges and Insights Based on a True Story | An Australian Cyber Conference 2024 in Melbourne Conversation with Peter Gigengack | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 6 Dec 2024 05:20:00 +0000

Guest: Peter Gigengack, Director Cyber Security, Capability, Department of Premier and Cabinet of WA

On LinkedIn | https://www.linkedin.com/in/peter-gigengack/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The digital era has reshaped nearly every aspect of our lives, but it has also introduced new challenges to end-of-life planning. Peter Gigengack shares his insights on this pressing issue, recounting how he navigated the emotional and logistical hurdles of managing a loved one’s digital footprint after their passing.

A Personal Story of Loss and Discovery
Peter's journey into the realm of digital legacies began when his elderly relative, "John," passed away. The family was left not only with John’s physical belongings but also his vast and complicated online presence.

Without access to passwords or guidance from John, the family faced a daunting task. Drawing on his technical expertise, Peter took the lead, discovering firsthand the difficulties that come with managing digital identities without preparation.

Ethical and Legal Considerations
The discussion moves into the ethical and legal complexities of managing digital legacies. Peter admits that while his family’s choices were driven by love and respect, they highlighted a significant gray area between honoring someone’s memory and navigating privacy laws.

These questions are universal: What rights do families have to access a loved one’s digital accounts? How can individuals protect their online presence while providing their families with the tools they need to manage it?

Preparing for the Inevitable
Sean and Marco discuss proactive steps, such as assigning digital heirs, securing access to critical accounts, and incorporating digital assets into estate planning. They also challenge technology providers to offer clearer solutions for managing digital legacies responsibly and ethically.

The conversation emphasizes the need for individuals to take ownership of their digital afterlives while advocating for systemic changes that ease the burden on grieving families.

The Future of Digital Immortality
The episode explores the broader implications of digital immortality. In an age where online personas often outlast their creators, society must grapple with how we remember, honor, and even interact with the deceased.

Marco, Sean, and Peter discuss potential technologies, like AI-driven tools that could simulate conversations with late loved ones, and the ethical dilemmas they may bring. The trio reflects on the balance between preserving memories and respecting boundaries in a rapidly advancing digital world.

Key Takeaways
Peter encourages families to have honest conversations about their digital legacies, ensuring everyone is prepared for life’s uncertainties. Sean underscores the cybersecurity perspective, drawing parallels to how businesses prepare for digital risks.

The episode ends with a call to action: Start planning your digital legacy today, and advocate for policies that simplify the process for future generations.

Conclusion
This episode tackles a timely and often overlooked topic, urging listeners to consider the impact of their digital footprints after death. Whether you're looking for practical guidance or contemplating the philosophical questions of digital immortality, the conversation offers valuable perspectives for navigating this evolving landscape.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beyond the Briefings: Exploring the Pulse of Cybersecurity Communities | A Black Hat Europe 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 5 Dec 2024 03:35:42 +0000

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

London as the Backdrop for Innovation and Culture

The conversation kicked off with reflections on London’s vibrant mix of history, culture, and modernity. Marco captured it perfectly, noting the city’s knack for staying on the cutting edge of fashion, music, and movement. Sean chimed in, describing the city as a destination where “cool kids” converge. It’s this ever-evolving energy that makes London the ideal host for forward-thinking gatherings like Black Hat.

Sean and Marco’s admiration for the city wasn’t just about its aesthetics but also its role in shaping global conversations. London is a place where the local meets the global, a theme that would resonate throughout their discussion.

Black Hat’s Expanding Global Reach

Sean and Marco highlighted the global nature of the cybersecurity community, emphasizing Black Hat’s international presence. Marco pointed out how the event has grown beyond its Las Vegas origins, with thriving editions in Europe, Asia, the Middle East, and beyond. This expansion reflects not only a growing need for cybersecurity collaboration but also the importance of tailoring conversations to regional contexts.

Sean observed how each edition of Black Hat carries a unique flavor, shaped by local cultures and challenges. He praised the effort to include regional experts on review boards, ensuring that the content resonates with specific audiences. From Riyadh to Toronto, this approach has made Black Hat a truly global force.

Celebrating Local Voices in Global Conversations

One of the key takeaways from the conversation was the importance of amplifying local voices in global discussions. Marco commended Black Hat’s dedication to fostering a sense of ownership among local cybersecurity communities. Sean agreed, noting how local insights enrich the broader, boundaryless research presented at these events.

The duo discussed the balance between global trends, like AI and supply chain security, and region-specific concerns, such as policy-driven discussions in Europe or industrial focus in Canada. This nuanced approach ensures that every Black Hat event feels relevant, impactful, and inclusive.

Sean and Marco’s Chemistry: Informal Yet Insightful

Beyond the topics, the conversation was marked by the easy rapport between Sean and Marco. They navigated seamlessly from cybersecurity strategy to the lighter moments, like teasing each other about wardrobe choices for London’s chilly December weather. Marco’s love for local cuisine even sparked a playful detour into Italian titles for hardware hacking sessions.

It’s this blend of professional insight and personal charm that makes their discussions so engaging. Whether they’re debating the merits of AI sessions or reminiscing about hallway chats at past events, Sean and Marco bring an authenticity that keeps listeners coming back.

Looking Ahead

As the conversation wrapped up, Sean and Marco hinted at their plans to keep “Chats on the Road” moving forward. While they may not make it to every event, their commitment to bringing the community’s stories to light remains steadfast. Whether you’re attending Black Hat in person or following along from afar, Sean and Marco ensure that the spirit of innovation and collaboration is accessible to all.

Stay tuned as they continue to explore the intersections of technology, culture, and community, one conversation at a time.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more about Black Hat Europe 2024: https://www.blackhat.com/eu-24/

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Bytes to Rights: The Intersection of Law and Cyber Security | An Australian Cyber Conference 2024 in Melbourne Conversation with EJ Wise | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, EJ Wise) — Wed, 4 Dec 2024 22:57:31 +0000

Guest: EJ Wise, Founder & Principal, WiseLaw

On LinkedIn | https://www.linkedin.com/in/wiselaw3/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Against the energetic backdrop of Melbourne's CyberCon, hosted by ISA, the conversation dives into the global nature of technology's influence. The trio reflects on pressing topics such as privacy, cybersecurity, and the shifting landscape of cyber law, all while situated in one of Australia’s most tech-forward cities.

EJ Wise’s Journey and Perspective
EJ Wise shared her remarkable career path, starting as a member of the U.S. Air Force JAG Corps and later founding her boutique law firm in Australia in 2018. Her firsthand experience sheds light on Australia’s relatively recent introduction of comprehensive cyber laws and the ongoing need to bridge the gap between technological innovation and legislative action.

Educating Consumers: A Shared Responsibility
A key focus of the conversation was consumer awareness. EJ highlighted the critical need for industries to take responsibility for educating the public, much like banks have historically done with financial literacy. The discussion also touched on embedding technological literacy into early education, ensuring children grow up with a clear understanding of privacy and digital security.

Technology and Ethics in Tension
The group examined the ethical challenges posed by advancing technologies, especially regarding surveillance and data privacy. From facial recognition in retail spaces to the increasing capabilities of modern devices to monitor user behavior, the conversation drew thought-provoking parallels between these innovations and the history of advertising practices.

The ethical implications of such technologies go far beyond convenience, raising questions about transparency, consent, and societal norms in the digital age.

Legal Frameworks and Industry Responsibility
Marco and Sean explored the evolving role of legal frameworks in holding industry players accountable for consumer safety and privacy. EJ’s insights provided a grounded perspective on how regulatory environments are adapting—or struggling to adapt—to these challenges.

The discussion underscored a growing trend: companies must not only comply with existing laws but also anticipate and mitigate the societal impacts of their technologies.

Encouraging Dialogue and Reflection
Throughout the episode, the importance of open dialogue and introspection emerged as a recurring theme. By examining how technology shapes society and law, the discussion encouraged listeners to reflect on their digital habits and the privacy trade-offs they make in their daily lives.

Conclusion
While the conversation didn’t provide all the answers, it illuminated the complexities of the interplay between technology, law, and society. EJ, Marco, and Sean left listeners with an invitation to remain curious, question norms, and consider their role in shaping a more ethically aware digital future.

This episode captures the spirit of CyberCon 2024—sparking ideas, inspiring debate, and reinforcing the need for thoughtful engagement with the challenges of our hybrid analog-digital society.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Stranger Danger, Phishing, Instinct, and Technology: How AI and Awareness Are Shaping Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Benji Zorella and Rebecca Caldwell | On Location Coverage

Wed, 4 Dec 2024 22:26:27 +0000

Guests:

Benji Zorella, eLearning Instructional Designer, CyberCX

On LinkedIn | https://www.linkedin.com/in/benjiz/

Rebecca Caldwell, Phishing Content Specialist, Phriendly Phishing

On LinkedIn | https://www.linkedin.com/in/bec-j-caldwell/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Kicking off the episode, Sean Martin and Marco Ciappelli highlight the uniquely local flavor of the conference. With Benji and Bec calling Melbourne home, the guests reflect on the value of attending such a prominent event in their backyard while drawing on their experiences as hosts of their own cybersecurity podcast.

Unmasking Phishing in the Digital Age

Phishing takes center stage as Benji and Bec share stories and insights about the dangers lurking behind cleverly crafted scams. Sean Martin draws a clever comparison between traditional fishing methods and the digital phishing tactics cybercriminals use today—hooking victims by exploiting their trust and curiosity.

Benji drives the conversation deeper, explaining how a person's digital footprint—especially in an age of AI-driven tools like deepfakes—can be weaponized for deception. The guests underscore the importance of remaining vigilant and minimizing the personal information we leave online, turning our digital habits into our best line of defense.

Cybersecurity Education: The First Line of Defense

Shifting gears, the group emphasizes the need to move beyond relying solely on tech-driven safeguards and focus on building a culture of cybersecurity awareness within organizations. Bec Caldwell shares actionable strategies, likening cybersecurity education to learning how to drive—starting small and gradually building confidence in spotting risks. Empowering employees to question suspicious contexts fosters not just better security, but a collaborative culture of accountability.

AI: Friend or Foe?

The role of AI emerges as a hot topic, sparking a discussion about its dual impact on cybersecurity. While AI enables sophisticated phishing attacks, it also holds the potential to strengthen defenses. The panel imagines AI tools evolving to provide real-time security nudges, similar to how cars alert drivers to potential hazards. It’s a balancing act, as AI must be wielded thoughtfully to enhance—not replace—human vigilance.

The Human Factor in Cybersecurity

Throughout the conversation, one message resonates: the enduring power of human intuition. Benji recounts a gripping story of a CEO who thwarted a highly advanced phishing attempt with a simple, old-school phone verification. This moment reinforces the idea that while tech can improve security measures, the human touch remains irreplaceable.

Future-Proofing Cybersecurity

As the episode winds down, the group reflects on thought-provoking audience questions from the conference. From AI’s impact on CISO responsibilities to how generational shifts in digital communication shape cybersecurity strategies, the guests underscore the need for adaptability as both technology and society evolve.

A Final Call to Action

Marco Ciappelli and Sean Martin wrap up with a clear takeaway for their listeners: stay curious, ask questions, and embrace skepticism online. The key to navigating today’s cyber landscape is a mix of awareness, education, and the occasional gut check—because even in a tech-driven world, the human element is our greatest asset.

____________________________

This Episode’s Sponsors

____________________________

Resources

Bytes with Bec and Benji podcast: https://www.phriendlyphishing.com/resources/podcasts

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building Cyber Resilience Through Global Innovation, Local Community Feedback, and Regional Partnerships | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story with Jade Wilkie

Wed, 4 Dec 2024 19:31:05 +0000

This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guests:

Jade Wilkie, Account Executive APAC, ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/

Resources

Essential Eight: https://itspm.ag/threatq55q

Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Inside the MIND of a Hacker - Insights and Lessons From a Ransomware Attack | An Australian Cyber Conference 2024 in Melbourne Conversation with Joseph Carson | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 4 Dec 2024 17:22:32 +0000

Guest: Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Delinea

On LinkedIn | https://www.linkedin.com/in/josephcarson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At AISA Cyber Con 2024, amidst the bustling energy of Melbourne, the conversation between Sean Martin, Marco Ciappelli, and Joseph Carson provided a unique perspective on cybersecurity challenges and insights. The setting wasn’t just a backdrop—it was a canvas where shared experiences and professional journeys painted a vivid picture of evolving cyber threats and collaborative defense strategies.

The Dynamics of Engagement

The dialogue kicked off with a casual and candid exchange, where the speakers reflected on the nuances of attending conferences—long walks between sessions, weather swings, and the unexpected yet pleasant surprise of encountering familiar faces. Marco and Sean seamlessly blended humor and camaraderie into their conversation, making the technical discussion both engaging and relatable.

Insights on Ransomware Realities

Joseph Carson shared a deeply technical yet accessible walkthrough of ransomware attacks. He explained his approach to recreating real-world scenarios to educate organizations on vulnerabilities and lessons learned. He highlighted that while AI garners much attention, attackers often rely on basic techniques that remain effective. His revelation that many victims still struggle with simple misconfigurations and weak credential management served as a stark reminder of cybersecurity’s foundational importance.

The audience's reaction underscored the relevance of these insights. Many attendees, identifying parallels with their organizational experiences, approached Carson afterward to share stories or seek advice. This interactive exchange emphasized the importance of open dialogue and proactive learning in addressing cyber threats.

Ethical and Strategic Considerations in Cybersecurity

The discussion also touched on the ethical dilemmas surrounding ransomware payments. Carson recounted incidents where organizations faced the difficult decision to pay ransoms to save critical operations. His narrative of assisting a cancer research organization emphasized that these decisions are fundamentally business-driven, balancing continuity against principles.

Sean and Marco expanded on the implications of regulatory frameworks. They debated the effectiveness of Australia’s laws permitting ransomware payments under strict disclosure conditions, exploring whether such measures could foster collaboration between government agencies and the private sector or inadvertently sustain the criminals’ business model.

Global Trends and Local Challenges

The conversation delved into how sanctions and geopolitics influence cybercrime. Carson explained how ransomware operators adapt their strategies, targeting regions with fewer regulatory constraints or financial barriers. He emphasized the need for global cooperation to create a resilient cybersecurity ecosystem, advocating for shared intelligence and collaborative defense measures.

Marco’s observations on the societal aspect of cybersecurity resonated strongly. He noted that resilient countries could inadvertently shift the burden of ransomware to less developed regions, highlighting the ethical responsibility to extend cybersecurity efforts globally.

Final Thoughts: Building a Safer Digital World

The discussion wrapped up with a call for cooperation and proactive measures. Whether through fostering societal awareness or tightening organizational controls, the speakers agreed that tackling cybercrime requires a unified effort. Carson emphasized that sharing knowledge—be it through podcasts, conferences, or direct collaboration—creates a ripple effect of security.

This conversation at AISA Cyber Con wasn’t just an exchange of ideas but a demonstration of the power of collaboration in combating the ever-evolving challenges of cybersecurity. Through humor, storytelling, and expertise, Sean, Marco, and Carson left their audience not only informed but inspired to act.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 4 Dec 2024 16:42:42 +0000

Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe University

On LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.

Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.

Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.

Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual’s age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.

The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.

The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad’s research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.

Listeners are encouraged to follow Ahmad’s work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Brand Story with Robert Booker, Blake Sutherland, Sidney Prasse, Josh Ladeau

Wed, 4 Dec 2024 16:15:00 +0000

The HITRUST CyberInsurance Webinar unveiled an innovative approach to acquiring cyber insurance, highlighting a streamlined process designed to benefit organizations of all sizes and sectors. Gathering insights from industry leaders including Sean Martin, Josh Ladeau, Sidney Prasse, Robert Booker, and Blake Sutherland, the discussion centered around the HITRUST Shared Risk Facility and its value proposition for organizations seeking robust cyber insurance coverage.

Josh Ladeau, CEO of Trium, emphasized the importance of reducing volatility in the insurance market. He pointed out the challenges organizations face with traditional insurance processes, including cumbersome questionnaires and inconsistent underwriting requirements. By leveraging HITRUST certifications, the Shared Risk Facility offers a consistent, transparent, and efficient pathway for obtaining coverage, ensuring organizations can focus more on their core operations rather than administrative burdens.

Sidney Prasse, a cyber specialist at McGill and Partners, highlighted the comprehensive nature of HITRUST certifications, which provide a high level of assurance and a robust framework for organizations. Prasse elaborated on the return on investment (ROI) that organizations gain from this streamlined approach, not only in terms of competitive premiums but also through time and resource efficiencies.

Robert Booker, Chief Strategy Officer at HITRUST, elaborated on the rigorous processes involved in HITRUST certifications. He explained that these certifications require organizations to demonstrate their security maturity comprehensively, which in turn provides insurers with verified, reliable data. This reliability and transparency in security posture are critical, as they enhance the trust between insurers and insureds, making the underwriting process smoother and more accurate.

Blake Sutherland, EVP of Market Engagement at HITRUST, emphasized the importance of proactive engagement between IT security teams and finance or risk management teams within organizations. He noted that the HITRUST approach helps bridge gaps between these departments, ensuring a unified and effective strategy towards obtaining and maintaining cyber insurance coverage.

The webinar underscored that the HITRUST Shared Risk Facility is not just about easier and more efficient insurance processes; it also represents a strategic advantage in the market. Organizations that are HITRUST certified can differentiate themselves, demonstrating a high level of security and compliance that can be pivotal in securing business contracts. This differentiation is particularly crucial as businesses increasingly rely on third-party attestation to verify their security measures.

Ultimately, the HITRUST CyberInsurance Webinar showcased how strategic partnerships and innovative approaches can transform the traditional cyber insurance landscape, providing organizations with the tools they need to effectively manage risk and achieve better overall security.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Sidney Prasse, Partner, McGill & Partners

On LinkedIn | https://www.linkedin.com/in/sidney-prasse-297894aa/

Josh Ladeau, CEO, Trium Cyber

Resources

Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships (Session):

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building a Sustainable, Predictable Cyber Insurance Market | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A McGill and Partners Short Brand Innovation Story with Ryan Griffin

Tue, 3 Dec 2024 16:00:00 +0000

During the latest Brand Story episode recorded as part of the On Location series at HITRUST Collaborate 2024, host Sean Martin speaks with Ryan Griffin from McGill Partners about the intricacies of cyber insurance.

Ryan Griffin, who plays a key role at the cyber insurance brokerage firm McGill Partners, shares insights into the importance of cyber insurance for large and complex organizations. Griffin outlines how the company helps clients understand and quantify their cyber risks before negotiating with over 100 cyber insurers to secure coverage. This rigorous approach is crucial given the volatile nature of cyber risks.

One of the significant challenges in the field, Griffin notes, is the counterparty risk involved in contractual relationships between large organizations. He emphasizes the necessity for businesses to carry adequate insurance coverage, akin to traditional liability insurance. Griffin reflects on the market evolution where organizations now see the value in cyber insurance, which should ideally cover rare but high-impact events.

The episode also highlights the pivotal role of data in understanding and pricing cyber risks. Sean Martin brings attention to the collaboration between McGill Partners and HITRUST. HITRUST's extensive data on cybersecurity and privacy maturity provides Griffins' team with a strong foundation for tailored cyber insurance solutions. Griffin praises HITRUST’s reliable framework that has been in place since 2007-2008, saying it’s a key differentiator in the cyber insurance space.

Sean Martin also notes the ongoing evolution in how organizations approach cyber insurance. Historically, the market's response to cybersecurity certifications has been lukewarm, but there is a shift towards utilizing credible, respected frameworks in insurance solutions. HITRUST certifications, such as the R2 certification, now play a crucial role in demonstrating an organization's efforts to mitigate risk and are instrumental in securing favorable insurance terms.

Griffin further discusses the multifaceted stakeholders involved in procuring cyber insurance within organizations. He talks about the need for simplifying cyber risk management for different organizational roles, particularly the non-technical insurance buyers. Griffin emphasizes making the insurance process less intimidating by leveraging compliance and cybersecurity measures already in place.

Ryan Griffin underscores McGill Partners' mission to create a mature and sustainable risk pool, making cyber insurance predictable and reliable for their clients. The collaboration with HITRUST showcases a tangible effort towards improving trust and efficiency in the cyber insurance market. With accurate, trustworthy data, McGill Partners is dedicated to reducing insurance barriers and ensuring organizations are well-prepared to meet their cyber risk management needs.

Learn more about McGill and Partners: https://itspm.ag/mcgill-and-partners-o89w

Note: This story contains promotional content. Learn more.

Guest: Ryan Griffin, Partner, McGill and Partners

On LinkedIn | https://www.linkedin.com/in/ryanpgriffin/

Resources

Learn more and catch more stories from McGill and Partners: https://www.itspmagazine.com/directory/mcgill-and-partners

Video Podcast: Introduction to HITRUST’s Cyber Insurance Facility: https://itspm.ag/hitrusp5x6

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Irreversible Impact of Technology: The Ethical Dilemmas We Face When We Can’t Uninvent Our Creations | An Australian Cyber Conference 2024 in Melbourne Conversation with Mikko Hypponen | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 30 Nov 2024 01:01:23 +0000

Guest: Mikko Hypponen, Chief Research Officer (CRO) at WithSecure [@WithSecure]

On LinkedIn | https://www.linkedin.com/in/hypponen/

On Twitter | https://twitter.com/mikko

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the AISA CyberCon 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Mikko Hypponen to discuss the irreversible nature of technology, the challenges it presents, and its impact on society. The discussion focused not on the event itself but on broader issues and ideas that shape our relationship with technological innovation.

The Irreversible Nature of Innovation

Mikko emphasized that once a technology is invented, it cannot be uninvented. Strong encryption was one of his key examples: it secures communication for individuals and organizations, yet it is also used by criminals to evade detection. This duality underscores the reality that every innovation carries benefits and drawbacks. Mikko noted, “Even if we wanted to get rid of strong encryption, it’s not possible. Criminals would still use it.”

The conversation also touched on artificial intelligence. Mikko highlighted how innovations build on past advancements. Decades of progress in digitizing information, developing the internet, and creating cloud infrastructure have made today’s AI capabilities possible. He reflected on how large technological revolutions often take longer than anticipated to develop but eventually surpass expectations in scope.

Technology as a Double-Edged Sword

The group explored societal challenges posed by technology, such as the impact of social media on youth and ethical questions around ransomware. Mikko pointed to the breach of the Vastamo psychotherapy center in Finland, where hackers stole sensitive patient records and demanded ransoms from both the clinic and its patients. He argued that, in some cases, paying the ransom might result in less harm, even though it contradicts the principle of not funding criminal activity.

Marco raised the issue of preparing young people for social media, comparing it to teaching a child to drive before handing over car keys. The discussion emphasized the importance of gradually introducing tools and systems while fostering understanding of their risks and responsibilities.

Building on the Past

Marco noted how foundational technologies, like the internet, enable further innovations. Mikko agreed, citing how AI’s rapid rise was made possible by decades of previous work. He stressed that each technological leap requires the groundwork laid by earlier developments, creating platforms for new ideas to flourish.

The group also discussed the limitations of regulation. For example, cryptocurrencies, built on mathematical principles, cannot be fundamentally altered by laws. Instead, regulation can only address interactions between real-world currencies and blockchain systems. Mikko observed, “Math doesn’t care about your laws and regulations.”

Closing Thoughts

The conversation underscored that innovation is inherently a trade-off. Every advancement brings both opportunities and challenges, and society must navigate these complexities thoughtfully. Mikko highlighted that while the benefits of technologies like encryption, AI, and the internet are significant, they also create new risks.

Sean, Marco, and Mikko’s discussion emphasized the importance of understanding and adapting to technological change. While we can’t control the pace of innovation, we can shape how it integrates into our lives and institutions. This ongoing dialogue remains essential as society continues to grapple with the implications of progress.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Human Factors in Cyber Security: Cultivating Cybersecurity Culture and Cyber Skills Gap | An Australian Cyber Conference 2024 in Melbourne Conversation with Leanne Ngo | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 29 Nov 2024 17:25:29 +0000

Guest: Leanne Ngo, Associate Professor, La Trobe University

On LinkedIn | https://www.linkedin.com/in/leanne-ngo-86979042/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During AISA Cyber Con 2024 in Melbourne, Sean Martin and Marco Ciappelli sat down with Dr. Leanne Ngo to discuss cyber resilience, community impact, and the role of culture in cybersecurity. Their conversation explored the intersection of technology, education, and human connection in the pursuit of a safer and more secure society.

Dr. Ngo shared her perspective on resilience, highlighting its evolving definition. While digital tools increase opportunities for connection, she emphasized that face-to-face interaction remains vital, especially for vulnerable communities. Her work in promoting cybersecurity awareness involves building trust and understanding among diverse groups, tailoring approaches to their unique needs and cultural contexts.

The discussion turned to the importance of culture in cybersecurity, with Dr. Ngo describing it as a gradual process of change driven by action and integration into everyday life. She stressed that cyber awareness—often focused on knowledge—must evolve into behavioral transformation, where secure practices become second nature both at work and in personal lives. This requires understanding the subcultures within organizations and communities and adapting strategies to resonate with their specific dynamics.

Sean also brought up the concept of belief as a cornerstone for driving cultural change. Dr. Ngo agreed, emphasizing that confidence and a growth mindset are essential in fostering resilience. Drawing on her experience as a mentor and educator, she described how instilling belief in individuals’ capacity to contribute to a secure society empowers them to take ownership of their role in cybersecurity.

The conversation explored practical ways to bridge the gap between technical solutions and human-centered approaches. Dr. Ngo highlighted her work with the Australian government’s "Stay Safe, Act Now" campaign, which focuses on localizing cybersecurity education. By adapting materials to the values and practices of various communities—such as the South Sudanese and Cambodian populations—her initiatives create relatable and impactful messaging that goes beyond surface-level translations.

Education and workforce development also emerged as key themes. Dr. Ngo underscored the importance of short, targeted training programs, like micro-credentials, in addressing the growing skills gap in cybersecurity. Such programs offer accessible pathways for individuals from all backgrounds to contribute meaningfully to the industry, supporting Australia's ambition to be the most cyber-resilient country by 2030.

Closing the discussion, Dr. Ngo reinforced that cybersecurity is fundamentally about people. By fostering empathy, understanding, and a collaborative spirit, society can build resilience not just through technology but through the collective effort of individuals who care deeply about protecting one another. This belief in human potential left an enduring impression, inspiring attendees to think beyond traditional approaches and embrace the human element at the core of cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Data Sovereignty and Security Challenges in the APAC Region: Simplifying Security with Zero Trust and AI-Driven Solutions | An Australian Cyber Conference 2024 in Melbourne Conversation with Abbas Kudrati | On Location Coverage

Fri, 29 Nov 2024 01:25:28 +0000

Guest: Abbas Kudrati, Asia’s SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [@Microsoft]

On LinkedIn | https://www.linkedin.com/in/akudrati/

On Twitter | https://twitter.com/askudrati

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region.

Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions.

The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices.

Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use.

Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities.

The conversation concluded with a forward-looking perspective on AI’s role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Australia's Global Opportunity and Responsibility: Shaping a More Secure Region and a Safer Digital World | An Australian Cyber Conference 2024 in Melbourne Conversation with Ambassador Brendan Dowling | On Location Coverage

Fri, 29 Nov 2024 00:52:56 +0000

Guest: Ambassador Brendan Dowling, Ambassador for Cyber Affairs and Critical Technology, DFAT

On LinkedIn | https://www.linkedin.com/in/brendan-dowling-7812b4261/

AT AU Cyber Con | https://canberra2024.cyberconference.com.au/speakers/brendan-dowling

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This conversation with Brendan Dowling gave us a glimpse into the strategies, challenges, and collaborations shaping Australia’s digital future—and reminded us all that the cyber frontier is not just a technical battlefield but a deeply human one.

The Role of a Cyber Ambassador
Dowling began by discussing the unique responsibilities of a Cyber Ambassador, a role that integrates cybersecurity into foreign policy at the highest levels. He emphasized how this position, once viewed as an innovative experiment, has become a strategic necessity for national security. As cyber threats grow increasingly complex and borderless, cyber diplomacy has emerged as a critical tool for fostering stability and trust on the global stage.

Strengthening Global Collaboration
During the discussion, Dowling highlighted the collaborative nature of Australia’s cybersecurity efforts. He explained how cooperation within government agencies and partnerships with international allies are key to staying ahead of emerging threats. These relationships enable critical information-sharing, strategic alignment, and unified responses to incidents, underscoring the interconnectedness of today’s digital ecosystem.

Navigating AI and Ethical Challenges
The conversation turned to artificial intelligence and its growing role in society. Dowling addressed the ethical considerations of AI development and deployment, stressing the importance of balancing innovation with responsibility. He described Australia’s approach to advocating for ethical design and policy frameworks that protect privacy and human rights while maximizing AI’s benefits.

Building Resilience in Critical Infrastructure
Critical infrastructure was another focal point of the discussion. Dowling acknowledged the increasing complexity of protecting vital systems, from industrial control processes to supply chains. He emphasized resilience—not only in preventing attacks but in responding swiftly and effectively when incidents occur. This approach ensures that essential services, such as energy and manufacturing, can continue to operate even under pressure.

Cultural Contexts in Cybersecurity
Dowling also reflected on the role of cultural differences in shaping cybersecurity strategies. He shared experiences from his international work, where addressing issues like online safety and disinformation often requires sensitivity to local norms and values. Tailoring cybersecurity approaches to diverse cultural contexts, he noted, is vital for fostering trust and collaboration across regions.

Conclusion:
As the conversation concluded, Dowling reaffirmed the need for continued cooperation, innovation, and cultural understanding in tackling global cyber challenges. Sean Martin and Marco Ciappelli expressed their gratitude, leaving listeners with a clear message: cybersecurity is not just a technical issue—it’s a global, ethical, and deeply human challenge that requires collective effort.

____________________________

This Episode’s Sponsors

____________________________

Resources

Australia's global opportunity and responsibility: shaping a more secure region and a safer digital world (Session): https://canberra2024.cyberconference.com.au/sessions/australias-global-opportunity-and-responsibility-shaping-a-more-secure-region-and-a-safer-digital-world

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano Bongiovanni | On Location Coverage

Thu, 28 Nov 2024 02:09:25 +0000

Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQ

On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/

At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.

Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.

Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.

The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.

Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.

Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.

____________________________

This Episode’s Sponsors

____________________________

Resources

Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u

How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe

The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Top 10 Skills Your Security Awareness and Culture Person Must Have (With No IT or Cyber Skills in Sight) | An Australian Cyber Conference 2024 in Melbourne Conversation with Daisy Wong | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 28 Nov 2024 01:50:16 +0000

Guest: Daisy Wong, Head of Security Awareness, Medibank

On LinkedIn | https://www.linkedin.com/in/daisywong127/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Kicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.

Daisy’s career journey, from earning a marketing degree to becoming Medibank’s Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.

The Power of Communication and Culture in Cybersecurity
Daisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today’s cyber challenges.

Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.

Breaking Barriers and Building Bridges
One of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.

She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.

Staying Ahead in an Evolving Threat Landscape
Daisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.

While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.

In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.

Cybersecurity isn’t just about systems and software—it’s about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building Resilience in a Disruptive Digital Landscape while Being Green by Design: Addressing the Carbon Footprint in Cybersecurity | An Australian Cyber Conference 2024 in Melbourne Conversation with Sian John | On Location Coverage

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Sian John) — Wed, 27 Nov 2024 22:54:20 +0000

Guest: Sian John, Chief Technology Officer, NCC Group

On LinkedIn | https://www.linkedin.com/in/sian-john/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.

Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.

Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'

The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.

The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.

Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Present and Future of Human-Centered Cybersecurity: Managing Risks and Fostering Digital Safety | An Australian Cyber Conference 2024 in Melbourne Conversation with Jinan Budge | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 27 Nov 2024 03:09:32 +0000

Guest: Jinan Budge, Vice President, Principal Analyst serving Security & Risk professionals, Forrester

On LinkedIn | https://www.linkedin.com/in/jinan-budge-2898132/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Australian Cyber Conference Melbourne 2024 is a dynamic hub of innovation, bringing together top cybersecurity professionals and thought leaders to tackle the industry’s most pressing challenges. On this On Location Recording Sean Martin and Marco Ciappelli have a conversation with Jinan Budge, Vice President at Forrester Research, focusing on the vital role of human-centered security in today’s evolving landscape.

Building a Human-Centered Cybersecurity Culture

One of the central themes of the discussion was the shift from traditional security awareness programs to human risk management. Jinan Budge emphasized the need to move beyond treating people as liabilities and instead design security practices that align with individual behaviors and motivations. This evolution toward human-centered cybersecurity is essential to addressing the unique risks posed by human behavior while fostering a culture of adaptability and trust.

Collaboration Between Enterprises and Vendors

The podcast highlighted the shared responsibility between enterprises and vendors to advance security practices. Enterprises must embrace adaptive security solutions tailored to their workforce, while vendors have a pivotal role in driving innovation and educating the market. This partnership is key to creating flexible, effective solutions that meet the needs of diverse organizations, from startups to global enterprises.

Understanding the Human Element in Data Breaches

Budge introduced a framework she calls the “wheel of human element breaches,” which categorizes risks such as social engineering, human error, and insider threats. This comprehensive approach pushes the conversation beyond the common narrative of phishing attacks, encouraging organizations to adopt holistic strategies that address the root causes of human-driven vulnerabilities.

Education and Continuous Learning

Marco Ciappelli and Jinan Budge underscored the importance of integrating cybersecurity education into early learning environments. Instilling digital safety habits at a young age helps build an instinctive understanding of cybersecurity, preparing future generations for the increasingly digital workplace. This foundation ensures smoother transitions into organizational cultures where cybersecurity is second nature.

Conclusion

The discussions at the Australian Cyber Conference Melbourne 2024 illuminated the industry’s growing focus on human-centered strategies and collaboration between enterprises and vendors. These efforts underscore the importance of proactively addressing human risks and integrating cybersecurity education into every level of society. Events like this continue to shape the future, offering invaluable insights and inspiration for those dedicated to advancing the field.

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Transforming Cybersecurity with Essential Eight by Building Robust Security Structures with a Default Deny Approach | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story with Jade Wilkie

Wed, 27 Nov 2024 01:52:31 +0000

During AISA Cyber Con 2024 in Melbourne, Sean Martin connected with Jade Wilkie from ThreatLocker. Wilkie, who is currently an account executive and soon to assume a leadership role with the APAC sales team, discusses the significance of ThreatLocker’s presence at the event and their growth in the Australian market. With ThreatLocker’s APAC team attending for the first time, Wilkie emphasizes the importance of support on the ground as Australia has quickly become ThreatLocker’s second-largest market.

ThreatLocker’s approach, centered on a default deny methodology and zero trust framework, aligns well with Australia’s Essential Eight cybersecurity framework. Wilkie highlights that this strategy not only prevents unauthorized access but also reduces noise during detection and response processes. This makes the Essential 8 a solid foundation for cybersecurity, offering a straightforward and effective structure that companies can implement.

At their booth, ThreatLocker aims to raise awareness about their comprehensive offerings beyond application control, including EDR and MDR, and network control modules. Wilkie invites attendees to engage with the team to understand how ThreatLocker’s solutions can fortify their security structures.

The episode teases an upcoming conversation at Zero Trust World in Orlando, where Sean Martin and Jade Wilkie will further explore the event’s takeaways and discuss emerging themes and trends in the cybersecurity space. Don’t miss out on this insightful discussion that promises to deliver valuable information for strengthening cybersecurity efforts.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guests:

Jade Wilkie, Account Executive APAC, ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/

Resources

Essential Eight: https://itspm.ag/threatq55q

Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Balancing Technology and Human Awareness in Cyber Defense: Strategies for Families and Organizations | An Australian Cyber Conference 2024 in Melbourne Conversation with Jacqueline Jayne | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 27 Nov 2024 00:38:09 +0000

Guest: Jacqueline Jayne, The Independent Cybersecurity Expert

On LinkedIn | https://www.linkedin.com/in/jacquelinejayne/

At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/jacqueline-jayne-smict

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

During the On Location series at AISA Cyber Con 2024 in Melbourne, the conversation about cybersecurity turns engaging as Jacqueline Jayne, Security Awareness Advocate, shares her experience on human risk management and cybersecurity education. Her insights bring forward crucial points on bridging the gap between human behavior and technological security measures.

One pivotal topic discussed is the persistent challenge of human error in cybersecurity. Jacqueline highlights that human error now accounts for over 90% of security breaches. The approach to mitigating these risks isn't merely technological but educational. She emphasizes the need for comprehensive security awareness training and shifting organizational culture towards proactive risk management.

Jacqueline shares, “Organizations should redefine IT departments from the ‘Department of No’ to the ‘Department of K-N-O-W.’” She believes that instead of restricting users, organizations should focus on empowering them with knowledge, emphasizing the importance of comprehensive training that connects with employees on a personal level.

Throughout the conversation, the importance of contextual and relatable education stands out. Jacqueline advocates for simulated phishing campaigns to provide real-world scenarios for employees. By understanding and experiencing what a phishing attempt looks like in a controlled environment, employees can better recognize and react to actual threats.

Another compelling point is teaching digital citizenship from a young age. Jacqueline compares cybersecurity education to road safety education. Just as children learn road safety progressively, digital safety should be ingrained from an early age. Appropriate and guided exposure to technology can ensure they grow up as responsible digital citizens.

The discussion also touches on parental and organizational roles. Jacqueline discusses the proposal of banning social media for children under 16, acknowledging its complexity. She suggests that though banning might seem straightforward, it's more about educating and guiding children and teenagers on safe digital practices. Organizations and parents alike should collaborate to create a safer and more informed digital environment for the younger generation.

Towards the end, the dialogue shifts to the potential role of AI in enhancing cybersecurity awareness. There’s a consensus on using AI not as a replacement but as an augmentative tool to alert and educate users about potential threats in real-time, potentially mitigating the risk of human error. In conclusion, the conversation highlights the indispensable role of education in cybersecurity. JJ's perspective fosters a comprehensive approach that includes organizational culture change, continuous engagement, and early digital citizenship education. It’s not just about implementing technology but evolving our collective behavior and mindset to ensure a secure digital future.

____________________________

This Episode’s Sponsors

____________________________

Resources

The top 10 skills your security awareness and culture person must have with no IT or cyber skills in sight (Session): https://melbourne2024.cyberconference.com.au/sessions/session-OZ4j4mTr1O

Keeping our kids safe online: The essential information for parents and caregivers (Session): https://melbourne2024.cyberconference.com.au/sessions/session-oBf7Gjn2xG

Security awareness 2.0: The paradigm shift from training and simulations to engagement and culture: https://melbourne2024.cyberconference.com.au/sessions/session-drDWsOKBsL

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Healthcare to Cybersecurity: Leveraging Past Professions to Enhance Cybersecurity Programs | A Conversation with Gina D’Addamio | Redefining CyberSecurity with Sean Martin

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Gina D’Addamio) — Tue, 26 Nov 2024 13:00:00 +0000

Guest: Gina D’Addamio, Threat Analyst, Canadian Cyber Threat Exchange [@CCTXCanada]

On LinkedIn | https://www.linkedin.com/in/gina-daddamio

On Twitter | https://www.linkedin.com/in/gina-daddamio

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In the latest episode of Redefining CyberSecurity on ITSPmagazine, host Sean Martin engages with Gina D’Addamio, a threat analyst at the Canadian Cyber Threat Exchange (CCTX), to discuss the pathways and challenges for transitioning into the field of cybersecurity from different professional backgrounds.

