The conversation explores the emergence of the agentic SOC, where AI agents work alongside human analysts to accelerate detection, response, and incident resolution. Stoffer explains that while the protocols and tools have been in development, 2026 is the year organizations will finally see these capabilities deliver real results. The key differentiator, he notes, is data quality. Tools that provide rich, detailed, and comprehensive network evidence will thrive in this AI-enabled environment.

Stoffer also addresses the persistent threat from nation-state actors, particularly China's Typhoon campaigns targeting critical infrastructure. From energy and telecoms to international partners, these threats continue to expand with AI-powered acceleration. Understanding your environment and detecting anomalous behavior remains essential for organizations facing these sophisticated adversaries.

The discussion concludes with a look at post-quantum readiness. While quantum computing threats may be 10 to 20 years away, Stoffer emphasizes the importance of understanding cryptographic assets now. Corelight has published a white paper detailing how NDR provides the network visibility needed to locate cryptographic assets and plan migration to quantum-ready cipher suites.

This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Vincent Stoffer, Field Chief Technology Officer at Corelight
On LinkedIn: https://www.linkedin.com/in/vincent-stoffer-07057827/

RESOURCES

Learn more about Corelight: https://corelight.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Vincent Stoffer, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic SOC, network detection and response, NDR, critical infrastructure security, nation-state threats, China Typhoon campaigns, Salt Typhoon, Volt Typhoon, post-quantum cryptography, quantum readiness, AI in cybersecurity, security operations, incident response, network visibility, Zeek

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cyber Energia takes a fundamentally different approach to OT security. While most cybersecurity companies stop at identifying risks through CVE scores and vulnerability assessments, Cyber Energia starts from the risk and translates it into financial terms that executives can act upon. The platform connects technical findings to compliance frameworks including NIS 2.0, IEC 62443, and NERC CIP, providing asset owners with a clear maturity landscape and actionable intelligence.

Rafael Narezzi explains that asset owners in the renewable sector operate differently than traditional IT environments. Financial companies often acquire energy assets as investments without maintaining technical staff on-site. When compliance regulations now hold these owners personally liable for cybersecurity failures, they need tools that speak their language: dollars, risk, and return on investment. Cyber Energia prices its services per megawatt, demonstrating its commitment to speaking the language of energy.

The decentralization of energy generation presents unique challenges. Rafael Narezzi points to recent cyber attacks on Poland's distributed grid as evidence that threat actors understand how to manipulate multiple remote locations simultaneously to destabilize power networks. Battery energy storage systems present particular risks, as compromised dispatch commands could create grid imbalances similar to the fictional scenario depicted in Ocean's 11. Yet many sites lack even basic cyber hygiene protections.

Cyber Energia helps customers understand the financial impact of potential attacks. A 98-megawatt wind turbine site, for example, could lose 1.9 million dollars from just one week of downtime. This quantification enables executives to make informed decisions about relatively modest security investments that significantly reduce their risk exposure. The platform provides a single-view dashboard for organizations managing hundreds of sites across different regions, technologies, and regulatory environments.

Rafael Narezzi observes that a CEO before a cyber attack is fundamentally different from a CEO after one. Organizations often underestimate digital risks compared to physical ones, despite living in an increasingly connected world. Regulations like NIS 2.0 now impose personal liability on directors and can revoke operating licenses, removing any excuse for neglecting cybersecurity. The awareness is changing, but Cyber Energia continues working to close the gap between compliance requirements and actual security posture across the renewable energy sector.

This is a Brand Story. A Brand Story is a ~35-40 minute in-depth conversation designed to tell the complete story of the guest, their company, and their vision. Learn more: https://www.studioc60.com/creation#full

GUEST

Rafael Narezzi, Co-Founder and CEO of Cyber Energia
https://www.linkedin.com/in/narezzi/

RESOURCES

Cyber Energia
https://cyberenergia.com/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Rafael Narezzi, Cyber Energia, Sean Martin, brand story, brand marketing, marketing podcast, brand story, OT cybersecurity, renewable energy security, critical infrastructure protection, NIS 2.0 compliance, IEC 62443, wind farm cybersecurity, solar energy security, battery energy storage systems, BESS security, decentralized energy grid, cyber risk quantification, energy sector compliance, NERC CIP, operational technology security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

With more than 48,000 vulnerabilities disclosed in 2025 alone and the average enterprise juggling 76 different security consoles, Milenkovic argues that the old methods of counting patches and chasing alerts are no longer sustainable. Instead, Qualys helps organizations prioritize threats based on business context through what the company calls TruRisk.