Gina D’Addamio: From Nursing to Cybersecurity — Gina shares her compelling journey from the world of nursing to becoming a threat analyst at CCTX. Starting her career in nursing, Gina specialized in delivering babies and providing postpartum care. However, due to the increasing pressures and emotional toll of a deteriorating healthcare system, she decided to make a career change. She reflects on the emotional challenges and the impact on her family life that led her to step away from nursing.

Transitioning through the Rogers Cybersecure Catalyst Program — Gina was introduced to cybersecurity through a fellow school mom and an opportunity with the Rogers Cybersecure Catalyst program. The program provided an accelerated learning path, offering her three SANS certifications within seven months. Gina emphasizes the importance of such programs in bridging the gap for those who have no prior experience in cybersecurity, showcasing her success as a significant transition case.

Relatability between Nursing and Cybersecurity — Throughout the discussion, Gina and Sean draw parallels between nursing and cybersecurity. Gina points out how her experience in managing life-and-death situations in nursing is akin to dealing with critical incidents in cybersecurity. Her ability to remain composed under pressure and her proficiency in translating complex medical information into understandable terms has been vital in her role at CCTX.

The Role at CCTX — At CCTX, Gina's work involves threat analysis and translating complex cybersecurity threats into actionable advice for a diverse range of members, from large corporations to small businesses. The nonprofit organization plays a crucial role in threat intelligence sharing across sectors in Canada, similar to ISACs and ISAOs in the U.S.

Mentorship and Continuous Learning — Gina discusses the ongoing learning environment within CCTX, facilitated by member-led webinars and hands-on experiences such as Wireshark workshops. She highlights the constant need for education in cybersecurity due to the ever-changing threat landscape. She also mentors others transitioning into cybersecurity, stressing the value of soft skills and effective communication in securing roles within the industry.

Advice to Employers in Cybersecurity — Gina urges employers to recognize the potential in candidates from diverse professional backgrounds, emphasizing that the ability to learn and adapt is often more important than years of industry-specific experience. She advocates for a hiring approach that looks beyond certifications to the person’s overall ability to fit within the team and contribute to the organization’s goals.

This episode underscores the potential for successful career transitions into cybersecurity from seemingly unrelated fields. Gina D’Addamio’s story is a testament to how diverse experiences can enrich the cybersecurity field, bringing fresh perspectives and skills that enhance threat analysis and response.

___________________________

Sponsors

Imperva: https://itspm.ag/imperva277117988

LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst and https://itspm.ag/rogershxbp

Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/accelerating-cybersecurity-training-and-innovation-7-minutes-on-itspmagazine-from-black-hat-sector-2024-a-rogers-cybersecure-catalyst-short-brand-innovation-story-with-rushmi-hasham-and-vasu-daggupaty

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Pre-Event Coverage | Different Hats, Shared Goals: Insights and Anticipations for Conversations and Stories from Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Sun, 24 Nov 2024 08:21:32 +0000

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this pre-event Chats on the Road episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli meet up in person and on location to discuss their excitement and expectations for the upcoming Australia Cybersecurity Conference 2024 in Melbourne. They express their enthusiasm about reuniting with the cybersecurity community and emphasize the significance of the event, which is organized by AISA and supported by notable individuals like Akash Mattel, Megan, and Abbas Kudrati.

Sean and Marco share a light-hearted opening conversation about boats and travels, setting a casual tone before diving into what they look forward to at the conference. The hosts appreciate the opportunity to connect with industry leaders and attendees, emphasizing the importance of stories in operationalizing cybersecurity in business and society.

Sean highlights the need to align technology with business processes while adhering to policies and laws on a global scale. On the other hand, Marco provides a broader perspective on the interaction between individuals, society, and technology, stressing the role of cybersecurity in protecting personal privacy and fostering human interaction — it turns out it's all about the intersection of technology and culture.

The hosts reflect on their past experiences in the cybersecurity field, with Sean sharing an anecdote about a vintage AV hat that represents his journey at Symantec rooted in the Australia. culture. This reflection underscores the value of learning from past and present experiences to shape a better future in cybersecurity.

Sean and Marco discuss the diverse sessions and interactions planned for the event, mentioning notable speakers like Joe Sullivan and Mikko Hypponen. They are particularly excited about the wide range of topics to be covered, from policy and privacy to operational strategies and the human element in cybersecurity.

As they anticipate the week ahead, Sean and Marco invite listeners to engage with them during the conference. They are eager to forge new relationships and gather stories that resonate on a global scale, underscoring the event's potential for fostering meaningful connections and enhancing cybersecurity practices worldwide.

Tune in to hear Sean and Marco's thoughts on what promises to be an exciting and informative week at the Australia Cybersecurity Conference 2024. Whether you're attending the event or staying tuned from afar, this episode sets the stage for the compelling conversations and insights to come.

____________________________

This Episode’s Sponsors

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bridging Cybersecurity and Finance for Better Insurance Outcomes | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Google Short Brand Innovation Story with Monica Shokrai

Fri, 22 Nov 2024 00:38:10 +0000

In this Brand Story episode, recorded live at the HITRUST Collaborate Conference 2024, host Sean Martin sits down with Monica Shokrai, Head of Risk and Insurance for Google Cloud. The topic of conversation centers around cyber insurance, a crucial area impacting organizations across sectors.

Monica Shokrai leads the charge in managing risk and procuring insurance for Google Cloud, a role that integrates closely with both the finance and security teams. She highlights the unique dual approach of her team, which not only secures coverage for Google but also strategizes on how to leverage insurance to assist Google Cloud customers in mitigating risks.

A key point discussed is the interdisciplinary nature of cyber insurance. Traditionally managed by the finance or legal departments, Shokrai emphasizes its growing collaboration with cybersecurity teams. She notes that the standard organizational structure often sees a communication divide between finance and security departments. However, the evolving cyber insurance market is pushing these groups closer together, fostering a more integrated risk management strategy.

Shokrai also shares insights on how Google approaches risk exposure and posture. By modeling risk in-house and leveraging an actuarial team, Google can quantify risks accurately and work closely with security teams. This model not only helps in securing better insurance terms but also aids in understanding and integrating security measures within the organization.

Another significant point is Google’s innovative approach to automating the cyber insurance process. Through their Risk Protection Program, Google allows security metrics to be shared with insurance partners like Allianz in Munich. This method simplifies the underwriting process and promotes a data-driven approach to evaluating cybersecurity risks, aligning insurers and security teams toward a common goal.

Overall, the discussion underscores the importance of a cohesive strategy that bridges finance and cybersecurity through innovative risk management and insurance practices. With leaders like Monica Shokrai at the helm, Google Cloud is at the forefront of integrating these critical functions, ultimately benefiting both the company and its customers.

Learn more about Google Cloud: https://itspm.ag/google-pkap

Note: This story contains promotional content. Learn more.

Guest: Monica Shokrai, Head of Risk and Insurance, Google Cloud [@lifeatgoogle]

On LinkedIn | https://www.linkedin.com/in/monicashokrai/

Resources

Learn more and catch more stories from Google: https://www.itspmagazine.com/directory/google

Simplified Cyber Insurance for Organizations with a HITRUST Certification: https://itspm.ag/hitrusp5x6

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Pre Event Coverage | Unveiling Cybersecurity's Future: Joe Sullivan's Keynote Journey to Australian Cyber Conference 2024 in Melbourne | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 20 Nov 2024 19:02:30 +0000

Guest: Joe Sulllivan, CEO at Ukraine Friends [@UkraineFriends_]

On Linkedin | https://www.linkedin.com/in/joesu11ivan/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The discussion begins with Sean and Marco humorously chatting about sunsets in California versus those on the other side of the world, as they prepare for their trip. With excitement in the air, they highlight the conference’s stellar lineup, especially keynote speaker Joe Sullivan, joining the conversation from Sydney. Already immersed in the Australian vibe, Sullivan shares his anticipation for the event and comments on the sunny weather awaiting them.

Sullivan’s career is a fascinating intersection of technology, law, and leadership. From his days as a cybercrime prosecutor to leading security efforts at Facebook and Uber, he offers a unique perspective on the evolution of cybersecurity as both a profession and a global necessity.

Joe Sullivan's Career Journey
Reflecting on his career path, Sullivan describes his journey as a "Jenga pile" built on diverse and dynamic experiences. He recalls his transition from government service to the tech industry during the dot-com boom, driven by curiosity and a hunger for new challenges. His work at companies like eBay, PayPal, and Facebook involved pioneering projects such as building security teams from scratch and shaping policies like responsible disclosure programs.

The Role of Regulation in Cybersecurity
Sullivan and the hosts delve into the crucial topic of regulation in cybersecurity. Drawing on his experiences, Sullivan underscores the disparity in resources between regulated and unregulated sectors, pointing to financial services and healthcare as examples. He advocates for smart, balanced regulations to ensure cybersecurity initiatives are well-funded and effective, emphasizing that structure is key to protecting industries and consumers alike.

Connecting with Security Professionals Globally
Through his global speaking engagements and commitment to attending conferences in full, Sullivan has gained valuable insights into the shared challenges facing security professionals worldwide. He highlights the universal nature of these challenges and the importance of collaboration across borders. His passion for fostering connections within the cybersecurity community resonates strongly in today’s interconnected world.

Humanitarian Efforts Beyond Cybersecurity
Beyond his professional endeavors, Sullivan shares his inspiring humanitarian work, particularly his efforts to support Ukraine through laptop donations. These initiatives, born from his professional network, illustrate the profound impact the cybersecurity community can have on broader global issues. By using technology to aid children’s education in conflict zones, Sullivan underscores the power of tech to bring hope and stability to those in need.

Conclusion
As the Australian Cyber Conference 2024 approaches, Joe Sullivan’s insights set a compelling tone for discussions about the future of cybersecurity. His message of resilience, adaptability, and global cooperation will undoubtedly inspire attendees. For those ready to engage and learn, Sean Martin and Marco Ciappelli warmly invite you to join them in Melbourne for this transformative event — and of course, follow them subscribing to their podcast if you cannot be there.

____________________________

This Episode’s Sponsors

Press Release: https://www.businesswire.com/news/home/20241030638106/en/SecTor-2024-Announces-Record-Breaking-Attendance-Following-Successful-Close-of-Toronto-Event

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Resources

UkraineFriends: https://itspm.ag/ukrainwwmj

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Black Hat Announces Content Lineup for Black Hat Europe 2024 | 2 Minutes on ITSPmagazine

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Wed, 20 Nov 2024 03:51:17 +0000

Black Hat, the cybersecurity industry’s most established and in-depth security event series, today announced the release of its content lineup for Black Hat Europe 2024. The live, in-person event will take place at the ExCeL London from December 9 to December 12, and feature 41 Briefings hand selected by the Black Hat Europe Review Board, four days of Trainings, 25 Sponsored Sessions, and 64 in-person tool demos and three labs at Black Hat Arsenal.

Briefings highlights include:

● SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications

● SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon

● WorstFit: Unveiling Hidden Transformers in Windows ANSI!

Trainings highlights include:

● Assessing and Exploiting Control Systems and IIoT [4105]

● Fundamentals of Cyber Investigations and Human Intelligence [2111]

● Attacking DevOps Pipelines [2108]

● Offensive Mobile Reversing and Exploitation [4108]

● Advanced Cloud Incident Response in Azure and Microsoft 365 [2103]

Black Hat Arsenal at Black Hat Europe 2024 tool demo highlights include:

● Campus as a Living Lab: An Open-World Hacking Environment

● Pandora: Exploit Password Management Software To Obtain Credential From Memory

● Morion - A Tool for Experimenting with Symbolic Execution on Real-World Binaries

For registration and additional information on Black Hat Europe 2024, please visit www.blackhat.com/eu-24

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.blackhat.com/html/press/2024-11-06.html

Catch all of our On Location Stories: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event | 2 Minutes on ITSPmagazine

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Mon, 18 Nov 2024 18:14:31 +0000

SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto.

Show highlights for 2024 included:

● Keynotes: This year’s event featured two Keynote presentations. The opening Keynote was presented by Leigh Honeywell, founder and CEO of Tall Poppy, and the second Keynote was presented by Omkhar Arasaratnam, Distinguished Engineer for Security at LinkedIn.

● Business Hall: This year’s Business Hall showcased the latest products and technologies from more than 140 of the industry’s leading cybersecurity solution providers. The Business Hall also featured areas for attendee, vendor, and community engagement through Exhibitor Booths, Arsenal, Sponsored Sessions, Bricks & Picks, and the Community Lounge.

● Summits: On Tuesday, October 22, the event featured a full day of Summit content, including the ninth annual SecTor Executive Summit, the inaugural The AI Summit at SecTor, and the ninth annual Cloud Security Summit at SecTor.

● Scholarships: As a way to introduce the next generation of security professionals to the SecTor community, SecTor awarded a total of 37 complimentary SecTor 2024 Briefings passes. Black Hat holds its own annual Student and Veteran Scholarship programs, and partners with a variety of associations on additional scholarship opportunities.

Note: This story contains promotional content. Learn more.

Resources

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Leveraging Data for Cyber Insurance to Bring Consistency and Clarity in Underwriting | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Trium Cyber Short Brand Innovation Story with Josh LaDeau

Sat, 16 Nov 2024 00:09:40 +0000

In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages.

Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately.

Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market.

The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses.

Learn more about Trium Cyber: https://itspm.ag/hitrusi2it

Note: This story contains promotional content. Learn more.

Guest: Josh LaDeau, CEO, Trium Cyber

Resources

Learn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrust

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Christine Dewhurst and Dr. Thomas Lee | On Location Coverage

Sat, 9 Nov 2024 04:40:48 +0000

Guests:

Christine Dewhurst, Partner, NSC Tech

On LinkedIn | https://www.linkedin.com/in/christine-dewhurst-262867a9/

At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#christine-dewhurst-48706

Dr. Thomas Lee, CEO, Vivo Security

On LinkedIn | https://www.linkedin.com/in/thomas-lee-phd-b7766b10/

At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#dr-thomas-lee-48707

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco as part of our coverage of SecTor Information Security Conference in Toronto, Canada, Sean Martin and Marco Ciappelli spoke with notable guests Christine Dewhurst and Dr. Thomas Lee. This episode centers on innovative approaches to assessing an organization's risk related to third-party data breaches. Christine Dewhurst and Dr. Thomas Lee present a compelling new people-centric model for determining an organization's exposure to third-party data breaches.

Dr. Lee, who holds a PhD in biophysics and operates in California's Silicon Valley, initially approached cybersecurity from a scientific standpoint. He explains that their research focuses on using empirical regression modeling to quantify and predict data breach probabilities based on staffing levels and certifications. His emphasis is on the importance of having enough trained and certified personnel, which includes CISSPs and CISAs, as key indicators of security posture.

Christine Dewhurst, based in Toronto, partners with Dr. Lee in applying these mathematical models in practical scenarios. She underscores the critical role of understanding the workforce's capacity to manage and protect data. Dewhurst explains that their model evaluates five key staffing metrics to predict data breach risks, emphasizing that having the right quantity and quality of staff is crucial for robust security. She highlights their unique approach which differs from traditional methods focusing solely on technical controls.

The discussion also touches on the surprising significance of audit certifications (CISA) being equally important as technical security certifications (CISSP). This understanding bridges the gap between cybersecurity practices and business management strategies, providing a holistic overview of enterprise security health based on human resources. Christine Dewhurst and Dr. Thomas Lee offer fresh insights into how organizations can strategically enhance their defenses against third-party data breaches.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach (Session): https://www.blackhat.com/sector/2024/briefings/schedule/index.html#a-new-people-centric-approach-to-determining-an-organizations-exposure-to-a-third-party-data-breach-41396

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

First of its Kind Cyber Insurance Product Exclusively Available to HITRUST-Certified Customers | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Blake Sutherland and Robert Booker

Fri, 8 Nov 2024 17:37:26 +0000

In this Brand Story episode, Sean Martin brings together the team from HITRUST, Robert Booker and Blake Sutherland, to discuss the topic of cyber insurance and its current state in the industry. Both guests bring a wealth of experience and insight, with Robert Booker overseeing strategy, research, and innovation at HITRUST, and Blake Sutherland serving as the EVP of Market Engagement.

A significant portion of the discussion centers around the role of cyber insurance in today's business environment. Cyber insurance is not just a safety net but a critical aspect of a complete risk management strategy. As Robert Booker points out, it’s an essential service, historically used to cover residual risk after companies have applied their own security measures. However, the market has changed considerably, with new capabilities and approaches evolving over the past several years, making it a dynamic area.

Blake Sutherland further elaborates on the issues that organizations face in acquiring cyber insurance today. The process is often cumbersome, involving extensive questionnaires and varied requirements from different underwriters. This can be particularly challenging for mid-market companies that may lack the internal resources to manage these complexities.

The episode highlights that HITRUST is addressing these challenges with their R2 certification, which provides an objective, quantifiable measure of an organization’s cybersecurity posture. This certification helps companies not only in fortifying their own security but also in streamlining the insurance acquisition process by offering a standardized measure that underwriters can rely on. According to Robert Booker, this quantified approach can make a significant difference, offering confidence to both the insured and the insurer.

Another important aspect discussed is the role of brokerage in this process. Brokers traditionally guide companies through the insurance process, and an R2 certification from HITRUST can greatly assist them in securing better terms and conditions, as it is recognized as a testament to a company's robust security posture. This can also translate into potentially lower premiums and more reliable coverage, addressing one of the largest pain points in securing cyber insurance.

The HITRUST Shared Risk Facility is made available exclusively through licensed brokers and can be accessed by any company holding an R2 certification, with plans to extend to I1 and E1 levels in the future. This facility aims to simplify the process, reduce the administrative burden on companies, and provide greater reliability in the insurance coverage.

The episode wraps up with an invitation for organizations, brokers, and underwriters to engage with HITRUST to explore these innovative solutions. It’s a call to improve the overall confidence in the insurance landscape through verified, independent measures of cybersecurity maturity, ultimately benefiting all parties involved in the cyber insurance ecosystem.

Explore how HITRUST’s R2 certification can enhance your organization's cybersecurity posture and streamline your cyber insurance process.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Resources

HITRUST 2024 Trust Report: https://itspm.ag/hitrusi2it

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bringing a Consistent, Personable and Hands-On Approach to Compliance | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A IS Partners Short Brand Innovation Story with Ian Terry and Robert Godard

Thu, 7 Nov 2024 04:24:39 +0000

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.

Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.

One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.

The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.

Learn more about IS Partners: https://itspm.ag/isparto2jk

Note: This story contains promotional content. Learn more.

Guests:

Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/ian-terry/

Robert Godard, Partner, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/

Resources

Learn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partners

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Future of Cybersecurity at the Australian Cyber Conference 2024, in Melbourne | A Pre-Event Conversation with Akash Mittal | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 7 Nov 2024 03:41:47 +0000

Guest: Akash Mittal, CISO, Group Security, Sumitomo Forestry Australia

On LinkedIn | https://www.linkedin.com/in/akashgmittal/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Welcome to Melbourne for AU Cyber Con 2024
From November 26th to 28th, Melbourne will transform into the epicenter of cybersecurity as it hosts AU Cyber Con 2024. Organized by the Australian Information Security Association (AISA), the conference brings a diverse lineup of global thought leaders and innovators to the stage, all focused on shaping the next wave of cybersecurity.

Conference Highlights and Theme
The theme, "The Future is Now," reflects the urgent need for organizations and individuals alike to adapt to our rapidly changing digital landscape. Over three days, the event will feature 440+ speakers and 350 sessions, offering a deep dive into the intersection of cybersecurity, society, and technology.

Engage with Industry Leaders
This year’s lineup includes top voices in cybersecurity and beyond, like former Facebook CSO Joe Sullivan, astronaut Jose Hernandez, and security icon Mikko Hypponen. With appearances from cultural figures such as actor Kal Penn, the event will highlight the broader societal impact of cybersecurity, demonstrating how it affects everything from the arts to government policy.

Interactive Villages and Hands-On Workshops
AU Cyber Con goes beyond the stage with interactive villages like the Careers Village, Lockpicking Village, and AI Village. Here, attendees can gain hands-on experience with everything from physical security tools to AI applications and prompt injections. For those interested in personal brand-building, industry insights, or getting into the nuts and bolts of cybersecurity, these workshops offer something for everyone.

Spotlight on Sponsors and Exhibitors
With support from over 150 exhibitors, the event provides a unique opportunity for attendees to connect with leading companies and uncover the latest in cybersecurity tech. For exhibitors, it’s a valuable chance to meet professionals tackling real-world cybersecurity challenges head-on.

Fostering Global Collaboration
AU Cyber Con 2024 emphasizes the need for global teamwork to advance cybersecurity. Government representatives and international delegates will discuss strategic initiatives and regulatory advancements to strengthen cyber resilience. This gathering is the perfect platform to build connections, share ideas, and work toward a unified digital security future.

Looking Ahead: Coverage from ITSPmagazine
Sean Martin and Marco Ciappelli will be covering AU Cyber Con in real time. Join us for pre-event discussions, live updates, and post-event insights—all crafted to keep you connected to the latest innovations and collaborations shaping the future of cybersecurity.

____________________________

This Episode’s Sponsors

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/asia24

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Transforming Compliance and Revolutionizing Cybersecurity | A HITRUST Collaborate 2024 Conversation with Ryan T. Patrick | On Location Coverage with Sean Martin

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Ryan T. Patrick) — Thu, 31 Oct 2024 15:00:00 +0000

Guests: Ryan T. Patrick, Vice President of Adoption, HITRUST

On LinkedIn | https://www.linkedin.com/in/ryan-patrick-3699117a/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

In On Location Podcast episode, Sean Martin had a recap conversation with Ryan T. Patrick, engaging about the pivotal topics surrounding HITRUST and its Collaborate Conference. Ryan Patrick, Director of Corporate Audit and Compliance Operations at HITRUST, provided insightful commentary on HITRUST's mission and its recent initiatives to strengthen cybersecurity and compliance across various sectors. Throughout the episode, Ryan emphasized the significance of HITRUST's annual event, Collaborate. The conference serves as a central hub for customers, assessors, partners, auditors, security, and privacy professionals to share insights and build relationships.

One key discussion topic was the evolving concept of continuous assurance. Ryan highlighted how HITRUST is striving to transform annual assessments into a continuous process, enabling organizations to better manage and understand their security posture throughout the year. This shift aims to make security and compliance efforts more proactive and less burdensome.

Sean and Ryan also touched on the important role of HITRUST's Results Distribution System (RDS). This innovative system allows organizations to receive structured assessment results, which can be integrated seamlessly into GRC platforms like ServiceNow. By utilizing RDS, companies can more effectively compare vendor assessments and manage risk in a streamlined manner.

Another significant highlight from the conference was the announcement of HITRUST's first AI security certification. Set to launch in December, this certification will provide a comprehensive framework for securing AI technologies. Ryan explained that this initiative addresses the rising concerns around AI security by focusing on the controls needed to safeguard AI deployments. In addition, the certification will ensure that the underlying infrastructure supporting AI meets high-security standards.

Cyber insurance was another critical topic discussed. HITRUST's partnership with leading insurers has led to the creation of a cyber insurance product tailored for HITRUST-certified organizations. This product offers a 25% premium reduction for those who achieve HITRUST certification, potentially leading to lower premiums and higher coverage limits. Ryan noted that the product is designed to reward organizations that have demonstrated robust cybersecurity practices through their HITRUST certification.

The conversation wrapped up with a mention of HITRUST's impressive Trust Report statistics. According to Ryan, less than 1% of HITRUST-certified organizations experienced a security breach in the past two years, compared to over 50% of non-certified entities. This stark difference underscores the effectiveness of HITRUST's rigorous assessment and certification process in enhancing organizational security. Ryan’s insights during this episode illuminate the critical role HITRUST plays in advancing cybersecurity and compliance.

The initiatives discussed not only demonstrate HITRUST's commitment to innovation but also highlight practical steps organizations can take to fortify their security posture and achieve greater assurance in an increasingly interconnected world. This collaborative spirit and dedication to continuous improvement continue to set HITRUST apart as a leader in the field.

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guiding Organizations on the Next Steps in Their Compliance Journey | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | An A-LIGN Short Brand Innovation Story with Shreesh Bhattarai

Thu, 31 Oct 2024 02:33:52 +0000

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.

A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN’s experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.

Learn more about A-LIGN: https://itspm.ag/a-lign-uz1w

Note: This story contains promotional content. Learn more.

Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]

On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/

Resources

Learn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lign

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Accelerating Cybersecurity Training and Innovation | 7 Minutes on ITSPmagazine from Black Hat Sector 2024 | A Rogers Cybersecure Catalyst Short Brand Innovation Story with Rushmi Hasham and Vasu Daggupaty

Thu, 24 Oct 2024 01:31:29 +0000

The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.

Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university’s national hub for cyber education. The organization’s focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.

Vasu Daggupaty explains that the Catalyst’s training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.

The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst’s Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program’s design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.

Additionally, the Catalyst’s corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada’s cybersecurity skills shortage and enhancing the nation’s defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.

Learn more about Rogers Cybersecure Catalyst: https://itspm.ag/rogershxbp

Note: This story contains promotional content. Learn more.

Guests:

Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure Catalyst

On LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/

Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure Catalyst

On LinkedIn | https://www.linkedin.com/in/vdaggupaty/

Resources

Learn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalyst

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Effectively Managing a Growing Compliance Program While Minimizing Audit Fatigue | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A Schellman Short Brand Innovation Story with Michael Parisi and Ryan Meehan

Wed, 23 Oct 2024 16:12:15 +0000

Schellman, founded in 2002 as SAS 70 Solutions, was originally focused on just one audit standard; the SAS 70 (subsequently replaced by SOC 2). As the client base grew so did the request to perform other audits outside of the SAS 70. Schellman grew its offerings over the past 20+ years by identifying client needs and then determining if we have the skillset and expertise to deliver high quality work. We have always stayed true to our core strengths and expertise, which is why Schellman is the only Top 100 CPA firm that specializes in IT Audit and Cybersecurity.

Schellman provides full-spectrum cybersecurity third-party audits, assessments, and certifications. In a marketplace with growing cybersecurity compliance needs, organizations are struggling to incorporate additional framework and regulations in an efficient and effective way. At Schellman we harnesses our expertise and deep knowledge across the compliance standards to roadmap audits throughout the year that promotes the highest return on evidence collection and subject matter expert time.

By performing specific assessments in a staggered or parallel fashion, Schellman is able to collect once and test many; both in terms of information from subject matters experts and evidence from business stakeholders. The broad range of our compliance offerings, along with our combined audit approach and depth of expertise sets Schellman apart. Schellman's approach was built to provide expertise and quality work while valuing and respecting the time and stress assessments/audits place on an organization.

Learn more about Schellman: https://itspm.ag/schellman9a6v

Note: This story contains promotional content. Learn more.

Guests:

Michael Parisi, Head of Client Acquisition, Schellman [@Schellman]

On LinkedIn | https://www.linkedin.com/in/michael-parisi-4009b2261/

Ryan Meehan, Director, Schellman [@Schellman]

On LinkedIn | https://www.linkedin.com/in/ryan-meehan-cisa-cissp-ccsfp-iso-lead-cipp-71a5939

Resources

Learn more and catch more stories from Schellman: https://www.itspmagazine.com/directory/schellman

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk

Tue, 22 Oct 2024 19:30:00 +0000

In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.

Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.

Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.

Note: This story contains promotional content. Learn more.

Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]

On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/

Resources

Learn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentext

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Leveraging AI for Effective Healthcare Solutions | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Story with Walter Haydock and Steve Dufour

Thu, 17 Oct 2024 12:00:00 +0000

The Emergence of Innovative Partnerships: As AI becomes increasingly integral across industries, healthcare is at the forefront of adopting these technologies to improve patient outcomes and streamline services. Sean Martin emphasizes the collaboration between StackAware and Embold Health, setting the stage for a discussion on how they leverage HITRUST to enhance healthcare solutions.

A Look into StackAware and Embold Health: Walter Haydock, founder and CEO of StackAware, shares the company's mission to support AI-driven enterprises in measuring and managing cybersecurity compliance and privacy risks. Meanwhile, Steve Dufour, Chief Security and Privacy Officer of Embold Health, describes their initiative to assess physician performance, guiding patients toward top-performing providers.

Integrating AI Responsibly: A key theme throughout the conversation is the responsible integration of generative AI into healthcare. Steve Dufour details how Embold Health developed a virtual assistant using Azure OpenAI, ensuring users receive informed healthcare recommendations without long-term storage of sensitive data.

Assessment Through Rigorous Standards: Haydock and Dufour also highlight the importance of ensuring data privacy and compliance with security standards, from conducting penetration tests to implementing HITRUST assessments. Their approach underscores the need to prioritize security throughout product development, rather than as an afterthought.

Navigating Risk and Compliance: The conversation touches on risk management and compliance, with both speakers emphasizing the importance of aligning AI initiatives with business objectives and risk tolerance. A strong risk assessment framework is essential for maintaining trust and security in AI-enabled applications.

Conclusion: This in-depth discussion not only outlines a responsible approach to incorporating AI into healthcare but also showcases the power of collaboration in driving innovation. Sean Martin concludes with a call to embrace secure, impactful technologies that enhance healthcare services and improve outcomes.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests:

Walter Haydock, Founder and CEO, StackAware

On LinkedIn | https://www.linkedin.com/in/walter-haydock/

Steve Dufour, Chief Security & Privacy Officer, Embold Health

On LinkedIn | https://www.linkedin.com/in/swdufour/

Resources

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Unveiling AI's Impact and Challenges at SECTOR 2024 | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Helen Oakley and Larry Pesce | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 10 Oct 2024 15:49:11 +0000

Guests:

Helen Oakley, Director of Secure Software Supply Chains and Secure Development, SAP

On LinkedIn | https://www.linkedin.com/in/helen-oakley

On Twitter | https://x.com/e2hln

On Instagram |https://instagram.com/e2hln

Larry Pesce, Product Security Research and Analysis Director, Finite State [@FiniteStateInc]

On LinkedIn | https://www.linkedin.com/in/larrypesce/

On Twitter | https://x.com/haxorthematrix

On Mastodon | https://infosec.exchange/@haxorthematrix

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Sean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today.

The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations.

Preventing the AI Apocalypse

One of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes.

Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components.

AI BOM: A Tool for Understanding and Compliance

The conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time.

Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts.

Engagement at the CISO Executive Summit

The speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment.

Conclusion: A Call to Be Prepared

As the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SecTor 2024 Announces Summit Schedule | 2 Minutes on ITSPmagazine

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Thu, 10 Oct 2024 15:21:49 +0000

SecTor, Canada’s largest cybersecurity conference, today announced the release of its full schedule of Summits for SecTor 2024. The live, in-person event will take place from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Summits will take place on Tuesday, October 22 and include:

SecTor Executive Summit – This Summit will offer CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy. Sponsors include: Armis, Sysdig, Cyera, and Trend Micro. To apply, please visit blackhat.com/sector/2024/executive-summit.html.
Inaugural AI Summit at SecTor – This Summit will take place as part of The AI Summit Series, a global conference and expo series focusing on practical applications of AI technologies. This Summit will underscore the importance of artificial intelligence (AI) as an organization’s newest and greatest weapon within the ever-evolving cybersecurity landscape. Passes can be purchased here: blackhat.com/sector/2024/ai-summit.html.
Cloud Security Summit at SecTor – This Summit is Canada’s leading cloud security event featuring keynote speakers, panel discussions, and networking opportunities, and provides an invaluable opportunity for every security professional to engage with leaders and discuss the future of cloud security. Sponsors include: CrowdStrike, Cyera, Kyndryl, Okta, OpenText, StrongDM, Sysdig, and Lookout. Passes can be purchased here: blackhat.com/sector/2024/cloud-summit.html.

Note: This story contains promotional content. Learn more.

Resources

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 9 Oct 2024 17:24:25 +0000

Guest: Steve Wylie, Vice President, Cybersecurity Portfolio

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards.

This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies.

The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area.

Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements.

In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST Collaborate 2024 Keynote—Industry Perspectives: Charting The Path Forward—Innovations in Security and Assurance | A Conversation with Dan Nutkis, Robert Booker, Omar Khawaja, Cliff Baker, and Andrew Hicks | On Location Coverage with Sean Martin

Thu, 3 Oct 2024 17:43:51 +0000

Guests:

Dan Nutkis, Founder and Chief Executive Officer of HITRUST

On LinkedIn | https://www.linkedin.com/in/daniel-nutkis-339b93b/

Robert Booker, Chief Strategy Officer at HITRUST

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Omar Khawaja, CISO, Client at Databricks

On LinkedIn | https://www.linkedin.com/in/smallersecurity/

Cliff Baker, CEO at CORL Technologies

On LinkedIn | https://www.linkedin.com/in/cliffbaker/

Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter

On LinkedIn | https://www.linkedin.com/in/aehicks2000/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

This episode of the On Location series takes place during HITRUST Collaborate 2024 brought together leading figures in cybersecurity to share their experiences and insights. Moderated by Sean Martin, host of the Redefining CyberSecurity Podcast, the panel included Dan Nutkis, Founder and Chief Executive Officer of HITRUST; Robert Booker, Chief Strategy Officer at HITRUST and former Chief Information Security Officer at UnitedHealth Group; Omar Khawaja, CISO, Client at Databricks and former Chief Information Security Officer at Highmark Health; Cliff Baker, CEO at CORL Technologies and Managing Partner at Meditology Services; and Andrew Hicks, Partner and National HITRUST Practice Lead at Frazier & Deeter.

The session kicked off with Sean Martin highlighting the importance of collaboration and conversation within the cybersecurity community. Dan Nutkis reflected on the early beginnings of HITRUST in 2007 and discussed the initial goal of establishing a comprehensive and effective framework for security. Nutkis highlighted the organization's ongoing commitment to continuous improvement and adaptability in addressing security needs.

Omar Khawaja emphasized the need for setting high-security bars and how HITRUST has been instrumental in providing robust frameworks that simplify complex compliance requirements. He shared how Highmark Health leveraged the HITRUST certification to streamline their third-party risk management, ensuring better outcomes with fewer resources. According to Khawaja, HITRUST’s efforts in adapting to market needs and developing new assurance levels like the i1 and e1 have been vital in meeting evolving security demands.

Cliff Baker discussed the innovation driven by HITRUST in the compliance space. Baker stressed the importance of the HITRUST ecosystem, which is designed not only to meet today’s security challenges but to anticipate future needs. The assurance framework and transparency provided by HITRUST have proven essential in building and maintaining trust within the healthcare industry.

Andrew Hicks praised the rigorous QA process that HITRUST employs, which ensures that certified organizations maintain high standards of security. He emphasized how this rigorous process not only helps organizations achieve certification but also transforms their overall approach to cybersecurity.

Robert Booker spoke about the continuous curiosity and commitment required to stay ahead in cybersecurity. He highlighted how HITRUST’s data-driven approach and innovations in areas like AI and continuous monitoring are crucial in maintaining relevance and enhancing security outcomes.

Throughout the discussion, the panelists collectively underscored the importance of a robust, adaptable, and comprehensive security framework. HITRUST's continuous innovation and commitment to addressing real-world security challenges position it as a leader in the industry. The collaborative efforts of HITRUST and its community not only improve organizational security but also strengthen the overall reliability of the healthcare system.

As HITRUST continues to evolve and introduce new initiatives, it remains a pivotal player in setting high security and compliance standards. The insights shared during this episode of On Location provide a glimpse into the future of cybersecurity and the ongoing efforts to safeguard sensitive data in the healthcare sector.Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

Learn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST Achieves Major Milestone with Availability of Solution Making it Practical to Manage Third-Party (Information Security) Risk | 2 Minutes on ITSPmagazine

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Thu, 3 Oct 2024 13:30:00 +0000

HITRUST, leader in information security and third-party risk management (TPRM), has announced significant enhancements to its HITRUST Assessment XChange. This comprehensive solution addresses longstanding challenges in TPRM by integrating with leading TPRM platforms to streamline vendor risk management processes. These integrations solve the "last mile" challenge by enabling organizations to efficiently capture, consume, and analyze detailed assurance data.

The HITRUST Assessment XChange operationalizes third-party risk management through end-to-end workflows that cover the entire vendor lifecycle—from initial evaluation to results analysis. This approach significantly improves information security risk capabilities, reducing time, costs, and complexity. It also allows organizations to manage risk with updated threat-adaptive controls, broad assessment options, and real-time updates on risk mitigation.

Legacy approaches to TPRM have proven inefficient, with many organizations relying on outdated methods like spreadsheets or self-assessment questionnaires. In contrast, HITRUST’s solution offers a practical, effective, and comprehensive approach, making TPRM more manageable and secure across industries.

HITRUST’s first planned integration with ServiceNow’s TPRM solution is set for release by the end of 2024, allowing users to leverage HITRUST's capabilities within the ServiceNow platform. This integration marks a new era in operationalizing information security TPRM, providing organizations with unprecedented visibility into vendor risk.

Learn more about and stay up to date by visiting hitrustalliance.net/news.

Note: This story contains promotional content. Learn more.

Resources

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST Announces Continuous Assurance through the Proven HITRUST Ecosystem | 2 Minutes on ITSPmagazine

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Wed, 2 Oct 2024 16:15:51 +0000

HITRUST has announced the launch of HITRUST Continuous Assurance, a new strategic evolution aimed at enhancing security sustainability and outcomes through continuous control monitoring. This initiative builds upon the proven HITRUST ecosystem, providing organizations with an efficient way to manage security and compliance risks in the face of evolving cyber threats. Traditional approaches that prioritize compliance over security are increasingly inadequate, especially in the era of generative AI and sophisticated cyber-attacks.

Continuous Assurance minimizes the risk of evidence decay by enabling organizations to monitor security controls continuously, ensuring that security requirements remain relevant and reliable. Key features of this initiative include automated evidence collection, a continuous monitoring taxonomy integrated with the HITRUST CSF, and enhanced workflows in HITRUST’s MyCSF platform. The system also supports integration with Governance, Risk, and Compliance (GRC) systems, ensuring streamlined risk management.

HITRUST's Continuous Assurance will leverage its extensive certification framework, which has shown significant success. Notably, the 2024 HITRUST Trust Report highlighted that 99.4% of HITRUST-certified organizations did not report a breach over the past two years. Continuous Assurance offers new capabilities that further solidify HITRUST’s role as a leader in information security risk management.

Learn more about and stay up to date by visiting hitrustalliance.net/news.

Note: This story contains promotional content. Learn more.

Resources

Read the Press Release: https://hitrustalliance.net/press-releases/hitrust-announces-continuous-assurance-through-the-proven-hitrust-ecosystem

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Exploring the Future of Automotive Technology | An AutoSens and InCabin Europe 2024 Conversation with Sara Sargent and Rob Stead | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 2 Oct 2024 15:17:13 +0000

Guests:

Sara Sargent, AutoSens Automotive Technology Specialist

On LinkedIn | https://www.linkedin.com/in/sarasargent17/

Rob Stead, Managing Director and Founder, Sense Media Group

On LinkedIn | https://www.linkedin.com/in/robertjstead/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society and Technology Podcast

On ITSPmagazine | https://www.itspmagazine.com/marco-ciappelli

____________________________

Episode Notes

The episode kicks off with a playful exchange between Sean and Marco, setting the tone for an engaging discussion about the future of automotive tech. Marco points out the rapid advancements in the industry, comparing it to the evolution from the Flintstones' manually-powered car to today's sophisticated autonomous vehicles. Sean highlights the significance of these advancements and the pivotal role conferences like AutoSens and InCabin play in shaping the industry's future.

A Brief History of AutoSens and InCabin

Rob Stead, the managing director and founder of SenseMedia, provides a historical overview of the AutoSens conference. Established in 2015, AutoSens was born out of a need to bring together experts from various sectors of the automotive industry to foster collaboration and innovation. The event has grown exponentially, and in 2016, the first AutoSens conference was held. Today, AutoSens and its sister event, InCabin, attract a diverse audience, including engineers, regulators, and manufacturers.

Key Themes and Discussions

The conversation dives into the core themes of the upcoming conferences. Sara Sargent, an Automotive Technology Specialist at SenseMedia, explains her dual role in ensuring technical integrity and leading the InCabin event. She emphasizes the importance of addressing current safety concerns, such as child presence detection and airbag deployment accuracy. These technologies not only enhance safety but also pave the way for future innovations in autonomous driving.

The Complexity of Autonomous Vehicles

Rob elaborates on the challenges faced by the industry, emphasizing the difficulty of achieving full autonomy (L4) in consumer vehicles. He notes that while L4 technology is feasible, it is costly and likely to be limited to fleet operators rather than individual consumers. The transition to higher levels of automation will be gradual, with most vehicles remaining at Level 2 (L2) for the foreseeable future.

The Importance of Redundancy and Collaboration

Sean questions the need for various sensor modalities in vehicles, to which Rob responds by explaining the concept of redundancy. Multiple sensors, including cameras, radar, and LiDAR, work together to create a comprehensive and reliable system. This redundancy is crucial for ensuring safety and reliability in autonomous driving systems. Additionally, the conversation touches upon the importance of vehicle-to-infrastructure (V2X) technology and its potential to enhance transportation systems.

InCabin: Advancing Interior Sensing

The discussion shifts to the interior sensing technologies covered in the InCabin conference. Sara highlights the significance of these technologies in ensuring passenger safety and comfort. From detecting medical emergencies to preventing drunk driving, interior sensors can play a critical role in enhancing the overall driving experience. However, Sara acknowledges the privacy concerns that come with increased interior monitoring.

Looking Forward to the Conferences

Rob and Sara both express their excitement for the upcoming conferences in Barcelona. They provide a sneak peek into some of the keynotes and technical sessions, emphasizing the collaborative nature of the events. Notably, the conferences will feature discussions on HMI design, simulation validation, and insights from the Chinese automotive market.

Conclusion

As the episode wraps up, Sean and Marco reflect on the importance of conferences like AutoSens and InCabin in driving innovation and ensuring the safety and reliability of future automotive technologies. They encourage listeners to attend the events and stay tuned for more insightful discussions on the evolving landscape of automotive technology.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQtJTmj9bp2RMzfkXLnN4--

Be sure to share and subscribe!

____________________________

Resources

Learn more about AutoSens Europe 2024: https://auto-sens.com/europe/

Learn more about InCabin Europe 2024: https://incabin.com/europe/

____________________________

To see and hear more Redefining Society and Technology stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hacking Deepfake Image Detection System with White and Black Box Attacks | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Sagar Bhure | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 30 Sep 2024 17:35:22 +0000

Guest: Sagar Bhure, Senior Security Researcher, F5 [@F5]

On LinkedIn | https://www.linkedin.com/in/sagarbhure/

At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#sagar-bhure-45119

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The authenticity of audio and visual media has become an increasingly significant concern. This episode explores this critical issue, featuring insights from Sean Martin, Marco Ciappelli, and guest Sagar Bhure, a security researcher from F5 Networks.

Sean Martin and Marco Ciappelli engage with Bhure to discuss the challenges and potential solutions related to deepfake technology. Bhure reveals intricate details about the creation and detection of deepfake images and videos. He emphasizes the constant battle between creators of deepfakes and those developing detection tools.

The conversation highlights several alarming instances where deepfakes have been used maliciously. Bhure recounts the case in 2020 where a 17-year-old student successfully fooled Twitter’s verification system with an AI-generated image of a non-existent political candidate. Another incident involved a Hong Kong firm losing $20 million due to a deepfake video impersonating the CFO during a Zoom call. These examples underline the serious implications of deepfake technology for misinformation and financial fraud.

One core discussion point centers on the challenge of distinguishing between real and artificial content. Bhure explains that the advancement in AI and hardware capabilities makes it increasingly difficult for the naked eye to differentiate between genuine and fake images. Despite this, he mentions that algorithms focusing on minute details such as skin textures, mouth movements, and audio sync can still identify deepfakes with varying degrees of success.

Marco Ciappelli raises the pertinent issue of how effective detection mechanisms can be integrated into social media platforms like Twitter, Facebook, and Instagram. Bhure suggests a 'secure by design' approach, advocating for pre-upload verification of media content. He suggests that generative AI should be regulated to prevent misuse while recognizing that artificially generated content also has beneficial applications.

The discussion shifts towards audio deepfakes, highlighting the complexity of their detection. According to Bhure, combining visual and audio detection can improve accuracy. He describes a potential method for audio verification, which involves profiling an individual’s voice over an extended period to identify any anomalies in future interactions.

Businesses are not immune to the threat of deepfakes. Bhure notes that corporate sectors, especially media outlets, financial institutions, and any industry relying on digital communication, must stay vigilant. He warns that deepfake technology can be weaponized to bypass security measures, perpetuate misinformation, and carry out sophisticated phishing attacks.

As technology forges ahead, Bhure calls for continuous improvement in detection techniques and the development of robust systems to mitigate risks associated with deepfakes. He points to his upcoming session at Sector in Toronto, where he will delve deeper into 'Hacking Deepfake Image Detection Systems with White and Black Box Attacks,' offering more comprehensive insights into combating this pressing issue.

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Hacking Deepfake Image Detection System with White and Black Box Attacks: https://www.blackhat.com/sector/2024/briefings/schedule/#hacking-deepfake-image-detection-system-with-white-and-black-box-attacks-40909

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Ashley Jess | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 24 Sep 2024 20:32:30 +0000

Guest: Ashley Jess, Senior Intelligence Analyst, Intel 471 [@Intel471Inc]

At SecTor | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#ashley-jess-48633

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As part of their Chats on the Road for the On Location series during SecTor in Toronto, Sean Martin and Marco Ciappelli had an engaging conversation with Ashley Jess, a Senior Threat Intelligence Analyst from Intel471.

The discussion centered on the intricacies of artificial intelligence (AI), its uses, and its abuses in the realm of cybersecurity. Ashley's upcoming presentation titled "Hello from the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation, and Scam Campaigns" sets the stage for an in-depth exploration into the dark side of AI. Ashley gives a glimpse into how AI is being utilized for nefarious purposes, highlighting the connection between generative AI and disinformation campaigns. She explains how AI has been used to create politically motivated fake graffiti, deepfake videos with celebrities, and even entirely fabricated news websites.

She emphasizes that the lowest barrier to entry for generating such content is lower than ever, making it easy for bad actors to create and spread false information swiftly. She mentions a particularly interesting case during the Olympics, where an entire propaganda movie starring a deepfake Tom Cruise was produced for political purposes. This example underscores the potential of AI to convincingly spread disinformation on a massive scale. She also points out how scam campaigns are increasingly leveraging AI, making them more believable and harder to detect.

One crucial topic Ashley touches on is the matter of responsibility in combating these threats. She discusses the need for more robust government regulations and the role of various technology vendors in detecting and preventing the misuse of AI. She highlights the importance of technologies like Web3 and blockchain for content provenance.

According to Ashley, integrating such measures into platforms used by everyday people can help mitigate the risks posed by AI-generated disinformation. Marco Ciappelli adds to this by reflecting on how easy it is to create misleading content and target vulnerable populations. He points out that ordinary citizens, who are not as vigilant or technologically savvy, are at greater risk. On this note, Sean Martin questions who should be responsible for protecting individuals and organizations from AI-based threats.

The discussion also touches on the ethical aspects of AI and its dual-use nature—where technological advancements can be both beneficial and harmful. Ashley emphasizes the need for a balanced approach that considers both the legitimate applications of AI technology and its potential for abuse. Ashley Jess is enthusiastic about her upcoming talk at SecTor where she promises to delve further into these critical issues.

The session aims to provide a realistic, frontline view of how AI is being used maliciously and to encourage more proactive measures to combat these emerging threats. For those attending SecTor, her insights promise to be both enlightening and essential.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

Hello From the Dumpster Fire: Real Examples of Artificially Generated Malware, Disinformation and Scam Campaigns (Session): https://www.blackhat.com/sector/2024/briefings/schedule/#hello-from-the-dumpster-fire-real-examples-of-artificially-generated-malware-disinformation-and-scam-campaigns-41161

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 14 Sep 2024 01:18:10 +0000

Guest: Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future [@RecordedFuture]

On Linkedin | https://www.linkedin.com/in/allan2

On Twitter | https://twitter.com/uuallan

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses.

The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean’s engagements.

Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations.

A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack.

The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes.

The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference.

In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics.

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle

Be sure to share and subscribe!

____________________________

Resources

The Ransomware Threat and the Resilience Imperative (Session): https://www.hitrustevents.com/event/HITRUSTCollaborate2024/websitePage:645d57e4-75eb-4769-b2c0-f201a0bfc6ce?session=3448b1bf-3996-4945-95ed-bd957710b0ac

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 14 Sep 2024 00:54:25 +0000

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.

Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.

Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.

Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.

The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.

To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.

____________________________

This Episode’s Sponsors

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sboms

Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martin

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Charting the Path Forward: Navigating Security and Compliance at Collaborate 2024 | A HITRUST Collaborate 2024 Conversation with Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 9 Sep 2024 21:11:02 +0000

Guests:

Leslie Jenkins, Sr. Director, Marketing, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/lsjenkins/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Steve Perkins, Chief Marketing Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/steve-perkins-1604b31/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of "On Location with Sean and Marco," Sean Martin welcomes listeners to an engaging Chats on the Road episode heading from Frisco, Texas, where he discusses Collaborate 2024—an upcoming event centered on security, risk management, and compliance programs. Sean is joined by notable industry figures, including Leslie Jenkins, Robert Booker, Blake Sutherland, and Steve Perkins, who collectively provide a comprehensive overview of Collaborate 2024.

The discussion begins with Robert Booker sharing insights into the history and objectives of the HITRUST Collaborate conference. He explains the event's organic growth and its focus on creating a community-driven environment where participants can engage in meaningful conversations about the challenges they face in the industry.

Steve Perkins elaborates on the theme "charting the path forward," highlighting the importance of addressing recent industry events, such as significant breaches, and fostering collective efforts in assurance, risk management, and compliance. The agenda includes a variety of sessions ranging from roundtable discussions with seasoned industry professionals to focused talks on emerging trends like ransomware and workforce development.

Blake Sutherland touches on the unique aspects of cyber insurance, outlining the benefits of integrating HITRUST certifications into the insurance process to enhance risk decisions and streamline procurement. The conversation also touches on the significance of AI in the industry, as Robert Booker discusses the challenges and opportunities associated with AI governance and security. He emphasizes the need for a robust framework to ensure AI systems are secure and align with corporate governance.

Leslie Jenkins adds to the excitement by talking about the conference's location at the Dallas Cowboys' world headquarters, which promises a unique networking experience. She underscores the importance of in-person interactions and how they contribute to the event's overall value.

The episode concludes with logistical details for attendees and a collective anticipation for the upcoming event. Sean and guests express their enthusiasm for being part of a community that actively engages in shaping the future of security, risk management, and compliance. Listeners are encouraged to stay tuned for more insightful episodes and register for the event through links provided in the show notes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSjVk_qSl7vkUafmICX9Rle

Be sure to share and subscribe!

____________________________

Resources

Learn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxay

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Learning about Identity Week Americas and SIDI HUB Summit | An Identity Week USA 2024 Conversation with Jeff Reich | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 6 Sep 2024 21:24:36 +0000

Guest: Jeff Reich, Executive Director, Identity Defined Security Alliance [@idsalliance]

On LinkedIn | https://www.linkedin.com/in/jreich/

On Twitter | https://twitter.com/JeffReichCSO

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Welcome to this pre-event episode of On Location, where we’re diving into what’s to come at Identity Week Americas, happening September 11th and 12th, 2024, at the Washington Convention Center in D.C. Although I won’t be on-site, Jeff—who leads the Identity Defined Security Alliance (IDSA)—gave me the inside scoop on why this event is one you can’t afford to miss.

Our conversation ranges from the critical role of digital identities and payments, to the pressing challenges facing the identity landscape today. Jeff shared insights on the panels he’ll be participating in, like Interoperable Digital Identities and The Future of Payments, giving a preview of the big discussions that will take place at the event.

We even touched on more serious global issues, such as the plight of refugees who lack identification, and how Identity Week is working toward solutions that can have a real impact. On top of that, the SIDI HUB Summit will run alongside the event, focusing on creating a standardized, globally recognized digital identity system.

With Identity Week happening across multiple continents—from the Americas to Europe and Asia—the need for international collaboration has never been clearer. Jeff’s vision for a globally interoperable identity system is ambitious, but the starting point is simple: practical steps like multi-factor authentication and building awareness about identity security.

As we look forward to the event, Jeff also mentioned that there might still be some passes available for those interested in attending. Whether you’re in the public sector, tech, or simply passionate about identity solutions, this event is your chance to get involved in shaping the future.

Stay tuned for more coverage, and thanks for joining me on this pre-event journey as we explore what’s in store at Identity Week Americas.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQtJTmj9bp2RMzfkXLnN4--

Be sure to share and subscribe!

____________________________

Resources

Learn more about Identity Week USA 2024: https://itspm.ag/identinwxn

SIDI Hub: https://sidi-hub.community/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

An Introduction to CyberTech NYC Conference 2024 with Event Director Steve Corrick | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 26 Aug 2024 12:00:00 +0000

Guest: Steve Corrick, Director, Cybertech New York

On LinkedIn | https://www.linkedin.com/in/stevecorrick/

On Twitter | https://x.com/scorrick

On Facebook | https://www.facebook.com/stephen.corrick

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

A Virtual Road Trip to CyberTech NYC

In a lively pre-event discussion, we embark on a metaphorical journey across the States, representing our excitement for the CyberTech NYC Conference, happening on September 5th, 2024, at the Metropolitan Pavilion in Chelsea. The idea of this "drive" is a fun nod to the interconnectedness of our virtual world and our anticipation of the event.

Event Spotlight: Why CyberTech NYC Matters

We kick things off by highlighting the significance of this event, mentioning that it starts early on September 4th with pre-event activities, leading up to the main event on the 5th. Steve Corrick, one of the key organizers, provides a behind-the-scenes look at the planning process and explains how this third edition of CyberTech NYC has become a distinctive fixture in the cyber ecosystem.

The Global and Local Impact of CyberTech

Steve takes us through the journey of CyberTech as a global series, tracing its roots from Tel Aviv to its expansion across multiple continents. What sets CyberTech NYC apart, he says, is its dual focus on both global trends and local innovation. New York City, now a burgeoning hub for tech and cybersecurity, plays host to an event that showcases local talent, startups, and established players alike.

Comprehensive Coverage of Cyber Topics

The event’s agenda is packed with content designed to tackle critical issues, such as:

Cyber Talent Initiative: Programs for everyone, from students to professionals looking to upskill.
VC and Investor Focus: The Investing in the Best initiative to help startups boost their funding.
Government and Agency Involvement: Discussions on how localities can strengthen their cyber ecosystems.
Main Stage Content: Keynotes on fake news, the role of cyber in elections, and other pressing topics.

Inclusivity and Innovation: A Diverse Speaker Lineup

We appreciate the diversity of speakers and the range of topics covered. With big names like Walmart, AWS, and various innovative startups, the event promises to offer something for everyone. Steve also explains the event’s blend of formats, including main stage panels, roundtables, and think tanks, all aimed at fostering in-depth discussions and knowledge sharing.

The Evolving Cyber Landscape

Reflecting on how cybersecurity events have evolved over the years, Steve notes the shift from niche gatherings to mainstream importance. With cyber threats becoming part of our daily lives, collaboration among countries and industries has become essential for enhancing global security.

Local Focus with Global Reach

We commend the event’s ability to balance global participation with a strong local focus. Steve agrees, emphasizing their collaboration with local and state-level initiatives in New York, further solidifying the city’s place on the global cybersecurity map.

Looking Forward to CyberTech NYC 2024

Our conversation wraps up with a sneak peek at the event’s schedule, including a Happy Cyber Hour on the evening of September 5th and additional pre-event activities on the 4th. Steve and his team are excited to connect with participants from around the globe, and we’ll be sharing more updates as CyberTech NYC 2024 approaches.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

____________________________

Follow our Cybertech NYC 2024 coverage: https://www.itspmagazine.com/cybertech-nyc-2024-cybersecurity-event-coverage-in-new-york-city

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRjdy_wDSLBwgPkM3zSeau_

Be sure to share and subscribe!

____________________________

Resources

Learn more about Cybertech NYC 2024: https://nyc.cybertechconference.com/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Recapping Black Hat 2024 and What’s Next | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Tue, 20 Aug 2024 16:51:08 +0000

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of "On Location With Sean Martin and Marco Ciappelli," our hosts dive into their time at Black Hat 2024 in Las Vegas, reflecting on key takeaways and sharing what’s next on their journey. Whether you're deep into cybersecurity or just curious about the industry, this blog post offers a snapshot of what to expect from Sean and Marco.

Recapping Black Hat 2024

Marco Ciappelli
Choo, choo . . .

Sean Martin
Is that the sound of the fast train back from Vegas? Or just the rush of everything we experienced?

Marco Ciappelli
I'm still wondering why there's no train from LA to Vegas. And don't get me started on LA to San Francisco—that's another conversation entirely.

The conversation kicks off with a lighthearted nod to travel woes before shifting to the core of the episode: their reflections on Black Hat 2024. Sean and Marco bring unique perspectives, emphasizing the importance of thinking beyond cybersecurity's technical aspects to consider its broader impact on society and business.

Sean's Operational Insights
Sean Martin
I like to look at things from an operational angle—how can we take what we learn and bring it back to the business to help leaders and practitioners do what they love?

Sean’s Black Hat 2024 Recap Newsletter explores the evolution from reactive data responses to strategic enablement, AI and automation, modular cybersecurity, and the invaluable role of human insights. His focus is clear: helping businesses become more resilient and adaptable through smarter cybersecurity practices.

Marco's Societal Impact
Marco Ciappelli
Cybersecurity isn’t a destination—it’s a journey. We’re never going to be fully secure, and that’s okay. Cultures change, technology evolves, and we have to keep adapting.

Marco’s take highlights the societal implications of cybersecurity. He talk about how different fields and nations are breaking down silos to collaborate more effectively. His newsletter often reflects on the need for digital literacy across business, society, and education, emphasizing the importance of broadening our understanding of technology’s role.

Upcoming Events and Conferences
The duo is excited about their packed schedule for the rest of 2024 and beyond, including:

CyberTech New York (September 2024): Focused on policy, innovation, SecOps, AppSec, and sustainability.
OWASP AppSec San Francisco (September 2024): Covering the OWASP Top 10 for LLMs and more.
Sector in Toronto (October 2024): Offering unique coverage ideas, closely tied to Black Hat.
Did someone said that they will be back covering an APJ event, in Melbourne, before the end of the year???

Additional Ventures
They’ll also be hosting innovation panels and keynotes at a company event in New Orleans, with CES in Las Vegas and VivaTech in Paris on the horizon for 2025, blending B2B startup insights with consumer tech, all with a cybersecurity twist.

Subscribe and Stay Tuned
Marco and Sean invite you to subscribe to their newsletters and follow their podcast, "On Location," as they continue their journey around the globe—both physically and virtually—bringing fresh perspectives on business, technology, and cybersecurity. You’ll also find unique "brand stories" that highlight innovations making our world safer and more sustainable.

Stay connected, enjoy the ride, and don’t forget to subscribe to both their newsletters and the "On Location" podcast on YouTube!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Sean's Newsletter Article: https://www.linkedin.com/pulse/reflecting-black-hat-2024-operationalizing-enhanced-business-martin-ccive/

Marco's Newsletter Article: https://www.linkedin.com/pulse/my-reflections-from-itspmagazines-black-hat-usa-2024-state-ciappelli-ayglc/?trackingId=hLvuq5LqQ%2B2RHNpgDtIJlQ%3D%3D

On Location Podcast: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 20 Aug 2024 15:35:35 +0000

Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]

On LinkedIn | https://www.linkedin.com/in/wilsonsd/

On Twitter | https://x.com/virtualsteve

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs.

The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs.

Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems.

The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss.

The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization.

Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

OWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update

Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190

OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287

Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Harnessing Dark Web Insights to Understand Risks from the Attacker's Viewpoint | A Brand Story Conversation From Black Hat USA 2024 | A Resecurity Story with Christian Lees and Shawn Loveland | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 19 Aug 2024 15:05:35 +0000

At Black Hat USA 2024, the spotlight is on redefining and rethinking security, as discussed in this Brand Story episode with Resecurity. Sean Martin, Christian Lees, and Shawn Loveland share the mic to explore the cutting-edge innovations shifting paradigms within the cybersecurity domain. Christian Lees and Shawn Loveland from Resecurity dive deep into the substance of their work and its impact on modern security teams. The primary focus is Resecurity's approach towards threat intelligence and how it aids organizations in proactively mitigating risks.

The discussion kicks off with an overview of Resecurity's approach to threat intelligence. Unlike conventional models that operate from within the firewall, Resecurity adopts an outside-in perspective, helping clients understand what attackers might know about their infrastructure. Shawn Loveland emphasizes this unique viewpoint by illustrating how Resecurity helps organizations identify potential breaches and vulnerabilities from the attacker's perspective, well before any threats materialize.

One intriguing point discussed by Lees and Loveland is Resecurity's comprehensive data sourcing from the dark web. Resecurity does not simply rely on common threat intel from visible websites but digs deep into exclusive, invitation-only forums and other obscure corners of the web. This meticulous venture results in a much more profound understanding of potential threats, minimizing blind spots and the risk of data inaccuracies or AI hallucinations. By drawing on diverse data sources, Resecurity promises more significant and accurate insights into the motives and methods of cybercriminals.

Moreover, Loveland highlights the technologically sophisticated tactics employed by Resecurity, combining AI to convert unstructured data into structured, actionable intelligence for security teams. This automation not only boosts efficiency but also empowers analysts to make more informed decisions swiftly. AI in Resecurity's arsenal is not a standalone entity but integrates deeply with the human-driven aspects of threat intelligence, enriching the overall analytic experience with contextual understanding and tangible evidence.

The guests also touch on Resecurity's AI capabilities, illustrating this through scenarios where AI accelerates threat detection and response. By transforming vast amounts of data into comprehensible formats, and even summarizing complex situations into actionable insights, AI significantly reduces the ordeal for security analysts while enhancing precision.

In conclusion, Resecurity’s state-of-the-art threat intelligence solutions, emphasized by the knowledgeable insights from Christian Lees and Shawn Loveland, represent a proactive and innovative approach to modern cybersecurity.

Learn more about Resecurity: https://itspm.ag/resecurb51

Note: This story contains promotional content. Learn more.

Guests:

Christian Lees, CTO, Resecurity [@RESecurity]

On LinkedIn | https://www.linkedin.com/in/christian-lees-72886b3/

Shawn Loveland, Chief Operating Officer, Resecurity [@RESecurity]

On LinkedIn | https://www.linkedin.com/in/shawn-loveland/

Resources

Learn more and catch more stories from Resecurity: https://www.itspmagazine.com/directory/resecurity

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

My Reflections from ITSPmagazine’s Black Hat USA 2024 Coverage:  The State of Cybersecurity and Its Societal Impact | A Musing On Society & Technology with Marco Ciappelli and TAPE3 | Read by TAPE3

contact@itspmagazine.com (TAPE3, ITSPmagazine, Marco Ciappelli) — Wed, 14 Aug 2024 19:42:53 +0000

My Reflections from ITSPmagazine’s Black Hat USA 2024 Coverage:  The State of Cybersecurity and Its Societal Impact

Prologue

Each year, Black Hat serves as a critical touchpoint for the cybersecurity industry—a gathering that offers unparalleled insights into the latest threats, technologies, and strategies that define our collective defense efforts. Established in 1997, Black Hat has grown from a single conference in Las Vegas to a global series of events held in cities like Barcelona, London, and Riyadh. The conference brings together a diverse audience, from hackers and security professionals to executives and non-technical individuals, all united by a shared interest in information security.

What sets Black Hat apart is its unique blend of cutting-edge research, hands-on training, and open dialogue between the many stakeholders in the cybersecurity ecosystem. It's a place where corporations, government agencies, and independent researchers converge to exchange ideas and push the boundaries of what's possible in securing our digital world. As the cybersecurity landscape continues to evolve, Black Hat remains a vital forum for addressing the challenges and opportunities that come with it.

Sean and I engaged in thought-provoking conversations with 27 industry leaders during our coverage of Black Hat USA 2024 in Las Vegas, where the intersection of society and technology was at the forefront. These discussions underscored the urgent need to integrate cybersecurity deeply into our societal framework, not just within business operations. As our digital world grows more complex, the conversations revealed a collective understanding that the true challenge lies in transforming these strategic insights into actions that shape a safer and more resilient society, while also recognizing the changes in how society must adapt to the demands of advancing technology.

As I walked through the bustling halls of Black Hat 2024, I was struck by the sheer dynamism of the cybersecurity landscape. The conversations, presentations, and cutting-edge technologies on display painted a vivid picture of where we stand today in our ongoing battle to secure the digital world. More than just a conference, Black Hat serves as a barometer for the state of cybersecurity—a reflection of our collective efforts to protect the systems that have become so integral to our daily lives.

The Constant Evolution of Threats

One of the most striking observations from Black Hat 2024 is the relentless pace at which cyber threats are evolving. Every year, the threat landscape becomes more complex, with attackers finding new ways to exploit vulnerabilities in areas that were once considered secure. This year, it became evident that even the most advanced security measures can be circumvented if organizations become complacent. The need for continuous vigilance, constant updating of security protocols, and a proactive approach to threat detection has never been more critical.

The discussions at Black Hat reinforced the idea that we are in a perpetual arms race with cybercriminals. They adapt quickly, leveraging emerging technologies to refine their tactics and launch increasingly sophisticated attacks. As defenders, we must be equally agile, continuously learning and evolving our strategies to stay one step ahead.

Integration and Collaboration: Breaking Down Silos

Another key theme at Black Hat 2024 was the importance of breaking down silos within organizations. In an increasingly interconnected world, isolated security measures are no longer sufficient. The traditional boundaries between different teams—whether they be development, operations, or security—are blurring. To effectively combat modern threats, there needs to be seamless integration and collaboration across all departments.

This holistic approach to cybersecurity is not just about technology; it’s about fostering a culture of communication and cooperation. By aligning the goals and efforts of various teams, organizations can create a unified front against cyber threats. This not only enhances security but also improves efficiency and resilience, allowing for quicker responses to incidents and a more robust defense posture.

The Dual Role of AI in Cybersecurity

Artificial Intelligence (AI) was a major focus at this year’s event, and for good reason. AI has the potential to revolutionize cybersecurity, offering new tools and capabilities for threat detection, response, and prevention. However, it also introduces new challenges and risks. As AI systems become more prevalent, they themselves become targets for exploitation. This dual role of AI—both as a tool and a target—was a hot topic of discussion.

The consensus at Black Hat was clear: while AI can significantly enhance our ability to protect against threats, we must also be vigilant in securing AI systems themselves. This requires a deep understanding of how these systems operate and where they may be vulnerable. It’s a reminder that every technological advancement comes with its own set of risks, and it’s our responsibility to anticipate and mitigate those risks as best we can.

Empowering Users and Enhancing Digital Literacy

A recurring theme throughout Black Hat 2024 was the need to empower users—not just those in IT or security roles, but everyone who interacts with digital systems. In today’s world, cybersecurity is everyone’s responsibility. However, many users still lack the knowledge or tools to protect themselves effectively.

One of the key takeaways from the event is the importance of enhancing digital literacy. Users must be equipped with the skills and understanding necessary to navigate the digital landscape safely. This goes beyond just knowing how to avoid phishing scams or create strong passwords; it’s about fostering a deeper awareness of the risks inherent in our digital lives and how to manage them.

Education and awareness campaigns are crucial, but they must be supported by user-friendly security tools that make it easier for people to protect themselves. The goal is to create a security environment where the average user is both informed and empowered, reducing the likelihood of human error and strengthening the overall security posture.

A Call for Continuous Improvement

If there’s one thing that Black Hat 2024 made abundantly clear, it’s that cybersecurity is a journey, not a destination. The landscape is constantly shifting, and what works today may not be sufficient tomorrow. This requires a commitment to continuous improvement—both in terms of technology and strategy.

Organizations must foster a culture of learning, where staying informed about the latest threats and security practices is a priority. This means not only investing in the latest tools and technologies but also in the people who use them. Training, upskilling, and encouraging a mindset of curiosity and adaptability are all essential components of a successful cybersecurity strategy.

Looking Ahead: The Future of Cybersecurity

As I reflect on the insights and discussions from Black Hat 2024, I’m reminded of the critical role cybersecurity plays in our society. It’s not just about protecting data or systems; it’s about safeguarding the trust that underpins our digital world. As we look to the future, it’s clear that cybersecurity will continue to be a central concern—not just for businesses and governments, but for individuals and communities as well.

The challenges we face are significant, but so are the opportunities. By embracing innovation, fostering collaboration, and empowering users, we can build a more secure digital future. It’s a future where technology serves humanity, where security is an enabler rather than a barrier, and where we can navigate the complexities of the digital age with confidence.

Black Hat 2024 was a powerful reminder of the importance of this work. It’s a challenge that requires all of us—security professionals, technologists, and everyday users—to play our part. Together, we can meet the challenges of today and prepare for the threats of tomorrow, ensuring that our digital future is one we can all trust and thrive in.

The End ...of this story.

This piece of writing represents the peculiar results of an interactive collaboration between Human Cognition and Artificial Intelligence.

_____________________________________

Marco Ciappelli is the host of the Redefining Society Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Sean Martin—where you may just find some of these topics being discussed. You can also learn more about Marco on his personal website: marcociappelli.com

TAPE3, which is me, is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society.

________________________________________________________________

Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Reflecting on Black Hat 2024: Operationalizing Cybersecurity for Enhanced Business Outcomes and Improved Resilience | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

Tue, 13 Aug 2024 23:35:54 +0000

Join Sean Martin and TAPE3 as they dive into key insights from Black Hat 2024, highlighting the crucial need to embed cybersecurity into core business practices to drive growth and resilience. Discover how leveraging AI, modular frameworks, and human expertise can transform cybersecurity from a defensive function into a strategic enabler of business success.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.

TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Enhancing Cyber Defense: AI Innovations and Challenges | A Black Hat USA 2024 Conversation with Rock Lambros | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 13 Aug 2024 14:00:00 +0000

Guest: Rock Lambros, CEO and founder of RockCyber [@RockCyberLLC]

On LinkedIn | https://www.linkedin.com/in/rocklambros/

On Twitter | https://twitter.com/rocklambros

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In a recent On Location episode recorded at Black Hat USA 2024, Sean Martin and Rock Lambros explore the prevailing topics and critical insights from the event's AI Summit. Sitting in the media room, not on the bustling show floor, the paid dissect the impact of artificial intelligence (AI) on cybersecurity, shedding light on its multifaceted implications.

Rock Lambros, Founder and CEO of RockCyber, shares his observations about the predominance of AI in every corner of the conference. He notes how AI's presence is ubiquitous, even saturating advertisements at the airport. Lambros provides an overview of the AI Summit, highlighting the diversity of sessions ranging from high-level talks to vendor pitches. While some were mere product promotions, others provided substantial insights and valuable statistics, which Lambros is keen to share on platforms like LinkedIn.

The discussion progresses to the remark by Nvidia's CEO, Bartley Richardson, suggesting that cyber is fundamentally a data problem, and AI could be the solution. Lambros concurs with this in part but emphasizes the necessity of maintaining human oversight in the process. Martin and Lambros reflect on the potential of AI to augment cybersecurity tasks, particularly for tier one analysts. There is a focus on leveraging AI to expedite responses to threats, potentially reducing the reaction time, which currently lags significantly behind the speed of AI-driven attacks.

Lambros presents a balanced perspective, warning against the risk of reducing entry-level jobs in cybersecurity due to AI advancements, advocating instead for upskilling these professionals to handle more complex roles. The conversation touches on governance and risk management, with Lambros stressing the importance of integrating AI governance into existing frameworks without rendering AI oversight an exclusive domain for data scientists alone. He highlights the EU AI Act and Colorado AI Act as critical regulatory frameworks that emphasize this need.

Lambros also brings attention to DARPA's open-source resources aimed at securing AI, encouraging practitioners to utilize these tools. Towards the end, a poignant observation from Robert Flores, former CISO of the CIA, underscores the difficulty governments face in keeping up with AI's rapid evolution. Lambros reflects on the mixed audience at the summit, a blend of technical practitioners and policy leaders, all grasping the significant impact and challenges AI brings to the field.

The episode underscores the crucial balance between embracing technological advancements and maintaining human oversight and governance within cybersecurity. The insights shared by Rock Lambros and Sean Martin offer a nuanced perspective on the current state of AI in the field, emphasizing a collaborative approach to integrating these innovations responsibly.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Rock's LinkedIn Post: https://www.linkedin.com/posts/rocklambros_ai-cybersecurity-ciso-activity-7226988285410074626-rX3-

AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher -- https://redefiningcybersecuritypodcast.com/episodes/ai-summit-keynote-enhancing-national-security-with-ai-driven-cybersecurity-a-black-hat-usa-2024-conversation-with-dr-kathleen-fisher-on-location-coverage-with-sean-martin-and-marco-ciappelli

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Innovations in Autonomous Penetration Testing and Continuous Security Posture Management | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From Black Hat USA 2024 | A Horizon3 Brand Story with Snehal Antani

Tue, 13 Aug 2024 13:00:00 +0000

In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.

Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.

A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.

Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.

Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization’s security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture’s evolution.

A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai’s rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.

The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai’s tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.

Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23

Note: This story contains promotional content. Learn more.

Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]

On LinkedIn | https://www.linkedin.com/in/snehalantani/

On Twitter | https://twitter.com/snehalantani

Resources

Learn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3ai

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Enhancing Security Posture by Automating and Optimizing Application Security | A Brand Story Conversation From Black Hat USA 2024 | An ArmorCode Story with Mark Lambert | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 13 Aug 2024 12:00:00 +0000

In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.

ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security.

One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first.

The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization’s security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden.

Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk.

One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams.

The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes.

This insightful episode underscores the importance of comprehensive, AI-driven solutions in today’s security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient.

Learn more about ArmorCode: https://itspm.ag/armorcode-n9t

Note: This story contains promotional content. Learn more.

Guest: Mark Lambert, Chief Product Officer, ArmorCode [@code_armor]

On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/

Resources

Learn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcode

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Blocking Billions to Secure the Internet | A Brand Story Conversation From Black Hat USA 2024 | A DNSfilter Story with TK Keanini | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 12 Aug 2024 22:26:55 +0000

During Black Hat USA 2024 in Las Vegas, Sean Martin engages in a Brand Story conversation with TK Keanini from DNSFilter to explore the pivotal role DNSFilter plays in safeguarding networks around the world. DNSFilter operates by leveraging the Domain Name System (DNS), an essential component of the internet. As TK Keanini shares, the company's primary mission is to filter out malicious traffic and allow legitimate traffic to pass through, thereby providing an effective layer of security that is both accessible and user-friendly.

The applicability of DNSFilter spans globally, reflecting the nature of cyber threats, which are not confined by geographic borders. One critical aspect discussed is DNSFilter's ability to manage approximately 130 billion DNS requests daily, blocking between three to four billion potentially harmful requests. This impressive scale underscores the importance of DNSFilter in preventing cyberattacks and protecting users from inadvertently accessing malicious sites.

From coffee shops to large enterprises, the relevance and ease of deploying DNSFilter stand out. For businesses, the practical uses of DNSFilter are numerous.

Keanini explains that the technology is effortless to set up and can be integrated directly into various levels of IT infrastructure, including Wi-Fi routers in coffee shops and public Wi-Fi in retail settings. This straightforward setup enables even those with minimal technical expertise to implement robust cybersecurity measures easily.

The conversation also highlights DNSFilter's effectiveness in addressing global issues, such as Child Sexual Abuse Material (CSAM), reinforcing the company's commitment to making the internet safer for everyone. The firm’s blocking capabilities are not limited to phishing and ransomware; they extend to other harmful content categories, ensuring comprehensive protection.

Moreover, for Chief Information Security Officers (CISOs) and organizations with established cybersecurity programs, DNSFilter offers an invaluable addition to their security suite. With DNSFilter, policies can be set with a single click, streamlining the process for schools, businesses, and managed service providers alike. Keanini points out that this level of usability ensures that even those without extensive cybersecurity experience can effectively manage and implement necessary protections.

Additionally, Keanini emphasizes the importance of DNSFilter's role in protecting everyday users on public Wi-Fi networks and its affordability for public-use scenarios. DNSFilter's technology integrates smoothly into existing security frameworks, providing peace of mind to users and IT administrators that their networks are secure. For individuals and organizations looking to enhance their online security, DNSFilter presents a compelling solution. With its easy setup, global reach, and comprehensive protection against a wide range of cyber threats, DNSFilter stands as a vital tool in the arsenal of modern cybersecurity solutions.

Learn more about DNSFilter: https://itspm.ag/dnsfilter-1g0f

Note: This story contains promotional content. Learn more.

Guest: TK Keanini, CTO, DNSFilter [@DNSFilter]

On LinkedIn | https://www.linkedin.com/in/tkkeaninipub/

Resources

Learn more and catch more stories from DNSFilter: https://www.itspmagazine.com/directory/dnsfilter

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Evolving Landscape of Application Security | A Brand Story Conversation From Black Hat USA 2024 | An AppSOC Story with Willy Leichter | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 12 Aug 2024 15:04:30 +0000

Black Hat Hacker Summer Camp: A Meeting Ground for Security Minds

As Sean Martin and Willy Leichter kick off the discussion, nostalgia sets in as they recount their years of attending the Black Hat Hacker Summer Camp. The perennial themes of security, new technology, and ever-evolving threats always seem to find their way back into the conversation, no matter how much the landscape changes.

Returning to Basics: The Unending Challenge of Security

Sean points to the recurring themes in security, to which Willy responds with a reflective acknowledgment of the cyclical nature of the industry. "It's back to figuring out how to manage all of this," he states, highlighting that while new technologies emerge, the essential task of managing them effectively remains unchanged.