Milenkovic describes a fundamental shift he sees taking place in boardroom conversations: moving from risk appetite to risk tolerance. Boards and executives now want to know what specific losses mean to the business rather than simply asking whether the organization is secure.

For CISOs, this means evolving from the department of "No" to the department of "Know," where security leaders understand where problems exist, how to fix them, and what architecture supports business objectives. The key is demonstrating return on investment through resilience metrics rather than vulnerability counts.

Qualys addresses this challenge through its Enterprise TruRisk Management platform, which facilitates what Milenkovic calls the Risk Operations Center. Unlike a traditional SOC that focuses on incidents that have already occurred, the ROC takes a proactive stance, helping organizations prevent threats and optimize security spending before damage occurs.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Ivan Milenkovic, Vice President, Cyber Risk Technology, Qualys

On LinkedIn | https://www.linkedin.com/in/ivanmilenkovic/

RESOURCES

Learn more about Qualys | https://www.qualys.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Ivan Milenkovic, Qualys, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, Enterprise TruRisk Management, Risk Operations Center, ROC, vulnerability management, CISO, cyber risk, risk tolerance, security leadership, proactive security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Memcyco is built on four products within a unified platform, each designed to detect and block both traditional and AI-driven attacks in real time. Unlike reactive threat intelligence solutions, Memcyco identifies victims as they interact with fake sites, provides detailed attacker data, and even deploys credential deception to neutralize stolen information before it can be used.

With an agentless deployment that takes just minutes to implement, Memcyco delivers more than 10x ROI for customers across financial services, retail, airlines, logistics, and hospitality. The company has achieved nearly 300% year-over-year growth, serving organizations across North America, Latin America, Europe, and beyond.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Israel Mazin, Co-Founder and CEO of Memcyco
On LinkedIn: https://www.linkedin.com/in/israel-mazin-62215b/

RESOURCES

Memcyco: https://www.memcyco.com/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Israel Mazin, Memcyco, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, account takeover, ATO fraud, digital impersonation, phishing protection, real-time fraud detection, credential deception, website spoofing, AI-driven attacks, fraud prevention platform, agentless security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Passwords still sit at the root of many security failures, which is why the conversation starts with the fundamentals: controlling who can access data, from where, and under what device and policy conditions. Certificate-based authentication emerges as a practical way to reduce password dependency while keeping enforcement tied to managed devices and policy compliance.

The discussion then shifts to what is changing for security leaders. CISOs may feel more confident managing traditional cyber threats, but uncertainty rises quickly when AI-generated and non-human identities enter the picture. Agentic AI turns automation into an entity that touches networks and applications, making access control a first-order requirement rather than an afterthought.

A clear theme emerges throughout the conversation: synthetic identities are not hypothetical. They appear anywhere autonomous agents require permissions to act, from software development to workflow automation. Applying the same discipline used for human identities, including least privilege, scope limitation, and policy enforcement, becomes essential to maintaining control as AI adoption accelerates.

Note: This story contains promotional content. Learn more.

Guest
Denny LeCompte, CEO and Co-Founder of Portnox
https://www.linkedin.com/in/dennylecompte/

Resources
Learn more about Portnox: https://www.portnox.com/

Are you interested in telling your story?
Full Length Brand Story: https://www.studioc60.com/content-creation#full
Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Keywords: sean martin, denny lecompte, portnox, identity, access, zero trust, passwordless, certificates, agentic ai, synthetic identities, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this Brand Highlight conversation, Michael Roytman, Co-Founder and CTO of Empirical Security, joins Sean Martin to discuss why choosing the right AI model for the right task is essential for effective cybersecurity.

Michael Roytman explains how Empirical Security takes a data-driven, Moneyball-style approach to preventative security. The company builds and maintains an ensemble of models, including the open EPSS model used by over 100 vendors, global models for vulnerability exploitation forecasting, and local models tailored to each customer's unique environment.

The conversation explores a critical finding: LLMs perform poorly at predictive security tasks. Michael Roytman shares research he published in Forbes comparing EPSS to LLMs from Google, OpenAI, and Anthropic. While LLMs excel at summarization and classification, they struggle to predict future exploitation events. Purpose-built models like XGBoost consistently outperform LLMs for probability forecasting.

Empirical Security positions itself as a data science company operating on security data rather than a traditional security vendor. With two-thirds of the founding team holding data science backgrounds, the company trains models from scratch and continuously retrains them as environments and threat landscapes evolve.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Michael Roytman, Co-Founder and CTO of Empirical Security

On LinkedIn | https://www.linkedin.com/in/michael-roytman/

RESOURCES

Learn more about Empirical Security | https://www.empiricalsecurity.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Empirical Security, Michael Roytman, data-driven security, vulnerability management, EPSS, risk-based vulnerability management, AI in cybersecurity, machine learning security, LLM limitations, predictive security models, XGBoost, local models, global models, preventative security, Moneyball security, cybersecurity AI, threat intelligence, security data science, model retraining, ITSPmagazine, Brand Highlight, Studio C60

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Julian shares that most organizations are eager to activate tools like AI agents and copilots, yet few have addressed the underlying condition of their environments. Unstructured data sprawl, fragmented cloud architectures, and legacy systems create blind spots that AI does not fix. Instead, AI accelerates whatever already exists, good or bad.

A central theme of the conversation is readiness. Julian explains that AI success depends on disciplined data classification, permission hygiene, and governance before automation begins. Without that groundwork, organizations risk exposing sensitive financial, HR, or executive data to unintended audiences simply because an AI system can surface it.

The discussion also explores the operational reality beneath the surface. Most environments are a patchwork of Azure, AWS, on-prem infrastructure, SaaS platforms, and custom applications, often shaped by multiple IT leaders over time. When AI is layered onto this complexity without architectural clarity, inaccurate outputs and flawed business decisions quickly follow.

Sean and Julian also examine how AI initiatives often emerge from unexpected places. Legal teams, business units, and individual contributors now build their own AI workflows using low-code and no-code tools, frequently outside formal IT oversight. At the same time, founders and CFOs push for rapid AI adoption while resisting the investment required to clean and secure the foundation.

The episode highlights why AI programs are never one-and-done projects. Ongoing maintenance, data validation, and security oversight are essential as inputs change and systems evolve. Julian emphasizes that organizations must treat AI as a permanent capability on the roadmap, not a short-term experiment.

Ultimately, the conversation frames AI not as a shortcut, but as a force multiplier. When paired with disciplined architecture and trusted guidance, AI enables scale, speed, and confidence. Without that discipline, it simply magnifies existing problems.

Note: This story contains promotional content. Learn more.

GUEST

Julian Hamood, Founder and Chief Visionary Officer at TrustedTech | On LinkedIn: https://www.linkedin.com/in/julian-hamood/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlight

Keywords: sean martin, julian hamood, trusted tech, ai readiness, data governance, ai security, enterprise ai, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Kumar shares how digital resilience is no longer a technical problem alone. Regulations, infrastructure dependencies, geopolitical tensions, supply chain exposure, and emerging technologies such as AI now converge into a single operational reality. Organizations that treat these as isolated issues often miss the real picture, where one decision quietly amplifies risk across multiple domains.

A central theme of the conversation is proportion. Kumar emphasizes that risk management is not about eliminating uncertainty, but aligning effort with value. Not every threat matters equally to every organization. Understanding who you are, where you operate, and where you are going determines which signals deserve attention and which are simply noise.

The discussion also reframes geopolitics as a daily business concern rather than a distant policy issue. Companies operate inside global power dynamics whether they acknowledge it or not. Technology choices, supplier relationships, and market expansion decisions increasingly carry political and regulatory consequences that surface quickly and without warning.

Rather than advocating for massive new departments or rigid frameworks, Kumar outlines a practical approach. Organizations can decide whether to avoid, mitigate, transfer, or tolerate risk, then revisit those decisions as conditions change. This mindset supports growth and innovation while avoiding the false comfort of static checklists.