Introducing AppSoc: The New Kid on the Block

Sean and Willy then dive into the heart of their discussion—AppSoc. Founded by serial entrepreneur Pravin Kothari, AppSoc is positioned in the Application Security Posture Management (ASPM) space. Willy elaborates on the company's mission: to consolidate, normalize, and prioritize security data from various point solutions to reduce noise and enhance actionable intelligence.

The Importance of Prioritization and Orchestrated Remediation

Willy explains how AppSoc’s "secret sauce" lies in prioritizing critical alerts among the plethora of security vulnerabilities. The goal is to transform a seemingly unmanageable thousand alerts into twenty high-priority ones that demand immediate attention. He emphasizes that detection without action is futile; hence, AppSoc also focuses on orchestrated remediation to bring the right information to the right teams seamlessly.

Leveraging AI for Better Prioritization and Security Posture

The use of AI in AppSoc is multifaceted. The company employs AI not only to streamline security processes but also to protect AI systems—a burgeoning field. Willy suggests that the explosion of AI applications and large language models (LLMs) has opened new attack surfaces. Thus, the role of AppSoc is to safeguard these tools while enabling their efficient use in security practices.

Real-world Applications: A Day in the Life with AppSoc

Willy shares a compelling success story about a CISO from an insurance company who managed risk across different departments using AppSoc's platform. This real-time, continuous monitoring solution replaced the less efficient, bi-annual consultant reports, demonstrating AppSoc’s efficacy in providing actionable insights promptly.

The Shift-Left Strategy and DevSecOps Collaboration

The conversation shifts to the importance of integrating DevOps and DevSecOps teams. Willy points out that while specializations are valuable, it's crucial to have "connective tissue" to get the bigger picture. This holistic view is essential for understanding how threats impact various departments and teams.

Conclusion

Sean Martin wraps up the enriching conversation with Willy Leichter, expressing his excitement for the future of AppSoc. The episode underscores the critical importance of effective application security and how innovations like AppSoc are paving the way for a more secure digital landscape.

Learn more about AppSOC: https://itspm.ag/appsoc-z45x

Note: This story contains promotional content. Learn more.

Guest: Willy Leichter, Chief Marketing Officer, AppSOC [@appsoc_inc]

On LinkedIn | https://www.linkedin.com/in/willyleichter/

Resources

Learn more and catch more stories from AppSOC: https://www.itspmagazine.com/directory/appsoc

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cutting-Edge Mobile App Security | A Brand Story Conversation From Black Hat USA 2024 | An Appdome Story with Tom Tovar | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Tom Tovar) — Fri, 9 Aug 2024 22:00:00 +0000

Welcome to another insightful story from ITSPmagazine, where we bring you exclusive content directly from Hacker Summer Camp at Black Hat Las Vegas 2024. This year, Sean Martin had the pleasure of sitting down with Tom Tovar, CEO of Appdome, to explore the company’s innovative approach to mobile app security.

A Dynamic Presence at Black Hat

Black Hat 2024 is buzzing with energy, and Appdome's vibrant booth has become a focal point for many attendees. Tom credits his marketing team for creating an engaging and visually striking presence that truly reflects Appdome’s mission. A standout feature is a unique widescreen shot setup that, although not yet shared on social media, perfectly encapsulates Appdome's vision for mobile app security.

The Origin of Appdome

During the conversation, Sean Martin asked Tom to share the origin story of Appdome. Tom, who began his career as a corporate and securities lawyer during the tech boom, later transitioned to roles in security and operations at NetScreen. His journey took a pivotal turn after teaching himself to code and recognizing the need for a more efficient way to secure mobile applications. Driven by frustration with existing solutions and encouraged by a venture capitalist friend, Tom set out to create Appdome, aiming to simplify and automate mobile app security.

Revolutionizing Mobile App Security with Appdome

Appdome’s approach integrates security into the mobile app development process through machine learning, making it easier to incorporate essential functions like encryption and anti-tampering. Over time, the platform has evolved to include advanced features such as malware detection and fraud prevention. By automating these processes, Appdome reduces friction for developers and users alike, offering a streamlined path to robust mobile app security.

Embracing Generative AI for User Empowerment

A highlight of the interview was the discussion around Appdome’s adoption of Generative AI (Gen AI). This cutting-edge technology offers automated support to users facing mobile app security threats, providing real-time guidance to resolve issues independently. This not only enhances cybersecurity but also raises awareness, helping users become more informed and vigilant.

Appdome’s Expanding Influence in Cybersecurity

With over 144,000 applications utilizing its platform and more than 11,000 builds handled daily, Appdome has established itself as a leader in mobile app security. Its widespread adoption across diverse industries underscores the platform’s scalability and versatility.

Looking Ahead: The Future of Mobile App Security

Tom Tovar also shared Appdome’s vision for the future, including the introduction of AI-driven recommendations to further streamline security integration. The ultimate goal is to achieve an auto-defend capability, making mobile app security more intuitive and effortless for users worldwide.

Conclusion

This exclusive interview with Tom Tovar at Black Hat 2024 highlights how Appdome is at the forefront of mobile app security, driving innovation and automation in a rapidly evolving landscape. As mobile threats continue to grow, Appdome’s solutions will be essential in ensuring secure, seamless experiences for users everywhere.

For more insights and updates from the cybersecurity world, keep following ITSPmagazine.

Learn more about Appdome: https://itspm.ag/appdome-neuv

Note: This story contains promotional content. Learn more.

Guest: Tom Tovar, CEO, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/tom-tovar-9b8552/

Resources

Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Securing the Digital Economy: A Deep Dive into Application and API Security | A Brand Story Conversation From Black Hat USA 2024 | An Akamai Story with Rupesh Chokshi | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 9 Aug 2024 21:30:00 +0000

In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment.

Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations.

The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape.

A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards.

Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem.

The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively.

The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors.

For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets.

Learn more about Akamai: https://itspm.ag/akamaievki

Note: This story contains promotional content. Learn more.

Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai [@Akamai]

On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Deep Fakes to Phishing: Protecting High-Profile Digital Lives and Safeguarding Personal Privacy | A Brand Story Conversation From Black Hat USA 2024 | A BlackCloak Story with Chris Pierson | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 9 Aug 2024 20:51:40 +0000

In this Brand Story episode of On Location, hosts Sean Martin and Marco Ciappelli sit down with Chris Pierson, Founder and CEO of BlackCloak, a digital executive protection company. Throughout their conversation, they explore the intersection of personal privacy, digital security, and the unique challenges faced by high-profile individuals in protecting their digital lives. Chris Pierson discusses the importance of proactive measures in digital security, emphasizing the need for executives and public figures to safeguard their personal information just as rigorously as their corporate data.

The dialogue covers various critical topics, including the rising threats of deep fakes and the implications for personal and professional security. Pierson explains how these convincing digital forgeries can be used maliciously and provides strategies to identify and combat them. Additionally, the conversation delves into common cyber threats like phishing and business email compromise, with Pierson detailing practical strategies for mitigating these risks.

Pierson also highlights the evolving landscape of privacy threats and the role of education in empowering individuals to take control of their digital presence. He shares insights on balancing security with usability, pointing out the vulnerabilities that can be overlooked by even the most tech-savvy individuals. Reflecting on his experience building BlackCloak, Pierson discusses key lessons learned while developing solutions tailored to the needs of high-net-worth and high-profile clients.

The episode underscores the criticality of a tailored approach to digital security, addressing both technical defenses and user behaviors. Listeners are encouraged to think about their own digital habits and consider how they can better protect their personal information in an increasingly interconnected world.

Learn more about BlackCloak:https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

On Twitter | https://twitter.com/drchrispierson

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Insider Insights: Cybersecurity and Collaboration | A Brand Story Conversation From Black Hat USA 2024 | A LevelBlue Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 9 Aug 2024 03:43:30 +0000

Welcome to Hacker Summer Camp Sean Martin kicks off the episode with his signature enthusiasm, welcoming listeners to another live broadcast from the renowned Hacker Summer Camp—Black Hat USA 2024 in Las Vegas. He introduces Theresa Lanowitz, a prominent figure in cybersecurity, who shares the latest developments and insights from her venture, Level Blue.

Sean Martin: “Welcome to a new episode coming to you from Hacker Summer Camp. We’re here in Las Vegas for Black Hat USA 2024, and I’m thrilled to be joined by Theresa Lanowitz. Theresa, how are you?”

Simplifying Cybersecurity with Level Blue Theresa discusses the origins and mission of Level Blue, a collaborative initiative between AT&T and World Gem Ventures. She outlines how Level Blue serves as a strategic extension to organizations, simplifying cybersecurity through consulting, managed security services, and innovative threat intelligence via Level Blue Labs.

Theresa Lanowitz: “We aim to simplify cybersecurity by helping you protect your business intelligence through our consulting services, predict your security investments through managed services, and mitigate risk with our Level Blue Labs threat intelligence team.”

The conversation shifts to how Level Blue addresses the complexities in IT, offering practical solutions and actionable intelligence to meet these challenges head-on.

Key Insights from the Level Blue Futures Report Theresa reveals exciting updates about their flagship thought leadership piece, the Level Blue Futures Report. Launched at RSA in May, this report anchors their yearly research agenda. Additionally, she introduces the C-suite Accelerator, focusing on the evolving roles of CIOs, CISOs, and CTOs in fostering cyber resilience.

Collaboration Among CIO, CTO, and CISO Sean and Theresa explore the dynamics between the CIO, CTO, and CISO roles. Theresa elaborates on how, despite their shared objectives, these roles often face conflicting priorities. She highlights the importance of these roles being equal partners within an organization to ensure cohesive responses during critical events, thereby enhancing overall organizational resilience.

Theresa Lanowitz: “The CIO, the CISO, and the CTO must be equal partners. If they’re not, achieving cyber resilience becomes very difficult.”

The Pandemic's Impact on Cybersecurity Reflecting on the pandemic’s effects, Theresa notes how it accelerated digital transformation, underscoring the crucial need for resilient cybersecurity measures. Despite some progress, she observes that cybersecurity often remains siloed, underfunded, and secondary in many organizations. She stresses the importance of aligning cybersecurity goals with business objectives to create a more integrated and effective approach.

Proactive vs. Reactive Budgets Theresa emphasizes the significance of proactive budgeting in cybersecurity, contrasting it with the more common reactive approach. Proactive budgets, she argues, allow for better alignment of cybersecurity initiatives with business goals, which is vital for preempting breaches and addressing regulatory compliance.

Theresa Lanowitz: “If you can align cybersecurity initiatives with business goals, you’re going to be proactive rather than reactive.”

The Role of Trusted Third-Party Advisors Theresa advocates for the involvement of trusted third-party advisors, such as consulting and managed security services. These advisors bring valuable external perspectives and experience, which are crucial for driving innovation and ensuring robust security measures.

Sean Martin: “By working with a trusted partner, you’re not giving up your creative ideas but rather ensuring they play out effectively and securely.”

The Human Element in Cybersecurity As the discussion winds down, Sean and Theresa agree that, at its core, cybersecurity is about people. Theresa underscores the need for cross-functional communication within organizations and with trusted third-party advisors to achieve comprehensive and effective cybersecurity.

Sean Martin: “It always comes back to the people, doesn’t it?”

Conclusion The episode wraps up with Sean expressing gratitude for Theresa’s insights and encouraging continued exploration of research and innovation across various sectors. He invites the audience to explore the Level Blue Accelerator Report for actionable insights.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Balancing Integrity and Sales: The Dual Role of Field CISOs | CISO Circuit Series: Episode 5 with Black Hat USA 2024 Event Coverage | Michael Piacente and Sean Martin on the Redefining CyberSecurity Podcast

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Michael Piacente) — Fri, 9 Aug 2024 03:00:00 +0000

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guest: Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In the latest episode of the CISO Circuit Series on the Redefining CyberSecurity Podcast, Sean Martin and Michael Piacente join forces in Las Vegas during the Black Hat USA 2024 Conference to engage in an insightful conversation about the evolving role of the Field CISO. Sean Martin is joined by Michael Piacente, Managing Partner and Co-Founder at Hitch Partners, as they dissect the significance and responsibilities of Field CISOs in today's cybersecurity landscape.

A primary focus of the episode is understanding what a Field CISO actually entails. Michael Piacente explains that the role of Field CISO varies widely across organizations, but it generally falls into two categories: customer engagement and sales enablement. Companies might hire Field CISOs to build operational risk assessments and customer relationships, or to drive the technical sales process. For instance, Field CISOs play a pivotal role in product companies by acting as trusted advisors who help communicate complex technical topics in a digestible manner to potential clients.

Michael also highlights key attributes that make a Field CISO successful, such as genuine cybersecurity experience, deep technical knowledge, a reputable name in the community, and robust networking skills. Successful Field CISOs can seamlessly transition between discussing technical details and broader strategic goals with stakeholders. Their role often includes influencing product development by bringing practical insights from customers back to the engineering teams.

One crucial point raised during the discussion is the integrity and trustworthiness required for a Field CISO. Sean and Michael emphasize that maintaining trust within the CISO community is paramount. Field CISOs should avoid crossing lines between promotional activities and genuine advisory roles. They assert that integrity and transparency remain foremost in these roles, as they are often looked to for unbiased, independent advice.

Another topic discussed is how organizations should approach hiring for the Field CISO role. Michael Piacente points out the importance of setting clear expectations, understanding the balance between operational duties and sales enablement, and ensuring that the Field CISO is genuinely aligned with the company's mission and capable of maintaining community trust.

Overall, this episode sheds light on the nuanced nature of the Field CISO role, providing valuable insights for both aspiring Field CISOs and organizations looking to hire one. As the role continues to evolve, Michael and Sean underscore the need for a thoughtful approach to defining responsibilities and fostering an environment where integrity and expertise thrive.

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

____________________________

Resources

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dynamic Access Control in Modern Cloud Environments | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Artyom Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 9 Aug 2024 02:18:37 +0000

In this On Location episode Brand Story, Sean Martin speaks with Artyom Poghosyan at the Black Hat conference in Las Vegas about Britive, a cloud privileged access management platform. They explore how Britive assists medium to large enterprises in tackling identity management and security issues across multi-cloud and hybrid environments.

Sean and Artyom discuss the complexities that organizations face with cloud adoption, where traditional lift-and-shift approaches no longer suffice. Artyom outlines how the incorporation of new processes and tools, such as DevOps automation, complicates identity and access management in cloud environments. Britive's approach emphasizes the need for dynamic, scalable solutions that align with the speed and agility of cloud-based development while ensuring robust security controls.

A key focus is the balance between granting necessary access for operational efficiency and minimizing security risks from overprivileged accounts. Artyom describes Britive's method of dynamically granting and revoking access based on justified needs, ensuring that temporary elevated access is appropriately controlled and removed post-use.

Additionally, the conversation highlights the challenges of managing identities across multiple cloud platforms (AWS, GCP, Azure, etc.) and the diverse technologies used in modern enterprises. Artyom explains Britive's capability to provide a unified identity and access management approach that simplifies and secures these varied environments.

The episode also emphasizes Britive’s potential to significantly reduce the time required for onboarding DevOps engineers, streamlining the process from days to mere minutes through automation. This not only improves operational efficiency but also vastly reduces risk by limiting standing privileges, a key security vulnerability often exploited by cybercriminals.

Finally, they touch upon how Britive fits within broader organizational security strategies, particularly Zero Trust initiatives. By eliminating standing access risks and offering integration with existing security processes, Britive supports the implementation of comprehensive identity security programs that align with modern security frameworks.

Sean closes the episode by encouraging listeners to engage with Artyom and the Britive team to see how their solutions can enhance identity management and security within their organizations.

Learn more about Britive: https://itspm.ag/britive-3fa6

Note: This story contains promotional content. Learn more.

Guest: Artyom Poghosyan, Co-Founder, Britive [@britive1]

On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/

Resources

Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Coro's Modular Cybersecurity and True Platform Revolution | A Brand Story Conversation From Black Hat USA 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 8 Aug 2024 21:43:34 +0000

At Black Hat 2024 in Las Vegas, Sean Martin from On Location interviews Dror Liwer of Coro, uncovering the impressive strides Coro has made in creating a truly cohesive cybersecurity platform. This conversation reveals how Coro distinguishes itself in an industry saturated with buzzwords and inadequate solutions, particularly for smaller and mid-sized businesses.

Meeting in Vegas

Sean Martin starts the conversation by appreciating the vibrant atmosphere at the Black Hat Business Hall. The colorful Coro booth, coupled with the energetic team, sets the perfect backdrop for a discussion centered on platform innovation.

Sean Martin: "Here we are, Dror. Fantastic seeing you here in Vegas."

Dror Liwer: "It's where we meet."

The Platform Buzz

The term “platform” has become a buzzword in the cybersecurity industry. Dror explains that many companies claim to offer platforms, but these so-called platforms often result from the integration of various point solutions, which don't communicate effectively with each other.

Dror Liwer: “We built Coro as a platform and have been a platform for 10 years. It's kind of funny to see everybody now catching up and trying to pretend to be a platform.”

Dror criticizes how companies use “platform” to create market confusion, explaining that a true platform requires seamless integration, a single endpoint agent, and a unified data lake.

Defining a True Platform

Dror and Sean delve deep into what makes Coro's platform genuinely innovative. Dror emphasizes that a real platform collects and processes data across multiple modules, providing a single pane of glass for operators. He contrasts this with other solutions that merely integrate various tools, resulting in operational complexity and inefficiencies.

Dror Liwer: "A real platform is an engine that has a set of tools on top of it that work seamlessly together using a single pane of glass, a single endpoint agent, and a single data lake that shares all of the information across all of the different modules."

The Role of Data

Data integration is a cornerstone of Coro’s platform. Dror explains that each module in Coro functions as both a sensor and protector, feeding data into the system and responding to anomalies in real-time.

Dror Liwer: "The collection of data happens natively at the sensor. They feed all the data into one very large data lake."

This unified approach allows Coro to eliminate the time-critical gap between event detection and response, a significant advantage over traditional systems that often rely on multiple disparate tools.

Supporting MSPs and Mid-Market Businesses

One of Coro's key missions is to support Managed Service Providers (MSPs) and mid-market businesses, sectors that have been largely overlooked by larger cybersecurity firms. By offering a more manageable and less costly platform, Coro empowers these providers to offer comprehensive cybersecurity services without the high operational costs traditionally associated with such tasks.

Dror Liwer: “We are changing that economic equation, allowing MSPs to offer full cybersecurity solutions to their customers at an affordable price.”

Fulfilling New Requirements

Dror also sheds light on how Coro helps businesses comply with new regulatory requirements or cybersecurity mandates, often dictated by their position in the supply chain.

Dror Liwer: "When this guy comes to you and says, ‘Hey, I need to now comply with this or do that,’ this is an opportunity to tell them, ‘Don't worry. I got you covered. I have Coro for you.’”

Conclusion

Dror Liwer's insights during Black Hat 2024 highlight how Coro is not only addressing but revolutionizing the cybersecurity needs of small to mid-sized businesses and their MSP partners. By creating a true platform that reduces complexity and operational costs, Coro sets a new standard in the cybersecurity industry.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Behind the Scenes of SquareX's Exposing DEF CON Talk and Their Latest Browser Security Innovations | A Brand Story Conversation From Black Hat USA 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 8 Aug 2024 16:00:32 +0000

In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX’s innovative approach to browser security and its relevance in today’s cybersecurity landscape.

Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.

The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.

Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.

Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.

Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.

Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/vivekramachandran/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Breaking Boundaries in Cloud Security, Identity, and Privileged Access Management | A Brand Story Conversation From Black Hat USA 2024 | A Britive Story with Art Poghosyan | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 6 Aug 2024 01:42:10 +0000

In this Brand Story episode as part of the Black Hat Event Coverage featuring Sean Martin and Marco Ciappelli, guest Art Poghosyan, co-founder of Britive, discusses the evolution and challenges of identity and access management (IAM) in the modern technological landscape. Sean and Marco engage Art in a conversation that covers everything from the significance of effective IAM for businesses to the innovative solutions Britive is bringing to the market.

Art shares the story behind the foundation of Britive and its journey from conception to a leading provider of cloud-native privileged access management solutions. He highlights the shift from static to dynamic identities, emphasizing the importance of automating and authorizing access in real time to meet the needs of modern DevOps and cloud environments.

The conversation also touches on how traditional security measures are adapting to new cloud-based infrastructures, highlighting the growing complexity and necessity for advanced IAM solutions. Marco brings in a critical perspective on the changing nature of technology and security, questioning how modern companies can sustain their operations amid rapid technological changes.

Art shares insight into the convergence of new ideas and the maturity of contemporary technologies, suggesting that today's advancements provide unique opportunities for innovative solutions. Sean and Marco steer the conversation to practical applications, with Art providing real-world examples of how Britive's technologies are being implemented by enterprises facing complex security challenges. He explains how Britive's API-first approach aids in operationalizing security without imposing on performance or user experience.

Furthermore, the episode sets the stage for an upcoming deeper conversation at the Black Hat event, where Art, Sean, and Marco will continue exploring IAM and the critical role Britive plays in shaping the industry's future. Listeners also get information on how to connect with Art and the Britive team at the event.

Learn more about Britive: https://itspm.ag/britive-3fa6

Note: This story contains promotional content. Learn more.

Guest: Art Poghosyan, Co-Founder, Britive [@britive1]

On LinkedIn | https://www.linkedin.com/in/artyompoghosyan/

Resources

Cloud PAM: https://itspm.ag/britivxya3

Learn more and catch more stories from Britive: https://www.itspmagazine.com/directory/britive

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI Summit Keynote: Enhancing National Security with AI-Driven Cybersecurity | A Black Hat USA 2024 Conversation with Dr. Kathleen Fisher | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 2 Aug 2024 22:36:10 +0000

Guest: Dr. Kathleen Fisher, Information Innovation Office (I2O) Director, Defense Advanced Research Projects Agency (DARPA) [@DARPA]

On LinkedIn | https://www.linkedin.com/in/kathleen-fisher-4000964/

At Black Hat | https://www.blackhat.com/us-24/summit-sessions/schedule/speakers.html#dr-kathleen-fisher-48776

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location with Sean and Marco episode, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation with Dr. Kathleen Fisher from the Defense Advanced Research Projects Agency (DARPA). The discussion centers around the upcoming Black Hat and DEF CON events, where Dr. Fisher is scheduled to deliver a keynote on the intersection of artificial intelligence (AI) and cybersecurity, with a particular focus on DARPA's ongoing initiatives and competitions.

Dr. Fisher begins by providing an overview of her background and DARPA's mission to prevent technological surprises that could undermine U.S. national security. She recounts the success of the High-Assurance Cyber Military Systems (HACMS) program, which utilized formal methods to create highly secure software for military vehicles. This program demonstrated the potential of formal methods to revolutionize cybersecurity, proving that robust software could be developed to withstand hacking attempts, even from world-class red teams.

The conversation then shifts to the AI Cyber Challenge (AICC) program, a major highlight of her upcoming keynote. AICC aims to leverage the power of AI combined with cyber reasoning systems to automatically find and fix vulnerabilities in real open-source software—an ambitious extension of DARPA's previous Cyber Grand Challenge. This competition involves collaboration with major tech companies like Google, Anthropic, OpenAI, and Microsoft, offering competitors access to state-of-the-art models to tackle real-world vulnerabilities.

Dr. Fisher emphasizes the importance of public-private collaboration in advancing cybersecurity technologies. DARPA's charter allows it to work with a diverse range of organizations, from startups to national labs, in pursuit of strategic technological advances. The episode also touches on the potential impact of cyber vulnerabilities on critical infrastructure, underscoring the need for scalable and automatic solutions to address these threats.

Listeners can anticipate Dr. Fisher highlighting these themes in her keynote, aimed at business leaders, practitioners, policymakers, and risk managers. She will outline how the audience can engage with DARPA's initiatives and contribute to the ongoing efforts to enhance national security through innovative technology solutions.

The episode promises to provide a nuanced understanding of DARPA's role in pioneering AI-driven cybersecurity advancements and offers a preview of the exciting developments to be showcased at Black Hat and DEF CON.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Keynote: Enhancing National Security with AI-Driven Cybersecurity: https://www.blackhat.com/us-24/summit-sessions/schedule/index.html#keynote--enhancing-national-security-with-ai-driven-cybersecurity-41250

AI Cyber Challenge: https://aicyberchallenge.com/

DARPA's Information Innovation Office: https://www.darpa.mil/about-us/offices/i2o?ppl=collapse

High-Assurance Cyber Military Systems (HACMS): https://www.darpa.mil/program/high-assurance-cyber-military-systems

DARPAConnect Website: https://pathfinder.theari.us/darpaconnect/home

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Reconstructing the Organizational and Social Structure of a Ransomware Gang | A Black Hat USA 2024 Conversation with L Jean Camp and Dalya Manatova | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 1 Aug 2024 18:30:00 +0000

Guests:

L Jean Camp, Professor, Luddy School of Computing, Informatics, and Engineering, Indiana University [@IUBloomington]

On LinkedIn | https://www.linkedin.com/in/ljean/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#l-jean-camp-37968

Dalya Manatova, Associate Instructor/Ph.D. Student, Luddy School of Computing, Informatics, and Engineering, Indiana University [@IUBloomington]

On LinkedIn | https://www.linkedin.com/in/dalyapraz/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#dalya-manatova-48133

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this Chats on the Road episode of the On Location with Sean and Marco podcast series, hosts Sean Martin and Marco Ciappelli engage in an insightful conversation about the intricacies of modern cybercrime, specifically focusing on ransomware gangs. The discussion revolves around the research conducted by their guests, L Jean Camp, a scholar specializing in the economics of security and privacy, and Dalya Manatova, a PhD student studying security informatics and the organizational social dynamics of e-crime.

The episode explores how ransomware gangs, such as the notorious Conti group, operate much like legitimate businesses. These criminal organizations exhibit structured hierarchies, recruit testers who may not even realize they are part of an illegal operation, and employ professional negotiation tactics with their victims. The guests emphasize that the threat posed by these gangs is often misunderstood; rather than facing advanced government operations, most individuals and organizations are dealing with commoditized cyber-attacks that follow business-like procedures.

Jean and Dalya share intriguing details about their methodology, including the linguistic and discourse analyses used to map out the relationships and organizational structures within these criminal groups. These analyses reveal the complexities and resilience of the organizations, shedding light on how they maintain operational efficiency and manage internal communications. For instance, the researchers discuss the use of jargon like “cat” to refer to crypto wallets, a nuance that highlights the challenges of interpreting cybercriminal chatter.

Additionally, the conversation touches on the implications of these findings for cybersecurity practices and the broader business landscape. Jean notes the importance of information sharing and understanding the flow of chatter within and between criminal organizations. This awareness can empower defenders by providing them with better tools and methods to anticipate and counteract these threats.

Overall, the episode provides a comprehensive look at the sophisticated nature of ransomware gangs and the importance of interdisciplinary research in understanding and combating cybercrime. The session mentioned in the episode, "Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang," is slated for Wednesday, August 7th at Black Hat, promising to offer more extensive insights into this critical issue.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang: https://www.blackhat.com/us-24/briefings/schedule/#relationships-matter-reconstructing-the-organizational-and-social-structure-of-a-ransomware-gang-39725

An Argument for Linguistic Expertise in Cyberthreat Analysis: https://www.researchgate.net/publication/372244795_An_Argument_for_Linguistic_Expertise_in_Cyberthreat_Analysis_LOLSec_in_Russian_Language_eCrime_Landscape

Building and Testing a Network of Social Trust in an Underground Forum: Robust Connections and Overlapping Criminal Domains: https://www.researchgate.net/publication/371353386_Building_and_Testing_a_Network_of_Social_Trust_in_an_Underground_Forum_Robust_Connections_and_Overlapping_Criminal_Domains

Usable Security Lab: https://usablesecurity.net/

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Deep Backdoors in Deep Reinforcement Learning Agents | A Black Hat USA 2024 Conversation with Vas Mavroudis and Jamie Gawith | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 1 Aug 2024 17:30:00 +0000

Guests:

Vas Mavroudis, Principal Research Scientist, The Alan Turing Institute

Website | https://mavroud.is/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757

Jamie Gawith, Assistant Professor of Electrical Engineering, University of Bath

On LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/

At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.

Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.

The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.

Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.

Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.

Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.

Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.

Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.

Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.

Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Deep Backdoors in Deep Reinforcement Learning Agents: https://www.blackhat.com/us-24/briefings/schedule/index.html#deep-backdoors-in-deep-reinforcement-learning-agents-39550

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Traceability in Cyber Security: Lessons Learned from the Medical Sector | A Conversation with Kostas Papapanagiotou | Redefining CyberSecurity with Sean Martin

Thu, 1 Aug 2024 17:01:24 +0000

Guest: Dr. Kostas Papapanagiotou, Advisory Services Director, Census S.A.

On LinkedIn | https://www.linkedin.com/in/kpapapan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

Cybersecurity practices for medical devices are crucial, touching on compliance, patient safety, and the rigorous demands of various sectors such as automotive and financial services. In an insightful conversation between Sean Martin, host of the Redefining CyberSecurity Podcast, and Kostas Papapanagiotou, leader of the advisory service division at Census, several key takeaways emerge. Kostas, who has over 20 years of experience in cybersecurity and application security, underscores the complexity of medical devices.

No longer confined to standalone units, modern medical devices may encompass hardware components, software, connectivity to hospital networks or cloud services, and more. Thus, they require a comprehensive security approach.

Kostas notes that the FDA views these devices holistically, requiring all components to be evaluated for security risks. One of the most significant points highlighted is the concept of shared responsibility. According to Kostas, it is essential for medical device manufacturers to consider how their products integrate with existing hospital networks and what security measures are necessary to protect patient information. This extends to issuing guidelines and documentation for secure network integration, an effort that underscores the necessity of thorough and clear documentation in maintaining cybersecurity standards.

Furthermore, Kostas points out that regulations like the FDA’s post-market plan necessitate that manufacturers prepare for the entire lifecycle of a device, including potential vulnerabilities that may arise years after deployment. He shares real-world examples, such as the challenge of outdated Android versions in medical devices, which can no longer receive security updates and thus present vulnerabilities. In addition to compliance, the podcast discusses the shift left security paradigm, which emphasizes integrating security measures early in the software development lifecycle to prevent costly and challenging fixes later.

Kostas advocates for proactive threat modeling as a tool to foresee potential risks and implement security controls right from the design phase. This approach aligns with the FDA's emphasis on mitigating patient harm as the ultimate priority.

The conversation also touches on how these rigorous requirements from the medical device sector can inform cybersecurity practices in other critical areas like automotive manufacturing. Kostas remarks that the automotive industry is yet to reach the maturity seen in medical device regulations, often grappling with interoperability and supply chain complexities.

This podcast episode offers vital insights and actionable advice for cybersecurity professionals and organizations involved with critical, life-impacting technologies. Engaging discussions such as these underline the importance of regulatory compliance, thorough documentation, and proactive security measures in safeguarding both technology and human lives.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Traceability in cyber security: lessons learned from the medical sector (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTbW/traceability-in-cyber-security-lessons-learned-from-the-medical-sector

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Zero Trust to AI and now Platformization and Consolidation: Debunking Cybersecurity Buzzwords | A Brand Story Conversation From Black Hat USA 2024 | A Coro Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 30 Jul 2024 01:28:50 +0000

Join the On Location Podcast co-hosts, Sean Martin and Marco Ciappelli, as they kick off an engaging conversation with Dror Liwer, Co-Founder of Coro, discussing SMB cybersecurity and preparations for Black Hat 2024.

Dror emphasizes Coro’s excitement about participating in Black Hat for the second year, where they will be showcasing their offerings at booth 4734. He contrasts Black Hat with other conferences, noting its unique focus on cybersecurity practitioners and those who carry the weight of their organizations' security.

Throughout the discussion, Dror tackles the buzzwords and trends in the cybersecurity industry. This year, the buzzword is "platform," and Dror provides insight into what truly constitutes a cybersecurity platform. He distinguishes between various types of platforms, such as those built from multiple vendors, internally developed ones like Cisco and Palo Alto, and Coro's own from-the-ground-up modular platform. He also discusses the advantages of a unified and seamless approach to cybersecurity.

The conversation covers the practical benefits of Coro’s platform for service providers and end customers. Dror mentions how Coro simplifies cybersecurity by allowing easy onboarding and flexible licensing. He highlights Coro’s data governance capabilities and modular design, which enable users to scale their security needs up or down efficiently.

Dror also teases his upcoming talk at Black Hat, titled “Platformization, Consolidation, and Other Buzzwords Debunked,” promising a comprehensive framework to help organizations evaluate and select the right cybersecurity platforms for their needs.

The episode closes with Sean and Marco expressing their enthusiasm for continuing the conversation at Black Hat and encouraging listeners to connect with Coro’s energetic team. They also invite the audience to stay tuned for more updates and insights from the event.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott | Redefining CyberSecurity with Sean Martin

contact@itspmagazine.com (ITSPmagazine On Location, Sean Martin, Allyn Stott) — Mon, 29 Jul 2024 12:00:00 +0000

Guest: Allyn Stott, Senior Staff Engineer, meoward.co

On LinkedIn | https://www.linkedin.com/in/whyallyn

On Twitter | https://x.com/whyallyn

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.

Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.

In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.

Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.

The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.

For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.

In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A Deep Dive into SquareX | A Short Brand Story from Black Hat USA 2024 | A SquareX Story with Chief Architect Jeswin Mathai | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 26 Jul 2024 21:32:04 +0000

Welcome to another edition of Brand Stories, part of our On Location coverage of Black Hat Conference 2024 in Las Vegas. In this episode, Sean Martin and Marco Ciappelli chat with Jeswin Mathai, Chief Architect at SquareX, one of our esteemed sponsors for this year’s coverage. Jeswin brings his in-depth knowledge and experience in cybersecurity to discuss the innovative solutions SquareX is bringing to the table and what to expect at this year’s event.

Getting Ready for Black Hat 2024

The conversation kicks off with Marco and Sean sharing their excitement about the upcoming Black Hat USA 2024 in Las Vegas. They fondly recall their past experiences and the anticipation that comes with one of the most significant cybersecurity events of the year. Both hosts highlight the significance of the event for ITSP Magazine, marking ten years since its inception at Black Hat.

Introducing Jeswin Mathai and SquareX

Jeswin Mathai introduces himself as the Chief Architect at SquareX. He oversees managing the backend infrastructure and ensuring the product’s efficiency and security, particularly as a browser extension designed to be non-intrusive and highly effective. With six years of experience in the security industry, Jeswin has made significant contributions through his work published at various conferences and the development of open-source tools like AWS Goat and Azure Goat.

The Birth of SquareX

Sean and Marco delve deeper into the origins of SquareX. Jeswin shares the story of how SquareX was founded by Vivek Ramachandran, who previously founded Pentester Academy, a cybersecurity education company. Seeing the persistent issues in consumer security and the inefficacy of existing antivirus solutions, Vivek decided to shift focus to consumer security, particularly the visibility gap in browser-level security.

Addressing Security Gaps

Jeswin explains how traditional security solutions, like endpoint security and secure web gateways, often lack visibility at the browser level. Attacks originating from browsers go unnoticed, creating significant vulnerabilities. SquareX aims to fill this gap by providing comprehensive browser security, detecting and mitigating threats in real time without hampering user productivity.

Innovative Security Solutions

SquareX started as a consumer-based product and later expanded to enterprise solutions. The core principles are privacy, productivity, and scalability. Jeswin elaborates on how SquareX leverages advanced web technologies like WebAssembly to perform extensive computations directly on the browser, ensuring minimal dependency on cloud resources and optimizing user experience.

A Scalable and Privacy-Safe Solution

Marco raises the question of data privacy regulations like GDPR in Europe and the California Consumer Privacy Act (CCPA). Jeswin reassures that SquareX is designed to be highly configurable, allowing administrators to adjust data privacy settings based on regional regulations. This flexibility ensures that user data remains secure and compliant with local laws.

Real-World Use Cases

To illustrate SquareX’s capabilities, Jeswin discusses common use cases like phishing attacks and how SquareX protects users. Attackers often exploit legitimate platforms like SharePoint and GitHub to bypass traditional security measures. With SquareX, administrators can enforce policies to block unauthorized credential entry, perform live analysis, and categorize content to prevent phishing scams and other threats.

Looking Ahead to Black Hat and DEF CON

The discussion wraps up with a look at what attendees can expect from SquareX at Black Hat and DEF CON. SquareX will have a booth at both events, and Jeswin previews some of the talks on breaking secure web gateways and the dangers of malicious browser extensions. He encourages everyone to visit their booths and attend the talks to gain deeper insights into today’s cybersecurity challenges and solutions.

Conclusion

In conclusion, the conversation with Jeswin Mathai offers a comprehensive look at how SquareX is revolutionizing browser security. Their innovative solutions address critical gaps in traditional security measures, ensuring both consumer and enterprise users are protected against sophisticated threats. Join us at Black Hat Conference 2024 to learn more and engage with the experts at SquareX.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Jeswin Mathai, Chief Architect, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/jeswinmathai/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is Defense Winning? | A Black Hat USA 2024 Conversation with Jason Healey | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 26 Jul 2024 16:07:34 +0000

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia]

On LinkedIn | https://www.linkedin.com/in/jasonhealey/

At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Opening Remarks:

Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey.

Meet the Expert:

Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead.

The Role of Defense in Cybersecurity:

Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference.

Shifting the Balance:

Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes.

Economic Costs and Broader Impacts:

Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities.

Community and Collaboration:

Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session.

Looking Forward:

As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity.

Conclusion:

Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity.

For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Is Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Signatures to Behavior: RAD Security's Recognized Innovations for Cloud Threat Detection and Response | A Brand Story Conversation From Black Hat USA 2024 | A RAD Security Story with Brooke Motta

Fri, 26 Jul 2024 15:31:36 +0000

In this Brand Story conversation, Sean Martin sat down with Brooke Motta, CEO and co-founder of RAD Security, to discuss a game-changing shift in cloud security: moving from signature-based to behavioral-based detection and response within the Cloud Workload Protection Platform (CWPP).

The What: RAD Security is pioneering the future of cloud security with its state-of-the-art behavioral cloud detection and response (CDR) solution. Unlike traditional CWPP and container detection systems that depend on signatures, RAD Security employs advanced techniques to create behavioral fingerprints based on unique good behavior patterns. This innovative approach aims to eliminate the risks associated with zero-day attacks and apply zero trust principles while ensuring real-time posture verification.

The How: RAD Security's approach stands out in multiple ways. By setting behavioral baselines reflecting a system's normal operations, the platform can detect deviations that indicate potential threats earlier in the attack lifecycle. Integrated real-time identity and infrastructure context further sharpens its threat detection capabilities. This not only allows for proactive defenses but also enhances shift-left strategies and posture management, making cloud environments more resilient against emerging threats.

Key Points Discussed:

Behavioral Detection vs. Signature-Based Methods:
- Brooke emphasized the limitations of signature-based detection in addressing modern cloud security challenges. RAD Security's shift to behavioral detection ensures early identification of zero-day attacks, addressing both runtime and software supply chain vulnerabilities.
Enhanced Capabilities for Real-Time Response:
- The platform provides automated response actions such as quarantining malicious workloads, labeling suspicious activities, and terminating threats. It leverages machine learning and large language models to classify detections accurately, aiding security operations centers (SOC) in quicker and more effective remediation.
Recognition and Impact:
- RAD Security’s innovative approach has earned it a finalist spot in the prestigious Black Hat Startup Spotlight Competition, signifying industry acknowledgment of the need to move beyond traditional, reactive signatures to a proactive, behavioral security approach. They were also recognized during RSA Conference, one of the only startups to garner such a position.
Supply Chain Security:
- Brooke highlighted the importance of analyzing third-party services and APIs at runtime to get a comprehensive threat picture. RAD Security’s verified runtime fingerprints ensure a defense-ready posture against supply chain attacks, exemplified by its response to the recent XZ Backdoor vulnerability.
Future of Cloud Security:
- As security teams navigate increasingly complex cloud environments, the legacy method of relying on signatures is no longer viable. RAD Security's behavioral approach represents the future of cloud detection and response, offering a robust, resilient solution against novel and evolving threats.

RAD Security is leading the charge in transforming cloud security through its innovative, signatureless behavioral detection and response platform. By integrating real-time identity and infrastructure context, RAD Security ensures swift and accurate threat response, laying the groundwork for a new standard in cloud native protection.

For more insights and to learn how RAD Security can help enhance your organization's cloud security resilience, tune into the full conversation.

Learn more about RAD Security: https://itspm.ag/radsec-l33tz

Note: This story contains promotional content. Learn more.

Guest: Brooke Motta, CEO & Co-Founder, RAD Security [@RADSecurity_]

On LinkedIn | https://www.linkedin.com/in/brookemotta/

On Twitter | https://x.com/brookelynz1

Resources

A Brief History of Signature-Based Threat Detection in Cloud Security: https://itsprad.io/radsec-4bi

Open Source Cloud Workload Fingerprint Catalog: https://itsprad.io/radsec-kro

Learn more and catch more stories from RAD Security: https://www.itspmagazine.com/directory/rad-security

View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A Framework for Evaluating National Cybersecurity Strategies | A Black Hat USA 2024 Conversation with Fred Heiding | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 25 Jul 2024 22:26:22 +0000

Guest: Fred Heiding, Research Fellow, Harvard

On LinkedIn | https://www.linkedin.com/in/fheiding/

On Twitter | https://twitter.com/fredheiding

On Mastodon | https://mastodon.social/@fredheiding

On Instagram | https://www.instagram.com/fheiding/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this Chats on the Road episode as part of the On Location with Sean and Marco series, hosts Sean Martin and Marco Ciappelli invite listeners into an engaging dialogue with Fred Heiding, a research fellow in computer science at Harvard. The episode dives into the intricacies of national cybersecurity strategies, exploring the intersection of technology, policy, and economics in safeguarding nations against cyber threats.

Fred opens up about his journey from a technical background to a more policy-focused role at Harvard’s Kennedy School, driving home the importance of a multidisciplinary approach to cybersecurity. This sets the stage for a captivating discussion on the collaborative research project he's leading, which aims to evaluate and enhance national cybersecurity strategies worldwide.

Listeners are treated to an insightful narrative on how the project originated from an insightful question Fred posed at a Harvard conference, leading to a fruitful partnership with national security researcher Alex O'Neill and Lachlan Price, a pivotal figure in crafting Australia's renowned cybersecurity strategy. Together, they've been investigating the effectiveness of various national strategies, emphasizing the need for context-specific evaluations.

A major highlight of the episode is the discussion on the inclusion of emerging technologies, particularly AI, in these cybersecurity policies. Fred provides an optimistic update on how even slightly older documents are proactively addressing future-proof strategies against new technological threats. This is paired with a deep dive into the concepts of resilience and the importance of creating detailed, actionable policy documents that can be evaluated for effectiveness over time.

Sean and Marco steer the conversation towards the practical implications of these strategies, questioning how economic factors influence cybersecurity policy and the trade-offs between system security and usability. Fred’s insights into the economic dimensions of cybersecurity, including the balance between investment in protection and the potential costs of cyber attacks, add a valuable perspective to the discussion.

The episode promises to inspire listeners with Fred’s forward-thinking approach and the practical applications of his research. As Fred previews his upcoming presentation at Black Hat, excitement builds for those interested in the detailed findings and innovative strategies he will share.

Tune in to this episode for a thought-provoking exploration of national cybersecurity strategies, enriched by Fred Heiding’s expert insights and the dynamic interaction between the hosts and their guest. Whether you're a policymaker, technologist, or cybersecurity enthusiast, this conversation offers valuable takeaways and a fresh perspective on the ever-evolving cyber landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Contributors to A Multilateral Framework for Evaluating National Cybersecurity Strategies (BlackHat Session):

Fred Heiding | Research Fellow, Harvard

Alex O'Neill | Independet

Lachlan Price | Research Assistant, Harvard

Eric Rosenbach | Senior Lecturer in Public Policy, Harvard

____________________________

This Episode’s Sponsors

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

A Multilateral Framework for Evaluating National Cybersecurity Strategies: https://www.blackhat.com/us-24/briefings/schedule/#a-multilateral-framework-for-evaluating-national-cybersecurity-strategies-40879

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Behind the Scenes at Black Hat USA 2024: An Exclusive Pre-Event Conversation | A Black Hat USA 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 24 Jul 2024 03:28:40 +0000

Guest: Steve Wylie, Vice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]

On LinkedIn | https://www.linkedin.com/in/swylie650/

On Twitter | https://twitter.com/swylie650

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Vroom Vroom! The Black Hat Tradition with Sean and Marco

It's that time of year again, and Sean Martin and Marco Ciappelli are kicking things off with their customary banter on the road to Black Hat USA 2024. This time, there's no need to "vroom vroom" their way to Las Vegas as they'll be flying there instead. But no matter how they get there, it's all about reaching the grand event that is Black Hat.

A Decade of ITSP Magazine and Black Hat

Marco highlights a significant milestone for their publication: ITSP Magazine is celebrating its 10th anniversary, a journey that began alongside the Black Hat conference. Steve Wylie, who has also been with Black Hat since 2014, shares this sentiment of growth and reflection.

What to Expect at Black Hat USA 2024

Steve Wylie provides a comprehensive overview of what attendees can expect this year. As always, the event will bring the heat—literally, with Las Vegas temperatures scaling up to 108 degrees Fahrenheit. But beyond the weather, the Black Hat event itself will feature a multitude of new expansions.

Key Highlights

Expanded Content Program: Black Hat is adopting a three-day format instead of its usual two, adding a day packed with additional activities and events.
More Networking Opportunities: Attendees can look forward to broadening their professional circles with a variety of planned and unplanned networking events, including the Meetup Lounge and Track Chair Meet and Greets.
Day Zero Program: Designed especially for newcomers, this pre-event briefing will help attendees make the most out of their experience.
Innovative Summits: New summits, including an AI Summit, Innovators and Investors Summit, Industrial Controls Summit, and Cyber Insurance Summit, will target both technical and managerial audiences.

Deep Dives and Panel Discussions

Steve reveals a notable deviation from tradition: this year's keynote will be a panel discussion focused on defending democracy in an election year, featuring top cybersecurity leaders from the U.S., the EU, and the UK. This will be an essential kickoff, reflecting on the year’s heavy election schedule and the growing influence of AI.

Fireside Chat with Moxie Marlinspike

Another unique addition is a fireside chat with Moxie Marlinspike, founder of Signal, moderated by Jeff Moss. This discussion will delve into privacy concerns and the ever-important balance between privacy and security in today's technological landscape.

Arsenal and the NOC: Fan Favorites Return

Sean and Steve both tip their hats to recurring features such as Arsenal, which showcases cutting-edge tools developed by the cybersecurity community, and the NOC, where attendees can witness real-time network management and protection.

Wrapping Up

As Sean and Marco prepare to experience another electrifying Black Hat, they remind readers and listeners alike to subscribe to ITSP Magazine for exclusive coverage and insights. Whether you're able to attend in person or follow along remotely, Black Hat USA 2024 promises to be a crucial event for anyone in the cybersecurity field.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

This Episode’s Sponsors

____________________________

Resources

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

The list of keynotes can be found on this page: https://www.blackhat.com/us-24/keynotes.html

Direct links to keynotes:

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

2024 AppDome and OWASP Mobile Consumer Cyber Security Survey | A Brand Story Conversation From OWASP AppSec Global Lisbon 2024 | An AppDome Brand Story with Brian Reed and Chris Roeckl | On Location Coverage with Sean Martin and Marco Ciappelli

Sat, 20 Jul 2024 01:00:00 +0000

In the latest Brand Story episode, host Sean Martin chats with Brian Reed, Mobile Security Evangelist, and Chris Roeckl, Chief Product Officer at AppDome, during the OWASP Global AppSec event in Lisbon. The episode dives into pivotal aspects of mobile app security and consumer expectations.

Brian Reed articulates how AppDome collaborates with OWASP to tackle mobile app security challenges. He underscores the significant role consumers play in these endeavors. According to AppDome's annual survey, consumer feedback is indispensable, revealing that a staggering 97% of consumers would abandon a brand after an insecure app experience, while 95% would advocate for a brand offering a secure experience. This highlights the stark consequences of neglecting mobile security.

Chris Roeckl elaborates on how AppDome’s annual survey, spanning four years, has amassed data from over 120,000 consumers across 12 countries. This wealth of information provides a clear trend: consumers increasingly prioritize security, particularly in banking, e-wallet, healthcare, and retail apps. Interestingly, while social media is not at the forefront of security concerns, it is rapidly becoming a focus area as users grow more conscious of account security and privacy.

The discussion brings to light how brands can effectively communicate their security protocols to consumers. Reed and Roeckl suggest transparency through dedicated web pages, direct email outreach, and in-app notifications. This communication helps build trust and reassures consumers that their security concerns are being addressed.

The conversation also touches on the integration of security into the development lifecycle. Developers often face the challenge of ensuring robust security without compromising the user experience. Reed mentions the importance of making security processes seamless and non-invasive for developers. By leveraging machine learning and AI, AppDome aims to automate many security tasks, allowing developers to focus on creating innovative, user-friendly applications.

Moreover, Roeckl points out that a holistic approach is essential. This means incorporating input from various teams within an organization - from product leaders focusing on user engagement to engineers ensuring crash-free applications and cybersecurity teams safeguarding data integrity. This collaborative effort ensures that the final product not only meets but exceeds consumer expectations.

The insights shared in the episode are a call to action for businesses to prioritize mobile security. With six billion humans using mobile apps globally, the stakes are higher than ever. Brands must recognize the direct correlation between secure mobile experiences and customer loyalty. By investing in robust security measures and effectively communicating these efforts, businesses can foster a secure and trustworthy environment for their users.

Listeners are encouraged to download the full AppDome report for a deeper understanding of consumer attitudes towards mobile app security. This empathetic report offers valuable insights that can help developers, product managers, and cybersecurity teams align their strategies with consumer expectations, ultimately leading to safer and more secure mobile applications.

Learn more about Appdome: https://itspm.ag/appdome-neuv

Note: This story contains promotional content. Learn more.

Guests:

Brian Reed, SVP AppSec & Mobile Defense, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/briancreed/

Chris Roeckl, Chief Product Officer, Appdome [@appdome]

On LinkedIn | https://www.linkedin.com/in/croeckl/

Resources

Learn more and catch more stories from Appdome: https://www.itspmagazine.com/directory/appdome

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dodging the Ball and ways for CISOs to avoid: Essential Strategies for CISOs | A Black Hat USA 2024 Conversation with Jess Nall | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Jess Nall) — Wed, 17 Jul 2024 22:26:00 +0000

Guest: Jess Nall, Partner, Defense Against Government Investigations, Baker McKenzie, LLP [@bakermckenzie]

On LinkedIn | https://www.linkedin.com/in/jess-nall/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

As the countdown to Black Hat 2024 begins, ITSP Magazine’s “Chats On the Road” series kicks off with a compelling pre-event discussion featuring Jess Nall, a partner at Baker McKenzie with over two decades of experience in federal investigations and defending Chief Information Security Officers (CISOs). Hosted by Sean Martin and Marco Ciappelli, the episode blends humor and serious insights to tackle the evolving challenges faced by CISOs today.

The Dodgeball Analogy: Setting the Stage

The conversation starts on a light-hearted note with a playful dodgeball analogy, a clever metaphor used to illustrate the growing complexities in the cybersecurity landscape. This sets the tone for a deeper exploration of the pressures and responsibilities that modern CISOs face, bridging the gap between legacy technology and contemporary cybersecurity challenges.

Legacy Technology vs. Modern Cybersecurity

Drawing from the dodgeball metaphor, Sean and Marco highlight the burden of legacy technology and its impact on current cybersecurity practices. Jess Nall shares her perspective on how past business operations influence today’s cybersecurity strategies, emphasizing the need for CISOs to adapt and innovate continually.

ITSP Magazine’s Milestone and Black Hat Connections

This episode also marks a celebratory milestone for ITSP Magazine. Sean and Marco reflect on their journey from Los Angeles to Las Vegas, the birthplace of ITSP Magazine, and how their experiences have shaped the publication’s mission and growth. As they gear up for Black Hat 2024, they express their excitement about reconnecting with the cybersecurity community and exploring new opportunities for collaboration.

Introducing Jess Nall: Expertise and Experience

Jess Nall, a seasoned expert in federal investigations, brings invaluable insights to the discussion. She underscores the severe implications of government scrutiny on CISOs, drawing from high-profile cases like SEC v. SolarWinds and Tim Brown. Jess provides practical advice for CISOs to avoid regulatory pitfalls and highlights the importance of staying vigilant and proactive in their roles.

The Internet’s Troubled History and Its Impact

Marco steers the conversation towards the Internet’s troubled history and its initial lack of security foresight. Jess reflects on how these historical challenges have shaped modern cybersecurity practices, emphasizing the difficulties of keeping up with evolving threats and expanding attack surfaces. She also discusses the controversial strategy of targeting CISOs to influence corporate cybersecurity measures, a practice she staunchly opposes.

The Perfect Storm: AI and Cybersecurity

The discussion turns to the increasing complexity of cybersecurity in the age of AI. Sean and Jess delve into the pressures CISOs face as they balance the incorporation of AI technologies with maintaining robust cybersecurity measures. Jess describes this scenario as a “perfect storm,” making the role of a CISO more challenging than ever.

Regulation and Legislation: A Critical Examination

Marco raises critical concerns about the reactive nature of current cybersecurity legislation and regulation. Jess discusses how federal agencies often target individuals closest to a cybersecurity breach and outlines the topics she will cover in her upcoming Black Hat presentation. She aims to educate CISOs on preventive measures and strategic responses to navigate these challenges effectively.

Looking Ahead: Black Hat 2024

As the episode concludes, Sean emphasizes the importance of awareness and proactive measures among CISOs. Marco encourages listeners to attend Jess Nall’s presentation at Black Hat 2024 on August 7th at Mandalay Bay in Las Vegas. This critical discussion promises to equip CISOs and their teams with the knowledge and tools to navigate their increasingly scrutinized roles.

Stay Tuned with ITSP Magazine

Sean and Marco remind their audience that this episode is just the beginning of a series of insightful conversations leading up to Black Hat 2024. They invite listeners to stay tuned for more engaging episodes that will continue to explore the dynamic world of cybersecurity.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

This Episode’s Sponsors

_____________________________

____________________________

Resources

Learn more about Black Hat USA 2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beyond Traditional Pen Testing for Continuous Risk Assessment | A Brand Story Conversation From RSA Conference 2024 | A Hadrian Story with Rogier Fischer | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 16 Jul 2024 20:59:09 +0000

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing.

Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities.

One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments.

Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation.

In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker’s perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape.

Top Questions Addressed

What drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill?
How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments?
How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation?

Learn more about Hadrian: https://itspm.ag/hadrian-5ei

Note: This story contains promotional content. Learn more.

Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity]

On LinkedIn | https://www.linkedin.com/in/rogierfischer/

Resources

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Punch Cards, Steam Engines, 48 Volt Batteries, Platform Engineering, and the AI Revolution: The Ongoing Evolution of Language-Based Software Development | An OWASP AppSec Global Lisbon 2024 Conversation with Oleg Shanyuk | On Location Coverage

Wed, 10 Jul 2024 12:00:00 +0000

Guest: Oleg Shanyuk, Platform Security, Delivery Hero [@deliveryherocom]

On LinkedIn | https://www.linkedin.com/in/oleg-shanyuk/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location episode, Sean Martin discusses the complexities of application security (AppSec) and the challenges surrounding the integration of artificial intelligence (AI) with Oleg Shanyuk at the OWASP Global AppSec Global conference in Lisbon. The conversation delves into various aspects of AppSec, DevSecOps, and the broader scope of securing both web and mobile applications, as well as the cloud and container environments that underpin them.

One of the core topics Martin and Shanyuk explore is the pervasive influence of AI across different sectors. AI's application in coding, for instance, can significantly expedite the development process. However, as Sean Martin highlights, AI-generated code may lack the human intuition and contextual understanding crucial for error mitigation. This necessitates deeper and more intricate code reviews by human developers, reinforcing the symbiotic relationship between human expertise and AI efficiency.

Shanyuk shares insightful anecdotes about the history and evolution of programming languages and how AI's rise is reminiscent of past technological shifts. He references the advancement from physical punch cards to assembly languages and human-readable code, drawing parallels to the current AI boom. Shanyuk stresses the importance of learning from past technological evolutions to better understand and leverage AI's full potential in modern development environments.

The conversation also explores the practical applications of AI in fields beyond straightforward coding. Shanyuk discusses the evolution of automotive batteries from 12 volts to 48 volts, paralleling this shift with how AI can optimize various processes in different industries. This evolution demonstrates the potential of technology to drive efficiencies and reduce costs, emphasizing the need for ongoing innovation and adaptation.

Martin further navigates the discussion towards platform engineering, contrasting its benefits of consistency and control with the precision and customization needed for specific tasks. The ongoing debate encapsulates the broader dialogue within the tech community about finding the right balance between standardization and flexibility. Shanyuk's perspective offers valuable insights into how industries can leverage AI and platform engineering principles to achieve both operational efficiency and specialized functionality.

The episode concludes with forward-looking reflections on the future of AI-driven models and their potential to transcend the limitations of human language and traditional coding paradigms. The thoughtful dialogue between Martin and Shanyuk leaves listeners with a deeper appreciation of the challenges and opportunities within the realm of AI and AppSec, encouraging continued exploration and discourse in these rapidly evolving fields.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Bret Victor: https://worrydream.com/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Future of Tech and Society at Viva Tech 2024 | An On Location VIVA TECH Conference 2024 Coverage Conversation with François Bitouzet

Sat, 6 Jul 2024 02:22:55 +0000

Guest: François Bitouzet, Managing Director at Viva Technology [@VivaTech]

On LinkedIn | https://www.linkedin.com/in/fran%C3%A7ois-bitouzet-180a89/

____________________________

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Event Recap and Highlights

Marco Ciappelli opens the discussion with a warm greeting, reflecting on his recent travel experiences and upcoming conferences. François Bitouzet, the guest of honor, then dives straight into the heart of the Viva Tech 2024 event, providing detailed insights into its scope, significance, and impact.

An Overview of Viva Tech

François explains that Viva Tech is a four-day event held annually in Paris, focusing on bringing together stakeholders in the innovation sphere. This year’s event saw the participation of 155,000 attendees from 120 countries, showcasing thousands of startups, tech leaders from companies like Google and Meta, corporate giants such as Audi and LVMH, as well as public sector representatives.

The Unique Format and Initiatives

One of the most distinctive features of Viva Tech 2024 was its two-fold format. For the first three days, the event catered to the B2B audience, allowing startups and investors to network and collaborate. On the final day, it opened its doors to the general public. This approach aimed to make technology accessible to everyone, regardless of their professional background.

François highlighted various initiatives like the “100+100” program, where 100 successful business women in tech spent a day mentoring young girls. This not only promoted diversity and inclusion but also inspired the next generation to pursue careers in technology.

Focus on AI and Other Innovations

While Artificial Intelligence (AI) was a major talking point, François emphasized that the event delved deeper into how AI is shaping different business sectors rather than just focusing on the technology itself. By bringing in sector-specific insights, the event sought to provide a realistic perspective on the current impact and future potential of AI.

Memorable Moments and Creativity

François shared several memorable moments from the event, including a live Q&A session with Elon Musk, who joined virtually to answer unfiltered questions from the audience. This showcased the raw and authentic engagement the event aims to foster.

Another highlight was the collaboration with the European retailer FNAC, which set up a kiosk where speakers could sign books for the attendees. This initiative bridged the gap between traditional formats and modern technology, exemplifying how the old and the new can coexist harmoniously.

Looking Ahead

As the conversation winded down, Marco and François discussed the future of Viva Tech, hinting at more surprises and creative content for next year. François emphasized the importance of injecting poetry and romance—metaphorically speaking—into the world of tech to retain its human touch and inspirational value.

Call to Action

Finally, Marco encouraged listeners to make plans to attend Viva Tech 2025, expressing his excitement about potentially meeting his audience in person. François echoed this sentiment, inviting everyone to experience the blend of innovation, business, and meaningful impact that Viva Tech promises.

Conclusion

The episode concluded with both Marco and François expressing their shared optimism for the future of technology and its potential to not only transform industries but also enhance our quality of life. They agreed that events like Viva Tech are crucial in driving this change by making technology accessible, inclusive, and genuinely impactful.

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

____________________________

Resources

Learn more about VIVA TECH 2024: https://vivatechnology.com/

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Theory to Process to Practice: Cracking Mobile and IoT Security and Vulnerability Management | An OWASP AppSec Global Lisbon 2024 Conversation with Abraham Aranguren | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 28 Jun 2024 17:30:00 +0000

Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]

On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.

Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.

A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.

Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.

Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.

For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

LeaveHomeSafe Pentest Report: https://7asecurity.com/reports/pentest-report-leavehomesafe.pdf

CoverDrop Pentest Report: https://7asecurity.com/reports/pentest-report-coverdrop.pdf

Why You Need a Pentest: https://www.youtube.com/watch?v=oBVTlKrLw-k

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is Your App Security Culture Leaving Out the Basics? | A Brand Story Conversation From OWASP AppSec Global Lisbon 2024 | A Phoenix Security Story with Francesco Cipollone | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 28 Jun 2024 02:28:20 +0000

In this episode of the On Location, host Sean Martin engages in an insightful conversation with Francesco Cipollone, Co-founder and CEO of Phoenix Security, at the OWASP AppSec Global conference in Lisbon. They delve into the evolving landscape of application security, focusing on the pressing challenges and innovative solutions that are shaping the industry today.

The discussion begins by exploring the potential and pitfalls of artificial intelligence (AI) in cybersecurity. Francesco highlights the dual role of AI as both a tool and a target within security frameworks. He emphasizes the importance of proper prompt engineering and specialized training data to avoid common issues, such as AI-generated libraries that don't actually exist. This leads to a broader conversation about how Phoenix Security utilizes AI to intelligently categorize and prioritize vulnerabilities, allowing security teams to focus on the most critical issues.

The conversation then shifts to the concept of maturity models in vulnerability management. Francesco explains that many organizations are still struggling with basic security tasks and describes how Phoenix Security helps these organizations to quickly enhance their maturity levels. This involves automating the scanning process, aggregating data, and providing clear metrics that align security efforts with executive expectations.

A significant portion of the episode is dedicated to the importance of collaboration and communication between security and development teams. Francesco stresses that security should be integrated into the spring planning process, helping developers to prioritize tasks in a way that aligns with overall risk management strategies. This approach fosters a culture of cooperation and ensures that security initiatives are seen as a valuable part of the development cycle, rather than a hindrance.

Francesco also touches on the role of management in security practices, underscoring the need for aligning business expectations with engineering practices. He introduces the vulnerability maturity model that Phoenix Security uses to help organizations mature their security programs effectively. This model, which maps back to established OWASP frameworks, provides a clear path for organizations to improve their security posture systematically.

The episode concludes with Francesco reflecting on the persistent basic security issues that organizations face and expressing optimism about the future. He is confident that Phoenix Security's approach can help businesses intelligently address these challenges and scale their security practices effectively.

Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v

Note: This story contains promotional content. Learn more.

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

Resources

Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Prioritizing Cyber Resilience for your Business | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A LevelBlue Brand Story with Theresa Lanowitz

Thu, 27 Jun 2024 22:18:06 +0000

We are in the era of dynamic computing – and while that gives way to innovation, it also escalates the risks every business faces. Computing no longer occurs solely within the perimeter, and cybersecurity threats are increasingly more sophisticated. In fact, organizations today operate in a climate where entire systems can be taken offline in just a few short hours – and leaders need to be prepared for recovery from an interruption to the networks, systems, or data that underpin their business. With the advent and proliferation of new technologies, there is more pressure than ever to secure organizations’ computing. Ultimately, the evolution of computing has forced businesses into a paradox of innovation and risk. They must balance technology with security and business resilience, which requires a new way of thinking.

Conduct a thorough assessment of risk areas to understand the barriers across your IT estate.
Assess your organization’s dynamic computing initiatives and design security measures from the outset of implementation to ensure compliance and mitigate future risks.
Allocate resources strategically to align cybersecurity initiatives with business objectives across silos.
Forge partnerships with external collaborators to augment your organization’s security expertise.
Regularly adapt your approach to meet the demands of an evolving computing landscape and expanding attack surface.

Learn more about LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Winning Buy-In: Mastering the Art of Communicating (the Value of) Security (Culture) to Management | An OWASP AppSec Global Lisbon 2024 Conversation with Ida Hameete | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Ida Hameete) — Thu, 27 Jun 2024 10:59:39 +0000

Guest:

Ida Hameete, Application Security Consultant, Zenrosi

On LinkedIn | https://www.linkedin.com/in/idahameete/

____________________________

Host:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Episode Notes

Join Sean Martin in this episode of "On Location" as he speaks with Ida Hameete at the OWASP Global AppSec Conference in Lisbon. Sean and Ida dive into the critical topic of creating a robust security culture within organizations. The conversation begins with an overview of the conference, emphasizing the importance of building secure applications that protect both users and businesses.

Ida, with her extensive background in product ownership and security strategy, shares her unique perspective on why a security culture is integral to an organization's overall success. She explains that fostering a security culture isn't merely about training engineers but involves a collective effort from management and executive teams to prioritize and endorse security practices.

Ida underscores the significance of aligning security culture with company culture, arguing that this alignment leads to smoother operations and fewer security breaches. She elaborates on how companies with strong security awareness often use their secure products as a marketing tool to differentiate themselves in the marketplace. This strategic approach not only enhances product safety but also provides a competitive edge.

The discussion also touches on the common issues where management's lack of understanding or support for security measures can hinder effective implementation. Sean and Ida explore how management's commitment to security, demonstrated through adequate resource allocation and strategic planning, can drive a positive security culture through the entire organization.

Ida provides practical examples from her experience, illustrating how purpose-driven business cultures can naturally incorporate security into their core values, benefiting both employees and customers. She highlights that a well-integrated security culture can lead to better workflows, reduced costs, and enhanced customer experiences.

Towards the end of their conversation, Ida reflects on the necessity of communicating the business value of security to upper management, suggesting that this approach can shift the perception of security from a fear-driven mandate to a valuable business asset. She encourages leaders to find their company's purpose and align security practices with that mission to achieve sustainable success.

Listeners are invited to attend Ida's session, "Winning Buy-In: Mastering the Art of Communicating Security to Management" at the conference, which promises to offer deeper insights into securing executive support for security initiatives.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

Ida's Session: https://owaspglobalappseclisbon2024.sched.com/event/1VdB4/winning-buy-in-mastering-the-art-of-communicating-security-to-management

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hurricanes, Hacktivists, & HPCs: Building Resilience for the Compute Era | A Conversation With Dr. Melanie Garson and Sean Martin | Redefining Society with Marco Ciappelli

Wed, 19 Jun 2024 15:00:00 +0000

Guests: ✨

Dr. Melanie Garson, Cyber Policy & Tech Geopolitics Lead, Tony Blair Institute for Global Change [@InstituteGC]

On LinkedIn | https://www.linkedin.com/in/melaniegarson/

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

____________________________

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
_____________________________

This Episode’s Sponsors

BlackCloak 👉 https://itspm.ag/itspbcweb

Bugcrowd 👉 https://itspm.ag/itspbgcweb

Episode Introduction

In an era where technology is the backbone of society, resilience in the face of cyber threats, natural disasters, and geopolitical strife is paramount. This was the focal point of the discussion between Sean Martin, Marco Ciappelli, and Dr. Melanie Garson in their recent conversation on "Hurricanes, Hacktivists, & HPCs: Building Resilience for the Compute Era."

Dr. Melanie Garson, the Cyber and Tech Geopolitics Lead at the Tony Blair Institute for Global Change and Associate Professor at University College London, brings a wealth of expertise to the topic. Her work revolves around understanding how new and disruptive technologies like cyber warfare, brain-computer interfaces, and genetic engineering affect global stability. This episode delves into her insights on the evolving landscape of cyber resilience and the steps needed to brace for future challenges.

The conversation begins with an exploration of how legacy infrastructure poses a significant risk to our digital and physical security. Dr. Garson emphasizes the importance of addressing these foundational elements, noting examples like the 2006 earthquake in Taiwan, which disrupted 22 communication cables. She warns of the potential catastrophes linked to outdated infrastructure and underscores the need for modernization and robust protection against not just cyberattacks but physical disruptions as well.

The geopolitical aspect of technology is another critical element discussed. Dr. Garson highlights the role of private companies like Microsoft and Amazon in global conflicts, noting the effects seen during the Russia-Ukraine conflict where cloud services played a pivotal role in preserving data. This involvement signals a shift in how we understand power dynamics and control over critical technologies and raises questions about the responsibilities and decision-making processes of these tech giants. Furthermore, the discussion covers the intersection of emergency situations and technological dependencies.

Using real-world instances like the hurricane in West Africa that knocked out major cables, Marco Ciappelli and Sean Martin emphasize how such events lead to significant economic impacts, illustrating how interconnected and vulnerable our systems are. Dr. Garson also touches upon the evolving nature of warfare, especially with the advent of electromagnetic spectrum manipulation and the reliance on GPS technologies. She notes the increasing use of electromagnetic interference for strategic advantage, a trend seen in ongoing global conflicts. The idea of compute diplomacy—ensuring countries have the sustainable computational power needed to remain competitive and secure—resonates strongly throughout their dialogue.

The conversation wrapped with a powerful call to action: the need for both public and private sectors to address vulnerabilities throughout the entire tech stack, not just the application layer. This holistic approach is essential to safeguarding our digital infrastructure against a multitude of threats.

In conclusion, building resilience in the compute era requires a multi-faceted approach that integrates robust cyber defense, modernized infrastructure, and a keen understanding of the geopolitical landscape. The insights shared by Dr. Melanie Garson underscore the importance of proactive measures and collaborative efforts in securing our interconnected world. This episode serves as a crucial reminder that as technology advances, so must our strategies to protect against emerging threats.

Top Questions Addressed

What are the biggest threats to our current digital infrastructure and how can we address them?
How do geopolitical dynamics and private tech companies influence global cyber resilience?
What role does emerging technology play in modern warfare and how should we prepare for it?

_____________________________

Resources

Hurricanes, Hacktivists & HPCs: Building Resilience for the Compute Era (Session): https://www.ukcyberweek.co.uk/uk-cyber-week-2024-agenda/hurricanes-hacktivists-hpcs-building-resilience-for-the-compute-era

The State of Access to Compute Index 2023: https://www.institute.global/insights/tech-and-digitalisation/state-of-compute-access-how-to-bridge-the-new-digital-divide

UK Cyber Week Expo & Conference: https://www.ukcyberweek.co.uk/

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTUoWMGGQHlGVZA575VtGr9

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web | An OWASP AppSec Global Lisbon 2024 Conversation with Soheil Khodayari | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 19 Jun 2024 12:00:00 +0000

Guest: Soheil Khodayari, Security Researcher, CISPA - Helmholtz Center for Information Security [@CISPA]

On LinkedIn | https://www.linkedin.com/in/soheilkhodayari/

On Twitter | https://x.com/Soheil__K

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, co-host Sean Martin embarks on a solo journey to cover the OWASP AppSec Global event in Lisbon. Sean welcomes Soheil Khodayari, a security researcher at the CISPA Helmholtz Center for Information Security in Saarland, Germany, to discuss the intricacies of web security, particularly focusing on request forgery attacks.

They dive into Soheil’s background, noting his extensive research in web security and privacy, with interests spanning vulnerability detection, internet measurements, browser security, and new testing techniques. Soheil aims to share valuable insights on request forgery attacks, a prevalent issue in web security that continues to challenge developers and security professionals alike.

The conversation transitions to an in-depth exploration of client-side request forgery and how these attacks differ from traditional cross-site request forgery (CSRF). Soheil elaborates on the evolution of web applications and how shifting functionalities to client-side code has introduced new, complex vulnerabilities. He identifies the critical role of input validation and the resurgence of issues related to improper handling of user inputs, which attackers can exploit to cause unintended actions on authenticated sessions.

As they prepare for the upcoming OWASP Global AppSec event, Soheil highlights his session, titled "In the Same Site We Trust: Navigating the Landscape of Client-Side Request Hijacking on the Web," scheduled for Thursday, June 27th. He emphasizes the relevance of the session for developers and security professionals who are eager to learn about modern request hijacking techniques, defense mechanisms, and how to detect these vulnerabilities using automated tools.

The discussion touches on the landscape of modern browsers, the effectiveness of same-site cookies as a defense-in-depth strategy, and the limitations of these measures in preventing client-side CSRF attacks. Soheil mentions the development of a vulnerability detection tool designed to mitigate these sophisticated threats and invites attendees to integrate such tools into their CI/CD pipelines for enhanced security.

Sean and Soheil ultimately reflect on the importance of understanding the nuances of web application security. They encourage listeners to attend the session, engage with the community, and explore advanced security practices to safeguard their applications against evolving threats. This engaging episode sets the stage for a deep dive into the technical aspects of web security at the OWASP Global AppSec event.

Top Questions Addressed

What are request forgery attacks and how have they evolved over time?
How do modern browsers and applications handle security against these attacks?
What will Soheil Khodayari's session at OWASP Global AppSec cover and who should attend?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

In the Same Site We Trust: Navigating the Landscape of Client-side Request Hijacking on the Web (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VdAy/in-the-same-site-we-trust-navigating-the-landscape-of-client-side-request-hijacking-on-the-web

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

It's Just Software, What Could Possibly Go Wrong? Exploring Deterministic GenAI and AI Trust Cards | An OWASP AppSec Global Lisbon 2024 Conversation with Isabel Praça, Dinis Cruz, and Rob van der Veer | On Location Coverage

Wed, 19 Jun 2024 03:55:57 +0000

Guests:

Isabel Praça, Coordinator Professor, ISEP - Instituto Superior de Engenharia do Porto

On LinkedIn | https://www.linkedin.com/in/isabel-pra%C3%A7a-07b86310/

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/icp

Dinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]

On LinkedIn | https://www.linkedin.com/in/diniscruz/

On Twitter | https://twitter.com/DinisCruz

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/dinis.cruz

Rob van der Veer, Senior director at Software Improvement Group [@sig_eu]

On Linkedin | https://www.linkedin.com/in/robvanderveer/

On Twitter | https://twitter.com/robvanderveer

At OWASP | https://owaspglobalappseclisbon2024.sched.com/speaker/rob_van_der_veer.1tkia1sy

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin embarks on a solo adventure to discuss the upcoming OWASP AppSec Global conference in Lisbon. He is joined by three distinguished guests: Isabel Praça, a professor and AI researcher; Dinis Cruz, an AppSec professional and startup founder; and Rob van der Veer, a software improvement consultant and AI standards pioneer.

The episode kicks off with introductions and a light-hearted comment about Sean’s co-host, Marco Ciappelli, who is more of a psychology enthusiast while Sean delves into the technical aspects. Sean expresses his enthusiasm for the OWASP organization and its impactful projects, programs, and people.

Each guest contributes unique insights into their work and their upcoming presentations at the conference. Isabel Praça, from the Polytechnic of Porto, shares her journey in AI and cybersecurity, emphasizing her collaboration with the European Union Agency for Cybersecurity (ENISA) on AI security and cybersecurity skills frameworks. She underscores the importance of interdisciplinary expertise in AI and cybersecurity and discusses her concept of "trust cards" for AI, which aim to provide a comprehensive evaluation of AI models beyond traditional metrics.

Dinis Cruz, a longstanding member of OWASP with extensive experience in AppSec, brings attention to the challenges and opportunities presented by AI in scaling application security. He discusses the importance of a deterministic approach to AI outputs and provenance, advocating for a blend of traditional AppSec practices with new AI-driven capabilities to better understand and secure applications.

Rob van der Veer, founder of the OpenCRE team and a veteran in AI, elaborates on the integration of multiple security standards and the essential need for collaboration between software engineers and data scientists. He shares his perspective on AI’s role in security, highlighting the pitfalls and biases associated with AI models and the necessity of applying established security principles to AI development.

Throughout the episode, the conversation touches on the complexities of trust, the evolving landscape of AI and cybersecurity, and the imperative for ongoing collaboration and education among professionals in both fields. Sean wraps up the episode with a call to action for data scientists and AppSec professionals to join the conference, either in person or through recordings, to foster a deeper understanding and collective advancement in AI-enabled application security.

Listeners are encouraged to attend the OWASP AppSec Global conference in Lisbon, where they can expect not only insightful sessions but also vibrant discussions and networking opportunities in a picturesque setting.

Key Questions Addressed

What roles and expertise are needed to effectively address AI and cybersecurity challenges?
How does AI bring new dimensions to application security and what traditional methods remain relevant?
Why is it important for data scientists and cybersecurity professionals to collaborate?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Trust Cards for AI (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaD/trust-cards-for-ai

Deterministic GenAI Outputs with Provenance (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaO/deterministic-genai-outputs-with-provenance

AI is just software, what could possibly go wrong? (Session): https://owaspglobalappseclisbon2024.sched.com/event/1VTaI/ai-is-just-software-what-could-possibly-go-wrong

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Practical Privacy by Design - Building Secure Applications that Respect Privacy | An OWASP AppSec Global Lisbon 2024 Conversation with Kim Wuyts and Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 14 Jun 2024 17:30:00 +0000

Guests:

Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]

On LinkedIn | https://www.linkedin.com/in/kwuyts/

On Twitter | https://twitter.com/Wuytski

On Mastodon | https://mastodon.social/@kimw

Avi Douglen, CEO / Board of Directors, Bounce Security & OWASP

On LinkedIn | https://www.linkedin.com/in/avidouglen/

On Twitter | https://twitter.com/sec_tigger

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.

Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.

Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.

Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.

Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.

The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Training: https://lisbon.globalappsec.org/trainings/#sku_PPBD

Threat modeling manifesto: https://www.threatmodelingmanifesto.org/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Application Security: Standards, UI, Identity, Access, Cryptography, Process, and More | An OWASP AppSec Global Lisbon 2024 Conversation with Jim Manico | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 14 Jun 2024 16:30:42 +0000

Guest: Jim Manico, Founder and Secure Coding Educator, Manicode Security

On LinkedIn | https://www.linkedin.com/in/jmanico/

On Twitter | https://x.com/manicode

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, host Sean Martin engages in a compelling discussion with Jim Manico about the current landscape of application security. Jim, a notable leader in the field, delves into several critical topics surrounding application security and its evolving challenges.