The episode closes on culture. Effective risk management depends on listening across roles, disciplines, and seniority. Internal dissent, diverse viewpoints, and external validation are presented as assets, not obstacles. In a world where uncertainty is constant, resilience comes from clarity, not control.

Learn more about CyXcel: https://itspm.ag/cyxcel-922331

Note: This story contains promotional content. Learn more.

GUEST

Megha Kumar, Partner, Chief Product Officer & Head of Geopolitical Risk at CyXcel | On LinkedIn: https://www.linkedin.com/in/drmeghakumarcyxcel/

RESOURCES

Learn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcel

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Highlight Brand Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Screenly provides a secure digital signage platform used by organizations that care deeply about device integrity, uptime, and lifecycle management. Healthcare facilities, financial services, and even NASA rely on these displays, which makes the security posture supporting them a priority. Viktor outlines why security functions best when embedded into culture rather than treated as a compliance checkbox. His team actively invests in continuous testing, including a structured bug bounty program that generates a steady flow of findings.

The conversation centers on a real event: a report claiming that more than a thousand user accounts appeared in a public leak repository. Instead of assuming the worst or dismissing the claim, the team mobilized within hours. They validated the dataset, built correlation tooling, analyzed how many records were legitimate, and immediately reset affected accounts. Once they ruled out a breach of their systems, they traced the issue to compromised end user devices associated with previously known credential harvesting incidents.

This scenario demonstrates how a strong internal process helps guide the team through verification, containment, and communication. Viktor emphasizes that optional security features only work when customers use them, which is why Screenly is moving to passwordless authentication using magic links. Removing passwords eliminates the attack vector entirely, improving security for customers without adding friction.

For listeners, this episode offers a clear look at what rapid response discipline looks like, how bug bounty reports can add meaningful value, and why passwordless authentication is becoming a practical way forward for SaaS platforms. It is a timely reminder that transparency builds trust, and security culture determines how confidently a team can navigate unexpected events.

Learn more about Screenly: https://itspm.ag/screenly1o

Note: This story contains promotional content. Learn more.

GUEST

Viktor Petersson, Co-founder of Screenly | On LinkedIn: https://www.linkedin.com/in/vpetersson/

RESOURCES

Learn more and catch more stories from Screenly: https://www.itspmagazine.com/directory/screenly

LinkedIn Post: https://www.linkedin.com/posts/vpetersson_screenly-security-incident-response-how-activity-7393741638918971392-otkk

Blog: Security Incident Response: How We Investigated a Data Leak and What We're Doing Next: https://www.screenly.io/blog/2025/11/10/security-incident-response-magic-links/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight

Keywords: sean martin, marco ciappelli, viktor petersson, security, authentication, bugbounty, signage, incidentresponse, breaches, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast, brand spotlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Growing up, I always wondered: why can't cars just recharge themselves as we drive? Turns out, someone finally built exactly that.

Robert Hoevers and his team at Squad Mobility created a solar-powered city car that does something brilliantly simple—it charges itself. There's a solar panel on the roof that continuously feeds the battery whether you're parked at the grocery store, sitting in your driveway, or cruising around town.

The engineering is impressive, but the user experience is even better. For most people living in sunny climates—anywhere between 45 degrees north and 45 degrees south latitude (roughly Spain to South Africa)—you'll never need to find a charging station. Ever.

Here's the reality: the average person drives about 12 kilometers a day for daily errands. School runs, grocery shopping, meeting friends. The Squad solar car has a 150-kilometer maximum range, and the sun replenishes what you use. You just drive it, park it, and forget about charging infrastructure entirely.

This is what smart urban mobility looks like. It's street legal with proper crash structures, seat belts, and rollover protection. It tops out at 45 or 70 kilometers per hour depending on which model you choose—fast enough for city streets, not built for highways. In Europe, you only need a moped license for the slower version.

The design sits somewhere between a golf cart and a Smart car, which makes perfect sense. Squad isn't trying to replace your family vehicle. They're solving the "second car" problem—those short daily trips where driving a massive SUV feels ridiculous.

The market is responding. Squad Mobility has over 5,300 pre-orders and secured 1.5 million euros in European subsidies. They're currently crowdfunding on Republic to bridge the final gap before production starts in about a year.

What surprised me