The conversation opens by touching on the significant influence of artificial intelligence (AI) on application security, suggesting a future episode dedicated entirely to exploring this complex topic. They then shift focus to the necessity of having a formalized approach when dealing with security vulnerabilities. Jim underscores the importance of planning and preparation before tackling security threats, emphasizing that structured processes lead to more effective management of potential issues.

A significant portion of the dialogue explores the challenges associated with identifying and managing vulnerable or outdated libraries within codebases. Jim and Sean discuss how modern development practices often lead to the incorporation of various libraries, each of which can introduce potential security risks if not properly maintained. The intricacies of keeping these libraries updated to prevent vulnerabilities are highlighted, including the frequent necessity of updating or replacing libraries to ensure robust security.

Jim also touches upon the noise generated by automated security findings, which can overwhelm development teams with alerts and potential issues. He stresses the value of effectively prioritizing and addressing these findings to ensure that the most critical vulnerabilities are tackled promptly, reducing the risk of exploitation.

Throughout the episode, Jim and Sean highlight the balance that must be struck between developing new features and maintaining a secure, resilient application environment. Ensuring that security is integrated into the development lifecycle rather than being an afterthought is a recurring theme in their discussion.

This engaging episode provides listeners with a deep dive into the strategic and tactical aspects of application security, offering valuable insights and practical advice on navigating the often complex and ever-evolving security landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV

Be sure to share and subscribe!

____________________________

Resources

Training: https://lisbon.globalappsec.org/trainings/#sku_ASTJM

OWASP ASVS: https://github.com/OWASP/ASVS/tree/master/5.0/en

OWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/

Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Present and Future of Cybersecurity Culture | An Infosecurity Europe 2024 Conversation with Aston Martin's CISO Robin Smith | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 11 Jun 2024 13:00:00 +0000

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]

On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.

The Icebreaker

The conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin’s cybersecurity culture.

Life at Aston Martin

Robin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin’s values and brand prestige.

Building a Cybersecurity Culture

Robin describes how he introduced a comprehensive security program that aligns with Aston Martin’s renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.

Lessons Learned

The conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.

The Vision for the Future

Robin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.

Impact on Customers and Community

Marco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.

Community and Collaboration

Sean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.

Wrapping Up

As the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.

Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Exploring Cyber Insurance Nuances Across Europe | An Infosecurity Europe 2024 Conversation with Marcin Gajkowski and Michal Balwinski from Generali Poland | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 11 Jun 2024 12:00:00 +0000

Guests:

Marcin Gajkowski, Head of Liability Underwriting Team, Generali Poland

On LinkedIn | https://www.linkedin.com/in/marcin-gajkowski-4a6685134/

Michal Balwinski, Senior Underwriter and Cyber Practice Leader, Generali Poland

On LinkedIn | https://www.linkedin.com/in/micha%C5%82-balwi%C5%84ski-136105197/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Exploring Cyber Insurance Nuances Across Europe with Generali Poland at InfoSecurity Europe 2024

Picture this: bustling conversations, gleaming booths, and thought-provoking sessions at InfoSecurity Europe 2024, held in the vibrant city of London. Amidst this atmosphere, Sean Martin and Marco Ciappelli of "On Location With Marco and Sean" invite listeners into a fascinating discussion focusing on the intricacies of cyber insurance within Europe. Joined by two brilliant minds from Generali Poland, Marcin Gajkowsky and Michal Balwinski, this episode immerses us into understanding cyber insurance and its varied landscape across the continent.

Setting the Scene: InfoSecurity Europe 2024

The episode kicks off with Marco and Sean's characteristically witty banter. They joked about their numerous travels and questioned their whereabouts, reflecting the lively and spontaneous spirit of live recording. They also introduce their esteemed guests, Marcin Gajkowsky and Michal Balwinski, from Generali Poland. The discussion's setting is none other than the renowned InfoSecurity Europe event, where cybersecurity professionals gather to forge connections and share innovative security solutions.

Understanding Cyber Insurance: Perspectives from Generali Poland

Marcin Gajkowsky, leading Generali Poland's Liability Team, opens up about his journey into cyber insurance. Despite his initial background in casualty and professional indemnity underwriting, Gajkowsky has grown passionate about the potential and challenges of cyber insurance, especially within Poland. With the deployment of their local cyber insurance policy in 2021, Generali Poland has committed to navigating and shaping this emerging market.

Michal Balwinski, a senior underwriter and cyber insurance practice leader at Generali Poland, delves further into the policies and market dynamics. He highlights the significant knowledge gap in Central and Eastern Europe, a relic of historical and geopolitical contexts. This awareness gap necessitates steps for thorough market education and awareness building, ensuring businesses understand and value the importance of cyber insurance.

Market Dynamics: Diversity Across Europe

Balwinski emphasizes the differing levels of cyber risk awareness across Europe. The UK, Western Europe, and the Mediterranean regions each present unique insurance needs and challenges based on their levels of digital sophistication and historical development. Poland's market reveals a stark contrast with larger enterprises adopting sophisticated vendor technologies akin to global banks, while smaller and mid-sized companies lag behind, often unaware of the essential benefits and protections cyber insurance provides.

Adapting to the Market: Educational and Technological Partnerships

Reflecting on the unique role of cyber insurance, the Generali Poland team outlines their approach to nurturing client relationships. They provide comprehensive risk assessments, engaging conversations, and tailored recommendations. True to their philosophy, Generali Poland extends beyond the role of mere policy provider, establishing themselves as committed partners in their clients' cybersecurity journeys.

One pivotal shift in insurance strategy involved offering additional prevention tools alongside policies, such as an anti-phishing package equipped with cutting-edge security kits. The goal is to bridge the evident gap in cyber preparedness among smaller enterprises, ensuring they have robust mitigation measures in place before a policy comes into effect.

Resilience and Ransomware: To Pay or Not to Pay?

A highlight of the discussion revolves around ransomware and the ethical and practical dilemmas associated with ransom payments. Marcin and Michal elucidate Generali Poland's firm stance against paying ransoms, except in extraordinary circumstances where lives are at stake. They stress that paying ransoms perpetuates the cycle of cybercrime funding and escalation. Instead, their approach focuses on bolstering clients' overall cyber resilience through comprehensive support, including 24/7 incident response services, business interruption coverage, and holistic risk management.

Conclusion: Building a Borderless Cyber-Aware Future

As the insightful conversation wraps up, Marco and Sean underscore the importance of cross-cultural exchange and the collective effort required to bolster cybersecurity awareness. They highlight the universal nature of cyber threats, transcending borders and demanding collaborative action.

This captivating episode serves as a testament to the power of open dialogue and education in fostering a more secure digital landscape. As we move forward, the lessons from Generali Poland's proactive approach to cyber insurance will undoubtedly resonate across the industry, setting a precedent for future advancements in the field.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Reducing Risk and Costs in a Rapidly Changing Cyber Insurance Landscape with Phishing-Resistant MFA: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.218914.reducing-risk-and-costs-in-a-rapidly-changing-cyber-insurance-landscape-with-phishing_resistant-mfa.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jump Into Our DeLorean and Travel Back and Forth Into the Future | An Infosecurity Europe 2024 Conversation with Madelein van der Hout and Paul McKay from Forrester | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 10 Jun 2024 23:06:28 +0000

Guests:

Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/

On Twitter | https://x.com/HoutMadelein

Paul McKay, Vice President, Research Director at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Human Side of Cybersecurity

Infosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.

Reimagining Cybersecurity: Back to the Future

The episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.

The Reality of Cybersecurity Innovation

Madeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.

Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.

API Security: A Case for Consolidation

Both Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.

The Human Element and Mental Health

One of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."

Training and Educating Future Talent

The conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.

Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.

Cybersecurity's Future: More Than Just a Business Problem

Madeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.

Data-Driven Decision Making: The Key to Security's Evolution

Sean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.

Conclusion: A Call for Innovation and Humanity

The episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.

As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building Resilience in Healthcare Cybersecurity Following the Recent NHS Third-Party Ransomware Incident | Expert Insights from InfoSecurity Europe 2024 | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 7 Jun 2024 12:46:39 +0000

Guests:

Brian Honan, Founder, BH Consulting
On LinkedIn: https://www.linkedin.com/in/brianhonan/
On X: https://x.com/BrianHonan

Suk Paul, Director - EMEA Services GTM, Kudelski Security
On LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/

Heather Lowrie, Chief Information Security Officer (CISO), The University of Manchester
On LinkedIn: https://www.linkedin.com/in/heather-lowrie/
On X: https://x.com/HeatherELowrie

Tim Grieveson, Senior Vice President - Global Cyber Risk Advisor, Bitsight
On LinkedIn: https://www.linkedin.com/in/timgrieveson/
On X: https://x.com/timgrieveson

Daniel Lattimer, Area Vice President - EMEA West, Semperis
On LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

WATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQ

In recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security.

One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals.

This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks.

The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture.

To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care.

Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards.

Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after an attack.

During the discussion, a repeated point was the inevitability of cyber incidents and the need for preparation and response. Tim Grieveson stressed the necessity of identifying critical assets and vulnerabilities, communicating risks to the board, and developing a clear response plan. He pointed out that it is not just about the technical aspects but also about storytelling and helping the organization understand the real-world implications of cyber risks.

The significance of cross-sector collaboration was also highlighted. Heather Lowrie noted that cyber threats are a societal challenge, not limited to individual organizations or sectors. Therefore, collective preparation and response are crucial for building resilience against cyber threats. She called for more exercises within and across sectors to prepare teams for real-world events.

Lastly, the episode discussed the ethical dilemma of paying ransoms. Brian Honan strongly advocated against paying the ransom, citing the lack of guarantee that systems would be restored securely and the need to rebuild trust in affected devices. Instead, the focus should be on robust preparation and managing supply chain security. In conclusion, this episode underscored the pervasive threat of cyber-attacks on critical infrastructure and the multifaceted approach needed to tackle these challenges.

From enhancing third-party risk management to legislative support, cross-sector collaboration, and ethical considerations, the conversation provides a comprehensive overview of the current state of cybersecurity in the healthcare sector. It highlights the urgent need for continuous improvement and resilience to protect not only systems but ultimately, patients' lives.

Top Questions Addressed

How can the impact of the ransomware attack on the NHS best be described?
How can organizations better manage third-party supply chain risk in cybersecurity?
What are the ethical considerations and implications of paying ransom in cyberattacks?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Directly From The CORO Security Modular Booth: Expansion Into The European Market | A Brand Story Conversation From InfoSecurity Europe 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 7 Jun 2024 02:04:47 +0000

Here we are, once again from the bustling show floor at Infosecurity Europe 2024 in London, situated at the Excel Centre. Sean Martin of ITSP Magazine is your host, and he's joined by Dror Liwer, co-founder of CORO Security. Both are excited to dive deep into how CORO is expanding its focus into the European market.

Day Three: Nonstop Conversations and Presentations

From the get-go, Dror shares his enthusiasm about being part of this prestigious event for the first time. With a primary presence in the U.S., CORO is now aggressively moving into EMEA, starting right here in London. This move is in response to increasing demand from small to medium-sized enterprises (SMEs) in Europe who need robust cybersecurity solutions.

Addressing the Security Needs of SMEs

Sean recalls the comprehensive capabilities of CORO discussed in previous episodes. CORO provides multiple layers of security tailored to an organization’s specific needs, such as regulatory requirements, budget, and staffing capabilities. Sean encourages everyone to revisit those insightful seven-minute chats from RSA Conference to get an in-depth view.

Dror emphasizes that CORO is unique in targeting the mid-market from the ground up, unlike other companies that retrofit enterprise solutions to fit smaller businesses. With a focus on simplicity and powerful protection, CORO ensures that its solutions are manageable even for lean IT teams.

Navigating the Complexities of Europe

One of the significant discussions revolves around the differences between the U.S. and European markets. While Sean and Dror acknowledge the similar types of cyber threats faced globally, operational nuances like data residency and privacy regulations differ widely across Europe. CORO has established a data center in Germany to comply with local data residency requirements, ensuring that email and file inspections stay within the EU boundaries.

Real-World Applications and Challenges

Sean drives the conversation into the specific challenges CORO has faced and the different attack scenarios in Europe compared to the U.S. Dror mentions that while SME awareness of being targets has been prevalent in the U.S. for a while, European SMEs are just beginning to realize the same. As a result, CORO is educating this market about the imminent threats and how to efficiently protect against them without becoming overwhelmed.

The Importance of Affordability

Dror and Sean discuss the financial challenges faced by SMEs, such as difficult decisions on whether to invest in cybersecurity or other critical needs like educational resources. Dror emphasizes that CORO has priced its suite of security solutions to remove this barrier, making comprehensive coverage affordable for even the smallest enterprises.

Team and Technology: The Backbone of CORO

The conversation takes a moment to appreciate CORO’s dedicated team. Sean praises the high energy and mutual support visible at CORO’s booth. Dror points out that customer reviews often highlight how easy it is to work with CORO—a testimony to the company’s dedication to protecting overlooked small and mid-sized businesses.

The Future of SME Cybersecurity

CORO aims to remove the guesswork ("threat roulette”) for SMEs by providing an all-encompassing platform that is accessible and easy to manage. This approach ensures that small businesses can protect themselves comprehensively without the need to prioritize between different threat vectors due to budget constraints.

CORO’s Mission

As the conversation winds down, Dror reiterates CORO's mission to protect SMEs globally and make cybersecurity as effortless as possible. Sean encourages attendees of Infosecurity Europe to visit CORO's dynamic and innovative booth, and for those who cannot make it, to check out CORO online. For more information, visit CORO's website at Coro.net

Thanks to everyone for joining us. Expect more exciting updates from CORO, possibly next time from Las Vegas!

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Meet Phoenix Security | A Brand Story Conversation From Infosecurity Europe 2024 | A Phoenix Security Story with Francesco Cipollone | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 6 Jun 2024 21:01:21 +0000

In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company’s journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.

Setting the Stage

The bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security’s origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.

Phoenix Security’s Journey and Vision

Cipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.

Innovative Solutions for Modern Cybersecurity Challenges

Phoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.

Success Stories and Client Feedback

Cipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.

Expanding Reach Through Strategic Partnerships

Highlighting the importance of collaboration, Cipollone mentions Phoenix Security’s recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.

Conclusion

The conversation concludes with insights into future security trends and Phoenix Security’s commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.

We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.

Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v

Note: This story contains promotional content. Learn more.

Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]

On LinkedIn | https://www.linkedin.com/in/fracipo/

On Twitter | https://twitter.com/FrankSEC42

Resources

Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Randomly Rambling About Random Things, Including the Randomness of Randomware (Ransomware) | An Infosecurity Europe 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli) — Wed, 5 Jun 2024 22:35:06 +0000

In this recap episode, Sean Martin and Marco Ciappelli think back on their experience thus far during their time at InfoSecurity in London. The conversation touches on several key areas including physical versus digital security, the allocation of budgets for cybersecurity measures, and broader societal implications of technology. Let's break down the significant points discussed by these industry professionals.

Sean Martin, starting the discussion, emphasizes the innovative ways the city of London integrates physical security with digital tools. He observes hidden security features, such as street lamps converted into cameras, showcasing a blend of centuries-old infrastructure with modern technology. This seamless integration represents a significant investment aimed at enhancing urban security while maintaining the city's historical aesthetic.

The discussion soon transitions into the critical topic of cybersecurity budgeting. Marco Ciappelli points out the complexities organizations face when deciding where and how much to invest in cybersecurity. John Davies’ keynote panel discussion he had with Sean and Marco on ransomware raised many ethical questions. Should one pay a ransom when lives are at stake? This sparks a nuanced debate among the participants.

Sean Martin recaps some sobering conversations about the NHS breach, which highlights the real-world consequences of insufficient cybersecurity investments. He ponders whether current spending is enough and asks how organizations can effectively allocate resources to mitigate risks. Another significant part of the conversation revolves around the societal impact of technology. Brian Honan's insights underscore the dual nature of technology as a tool that can be used for both good and bad purposes. This dichotomy is a recurrent theme that questions the ethical implications of technological advances in our society.

While cybersecurity aims to protect, there are those who exploit it for nefarious purposes. Throughout the episode, both hosts reflect on the global perspectives of these issues. They note a cultural contrast in how different countries perceive and react to cybersecurity threats.

The conversation also highlights the growing importance of cybersecurity awareness and collaboration on an international scale to effectively address these global challenges.

Concluding their dialogue, Martin and Ciappelli muse on the future of the industry. The dialogue serves not just as a recap of the information shared at the conference, but as a call to action for organizations to reassess their cybersecurity strategies. As Sean Martin aptly puts it, the industry must continually evolve to ensure that the investments in cybersecurity bring about the intended protective outcomes, thus safeguarding both data and lives in this interconnected world.

WATCH THE VIDEO: https://youtu.be/ccKG5KUdEII

____________________________

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Be sure to follow our Coverage Journey and subscribe to our podcasts!

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Maximising Your Budget Effectively in Turbulent Times – An SME Focus | An Infosecurity Europe 2024 Conversation with Don Gibson and Emma Philpott | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 5 Jun 2024 20:00:00 +0000

Guests:

Don Gibson, CISO, Kinly

On LinkedIn | https://www.linkedin.com/in/don-gibson-cyber/

Emma Philpott, CEO, IASME Consortium

On LinkedIn | https://www.linkedin.com/in/emphilpott/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli explore the intricacies of cybersecurity budget management and expenditure prioritization at the Infosecurity Europe event in London. The conversation kicks off with Sean and Marco discussing the challenges of balancing a minimalist approach with the need for robust security programs. The discussion swiftly transitions into budgeting strategies where the hosts are joined by guests Emma Philpott, CEO of IASME, and Don Gibson, Chief Information Security Officer (CISO) of Kinley. Emma provides insights into her role at IASME, highlighting their work on the Cyber Essentials program aimed at ensuring basic technical security controls. Don shares his experiences at Kinley, dealing with audiovisual technologies and their importance in security. The dialogue explores the difficulties organizations face, particularly around budget constraints, legacy technology, and the need for consistent investment in security measures.

A significant portion of the episode is dedicated to the challenges faced by various-sized companies, from micro-businesses to large corporations, in implementing effective cybersecurity measures. Emma stresses the importance of making security accessible to smaller entities and the efforts IASME is making to provide free guidance and support. Don emphasizes the importance of clear communication and leadership at the board level to properly budget for cybersecurity, balance between technology, and staff investment, and avoid the pitfalls of over-reliance on either.

The conversation also touches on the role of community and support networks within the cybersecurity realm. Both Don and Emma highlight the value of having trusted groups where professionals can share experiences, seek advice, and offer mental health support. They underscore how such communities foster a culture of openness and mutual assistance, which is crucial in an industry often grappling with high-pressure incidents and rapid technological changes.

The episode wraps up with a discussion on the dynamics of cybersecurity as a competitive advantage and the evolving nature of security leadership. Emma and Don explain how achieving certifications like Cyber Essentials can provide business benefits beyond compliance, such as improved insurance outcomes and differentiation in the marketplace. Don challenges CISOs to think creatively about how cybersecurity can become a revenue-generating aspect of the business, reinforcing the need for innovative and dynamic leadership in the field.

Tune in to learn more about budgeting, community support, and forward-thinking leadership in cybersecurity from the vibrant InfoSecurity Europe event.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Maximising Your Budget Effectively in Turbulent Times – An SME Focus: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219365.maximising-your-budget-effectively-in-turbulent-times-%E2%80%93-an-sme-focus.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI's Role in Cybersecurity and Society | An Infosecurity Europe 2024 Conversation with Ian Hill | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Ian Hill) — Wed, 5 Jun 2024 18:41:17 +0000

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]

On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

At Infosecurity Europe 2024, conversations were electric, diving deep into the intersection of AI and cybersecurity and its profound impact on society. Industry experts Marco Ciappelli, Sean Martin, and Ian Hill explored these pivotal changes, offering sharp insights into the digital revolution.

A Casual Start

The event kicked off light-heartedly with Marco Ciappelli and Sean Martin, setting a relaxed, talk-show-like atmosphere. Despite minor technical hiccups, this informal start paved the way for an engaging discussion.

“We’re messing with physical technology and digital technology,” remarked Sean Martin, perfectly capturing the complex interplay between human users and their increasingly advanced tools.

From Keynotes to Key Concerns

Ian Hill shared his journey from Director of Information and Cybersecurity at UP Corporation, now part of Virgin Media O2, to his current advisory role. He emphasized the freedom and reduced stress of stepping back from frontline cybersecurity.

Hill’s keynote at the event centered on AI’s implications for the future of work and society, countering the exaggerated narratives often associated with AI.

The Mislabeling Issue: AI vs. Automation

Marco Ciappelli voiced a common frustration: the overuse of “AI” to describe mere automation. Hill stressed the need to differentiate true AI from sophisticated automation systems that lack adaptive learning capabilities.

“We need to distinguish between what is automation and what is AI. There’s a lot of automation going on at the moment,” Hill noted.

Western Society’s Dependency

Hill warned of AI’s subtle yet significant impact on Western societies, likening it to the industrial and agricultural revolutions but with a more profound effect due to AI’s ability to replace cognitive tasks.

“AI is different because AI is actually replacing our thinking, our creativity,” Hill cautioned, highlighting the potential for job displacement and challenges to human creativity and learning.

The Drive for Profit

A recurring theme was the economic drivers behind AI advancements. Hill critiqued the relentless pursuit of profit and efficiency, which risks lowering the quality of services and products in favor of mass production.

“The nature with all these technological developments, the primary driver is profit and money,” Hill asserted, reflecting on the commercialization of AI.

The AI Arms Race in Cybersecurity

Hill and Martin discussed the escalating AI-driven war between cybersecurity defenses and attacks. They emphasized the need for rapid, machine-learning-based responses to evolving cyber threats, as traditional human-led security operations struggle to keep up.

“You need machine learning, lightning-fast machine learning, to predict and react to events before the human even knows about it,” Hill stated, hinting at a future where automated systems dominate the cyber battlefield.

The Trust Dilemma

The conversation turned philosophical as the speakers pondered the reliability of AI-generated content and the impact of deep fakes and misinformation. Hill addressed the issue of AI “hallucinations”—erroneous outputs—and the dangers of blindly trusting AI.

“We’re losing a sort of grip on reality… because it’s becoming harder to distinguish between what’s real and what isn’t real,” Hill commented, expressing concerns about a future rife with misinformation.

Concluding Thoughts

Infosecurity Europe 2024 highlighted AI’s dual nature: its potential to revolutionize industries like healthcare and cybersecurity contrasted with its capacity to disrupt societal norms and personal authenticity.

As Hill succinctly put it, “Those that own the AI, you know, OpenAI and all their sponsors, and what influence could be exerted on AI, political or otherwise, to bias… dangerous.”

The dialogue underscored the need for evolving our understanding and ethical governance of AI to ensure these powerful tools enhance rather than undermine our societal fabric.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Latest Insights in Cybersecurity Resilience and The Ongoing Battle Against DDoS Attacks | A Brand Story Conversation From Infosecurity Europe 2024 | An Akamai Story with Richard Meeus | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 4 Jun 2024 22:32:47 +0000

Welcome to a brand-new episode of On Location with Sean Martin and Marco Ciappelli at Infosecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks.

The High Energy at Infosecurity Europe 2024

Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at Infosecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead.

The Importance of Resilience

In recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems.

The Rise in DDoS Attacks

Transitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact.

The Role of Akamai in Protecting Against DDoS

Richard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (PoPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands.

Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems.

Evolution of DDoS Attacks

Sean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks.

The Financial Sector: A Prime Target

The financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence.

Comprehensive Protection Strategy

Richard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats.

In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable services to their customers.

For more in-depth insights, be sure to check out Akamai's latest report and explore their extensive back catalog of valuable cybersecurity resources

Learn more about Akamai: https://itspm.ag/akamaievki

Note: This story contains promotional content. Learn more.

Guest: Richard Meeus, Director, Security Technology and Strategy, Akamai [@Akamai]

On LinkedIn | https://www.linkedin.com/in/richard-meeus/

Resources

Fighting the Heat: EMEA’s Rising DDoS Threats: https://itspm.ag/akamaievki

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Evolution of the CISO in Digital Enterprise | An Infosecurity Europe 2024 Conversation with Mun Valiji | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 31 May 2024 00:39:27 +0000

Guest: Mun Valiji, CISO, Trainline

On LinkedIn | https://www.linkedin.com/in/munawar-v-b636802/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this engaging episode of the "On Location with Sean and Marco Podcast," Sean Martin flies solo to dive into the upcoming Infosecurity London event, focusing on a series of critical topics in the cybersecurity landscape. While Marco is notably absent, Sean hosts an insightful conversation with Mun Valiji, the outgoing CISO at Trainline.

The episode opens with Sean introducing the main topics of the discussion, which include the evolution of the Chief Information Security Officer (CISO) role, as well as the current state and future of Managed Security Service Providers (MSSPs). Mun contributes a detailed overview of his role at Trainline, highlighting his extensive experience spanning over 20 years and emphasizing the importance of blending human and technical elements in cybersecurity.

Sean and Mun discuss the main objective of Mun’s keynote session, "The Evolution of the CISO and the Digital Enterprise," scheduled for Thursday, June 6th. Mun passionately describes the challenges CISOs face today, including regulatory requirements, commercial agility, and the necessity of embedding security by design. He underscores the evolving responsibilities CISOs hold, particularly in fostering a security-conscious culture within fast-paced, high-growth organizations.

The conversation then transitions to the MSSP landscape, where Mun highlights the hybrid model's role in modern security strategies. Scheduled for Tuesday, June 4th, Mun’s panel session on MSSP competitiveness explores how organizations can effectively leverage MSSPs to handle routine security tasks, allowing internal teams to focus on strategic aspects such as secure-by-design principles.

Mun stresses the importance of community and collaboration, shedding light on how peer-to-peer and cross-industry interactions enhance security practices. He also touches on the impact of advanced technologies like AI and natural language processing in shaping future security frameworks. Listeners are encouraged to join Mun and other industry leaders at InfoSecurity London, where they will share deeper insights and practical strategies. The episode wraps up with Sean expressing enthusiasm for the event and looking forward to further discussions and engagements.

This episode compellingly explores strategic innovations and practical challenges in cybersecurity, making it a must-listen for professionals eager to stay ahead in the ever-evolving digital security landscape.

Top Questions Addressed

How can organizations leverage MSSPs to stay competitive in an evolving cybersecurity landscape?
What role does community and collaboration play in addressing the evolving challenges in cybersecurity?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

The Evolution of the CISO in Digital Enterprise: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219371.the-evolution-of-the-ciso-in-digital-enterprise.html

Staying Competitive as an MSSPs In an Evolving Cybersecurity Landscape: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219851.staying-competitive-as-an-mssps-in-an-evolving-cybersecurity-landscape.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ransomware - Time to Decide - Will You or Won't You Pay? | An Infosecurity Europe 2024 Conversation with Jon Davies | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 29 May 2024 16:00:00 +0000

Guest: Jon Davies, Senior Director - Cyber Defence, News Corp

On LinkedIn | https://www.linkedin.com/in/drjondavies/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this engaging episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli dive into the imminent Infosecurity Europe event with special guest Jon Davies, a Senior Director at NewsCorp. The conversation opens with Sean and Marco expressing their excitement about the event, especially focusing on Jon Davies' upcoming panel discussion on the controversial topic of ransomware payments.

Jon highlights the diverse perspectives that will be represented on his panel, including law enforcement, insurance sectors, and end consumers. This diversity aims to illuminate the complex landscape of ransomware and the regulations surrounding it. Jon explains how recent guidance from UK government bodies is prompting debate about whether ransomware payments should be made illegal, and the implications this could have on businesses and society at large.

The dialogue shifts towards the impact of ransomware on different sectors, particularly critical infrastructure and healthcare. Sean raises the ethical dilemma of whether companies responsible for essential services should pay ransoms to ensure continuity and safety, also touching on the broader societal implications and fiduciary responsibilities of publicly traded companies.

Jon shares an interesting anecdote about a unique ransomware tabletop activity where he collaborated with hostage negotiators to better understand how to navigate ransomware demands. This leads to an intriguing discussion about the human element in cyber negotiations and the potential benefits of leveraging negotiation tactics traditionally used in hostage situations.

Marco and Sean further explore the necessity of having a strategic response plan in place for ransomware attacks, emphasizing the stark contrast between the resources available to large corporations versus small businesses. Jon underscores the importance of having a playbook and a coordinated effort to report and manage cyber incidents effectively.

The conversation also touches on the role of insurance policies in cyber warfare, potential regulatory changes, and the need for a collective effort to combat ransomware. Jon argues for a balanced approach that includes technological investment, regulatory measures, and smart strategic planning.

As the episode wraps up, Sean and Marco express their eagerness to attend the panel and encourage listeners to stay tuned for further coverage of Infosecurity Europe. This episode offers a comprehensive look at the multifaceted issue of ransomware, providing valuable insights for businesses of all sizes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Crisis Management – Responding to the Unimaginable | An Infosecurity Europe 2024 Conversation with Stuart Seymour | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 27 May 2024 22:23:20 +0000

Guest: Stuart Seymour, Group CISO and Chief Security Officer, Virgin Media O2

On LinkedIn | https://www.linkedin.com/in/stuart-seymour-a4b7522/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco, Sean Martin hosts a captivating discussion with Stuart Seymour, the Director of Security at Virgin Media 02. The episode dives into the realm of crisis management, unpacking the complexities and challenges faced by organizations in responding to unforeseen events.

Stuart Seymour shares insights into the significance of crisis management, emphasizing the need for robust planning and coordination across different functions within an organization. He dives into the essence of crises as events that significantly impact business operations and require unified strategies for effective management.

The conversation touches on the concept of resilience, highlighting the broader spectrum that encompasses business resilience, operational resilience, IT resilience, and cyber resilience. Stuart stresses the importance of viewing cybersecurity within the context of overall business resilience and the interplay between various facets of an organization.

The episode also explores the dynamics of crisis escalation, detailing the role of crisis committees in navigating challenging situations. Stuart emphasizes the principle of "prudent overreaction" in crisis management, advocating for proactive measures and coordinated responses to mitigate risks effectively.

Furthermore, the episode touches on the diversity of perspectives in crisis management, as showcased by the upcoming panel discussion featuring stakeholders from varied industries. The panel aims to provide a comprehensive understanding of crisis scenarios and valuable insights for the audience.

Overall, this episode offers a deep dive into the intricacies of crisis management, emphasizing the necessity of proactive planning, collaboration, and adaptability in navigating unforeseen challenges. The engaging dialogue between Sean Martin and Stuart Seymour sheds light on the critical role of resilience in building and sustaining organizational preparedness in the face of crises.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

MFA, 2FA, and Passwordless Authentication — Rising to the Next Level of Protection | An Infosecurity Europe 2024 Conversation with Parul Khedwal | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 24 May 2024 12:00:00 +0000

Guest: Parul Khedwal, Security Operations Lead, Trainline [@thetrainline]

On LinkedIn | https://www.linkedin.com/in/parul-khedwal-51612aba/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli dive into the realm of authentication methods, focusing on Multi-Factor Authentication (MFA), Two-Factor Authentication (2FA), and the emerging trend of Passwordless Authentication. The dialogue with Parul Khedwal navigates through the evolution of these security measures, emphasizing the critical shift towards passwordless solutions for heightened security in the digital landscape. By exploring the intricacies of these authentication mechanisms, the conversation sheds light on the challenges and advantages of each approach, offering valuable insights for enhancing cybersecurity strategies.

The episode serves as a platform for discussing the future of authentication technologies, highlighting the importance of robust security measures in safeguarding sensitive information from cyber threats. Through engaging conversations and nuanced perspectives, the trio unravel the complexities of modern authentication solutions, paving the way for a more secure digital environment. Join Parul on location in London to continue exploring the evolving landscape of authentication methods and learn how organizations can adapt to the changing cybersecurity landscape for optimal protection against online risks.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

MFA, 2FA, and Passwordless Authentication – Rising to the Next Level of Protection: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219373.mfa-2fa-and-passwordless-authentication-%E2%80%93-rising-to-the-next-level-of-protection.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Where are We Going and What are You Doing? Navigating Europe's Evolving Threat Ecosystem While Wading through AI Overload | An Infosecurity Europe 2024 Conversation with Topé Olufon and Madelein van der Hout | On Location Coverage

Thu, 23 May 2024 20:29:34 +0000

Guests:

Topé Olufon, Senior Analyst at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/topeolufon/

Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/

On Twitter | https://x.com/HoutMadelein

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This episode of 'On Location with Sean and Marco' features insightful discussions with host Sean Martin, Madelein van der Hout, and Topé Olufon from Forrester. The conversation covers a wide array of topics in the cybersecurity realm, ranging from predictions and future trends to the impact of AI-generated code on data breaches.

Madelein van der Hout, a senior analyst at Forrester, shares her expertise on API security, cyber consulting services, the threat landscape, and cybersecurity trends. Topé Olufon, also a senior analyst at Forrester, provides valuable insights on Zero Trust, Monitoring, Detection and Response, Digital Identity, and eSignatures, emphasizing the importance of collaboration in the digital trust domains.

Overall, the dialogue emphasizes the significance of the human element in cybersecurity, highlighting the need for behavior training and awareness to combat social engineering attacks. The pair also discuss resilience policies, aligning security strategies with business goals, and the evolving threat landscape in Europe. They also shed light on practical applications of AI in cybersecurity, emphasizing the importance of cutting through the noise to derive tangible benefits.

The episode invites listeners to engage in the evolving conversations surrounding cybersecurity in their myriad of sessions during Infosecurity Europe in London, promising a thought-provoking and informative experience for all attendees.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Wading through AI Overload – Where are We Going and What are You Doing?: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219350.wading-through-ai-overload-%E2%80%93-where-are-we-going-and-what-are-you-doing.html

Madelein's post about the session: https://www.linkedin.com/feed/update/urn:li:activity:7194686743848124416/

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Secure Foundations to Resilient Futures: The UK's Digital Security by Design Initiative | An Infosecurity Europe 2024 Conversation with Professor John Goodacre | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 23 May 2024 02:36:56 +0000

Guest: Professor John Goodacre, Director Digital Security by Design, University of Manchester, UKRI [@UKRI_News]

On LinkedIn | https://www.linkedin.com/in/john-goodacre-722b59/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the "On Location with Sean and Marco" podcast, host Sean Martin flies solo to engage in a riveting conversation with Professor John Goodacre, Director of a UK government program and a renowned figure in the tech industry. Professor Goodacre sheds light on his diverse career journey, spanning from telecoms to supercomputers, with a key focus on cyber resilience and system integrity.

Emphasizing the need for a holistic approach beyond patching vulnerabilities, Professor Goodacre discusses the inception of the digital security by design program in 2019. He delves into the program's aim to revolutionize technology foundations, collaborating with industry giants like Microsoft and Google to enhance digital infrastructures globally.

The conversation explores the significance of memory safety in software, highlighting the ongoing battle against cyber threats and the necessity for robust security measures at the hardware and software levels. Professor Goodacre's insights underscore the imperative shift towards secure by design and default practices to combat evolving cybersecurity challenges effectively.

Furthermore, the episode touches upon the collaboration between academia, businesses, and governments to implement secure frameworks and educate stakeholders on the importance of cybersecurity. Professor Goodacre advocates for a proactive approach, stressing the economic benefits and risk mitigation associated with investing in secure technologies and practices.

Listeners are left with a deepened understanding of the crucial role memory safety, compartmentalization, and secure design play in fortifying digital ecosystems against cyber threats. Professor Goodacre's illuminating discussion paves the way for a paradigm shift in cybersecurity strategies, fostering resilience and integrity in the digital landscape.

Top Questions Addressed

How does the digital security by design program aim to enhance technology foundations?
Why is memory safety in software crucial for combating cyber threats effectively?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

Smashing the Stack; All Good Things | Exploring Software Lifecycles from Secure By Design to End of Life | An RSA Conference 2024 Conversation with Allan Friedman and Bob Lord | On Location Coverage with Sean Martin and Marco Ciappelli: https://redefining-cybersecurity.simplecast.com/episodes/smashing-the-stack-all-good-things-exploring-software-lifecycles-from-secure-by-design-to-end-of-life-an-rsa-conference-2024-conversation-with-allan-friedman-and-bob-lord-on-location-coverage-with-sean-martin-and-marco-ciappelli

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Progress for the DSbD Initiative and CHERI Capability Hardware: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219352.progress-for-the-dsbd-initiative-and-cheri-capability-hardware.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Unveiling Innovation at SquareX Booth during RSA Conference 2024: A Deep Dive Into SquareX's Vision | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A SquareX Story with Dakshitaa Babu and Shourya Pratap Singh

Wed, 22 May 2024 06:58:39 +0000

Innovation Unveiled: SquareX's Vision at RSA Conference 2024

During RSA Conference 2024, SquareX emerged as a source of fresh innovation, revolutionizing the cybersecurity landscape with their cutting-edge solutions. Hosted by Sean Martin, this episode of "On Location" takes you on a journey through the insights and revelations brought to light by key figures at SquareX.

Introducing SquareX: Meet the Visionaries

The episode turn on the microphones at the Square X booth, where Sean Martin introduces the audience to Dakshitaa Babu and Shourya Pratap Singh, pivotal figures driving innovation at SquareX. Dakshitaa, the product evangelist, and Shourya, the principal software engineer, shed light on their roles and the impact of SquareX's work on the industry.

The Passion Behind the Innovation

Dakshitaa shares her perspective on the privilege of contributing to a company that drives meaningful change in the industry, emphasizing SquareX's commitment to innovation. Shourya echoes this sentiment, highlighting the satisfaction of solving complex problems and witnessing their solutions making a tangible impact on customers.

Pushing the Boundaries: A Glimpse Into SquareX's Technology

Sean Martin delves into the intricacies of SquareX's technology, discussing AI-generated images and reverse engineering techniques employed to uncover hidden threats within images. Shourya elaborates on the challenges posed by malicious files and the innovative approaches adopted by SquareX to enhance cybersecurity.

Addressing Customer Concerns: SquareX's Value Proposition

Sean Martin probes Dakshitaa and Shourya on the key concerns voiced by prospects and customers at the conference. They shed light on how SquareX addresses the gap in endpoint security solutions, providing customers with insightful data and a comprehensive understanding of cyber threats.

Empowering Organizations: The SquareX Difference

The episode concludes with Sean Martin underscoring the significance of visibility at the web browser level and commending SquareX for empowering organizations to proactively tackle cybersecurity challenges. Dakshitaa extends her gratitude to visitors at the booth, emphasizing the value of SquareX's solutions for a secure digital environment.

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guests:

Dakshitaa Babu, Security Researcher, SquareX

On LinkedIn | https://www.linkedin.com/in/dakshitaababu/

Shourya Pratap Singh, Principal Software Engineer, SquareX

On LinkedIn | https://www.linkedin.com/in/shouryaps/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Find Your Tribe and Be Part Of The Most Passionate Innovators In The World Of Technology | Unveiling Innovation at the Europe's Biggest Startup and Tech Event | An On Location VIVA TECH Conference 2024 Coverage Conversation with François Bitouzet

Mon, 20 May 2024 19:57:18 +0000

Guest: François Bitouzet, Managing Director at Viva Technology [@VivaTech]

On LinkedIn | https://www.linkedin.com/in/fran%C3%A7ois-bitouzet-180a89/

____________________________

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

A Celebration of Technology and Innovation

The VIVA TECH Conference 2024 in Paris proved to be a rendezvous of the brightest minds and innovators in the tech realm. With a blend of key speakers, groundbreaking sessions, and vibrant discussions, the event will be a melting pot of ideas, creativity, and collaboration.

In Conversation with Visionaries

Marco Ciappelli, along with his guest François Bitouzet, the managing director of VIVA TECH, engaged in insightful dialogues touching upon varied aspects of technology's impact on society. From the language of tech to the importance of collaboration and the role of diversity in innovation, the conversations were both enlightening and thought-provoking.

Spotlight on Key Themes

The event will spotlight key themes such as AI, sustainability, Internet and democracy, and the creators' economy, amongst other. The intersection of technology with democracy sparked crucial discussions on safeguarding democratic processes in the digital age.

Business with a Twist

Amidst the flurry of innovation, VIVA TECH aims to provide a unique platform for startups to connect with potential investors and clients. The business-focused approach of the event adds a touch of creativity, epitomized by the 'bar-hopping' networking concept on Rue Montorgueil.

Building Connections and Finding Your Tribe

At the core of VIVA TECH 2024 there is the core mission of building connections and fostering collaboration. The event focuses on bringing together individuals from diverse backgrounds to find common ground, empower each other, and unlock new possibilities in the tech landscape.

An Echo of Excitement

As VIVA TECH 2024 is about to start in Paris, it echoes with the buzz of excitement and anticipation. The convergence of ideas, the clash of perspectives, and the melding of creativity set the stage for a transformative experience for all attendees.

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

____________________________

Resources

Learn more about VIVA TECH 2024: https://vivatechnology.com/

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI-Fitness and AI-Wellness and Deploying an Effective DevSecOps Team – What’s the Recipe for Success? | An Infosecurity Europe 2024 Conversation with Kevin Fielder | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 16 May 2024 03:06:04 +0000

Guest: Kevin Fielder, CISO, NatWest Boxed & Mettle

On LinkedIn | https://www.linkedin.com/in/kevinfielder/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli engage in an insightful discussion on the intersection of artificial intelligence (AI) and software development, specifically in the realm of information security. The conversation features Kevin Fielder, CSO for NatWest Boxed and Metal, sharing his expert insights and experiences. The trio dives into the potential risks and rewards of integrating AI with software development, touching upon the inherent challenges and opportunities this fusion presents for the future of technology and security.

The episode opens with a dynamic exchange on what it means to combine AI and software development, sparking a debate on the potential of AI to improve or complicate software development processes. Marco Ciappelli humorously inquires about the concept of a 'black box' in AI, prompting a profound exploration of the reliability and transparency of AI systems.

Kevin Fielder provides a comprehensive overview of his current role and the innovative projects under his stewardship at NatWest boxed and metal. He eloquently describes the endeavors to leverage cloud-based banking and AI to deliver enhanced banking services to small businesses and non-banking businesses alike. Fielder's insights into 'banking as a service' and the ethical considerations surrounding AI deployment in the financial sector stand out as key discussion points.

A significant portion of the conversation centers around the ethical dilemmas and technical challenges posed by AI, including data integrity, the potential for AI-powered systems to exhibit biases, and the importance of designing AI with security in mind from the outset. Fielder articulates concerns about the rapid advancement of AI technologies outpacing the development of ethical guidelines and security measures, highlighting the critical need for a balanced approach to innovation.

The hosts and Fielder ponder the future of AI, reflecting on scenarios ranging from utopian visions where AI alleviates human toil to dystopian outcomes where AI autonomy leads to unforeseen consequences. This speculative dialogue sheds light on the philosophical and practical implications of AI's role in society and the importance of responsible AI development and deployment.

As the discussion winds down, the episode shifts focus to Fielder's upcoming presentations at the Infosecurity Europe conference in London. He shares his anticipation for engaging with the conference attendees and emphasizes the value of open dialogues about AI, security, and the future of technology. This episode not only provides a platform for thought-provoking discussion on AI and information security but also underscores the importance of community engagement and knowledge sharing in navigating the complexities of modern technology landscapes.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Deploying an Effective DevSecOps Team – What’s the Recipe for Success?: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219354.deploying-an-effective-devsecops-team-%E2%80%93-what%E2%80%99s-the-recipe-for-success.html

AI-Fitness and AI-Wellness: NatWest Boxed and Mettle CISO's Thoughts on Safe AI Use: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219536.ai_fitness-and-ai_wellness-natwest-boxed-and-mettle-cisos-thoughts-on-safe-ai-use.html

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Celebrating 15 Years of Leadership in Cloud Security: Preview of CSA AI Summit at RSA 2024 with Jim Reavis and Illena Armstrong | An RSA Conference 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 16 May 2024 00:09:18 +0000

Guests:

Jim Reavis, CEO at Cloud Security Alliance [@cloudsa]

On LinkedIn | https://www.linkedin.com/in/jimreavis/

Illena Armstrong, President at at Cloud Security Alliance [@cloudsa]

On LinkedIn | https://www.linkedin.com/in/illenaarmstrong/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Join Sean Martin as he hosts an in-depth discussion with Illena Armstrong, President of Cloud Security Alliance, and Jim Reavis, CEO and Founder. Illena shares her excitement for celebrating the 15th anniversary of the organization while highlighting the industry's shift towards cloud adoption and AI technology. She emphasizes the importance of maintaining security controls, especially in the context of regulatory compliance and cloud provider obligations. The conversation also touches on the rising trend of zero trust security frameworks and the global perspective on AI integration in cybersecurity practices.

Jim Reavis adds valuable insights into the intersection of AI and cloud security, highlighting the need for a holistic approach that combines human intelligence with AI capabilities. He emphasizes the role of security as a catalyst for innovation and business transformation, citing examples of innovative approaches taken by European banks. The discussion also covers thesignificance of shared responsibility in cybersecurity and the collaborative efforts required to address evolving threats.

The CSA AI Summit promises an engaging lineup of speakers, including industry leaders from Google, Microsoft, and Zscaler, who will shed light on key topics such as incident response, secure development, and business transformation. The full-day event, which kicks off the week at RSA Conference, aims to bring together a diverse audience, ranging from C-suite executives to developers and compliance professionals, fostering meaningful discussions and knowledge sharing. Attendees can expect thought-provoking sessions that explore the intersection of AI and cybersecurity, providing valuable insights for enhancing security practices in the digital age.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

CSA AI Summit at RSAC: https://www.rsaconference.com/library/presentation/usa/2024/csa%20ai%20summit%20at%20rsac

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Empowering Women in Cyber Security and The Spiritual Aspect Of Cybersecurity | An RSA Conference 2024 Conversation with Jessica A. Robinson and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

Mon, 13 May 2024 02:17:44 +0000

Guest: Jessica A. Robinson, Chair Emeritus, World Pulse [@WorldPulse]

On LinkedIn | https://www.linkedin.com/in/jessica-a-robinson-she-her-22740311/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

The Vision and Inception of PurePoint International

Jessica A. Robinson shared the inspiring story of how PurePoint International came to be - born out of a dream during a pilgrimage in India and Nepal. Her vision encompassed not only traditional cyber security but also holistic security, integrating psychological, emotional, and spiritual well-being into the security framework.

The Feminine Approach to Security

Central to PurePoint International's ethos is the feminine approach to security, focusing on collaboration, empathy, and inclusivity. Jessica emphasized the importance of balancing masculine and feminine values in the security space, acknowledging the unique perspectives and solutions that women bring to the table.

Spirituality and Ritual in Cyber Security

The conversation also focuses into the role of spirituality and ritual in cybersecurity. Jessica highlighted the significance of viewing work as a spiritual practice, incorporating rituals like meditation, intention setting, and energy release to maintain balance and well-being in high-stress environments.

Overcoming Burnout and Leading with Purpose

Burnout has become a prevalent issue in the cybersecurity industry, with professionals facing increasing pressure and expectations. Jessica emphasized the importance of self-care and leading with purpose, urging CISOs to prioritize their well-being to effectively lead their teams and organizations.

The Evolution of the CISO Role

The discussion also touched upon the evolving role of Chief Information Security Officers (CISOs) and the challenges they face in balancing technical expertise with strategic leadership. Jessica emphasized the need for broader organizational support and a shift in mindset to recognize the CISO as a critical business leader.

Looking Ahead: Empowering Women in Cyber Security

As more women enter the cybersecurity industry, there is a growing opportunity to bring diverse perspectives and solutions to the forefront. Jessica highlighted the importance of women stepping into leadership roles and driving change in the industry, emphasizing the need for support and recognition at all levels of the organization.

Jessica A. Robinson's insights shed light on the transformative power of a feminine approach to cybersecurity, the role of spirituality in well-being, and the challenges and opportunities facing CISOs in today's security landscape. As the industry continues to evolve, empowering women in cybersecurity is not just a necessity but a strategic advantage in creating a safer and more inclusive digital world.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Exploring the Future of Software Supply Chain Security | An RSA Conference 2024 Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

Sun, 12 May 2024 15:00:00 +0000

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

On Twitter | https://twitter.com/Cassie_Crossley

On Mastodon | https://mastodon.social/@Cassie_Crossley

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This discussion shed light on various aspects of cybersecurity, technology, and the evolving role of IT professionals in addressing the challenges of the digital age.

The conversation kicked off with Sean Martin providing a warm welcome to the audience as he introduced the topic of software supply chain security. Cassie Crossley shared insights from her extensive experience in cybersecurity at Schneider Electric, emphasizing the critical importance of safeguarding product security and supply chain integrity.

Embracing Innovation and Resilience in Cybersecurity

The discussion dive into the concept of resilience in cybersecurity and the need for proactive risk management strategies. Both speakers emphasized the importance of leveraging AI-driven decision-making processes to enhance efficiency and reduce false positives in security operations. They also highlighted the role of machine learning and behavior analytics in strengthening cybersecurity posture.

Bridging the Gap between IT and Business Objectives

Crossley and Martin discussed the evolving role of IT professionals in bridging the gap between technical cybersecurity measures and broader business objectives. They stressed the significance of aligning cybersecurity initiatives with the overall strategic goals of the organization and fostering communication between C-suite executives and security professionals.

Navigating the Complexities of Hardware Development and Cybersecurity

The conversation also touched upon the complexities of hardware development and the unique challenges faced in securing chipboards and other hardware components. Crossley highlighted the nuances of cybersecurity in defending against a myriad of potential threats and underscored the need for robust verification processes in hardware security.

Empowering Businesses with GRC Controls and Cybersecurity Best Practices

As the discussion progressed, Crossley shared practical insights from her book on software supply chain security, emphasizing the essential GRC controls and cybersecurity best practices that organizations can implement to enhance their security posture. She highlighted the need for startups and companies to prioritize cybersecurity measures despite budget constraints.

Concluding Thoughts and Looking Towards the Future

In wrapping up the conversation, both speakers expressed optimism about the future of software supply chain security and the potential for innovation in AI-driven cybersecurity technologies. They encouraged businesses to prioritize cybersecurity education, resilience planning, and proactive risk management to stay ahead of emerging threats.

The engaging discussion between Cassie Crossley and Sean Martin at RSA Conference 2024 provided valuable insights into the evolving landscape of software supply chain security and the key challenges facing cybersecurity professionals. As organizations navigate the complexities of the digital age, proactive cybersecurity measures and a strategic alignment with business objectives are essential for safeguarding critical assets and maintaining a strong security posture.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI BOMs, and other insights into the future of Cybersecurity and AI | An RSA Conference 2024 Conversation with Helen Oakley and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

Sun, 12 May 2024 02:59:36 +0000

Guest: Helen Oakley, Director of Secure Software Supply Chain and Secure Development, SAP

On LinkedIn | https://www.linkedin.com/in/helen-oakley/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

This year many conversation at RSA conference rotate around artificial intelligence. Yes, AI is becoming more prevalent and essential, even in cybersecurity. At ITSP Magazine's RSA 2024 coverage, Helen Oakley and Christina Stokes shed light on the critical role of AI BOMs in safeguarding our digital ecosystems.

The Introduction of Helen Oakley with SAP

Christina Stokes sits down with Helen Oakley, director of software supply chain security and secure development at SAP, to learn about her journey from software development to cybersecurity. Helen discusses the importance of securing software supply chains in a global context where attacks can have far-reaching implications.

Unpacking the Significance of Supply Chain Security

Helen elaborates on the evolving landscape of cybersecurity, emphasizing the increasing focus on supply chain security as a prime target for attackers. She highlights the vulnerabilities present in open source components and the imperative to instill transparency and automation in securing software development processes.

The Intersection of AI and Security

As the conversation steers towards AI being used as a weapon in supply chain attacks, Christina and Helen explore the concept of weaponizing tools and the proactive measures needed to mitigate AI-related security risks. They underscore the need for vigilance in understanding AI systems and guarding against malicious manipulation.

The Role of AI BOMs in Cybersecurity

Helen connects the dots between the workshop's focus on AI BOMs and the imperative for comprehensive transparency in AI systems. She elucidates how AI Bill of Materials (BOM) acts as a framework for understanding AI models, their development processes, and potential risks, allowing for effective risk assessment and response strategies.

The Evolution of AI and Its Industry Impact

Christina reflects on the rapid evolution of AI in shaping industries and the need for professionals to adapt to AI technologies. She envisions AI as a collaborative ally in enhancing security measures, emphasizing the pivotal role of humans in monitoring and optimizing AI systems for accuracy and reliability.

Exploring Hypothetical Scenarios of AI Apocalypse

In a thought-provoking discussion, Helen and Christina speculate on hypothetical scenarios where AI could potentially pose existential threats. They stress the importance of training AI models with precision to align with human values and prevent catastrophic consequences.

Resources and Community Engagement in AI Security

Helen encourages following her on LinkedIn for educational content and highlights the upcoming AIBOM forum by CISA government, inviting industry experts and enthusiasts to contribute to the dialogue.

As we navigate the complexities of cybersecurity and artificial intelligence, the insights shared by Helen Oakley and Christina Stokes illuminate the path towards a more secure and transparent digital future. From supply chain intricacies to the transformative potential of AI, the discourse echoes the need for collaboration and innovation in safeguarding our digital ecosystems.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bye Bye RSA Conference 2024: ITSPmagazine’s Goodbye to RSA Conference 2024 and Learn What Comes Next | An RSA Conference 2024 Conversation with Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

Sun, 12 May 2024 02:18:18 +0000

Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The recent RSA Conference 2024 held in San Francisco was not just an event; it was an immersive experience filled with insightful conversations, meaningful connections, and a deep dive into the ever-evolving landscape of cybersecurity. As the team from ITSPmagazine, including Marco Ciappelli, Christina Stokes, and Sean Martin, embarked on this enriching journey, they brought back a wealth of knowledge and stories to share.

Networking Highlights

The RSA Conference provided a platform for the ITSPmagazine team to engage with industry experts and thought leaders. Conversations ranged from AI ethics to cyber peace initiatives, highlighting the diverse perspectives shaping the cybersecurity domain. Key discussions with Justin Hutchins, Helen Oakley, and Adrian Ogee delved into crucial topics like the weaponization of AI and the importance of cybersecurity in non-profit organizations.

Broadcast Alley

One of the focal points of the conference was the vibrant atmosphere of Broadcast Alley, where innovative organizations showcased their groundbreaking work. ITSPmagazine's conversations with Level Blue, former AT&T Cyber Security, Coro, and SquareX shed light on the latest advancements in the field and emphasized the collaborative efforts driving cybersecurity solutions, amongst many other companies that shared their news with ITSPmagazine’s global audience.

Embracing Humanity in Technology

At the core of ITSPmagazine's mission lies a commitment to humanizing technology and fostering meaningful dialogues. The team's interactions with Larry Whiteside, Geoff White, and Steve Lucinski and many others in the industry underscored the significance of infusing humanity into the world of cybersecurity. These heartfelt exchanges transcended mere technicalities, moving into the ethical dimensions of technology and its impact on society.

Looking Ahead

As the RSA Conference drew to a close, the ITSPmagazine team reflected on the eventful week and expressed gratitude for the engaging discussions and camaraderie shared. With upcoming events like Infosecurity Europe and Black Hat USA on the horizon, there is a sense of anticipation for continued collaborations and insightful dialogues in the cybersecurity community.

The RSA Conference 2024 served as a catalyst for invigorating conversations, innovative ideas, and lasting connections within the cybersecurity sphere. ITSPmagazine's presence not only captured the essence of the event but also epitomized the spirit of meaningful engagement and thought leadership.

As we bid farewell to San Francisco and RSA Conference 2024, we eagerly await the next chapter of exploration, discovery, and humanity.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Unveiling the Future of Cybersecurity: A Deep Dive into the LevelBlue Futures Report | A Brand Story Conversation From RSA Conference 2024 | A LevelBlue Story with Theresa Lanowitz | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 10 May 2024 03:53:49 +0000

In a constantly changing cybersecurity landscape, staying ahead of the curve is not just a competitive advantage; it's a necessity. Recently, we had the privilege of diving into the insights of the LevelBlue Futures Report, a comprehensive annual thought leadership report that offers a glimpse into the future of cybersecurity and resilience. Join us as we unravel the key takeaways and implications of this groundbreaking report.

Exploring the Landscape

The LevelBlue Futures Report covers the core challenges and opportunities faced by organizations when it comes to cybersecurity and resilience. In a candid conversation between Theresa Lanowitz, Chief Evangelist of ATT Cybersecurity and Agent of LevelBlue, and Sean Martin, the stage is set for an enlightening discussion on the pressing issues at hand.

Key Insights and Findings: A Closer Look

As the conversation unfolds, we are introduced to critical findings from the report. From the changing role of the economic buyer to the imperative of aligning cybersecurity with business objectives, each insight sheds light on the evolving dynamics of the cybersecurity landscape.

Challenges and Barriers: Addressing the Reality

One of the stark revelations from the report is the prevailing challenges and barriers that hinder organizations from achieving cyber resilience. From the lack of a formalized incident response plan to the reactive nature of cybersecurity practices, the report highlights the urgent need for proactive and intentional cybersecurity measures.

Looking Toward the Future: A Call to Action

Despite the hurdles and complexities inherent in cybersecurity, the LevelBlue Futures Report serves as a guidance for organizations seeking to bolster their cybersecurity posture. By leveraging the insights and recommendations laid out in the report, organizations can embark on a journey towards enhanced cyber resilience and strategic alignment with business goals.

Empowering Change: The Role of Strategic Planning and Collaboration

A key theme that emerges from the report is the pivotal role of strategic planning and collaboration in driving cybersecurity innovation and resilience. By engaging third-party advisors, fostering cross-functional communication, and realigning cybersecurity investments with business objectives, organizations can pave the way for transformative change in their cybersecurity practices.

With the LevelBlue Futures Report one thing becomes abundantly clear: the future of cybersecurity lies in proactive, business-aligned strategies that prioritize resilience and innovation. By heeding the insights and recommendations put forth in the report, organizations can chart a course towards a more secure and resilient future.

In an era where cybersecurity threats loom large and innovations abound, armed with knowledge, foresight, and a commitment to change, organizations can forge a path towards a brighter, more secure tomorrow.

Learn more about LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

LevelBlue Futures Report: https://itspm.ag/att-cy8awv

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Digital Dawn: Cyber Security Policy in the Wake of Political Change | A Brand Story Conversation From RSA Conference 2024 | A NCC Group Story with Siân John | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Siân John) — Fri, 10 May 2024 01:39:47 +0000

This Brand Story Podcast comes to you from the RSA Conference Broadcast Alley and features an insightful discussion between Sean Martin, the host, and Siân John, the Chief Technology Officer at NCC Group. The conversation dives deep into the complex world of cybersecurity, shedding light on critical issues and trends impacting organizations globally. Siân John, in her role as the Chief Technology Officer at NCC Group, brings a wealth of experience and knowledge to the table. She discusses the challenges faced by organizations in the rapidly evolving cybersecurity landscape.

From insights to innovation, threat intelligence to research, her role encompasses a wide range of responsibilities aimed at enhancing cybersecurity capabilities. One of the key highlights of the episode is the discussion around the shift in regulatory dynamics driven by citizen advocacy. Siân John emphasizes how the push for regulations, especially in areas like online safety and data privacy, is now coming from the citizens themselves. This shift signifies a growing awareness and concern among the general public regarding cybersecurity issues.

The conversation also touches upon the importance of bridging the gap between business and cybersecurity. Sean Martin and Siân John discuss how organizations need to align their security strategies with business objectives to effectively manage cyber risks. By emphasizing the need for a business-driven approach to cybersecurity, they underscore the significance of integrating security into the fabric of the organization. Furthermore, the episode explores emerging technology trends that are reshaping the cybersecurity landscape. Siân John highlights the importance of consolidation, simplification, and automation in security operations.

The discussion underscores the need for organizations to adapt to new technologies while ensuring a streamlined and resilient cybersecurity posture. As the conversation unfolds, Sean Martin and Siân John stress the importance of strategic planning and gradual implementation in cybersecurity initiatives. They caution against hasty decisions driven by urgency, advocating for a methodical approach to security transformation. By drawing parallels with failed IT projects, they emphasize the need for careful planning and execution in cybersecurity endeavors.

Ultimately, the episode offers valuable insights into the evolving cybersecurity landscape and the role of key stakeholders in driving security transformation. Sean Martin and Siân John bring a wealth of knowledge and expertise to the table, offering practical advice and strategic guidance for organizations navigating the complex cybersecurity terrain.

To learn more about the latest cybersecurity trends and best practices, connect with Sean John and the team at NCC Group and explore the cutting-edge solutions they offer to enhance cybersecurity resilience and protect against evolving threats.

Learn more about NCC Group: https://itspm.ag/ncc-gr1ajh

Note: This story contains promotional content. Learn more.

Guest: Siân John, Chief Technology Officer, NCC Group

On LinkedIn | https://www.linkedin.com/in/sian-john/

Resources

Learn more and catch more stories from NCC Group: https://www.itspmagazine.com/directory/ncc-group

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Revolutionizing Cybersecurity for Small Businesses and Mid-Market Companies | A Brand Story Conversation From RSA Conference 2024 | A CORO Story with Dror Liwer | On Location Coverage with Sean Martin and Marco Ciappelli

Fri, 10 May 2024 00:50:30 +0000

In the fast-paced world of cybersecurity, staying ahead of threats and protecting sensitive data is a top priority for organizations of all sizes. However, small businesses and mid-market companies often face unique challenges when it comes to implementing comprehensive cybersecurity solutions due to limited resources and expertise. That's where Coro comes in, revolutionizing cybersecurity for smaller enterprises with its innovative approach.

Unveiling Coro: A Purpose-Built Platform

The conversation between Sean Martin, host of the Redefining Cybersecurity Podcast on ITSPmagazine, and Dror Liwer, sheds light on the groundbreaking solutions offered by Coro. Positioned as the first purpose-built platform for the mid-market and small businesses, Coro addresses the cybersecurity needs of organizations that are often overlooked by traditional enterprise-focused solutions.

Understanding the Threat Landscape

Dror Liwer highlights the evolving threat landscape faced by small businesses and mid-market companies. Attackers are increasingly targeting these organizations due to their vulnerabilities and limited protection measures. With Coro, businesses can gain comprehensive control and protection at an affordable cost, tailored to their specific needs.

Simplifying Cybersecurity Management

One of the key benefits of Coro is its simplicity and ease of use. Unlike traditional cybersecurity solutions that require extensive configuration and management, Coro streamlines the deployment process, allowing businesses to be up and running within an hour for all 14 modules. By consolidating protection measures into one platform, Coro eliminates the need for multiple endpoint agents and ensures seamless integration across different modules.

Peace of Mind and Assurance

Coro's approach to cybersecurity is not just about protection; it's about providing peace of mind to business owners and executives. Automatic updates, simplified dashboards, and detailed reports give stakeholders the confidence to know that their systems are secure and compliant. Additionally, Coro's emphasis on transparency and accountability positions businesses to easily obtain cyber insurance by demonstrating their commitment to cybersecurity best practices.

Affordable and Comprehensive Solutions

Coro offers five suites tailored to different business needs, including endpoint protection, email protection, network and access, essential suite, and core complete. With competitive pricing starting at $6 per user per month, businesses can access a wide range of cybersecurity features without breaking the bank. The core complete suite, priced at $15 per user per month, provides a comprehensive package of security measures that cover all bases.

The Future of Cybersecurity is Here

As the cybersecurity landscape continues to evolve, solutions like Coro are paving the way for smaller businesses to achieve robust protection without the complexities and high costs associated with traditional enterprise solutions. By empowering organizations to focus on their core operations and leaving the cybersecurity heavy lifting to Coro, businesses can embrace a future where cybersecurity is no longer a headache but a seamless part of their operations.

Coro's innovative approach to cybersecurity is setting a new standard for small businesses and mid-market companies. By providing affordable, comprehensive, and user-friendly solutions, Coro is ensuring that cybersecurity is no longer a luxury but a necessity for all organizations. Embrace the future of cybersecurity with Coro and protect your business from ever-evolving threats.

Learn more about CORO: https://itspm.ag/coronet-30de

Note: This story contains promotional content. Learn more.

Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]

On LinkedIn | https://www.linkedin.com/in/drorliwer/

Resources

Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Protecting the Vulnerable in Cyberspace: Unveiling The CyberPeace Institute's Mission | An RSA Conference 2024 Conversation with Adrien Ogee and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 9 May 2024 21:31:37 +0000

Guest: Adrien Ogee, Chief Operations Officer, CyberPeace Institute [@CyberpeaceInst]

On LinkedIn | https://www.linkedin.com/in/adrien-ogee/

____________________________

Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Episode Notes

A Glimpse into CyberPeace Institute

Christina welcomed Adrien, praising CyberPeace as an incredible organization with a vital mission. Adrien, an experienced cyber security professional, shared insights into his journey from working for governments to serving at the CyberPeace Institute. He emphasized the institute's focus on protecting the most vulnerable individuals globally and collaborating with governments to enhance cyber stability.

Advocacy and Protective Measures

Adrien elaborated on CyberPeace's advocacy efforts at international forums like the United Nations, highlighting the evidence-based approach to raise awareness among policymakers. With a network of 300 nonprofits, CyberPeace engages volunteers to assist vulnerable organizations in enhancing their cybersecurity posture. The institute's initiatives range from phishing simulations to incident response planning, aiming to protect those at risk in cyberspace.

Addressing Nonprofit Challenges

In response to Christina's inquiry about challenges faced by nonprofits, Adrien outlined three main threats—data breaches, financial attacks, and operational disruptions. He underscored the escalating ransomware trend and the dire consequences faced by organizations lacking robust defense mechanisms. CyberPeace's role in assisting nonprofits with cybersecurity measures underscores the institute's commitment to mitigating cyber risks for vulnerable communities.

Global Impact and Future Endeavors

The conversation moved into the global landscape of cybercrime, emphasizing the universal nature of threats while acknowledging regional nuances. Adrien highlighted the rise of ransomware as a pervasive concern and imparted insights on CyberPeace's collaborations with international partners to extend support to a broader array of nonprofits worldwide. The institute's focus on granular impact assessment aims to drive meaningful change at governmental and societal levels.

Call to Action: Join the CyberPeace Movement

As the discussion concluded, Christina underscored the critical need for collective action in combating cyber threats. Adrien stressed the importance of engaging with CyberPeace and the broader cybersecurity community to contribute skills, resources, and time towards protecting vulnerable populations. The call to action resonated with the essence of CyberPeace's mission—unity in defending against digital harm and promoting a safer online environment for all.

This conversation between Christina and Adrien at RSA 2024 highlight the role of organizations like CyberPeace Institute in fortifying cyber resilience and ensuring the safety of marginalized communities in the digital sphere.

In a world where cyber threats loom large, CyberPeace Institute's unwavering commitment to safeguarding the most vulnerable individuals underscores the transformative power of collective action in fostering a secure and inclusive digital ecosystem. Join the movement, stand united with CyberPeace, and together, let's pave the way towards a safer cyberspace for all.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

CyberPeace Institute: https://cyberpeaceinstitute.org/

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Power of Authentic Connections | An RSA Conference 2024 Conversation with Larry Whiteside Jr. | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 9 May 2024 19:35:52 +0000

Guest: Larry Whiteside Jr., Chief Information Security Officer, RegScale [@RegScale]

On LinkedIn | https://www.linkedin.com/in/larrywhitesidejr/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

A Deeper Meaning Beyond Technology

As Sean and Larry delved into their conversation, it became evident that the heart of their discourse was not solely centered around technology but rather on the individuals who drive the industry forward. Larry emphasized that at the core of cybersecurity endeavors are people—people who work tirelessly to protect businesses, societies, and the world at large. Their candid discussion shed light on the essential role of genuine care and mindfulness towards individuals in a tech-driven world.

Mindfulness and Authenticity in Cybersecurity

Larry’s poignant reflections on mindfulness resonated deeply, highlighting the importance of recognizing individuals as whole entities beyond their professional roles. In a fast-paced industry prone to burnout, his emphasis on genuine care for others and maintaining integrity stood out as a beacon of light. The power of authentic connections and the impact of positive actions rippled through Larry’s words, reminding us all of the profound influence we hold in each other's lives.

The Origin of 'Food for Thought'

Larry shared insights into his 'Food for Thought' series, revealing the inspiration behind bringing together a global community of brilliant minds to ponder on intriguing questions. His journey of seeking answers from others, fostering meaningful discussions, and sharing wisdom encapsulates the essence of collaboration and collective growth within the cybersecurity realm. Through his thoughtful videos, Larry extends an invitation to engage in deeper contemplation and exchange of ideas within the community.

Embracing the Power of Connection

As the conversation between Sean and Larry unfolded, it became evident that at the core of cybersecurity lies the profound impact of genuine connections. Beyond the technical intricacies and threat landscapes, it is the human touch, the empathetic gestures, and the authentic interactions that truly define the essence of cybersecurity efforts.

In a world that often prioritizes productivity over empathy, Larry Whiteside Jr.'s message serves as a poignant reminder of the transformative power of authenticity and mindfulness in forging meaningful relationships and creating a positive impact within the cybersecurity community.

This episode show is an honest heartfelt conversation between Sean Martin and Larry Whiteside Jr., offering a glimpse into the profound significance of authentic connections and genuine care within the cybersecurity landscape.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Book: Rinsed | Unveiling the Intersection of Cybercrime and Money Laundering | An RSA Conference 2024 Conversation with Author and Investigative Journalist Geoff White | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 9 May 2024 18:17:44 +0000

Guest: Geoff White, Author, Investigative Journalist

On LinkedIn | https://www.linkedin.com/in/geoffwhitetech/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location, Marco Ciappelli and Geoff White dive into a fascinating conversation about the intricate world of cybercrime, investigative journalism, and the dark realms of money laundering. The duo explored the symbiotic relationship between technology, organized crime, and the evolving landscape of digital currencies like Bitcoin and NFTs.

From billion-dollar cyber heists to global money laundering rings and crypto-gangsters – Geoff White has covered it all. As an author, speaker, investigative journalist and podcast creator, his work’s been featured by Penguin, the BBC, Audible, Sky News, The Sunday Times and many more.

His new book for Penguin, Rinsed, reveals how technology has revolutionized money laundering, from drug cartels washing their cash in Bitcoin to organized fraud gangs recruiting money mules on social media.

His first book, Crime Dot Com, covered cybercrime’s emergence as a primal threat to modern society and was published in August 2020 by Reaktion Books. One of the key chapters detailed North Korea’s unlikely emergence as a cyber superpower. It was adapted by the BBC World Service into the hit 10-part podcast series The Lazarus Heist, co-created and co-hosted by Geoff, which immediately ranked number one in the UK Apple chart and within the top 7 in the US.

Marco Ciappelli invited Geoff White to join him on Broadcast Alley at RSA Conference 2024 to unravel the complex web of interconnected crimes and technologies shaping our modern world. Geoff shared insights from his extensive research and experience, shedding light on the hidden layers of organized crime and technological advancements.

From Investigative Journalism to Podcasting

Geoff White discussed his journey from covering technology stories for Channel 4 News to delving deep into cybercrime, highlighting how stories of North Korean hacking and money laundering captured his attention. His work on "The Lazarus Heist" podcast and the subsequent book delves into the astonishing world of cybercrime, where trust between criminals and innovative tactics play a pivotal role.

Unraveling the Mysteries of Money Laundering

In their conversation, Geoff White elaborated on the processes of money laundering, emphasizing the three crucial steps - placement, layering, and integration. He explained how technology has revolutionized the ways in which criminals launder money, leveraging crypto assets like Bitcoin while evading traditional detection methods.

The Rise of Cybercrime and AI

Geoff White addressed the adversarial battle between cybercriminals and security professionals, pointing out the attacker's advantage in exploiting vulnerabilities rather than developing advanced weaponry. He discussed the role of artificial intelligence in spotting suspicious transactions and the cat-and-mouse game between criminals and law enforcement agencies.

A Thought-Provoking Discussion on Ethical Dilemmas

As the conversation turned philosophical, Marco Ciappelli and Geoff White pondered the ethical implications of cybercrime and money laundering in modern society. They touched upon the coexistence of good and evil forces, the necessity of crime prevention, and the ongoing battle between innovation and criminal tactics.

Audience Engagement and Impact

Geoff White highlighted the diverse target audience for his work, encompassing cybersecurity professionals, financial crime experts, and cryptocurrency enthusiasts. By crafting engaging narratives and insightful analyses, Geoff aims to make complex topics like money laundering accessible to a broad readership, inviting them to delve into the dark corners of financial crime.

This dialogue between Marco Ciappelli and Geoff White serves as a poignant reminder of the intricate connections between technology, crime, and societal structures. By bringing these complex topics to light through compelling storytelling and in-depth research, they invite audiences to explore the hidden layers of cybercrime and money laundering, prompting critical reflections on the ethical and practical implications of these phenomena.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

About the Book

Rinsed reveals how organized crooks have joined forces with the world’s most sophisticated cybercriminals. The result: a vast virtual money-laundering machine too intelligent for most authorities to crack. Through a series of jaw-dropping cases and interviews with insiders at all levels of the system, Geoff White shows how thieves are uniting to successfully get away with the most atrocious crimes on an unprecedented scale.

The book follows money from the outrageous luxury of Dubai hotels to sleepy backwaters of coastal Ireland, from the backstreets of Nigeria to the secretive zones of North Korea, to investigate this new cyber supercartel. Through first-hand accounts from the victims of their devastating crimes, White uncovers the extraordinary true story of hi-tech laundering – and exposes its terrible human cost.

'Rinsed is as twisty, colourful and terrifyingly eye-opening as the people White investigates. You’ll never look at wealth, technology and crime in the same way’

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks (Book): https://www.amazon.co.uk/dp/0241624835

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Passion and Purpose Behind the Aerospace Village | A Broadcast Alley Conversation at RSA Conference 2024 with Steve Luczynski | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 9 May 2024 16:02:07 +0000

Guest: Steve Luczynski, Chairman of the Board for the Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/steveluczynski/

On Twitter | https://twitter.com/cyberpilot22

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In a recent conversation between Steve Luczynski and Marco Ciappelli, the essence of the Aerospace Village came to life as they shared their experiences, vision, and passion for cybersecurity in the aviation and space industry.

A Meeting of Minds and Hearts

The conversation between Steve and Marco at Broadcast Alley, during RSA Conference 2024, revealed a deep connection between ITSPmagazine and the mission and vision of the Aerospace Village. Steve's military pilot background and transition into cybersecurity, combined with Marco's genuine curiosity and enthusiasm, set the stage for a rich discussion on the importance of bridging the gap between different sectors and inspiring the next generation of cybersecurity leaders.

The Heartbeat of the Aerospace Village

Steve and Marco's conversation highlighted the core values of the Aerospace Village—building relationships, fostering collaboration between government, private sector, academia, and students, and showcasing the cutting-edge work in aviation cybersecurity. The volunteer-driven effort emphasizes the power of collective intelligence and the impact of sharing knowledge and expertise in a transparent and open manner.

Nurturing Innovation and Education

The Aerospace Village's focus on STEM programs, outreach to schools, and engaging with the broader community demonstrates a commitment to nurturing innovation and education in cybersecurity. By bringing real-world scenarios, like flight simulator vulnerabilities and supply chain risks, to life, the Aerospace Village creates a dynamic learning environment that inspires participants to think critically and creatively about cybersecurity challenges.

Looking Towards the Future

Steve's wishlist of three key aspirations for the Aerospace Village—seeking more help and talent, expanding educational initiatives, and fostering partnerships for secure innovation—reveals a vision rooted in collaboration and growth. The idea of bringing in aviation and space equipment for demonstrations not only ignites curiosity but also showcases the practical applications of cybersecurity in high-stakes environments.

A Call to Action

As a reader, you are invited to join the Aerospace Village in their mission to push the boundaries of cybersecurity in aviation and space. Whether through volunteering your time, sharing your skills, or contributing to their initiatives, you can play a vital role in shaping the future of cybersecurity and inspiring the next generation of cybersecurity professionals.

The Aerospace Village at the RSA Conference represent innovation, education, and collaboration in the realm of aviation and space cybersecurity. Through the dedication and passion of volunteers like Steve and Marco, the Aerospace Village continues to pave the way for a more secure and interconnected future in the aerospace industry.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Art of Possible In the World of Enterprise Storage Solutions | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From RSA Conference 2024 | A Infinidat Story with Bill Basinas

Thu, 9 May 2024 02:14:22 +0000

7 Minutes Conversation at RSA Conference

As the Senior Director of Product Marketing, Bill Basinas brings a wealth of experience and knowledge as he sits down with Sean Martin for a new episode of "7 Minutes on ITSP Magazine" live from the RSA Conference. Bill shared insights into how Infinidat is redefining the landscape of storage solutions.

Bridging the Gap with InfiniSafe Technology

Bill's discussion shed light on how Infinidat's InfiniSafe technology is leading the industry in cyber resilience and data protection. In a world where cyber attacks are becoming increasingly prevalent, organizations need robust solutions to safeguard their critical data assets. Infinidat's platform not only ensures uninterrupted operations but also builds a bridge between cyber security measures and data storage.

Meeting the Evolving Needs of Customers

In the conversation, Bill highlighted how customers are constantly evolving, moving towards cloud-based solutions, and generating vast amounts of data. In response to these changing dynamics, Infinidat is continuously adapting its strategies to meet the evolving needs of its clientele.

Looking Towards the Future

As the discussion continues, Bill teased upcoming developments at Infinidat, hinting at new announcements that will further revolutionize the industry. With a focus on orchestrating end-to-end data protection and recovery processes, Infinidat is set to unveil groundbreaking solutions that will redefine data security.

Connecting with Infinidat

For those intrigued by Infinidat's cutting-edge technology and commitment to cyber resilience, Bill shared insights on how to connect with the company. Through webinars, live demos, and product demonstrations, individuals can delve deeper into the world of Infinidat and explore the innovative solutions they offer.

This conversation with Bill Basinas provided a fascinating glimpse into the world of enterprise storage solutions and cyber resilience. Infinidat's dedication to pushing boundaries and delivering unmatched customer experiences sets them apart in a competitive industry.

Stay tuned for more updates from Infinidat as they continue to lead the way in secure data storage and cyber resilience.

Learn more about Infinidat: https://itspm.ag/infini3o5d

Note: This story contains promotional content. Learn more.

Guest: Bill Basinas, Sr. Director Product Marketing, Infinidat [@Infinidat]

On LinkedIn | https://www.linkedin.com/in/billbasinas/

Resources

Learn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidat

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Revolutionizing Network Security: How to Strategize the relationship between IT and OT | A Brand Story Conversation From RSA Conference 2024 | A Dispersive Story with Rajiv Pimplaskar | On Location Coverage with Sean Martin and Marco Ciappelli

Thu, 9 May 2024 01:13:45 +0000

One company at the forefront of redefining IT security is Dispersive, led by the visionary CEO, Rajiv Pimplaskar. In a recent discussion with Sean Martin of ITSP Magazine at the RSA Conference, Rajiv shared insights into Dispersive's cutting-edge approach to network security and how they are revolutionizing the industry.

Unveiling Dispersive's Stealth Networking

At the heart of Dispersive's network security strategy lies the concept of Dispersive Stealth Networking. Rajiv Pimplaskar, with over 25 years of experience in the industry, revealed that Dispersive is a DARPA-incubated network security company with 53 patents granted. Their approach leverages spread spectrum technology from the radio frequency domain to secure cloud and internet communications effectively. By enabling customers to hide in plain sight while ensuring the integrity of their critical systems, Dispersive offers a unique solution in the cybersecurity landscape.

The Evolution of Network Security

Rajiv emphasized the shift from legacy SD WAN solutions to a more cloud-native approach, highlighting the challenges faced by businesses in ensuring security and privacy in today's distributed workforce model. The conversation with Sean shed light on the need for a more resilient and efficient networking infrastructure that can adapt to the evolving demands of modern businesses.

Use Cases and Success Stories

Through real-world examples with customers like Ovzon and Endeavour Energy, Rajiv illustrated how Dispersive's solutions are driving transformation in sectors such as satellite communications and sustainable infrastructure. By providing secure and efficient network connectivity across geographically dispersed assets, Dispersive is empowering organizations to meet the demands of the digital age without compromising on security.

Looking Towards the Future

As the conversation delved deeper into the intricacies of network security, Rajiv expressed optimism for the future of cybersecurity. Embracing principles like zero trust and automated moving target defense, Dispersive aims to stay ahead of the curve in protecting critical assets and resources from evolving cyber threats.

In a rapidly changing digital landscape where cybersecurity is non-negotiable, companies like Dispersive and leaders like Rajiv Pimplaskar are paving the way for a more secure and resilient network infrastructure. By combining innovative technology with a collaborative approach, Dispersive is redefining the art of network security in the digital age.

With Dispersive's disruptive approach to stealth networking, businesses can navigate the digital landscape with confidence, knowing that their critical systems are protected and secure.

Learn more about Dispersive: https://itspm.ag/dispermlwt

Note: This story contains promotional content. Learn more.

Guest: Rajiv Pimplaskar, President & CEO, Dispersive

On LinkedIn | https://www.linkedin.com/in/rajiv1p/

Resources

Learn more and catch more stories from Dispersive: https://www.itspmagazine.com/directory/dispersive

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Is there a Frankenstein's Industry Monster lurking in the shadow at RSAC 2024? | Cybersecurity Chronicles from Broadcast Alley with Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 22:21:19 +0000

Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes

On LinkedIn | https://www.linkedin.com/in/xTinaStokes/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The Evolution of Cybersecurity

The dialogue initiated by Sean, Christina, and Marco shed light on how cybersecurity has matured over the years. From the early days of hacking as a hobby to the current focus on ethical practices, the panelists emphasized the importance of adapting to the changing technological landscape. They discussed how regulations, policies, and laws have played a crucial role in shaping the cybersecurity industry, emphasizing the need for responsible use of technology to prevent it from becoming a monster.

AI and Its Implications

The conversation also touched upon the growing role of Artificial Intelligence (AI) in cybersecurity. While AI has brought about advancements in threat detection and response, there are concerns about privacy and data protection. The panelists emphasized the importance of using AI ethically and responsibly to avoid potential risks associated with its misuse.

Supply Chain Vulnerabilities

A significant portion of the discussion revolved around supply chain vulnerabilities and the interconnected nature of global industries. The experts highlighted the importance of understanding and securing supply chains, particularly in the context of operational technology and manufacturing processes. They stressed the need for resilience and innovation to address evolving cybersecurity threats.

The Human Element in Cybersecurity

Throughout the conversation, the experts reiterated the significance of human connections and collaborations in the cybersecurity domain. They emphasized the need for organizations to invest in education, training, and building strong relationships within the industry to combat cyber threats effectively. The dialogue underscored the essential role of people in securing digital ecosystems and fostering a culture of cybersecurity awareness.

Looking Towards the Future

As the discussion came to a close, Sean, Christina, and Marco expressed optimism about the future of cybersecurity. They discussed upcoming trends such as Generative AI, AI Bill of Materials, and the continued focus on governance, data security, and AI ethics. The experts highlighted the importance of ongoing conversations, collaborations, and innovation in driving the industry forward.

This insightful chat at RSAC 2024 offered valuable perspectives on the current challenges and opportunities in cybersecurity. The experts' nuanced discussions about AI, supply chain vulnerabilities, and human-centric cybersecurity shed light on the complex nature of the digital threat landscape. As we navigate the evolving cybersecurity landscape, collaboration, innovation, and a shared commitment to ethical practices will be key to ensuring a secure digital future.

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J

Be sure to share and subscribe!

____________________________

Resources

Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Empowering Businesses Through IT and Security Transformation | A Brand Story Conversation From RSA Conference 2024 | An Open Systems Story with Tim Roddy | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Tim Roddy) — Wed, 8 May 2024 21:51:56 +0000

In a world where businesses are constantly evolving and facing new challenges in cybersecurity and IT infrastructure, the importance of collaboration between IT and security teams has never been more critical. At the recent RSA Conference, Sean Martin had the opportunity to sit down with Tim Roddy from Open Systems to talk about the topics of business transformation, IT security, and the necessity of aligning IT and security initiatives for a more secure and efficient operation.

Business and IT Transformation in the Digital Age

The conversation kicked off discussing the challenges that businesses face in a rapidly changing digital landscape. Tim highlighted the need for businesses to adapt to transformations driven by factors like remote work, cloud migrations, and evolving business requirements. With threats constantly looming, the alignment of business processes, IT functions, and security measures becomes paramount to staying ahead of the curve.

Zero Trust Network Access (ZTNA) - A Game-Changer in Connectivity and Security

One of the key topics discussed was the concept of Zero Trust Network Access (ZTNA) and its impact on network security. Tim shed light on the importance of implementing ZTNA to ensure secure and controlled access to critical applications and data. By deploying ZTNA, organizations can limit access to authorized personnel only, thereby reducing the risk of unauthorized access and potential data breaches.

Bridging the Gap Between IT and Security Teams

Tim emphasized the need for organizations to bridge the gap between IT and security teams, especially in smaller enterprises where resources are limited. By offering managed services like SASE (Secure Access Service Edge), Open Systems enables organizations to focus on core business activities while ensuring that IT and security functions are efficiently managed and monitored.

Real-World Use Cases and Success Stories

Throughout the conversation, Tim shared insightful examples of how Open Systems has helped businesses, particularly in the manufacturing sector, enhance their security posture and IT infrastructure. From implementing ZTNA for secure access to critical equipment to transitioning from MPLS to SD WAN for cost efficiency and flexibility, Open Systems has been instrumental in driving IT and security transformations for organizations of all sizes.

Looking Towards a Secure Future

As businesses continue to navigate the complexities of modern cybersecurity challenges, the role of providers like Open Systems in guiding organizations towards a more secure and efficient future becomes increasingly significant. By offering tailored solutions, expert guidance, and proactive monitoring, Open Systems stands as a valuable partner in the journey towards robust IT and security operations.

This conversation with Tim Roddy from Open Systems highlighted the critical need for businesses to prioritize IT and security transformation in today's digital landscape. By embracing collaboration, deploying innovative solutions like ZTNA, and relying on trusted partners for managed services, organizations can navigate the complexities of cybersecurity with confidence and efficiency.

Reach out to Open Systems to learn more about their comprehensive IT and security solutions and embark on a transformative journey towards a more secure and resilient business infrastructure.

Learn more about Open Systems: https://itspm.ag/opensystems-d11

Note: This story contains promotional content. Learn more.

Guest: Tim Roddy, Vice President Marketing, Open Systems [@RealOpenSystems]

On LinkedIn | https://www.linkedin.com/in/troddy/

Resources

Learn more and catch more stories from Open Systems: https://www.itspmagazine.com/directory/open-systems

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Embracing Zero Trust: A Conversation with Object First and Numberline Security | A Brand Story Conversation From RSA Conference 2024 | An Object First Story with Anthony Cusimano and Jason Garbis | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 20:59:37 +0000

Throughout the cybersecurity planet, one term that continues to resonate and shape organizations' security strategies is Zero Trust. At the recent RSA Conference, Sean Martin had the opportunity to sit down with Anthony Cusimano from Object First and Jason Garbis from Numberline Security to talk about Zero Trust and its implications for data security and resilience.

Understanding Zero Trust

Zero Trust is more than just a buzzword; it represents a fundamental shift in how organizations approach security. Anthony and Jason emphasized that Zero Trust is not a one-size-fits-all solution but a strategy that requires a shift in mindset and collaboration across various teams within an organization.

The Role of Data Security in Zero Trust

Data security and resilience play a crucial role in the Zero Trust framework. Jason highlighted the importance of applying Zero Trust principles to backup and recovery processes to ensure the protection and availability of critical data, especially in the face of evolving threats like ransomware.

The Intersection of IT and Security

As organizations navigate the implementation of Zero Trust, the conversation touched on how the boundaries between IT and security are becoming increasingly blurred. The shared responsibility model extends beyond technical aspects to involve finance, operations, and every individual within the organization.

Empowering Organizations with Zero Trust

Both Object First and Numberline Security are at the forefront of helping organizations navigate their Zero Trust journey. Object First's Ootbi product focuses on out-of-the-box immutability to secure backup data effectively, while Numberline Security provides guidance on Zero Trust strategy and readiness assessments.

Taking the First Steps Towards Zero Trust

Starting the Zero Trust journey does not require perfection from the get-go. Jason stressed the importance of focusing on foundational security measures before moving into more complex aspects of Zero Trust, emphasizing the need for a methodical and incremental approach.

Final Thoughts

Embracing Zero Trust is not just about adopting a new security paradigm but about fostering a culture of continuous improvement and security resilience across all facets of an organization. As Anthony and Jason aptly put it, leadership can emerge from any part of the organization, driving the transformation towards a Zero Trust mindset.

In conclusion, the conversation with Object First and Numberline Security sheds light on the multifaceted nature of Zero Trust and underscores the importance of collaboration, resilience, and proactive security measures in today's threat landscape. Embracing Zero Trust is not a choice; it's a necessity in safeguarding the most valuable asset organizations possess—their data.

Stay tuned for more insights and resources from Object First and Numberline Security as they continue to pave the way for organizations embarking on their Zero Trust journey.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guests:

Anthony Cusimano, Director of Technical Marketing, Object First [@object_first]

On LinkedIn | https://www.linkedin.com/in/anthonycusimano89/

Jason Garbis, Founder and CEO, Numberline Security

On LinkedIn | https://www.linkedin.com/in/jasongarbis/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Shaking Up the Security Information and Event Management Market | A Brand Story Conversation From RSA Conference 2024 | An Abstract Security Story with Colby DeRodeff | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 19:52:39 +0000

In the bustling atmosphere of the RSA Conference, a conversation unfolded that shed light on the evolution of cybersecurity and the innovative solutions paving the way for a more efficient and effective approach to data management. Colby DeRodeff, the CEO and co-founder of Abstract Security, shared insights into the journey that led to the creation of a groundbreaking platform designed to transform the way organizations tackle data collection, analysis, and threat detection.

A Walk Down Memory Lane

The dialogue between Colby DeRodeff and Sean Martin at the RSA Conference delved into the history of cybersecurity, reflecting on the shifts from perimeter security to compliance-driven approaches and the emergence of new technologies like XDR. This introspective look highlighted the need for a paradigm shift in cybersecurity strategies to keep pace with the rapidly evolving threat landscape.

Challenges in Traditional Approaches

One of the key challenges discussed was the inefficiency of traditional SIEM solutions, which often resulted in data overload, lack of actionable insights, and hefty costs associated with data storage. Colby emphasized the importance of focusing on outcome-driven data collection and detection scenarios rather than accumulating vast amounts of data with limited value.

The Birth of Abstract Security

The catalyst for Abstract Security stemmed from Colby's experiences in previous companies, where the disconnect between data collection and effective threat detection became glaringly apparent. This realization led to the inception of a platform that prioritizes data relevance, streamlining the process of identifying and responding to security threats efficiently.

Abstract Security's Unique Approach

Abstract Security's modular platform offers a refreshing take on cybersecurity data management, with a focus on tailored data collection, analytics, and storage solutions. By enabling organizations to align data sources with specific detection outcomes, Abstract Security empowers teams to make informed decisions and optimize their cybersecurity strategies.

Seamless Integration with Existing Tech Stack

One of the standout features of Abstract Security is its seamless integration capabilities with existing tech stacks. The platform can complement and enhance current security infrastructure without the need for rip-and-replace, offering a smooth transition towards more effective threat detection and response mechanisms.

Looking Towards the Future

As organizations navigate the complexities of cloud environments and evolving cybersecurity challenges, Abstract Security stands out with fresh innovative ideas and practicality. By reimagining the data management process and emphasizing outcome-driven approaches, Abstract Security is poised to shape the future of cybersecurity operations.

Conclusion

The conversation between Colby DeRodeff and Sean Martin at the RSA Conference not only highlighted the pivotal role of Abstract Security in revolutionizing cybersecurity data management but also underscored the importance of reevaluating traditional approaches in the face of modern threats. With Abstract Security leading the charge towards a more efficient and proactive cybersecurity landscape, organizations have the opportunity to elevate their security posture and stay ahead of emerging cyber risks.

Learn more about Abstract Security: https://itspm.ag/abstractsec-zao

Note: This story contains promotional content. Learn more.

Guest: Colby DeRodeff, CEO and Co-Founder, Abstract Security [@get_abstracted]

On LinkedIn | https://www.linkedin.com/in/colbyderodeff/

Resources

Learn more and catch more stories from Abstract Security: https://www.itspmagazine.com/directory/abstract-security

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Data to Defense. Behind the Scenes of the DirectDefense's Threat Report Insights | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Jim Broome | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 19:14:11 +0000

In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.

Uncovering Threat Intelligence Trends

The dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.

From Penetration Testing to Managed Services: DirectDefense's Evolution

Jim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.

The Impact of Threat Actor Behavior on Security Posture

Through real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.

Collaboration and Customized Solutions

Jim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.

Empowering Organizations with Actionable Insights

The blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.

Looking Towards the Future of Cybersecurity

As cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.

The Essence of Collaboration and Expert Guidance

DirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.

DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.

Learn more about DirectDefense: https://itspm.ag/directdef-gs7

Note: This story contains promotional content. Learn more.

Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]

On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/

Resources

Learn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefense

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Presenting The Superhero Product for Browser Security at RSA Conference | A Brand Story Conversation From RSA Conference 2024 | A SquareX Story with Vivek Ramachandran | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 18:37:24 +0000

As we journey through the ever-evolving landscape of enterprise and individual cybersecurity, it is clear for organizations that is it essential to stay one step ahead of malicious actors looking to exploit vulnerabilities. One such innovative solution, SquareX, has emerged as a superhero product in the market of browser security, providing a dynamic shield against sophisticated cyber threats.

At the recent RSA Conference, the founder and cybersecurity veteran, Vivek Ramachandran, shed light on the mission behind SquareX - to empower enterprises and individuals to be fearless online. The conversation with Sean Martin focuses onto the crucial role of browsers in modern-day cyberattacks and highlighted the challenges organizations face in securing this often overlooked aspect of their IT infrastructure.

Unveiling the Blind Spot in Browser Security

The dialogue between Sean and Vivek underscored the significance of addressing the blind spot that browsers present in the cybersecurity posture of organizations. While traditional security measures such as firewalls and web gateways play a vital role, they often fall short in detecting and mitigating threats originating from the browser.

The Power of Managed Browsers and Browser Extensions

Vivek emphasized the importance of deploying managed browsers as a foundational step towards enhancing visibility and control over browser-based threats. SquareX's browser extension acts as a vigilant guardian, monitoring every tab and window for anomalous activities and potential security risks.

Real-World Impact: Stories from the Field

Vivek shared compelling anecdotes of how SquareX has made a tangible difference in fortifying organizations against cyber threats. From preventing data leakage through unauthorized file uploads to thwarting sophisticated social engineering attacks via malicious documents, SquareX proved its effectiveness in identifying and neutralizing threats that evaded traditional security measures.

Elevating Browser Security with Cutting-Edge Technology

SquareX's innovative approach to browser security leverages AI vision and in-browser macro analysis to detect and block malicious activities in real-time. By providing detailed visibility into browser-based threats and streamlining post-incident forensics, SquareX equips organizations with the tools needed to proactively defend against evolving cyber threats.

The Path to Enhanced Cyber Resilience

In conclusion, the discussion between Sean Martin and Vivek Ramachandran encapsulates the essence of proactive cybersecurity measures in today's threat landscape. By embracing solutions like SquareX and prioritizing browser security, organizations can bolster their cyber resilience and safeguard their digital assets against sophisticated adversaries.

As we navigate the digital frontier, the importance of browser security cannot be overstated. With SquareX leading the charge as a superhero product of cybersecurity, organizations can embark on a journey towards a more secure and resilient future online.

Cheers to the new hero!

Learn more about SquareX: https://itspm.ag/sqrx-l91

Note: This story contains promotional content. Learn more.

Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]

On LinkedIn | https://www.linkedin.com/in/vivekramachandran/

Resources

Learn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarex

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Navigating the Future of AI Governance with LogicGate | A Brand Story Conversation From RSA Conference 2024 | A LogicGate Story with Matt Kunkel and Nick Kathmann | On Location Coverage with Sean Martin and Marco Ciappelli

Wed, 8 May 2024 00:59:04 +0000

The RSA Conference in San Francisco is renowned for being a hub of cutting-edge discussions around everything related to cybersecurity, and this year, one of the spotlight was on and AI governance. In this conversation featuring industry experts from LogicGate, the focus was on unraveling the challenges organizations face in adapting to the rapidly evolving landscape of AI implementation.

Unveiling the Experts

Moderated by Sean Martin, the discussion kicked off with a warm welcome to the LogicGate team, setting the stage for a deep dive into the complexity of AI governance. Matt Kunkel, the CEO of LogicGate, shared insights from his extensive consulting background in building GRC solutions for a diverse range of organizations. His vast experience culminated in the creation of the Risk Cloud Platform, a versatile tool that aids organizations in automating risk management processes tailored to their specific needs.

The CISO Perspective

Nick Kathmann, the Chief Information Security Officer at LogicGate, brought to the table over two decades of experience in cybersecurity. His journey through managing security compliance for major players like Virtustream and RSA highlighted the intricate web of challenges posed by evolving technologies like AI. Nick emphasized the critical importance of aligning internal governance with external regulations to ensure a robust security posture.

Demystifying AI Governance

As the conversation continues Sean Martin steered the discussion towards demystifying AI governance and its impact on organizational frameworks. The panel shed light on the dual challenges organizations face – the risk of embracing AI too recklessly and stifling innovation versus the risk of over-regulating and impeding progress. The consensus was clear – a balanced approach that marries speed and security is imperative for a successful AI governance strategy.

The LogicGate Solution

Matt and Nick unraveled the intricacies of the AI governance solution developed by LogicGate, designed to provide organizations with a holistic framework for managing AI risks. By integrating AI governance with existing risk management protocols, LogicGate’s platform offers a transformative approach that streamlines processes, enhances visibility, and ensures compliance with emerging standards.

Looking Towards the Future

The conversation concluded with a forward-looking approach, underscoring the rapidly evolving nature of AI technologies and the indispensable need for agile governance frameworks. The consensus was that staying ahead of the curve demands continuous assessment, adaptation, and alignment of AI governance with overarching business objectives.

In Closing

This episode of On Location Coverage at the RSA Conference 2024 offered a glimpse into the complexities and opportunities that AI governance presents for organizations worldwide. With LogicGate leading the charge in innovative solutions, the future of AI governance looks promising, anchored in a foundation of collaboration, foresight, and strategic alignment.

As organizations navigate the uncharted waters of AI implementation, partnering with pioneers like LogicGate is poised to be the key to unlocking the full potential of this transformative technology. Stay tuned for more insights and developments on AI governance as we journey towards a future powered by innovation and resilience.

Learn more about LogicGate: https://itspm.ag/logicgate-92d6bc

Note: This story contains promotional content. Learn more.

Guests:

Matt Kunkel, CEO at LogicGate [@LogicGate]

On LinkedIn | https://www.linkedin.com/in/matt-kunkel-91056143/

Nick Kathmann, Chief Information Security Officer at LogicGate [@LogicGate]

On LinkedIn | https://www.linkedin.com/in/nicholaskathmann/

Resources

Learn more and catch more stories from LogicGate: https://www.itspmagazine.com/directory/logicgate

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Innovations in Cybersecurity and Threat Intelligence Solutions | A Brand Story Conversation From RSA Conference 2024 | A MITRE Story with Jon Baker | On Location Coverage with Sean Martin and Marco Ciappelli

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Marco Ciappelli, Jon Baker) — Wed, 8 May 2024 00:04:40 +0000

The cybersecurity landscape is ever-evolving, and staying ahead of threats requires constant innovation and collaboration. At the recent RSA Conference, industry experts gathered to discuss the latest trends and advancements in the field. One of the On Location Coverage with Sean Martin and Marco Ciappelli was the insightful conversation between Sean and Jon Baker, shedding light on the groundbreaking work being done at MITRE's Center for Threat Informed Defense.

The Art of Possible: A Glimpse into RSA Conference 2024

The RSA Conference provided a platform for cybersecurity professionals to come together and discuss pressing issues in the industry. Sean Martin and Jon Baker's conversation touched upon the theme of this year's conference, "The Art of Possible." This theme resonated with the audience as they delved into the dynamic nature of cybersecurity and the need for continual learning and growth.

MITRE: A Beacon of Innovation in Cybersecurity

Jon Baker, Director of the Center for Threat Informed Defense at MITRE, shared insights into the organization's rich history and its mission to solve problems for a safer world. With a focus on advancing threat informed defense globally, MITRE has been a driving force behind initiatives like the ATT&CK framework and the CVE program.

Collaborative Research and Development at MITRE

One of the key pillars of MITRE's work is collaborative research and development. Through projects like the Technique Inference Engine and Summoning the Pyramid, MITRE is pushing the boundaries of what is possible in cybersecurity. These projects not only aim to enhance detection capabilities but also empower security teams to proactively defend against threats.

Engaging the Community: How You Can Get Involved

The Center for Threat Informed Defense encourages active participation from the cybersecurity community. By leveraging resources like the Top Attack Technique Calculator and M3TID, organizations can enhance their threat intelligence capabilities and improve their defenses. MITRE also hosts global events and training sessions to promote awareness and facilitate knowledge sharing.

Join the Movement: Embracing Innovation in Cybersecurity

As the cybersecurity landscape continues to evolve, embracing innovation is key to staying ahead of cyber threats. MITRE's Center for Threat Informed Defense offers a roadmap for organizations looking to enhance their security posture and adapt to the changing threat landscape. By getting involved, providing feedback, and leveraging the tools and resources available, organizations can contribute to a safer and more secure digital ecosystem.

Closing Thoughts

The conversation between Sean Martin and Jon Baker at the RSA Conference highlighted the critical role of collaboration and innovation in cybersecurity. MITRE's Center for Threat Informed Defense is at the forefront of driving impactful research and development efforts that benefit the entire cybersecurity community. By embracing the spirit of continual learning and advancement, organizations can strengthen their defenses and create a more resilient cybersecurity posture.

Stay tuned for more insights and updates from MITRE's Center for Threat Informed Defense and join the movement towards a safer digital world.

Learn more about MITRE:https://itspm.ag/mitre-eng24

Note: This story contains promotional content. Learn more.

Guest: Jon Baker, Director , Center for Threat-Informed Defense, MITRE [@MITREcorp]

On LinkedIn | https://www.linkedin.com/in/jonathanobaker/

Resources

Learn more and catch more stories from MITRE: https://www.itspmagazine.com/directory/mitre

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Navigating the World of Operational Technology and Cybersecurity | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Chris Walcutt | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 7 May 2024 04:58:23 +0000

In a recent episode recorded live at the RSA Conference, an insightful discussion unfolded between Sean Martin and Chris Walcutt on the intersection of operational technology (OT) and cybersecurity. The conversation look into the challenges, insights, and best practices surrounding these vital areas of technology. Let's dive deeper into the key takeaways from this engaging dialogue.

Bridging the Gap Between IT and OT

Chris emphasized the importance of collaboration between IT and OT teams, highlighting the need for mutual understanding and cooperation. By fostering communication and building trust, organizations can navigate the complexities of integrating IT and OT systems effectively.

Understanding Critical Infrastructure

One of the key insights shared by Chris revolved around the critical nature of infrastructure, particularly in sectors such as energy, water, and manufacturing. The emphasis on resilience-based risk assessments and the need to comprehensively evaluate vulnerabilities underscored the importance of proactive cybersecurity measures.

The Purdue Model and Practical Approaches

Chris shed light on the Purdue model, a framework often referenced in the OT space. While acknowledging its value, he emphasized the need for practical implementations tailored to individual environments. Simplifying zones and focusing on critical operational aspects can enhance security without compromising system performance.

Fostering Resilience through Collaboration

The conversation underscored the significance of resilience in cybersecurity efforts. By fostering collaboration, implementing tailored security measures, and leveraging expertise across IT and OT domains, organizations can bolster their resilience to cyber threats effectively.

Procurement as a Strategic Ally

An insightful recommendation from Chris highlighted the role of procurement as a strategic ally in the cybersecurity landscape. Educating procurement teams on the specific needs of OT systems and integrating cybersecurity requirements into vendor contracts can fortify defense mechanisms and mitigate risks.

The dialogue between Sean Martin and Chris Walcutt offered a comprehensive glimpse into the dynamic realm of operational technology and cybersecurity. By emphasizing collaboration, risk assessment, and strategic partnerships, organizations can navigate the evolving cybersecurity landscape with resilience and adaptability.

The insights shared in this conversation serve as a valuable resource for IT and OT professionals seeking to enhance their cybersecurity practices and fortify critical infrastructure against potential threats. Embracing a proactive and collaborative approach can pave the way for a more secure and resilient technological ecosystem.

Learn more about DirectDefense: https://itspm.ag/directdef-gs7

Note: This story contains promotional content. Learn more.

Guest: Chris Walcutt, Chief Security Officer at DirectDefense [@Direct_Defense]

On LinkedIn | https://www.linkedin.com/in/christopher-walcutt-cism-cissp-45a6631/

Resources

Learn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefense

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Unveiling the World of Bad Bots: Insights from Imperva's 11th Edition Report | A Brand Story Conversation From RSA Conference 2024 | An Imperva Story with Erez Hasson | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 7 May 2024 04:34:49 +0000

The world of cybersecurity never ceases to amaze with its intricacies and challenges. One of the ongoing battles that organizations face is the constant threat posed by bad bots infiltrating the digital landscape. In a recent interview with Sean Martin and Erez Hasson from Imperva, key insights from the 11th edition of the Bad Bot Report were unveiled, shedding light on the evolving nature of automated traffic and the impact it has on various industries.

Unraveling the Bad Bot Landscape

The conversation kicks off with Sean Martin introducing the topic of bad bots and the significance of Imperva's Bad Bot Report in providing insights into the world of automated traffic. Erez Hasson, a senior product marketing manager at Imperva, dives into the details of the 11th edition report, which is based on a staggering 6 trillion blocked bad bot requests processed by the Imperva network over the past year.

Delving into Key Statistics

Erez Hasson elaborates on the critical statistics highlighted in the report, such as the percentage breakdown of automated traffic into bad bots and good bots. The report categorizes bad bots based on their sophistication levels, ranging from simple to advanced (evasive), emphasizing the need for robust bot management strategies to combat sophisticated attacks.

Industry Insights and Use Cases

The conversation shifts towards exploring the impact of bad bots across different industries, with a focus on sectors such as Law, Government, Travel, Airlines, Retail, and Financial Services. Erez emphasizes the need for organizations to understand the sophistication level of bot attacks targeting their industry to effectively mitigate risks and safeguard their digital assets.

Transforming Data into Action

Sean Martin underscores the importance of translating the insights from the Bad Bot Report into actionable strategies for organizations. By leveraging the educational content provided in the report, companies can enhance their understanding of bot-related challenges and tailor their security programs to address potential threats effectively.

AI's Role in Bot Evolution

The discussion moves into the intersection of artificial intelligence (AI) and bot activity, highlighting the increased use of AI-driven attacks, including credential stuffing attacks orchestrated through AI algorithms. The evolving landscape of automated traffic poses challenges for organizations, necessitating a proactive approach to mitigate risks associated with bot-driven activities.

Safeguarding Against Bot Abuse

The conversation touches upon the misuse of bots targeting AI interfaces, leading to increased operational costs for organizations. Additionally, the resurgence of debates around the legality of web scraping underscores the complex nature of combating bot-related activities and protecting proprietary content from illicit scraping practices.

Conclusion

As the conversation draws to a close, a call to action is extended to readers to delve into the insights provided by Imperva's Bad Bot Report and equip themselves with the knowledge needed to combat bot threats effectively. The collaboration between security teams, leadership, and practitioners is essential in implementing robust bot management strategies to safeguard against evolving cyber threats.

By understanding bad bots and automated traffic, organizations can bolster their cybersecurity defenses and stay ahead of malicious actors looking to exploit digital vulnerabilities. The insights shared in Imperva's 11th edition report serve as the base of awareness, guiding organizations towards a more secure digital future.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Erez Hasson, Product Marketing Manager at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/erezh/

Resources

Learn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/imperva

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Embracing the Art of Possible | A Brand Story Conversation From RSA Conference 2024 | An Imperva Story with Nanhi Singh | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 7 May 2024 04:00:47 +0000

In the buzzing atmosphere of the RSA conference in San Francisco, key players in the cybersecurity industry gathered to discuss the evolving landscape of technology and data security. Among them was Nanhi Singh, the General Manager for the application security business of Imperva, who shared insights on how organizations are redefining cybersecurity to achieve better business outcomes.

Embracing Technology for Business Success

The theme of this year's conference, "The Art of Possible," resonated with Nahnhi Singh as she highlighted the shifting perspectives of executives and organizations towards leveraging technology and cybersecurity to drive business growth. In a conversation with Sean Martin, host of the Redefining Cybersecurity podcast on ITSP magazine, Nanhi discussed the critical role of CIOs and CISOs in not only securing digital experiences but also enabling business innovations.

Navigating the Complexities of Application Environments

As organizations embark on their digital transformation journeys, the complexities of modern application environments come to the forefront. Nanhi emphasized the prevalence of APIs in connecting various systems and the challenges of securing these connections amidst cloud migrations and hybrid infrastructures. Imperva's API security solutions were highlighted as essential tools in providing visibility and protection against potential threats.

Addressing Concerns of API-Driven Attacks

The conversation delved into the rising concern of API-driven attacks, with Nanhi underscoring the importance of identifying and mitigating threats posed by advanced bots targeting organizations across different industries. By leveraging Imperva's advanced bot protection solutions and a comprehensive security portfolio, organizations can fortify their defenses against evolving cyber threats.

Empowering Organizations with Comprehensive Security Solutions

With the recent acquisition of Imperva by Thales, Nanhi Singh showcased the combined strength of their security offerings, encompassing application security, API security, advanced bot protection, data security, encryption, key management, and identity and access management solutions. This holistic approach enables organizations to protect their data and applications across diverse environments and technologies.

Driving Operational Efficiency and Focus

In a landscape where security teams are stretched thin and faced with cost constraints, Imperva's solutions aim to enhance operational efficiency and empower teams to concentrate on strategic security initiatives. By automating security controls and collaborating closely with customers to mitigate threats, Imperva ensures that organizations can operate securely and effectively in a rapidly evolving digital ecosystem.

Securing Applications Anywhere

As applications are deployed across multiple cloud providers and environments, the need to secure them anywhere becomes paramount. Imperva's commitment to safeguarding applications and APIs regardless of their deployment location reinforces the idea that security should be intrinsic to every aspect of an organization's digital infrastructure.

Conclusion

The engaging dialogue between Nanhi Singh and Sean Martin offered valuable insights into the current cybersecurity landscape and the imperative for organizations to adapt proactively to emerging threats. By embracing the art of what is possible in cybersecurity, businesses can not only safeguard their digital assets but also unlock new opportunities for growth and innovation. Imperva's comprehensive security solutions stand as a beacon of trust and efficacy in an ever-evolving cybersecurity landscape.

Stay tuned for more insightful conversations and updates from Imperva at the RSA Conference, and continue following our coverage to stay abreast of the latest trends and developments in cybersecurity.

Thank you for joining us in this exploration of cybersecurity and business resilience.

Learn more about Imperva: https://itspm.ag/imperva277117988

Note: This story contains promotional content. Learn more.

Guest: Nanhi Singh, Chief Customer Officer and GM Application Security at Imperva [@Imperva]

On LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371

On Twitter | https://twitter.com/NanhiSingh14

Resources

Learn more and catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Embracing Data-Centric Security | A Brand Story Conversation From RSA Conference 2024 | A Seclore Story with Vishal Gupta | On Location Coverage with Sean Martin and Marco Ciappelli

Tue, 7 May 2024 02:09:34 +0000

Amidst the buzzing atmosphere of RSA Conference 2024, Sean Martin, host an On Location Brand Story With ITSPmagazine, engages in a thought-provoking discussion with Vishal Gupta, co-founder of Seclore. The theme of this year's conference, the Art of Possible, sets the stage for a conversation that unravels the critical role of data in driving business innovation and success.

Protecting Data in the New Technological Landscape

Vishal Gupta sheds light on the importance of ensuring that security and collaboration align seamlessly, emphasizing that CISOs and security teams must work in harmony to foster a secure yet conducive business environment. In a world where data sprawls across diverse platforms and devices, the focus on data protection emerges as a paramount necessity to mitigate risks and safeguard critical assets.

Shifting from Infrastructure to Data Protection

The dialogue navigates towards a fundamental shift from traditional infrastructure protection to data-centric security. Gupta highlights the challenges that arise when enterprises grapple with securing an ever-expanding volume of data across varied networks, devices, and applications. The conversation underscores the significance of transitioning towards a data-centric approach to address the inherent vulnerabilities in contemporary cybersecurity frameworks.

Enabling Secure Data Collaboration with Seclore

By introducing the innovative concept of embedding security, privacy, and compliance directly into the data itself, Seclore revolutionizes the paradigm of data sharing and collaboration. Gupta elucidates how organizations can enforce personalized security policies, regulate data access, and monitor data interactions in real-time to prevent unauthorized usage and ensure data integrity.

Navigating the Path to Data-Centric Security

As enterprises embark on the journey towards data-centric security, Gupta emphasizes the importance of meticulous planning and strategic implementation. By focusing on targeted use cases and achieving early wins, organizations can gradually scale their data protection initiatives and cultivate a culture of data-centricity within their operations.

The enriching discussion between Sean Martin and Vishal Gupta showcases the transformative potential of data-centric security solutions in the realm of cybersecurity. For further insights and collaboration opportunities with Seclore, connect with them on LinkedIn, on their website, or meet them at upcoming industry events.

Learn more about Seclore: https://itspm.ag/seclore-km6r

Note: This story contains promotional content. Learn more.

Guest: Vishal Gupta, CEO, Seclore [@secloretech]

On LinkedIn | https://www.linkedin.com/in/jiguptaji/

Resources

Learn more and catch more stories from Seclore: https://www.itspmagazine.com/directory/seclore

View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Redefining Cybersecurity by Unlocking Government and Startup Collaboration While Enhancing Software Supply Chain Visibility | A Conversation with Melissa Oh and Anil John | Redefining CyberSecurity with Sean Martin

contact@itspmagazine.com (ITSPmagazine, Sean Martin, Melissa Oh, Anil John) — Mon, 6 May 2024 02:09:33 +0000

Guests:

Melissa Oh, Managing Director, Silicon Valley Innovation Program (SVIP), DHS Science & Technology Directorate [@DHSgov]

On LinkedIn | https://www.linkedin.com/in/melissa-oh/

Anil John, Technical Director, Silicon Valley Innovation Program (SVIP), DHS Science & Technology Directorate [@DHSgov]

On LinkedIn | https://www.linkedin.com/in/aniljohn/

On Twitter | https://twitter.com/aniltj

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

___________________________

Episode Notes

This new episode of the 'Redefining Cybersecurity' podcast features a thought-provoking discussion on software development, supply chain security, and the innovative initiatives of the Silicon Valley Innovation Program (SVIP). The conversation was led by host Sean Martin, with insights from distinguished guests Melissa Oh, Managing Director at the Department of Homeland Security Science and Technology Directorate, and Anil John, Technical Director of the Silicon Valley Innovation Program.

Melissa Oh shared her extensive experience in public service and the innovative approach of the Silicon Valley Innovation Program in identifying emerging technology companies. Her background in Silicon Valley and dedication to solving DHS's pain points through collaboration with startups underscored the program’s mission of fostering innovation in the government sector.

Anil John, a public interest technologist, provided valuable insights into bridging the gap between the government and the startup community. His role in translating government needs into actionable solutions highlighted the importance of leveraging global talent to address local challenges and drive technological advancements in the public sector.

The discussion explored the Silicon Valley Innovation Program's unique selection process for startups, focusing on building products that have broad utility and can be readily adopted. The success story of the protobom project transitioning into an open-source tool exemplified the program's commitment to nurturing innovative solutions with real-world applications.

The significance of Software Bill of Materials (SBOM) in enhancing software supply chain visibility was emphasized, with a call to action for organizations to prioritize its inclusion in software development processes. By driving awareness and adoption of SBOM, the SVIP is empowering security leaders to enhance software security and visualization in the development pipeline.

Security leaders were encouraged to explore tools and technologies that enhance software security and visualization in the development pipeline. A call to action was made to participate in the SVIP demo week to learn about innovative solutions and capabilities and to drive the adoption of SBOM within organizations.

Key Questions Addressed

How does the Silicon Valley Innovation Program (SVIP) bridge the gap between government needs and startup innovations in cybersecurity?
What role does the Software Bill of Materials (SBOM) play in enhancing software supply chain security?
How can organizations, both public and private, benefit from the innovative solutions developed through the SVIP for software supply chain visibility?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel: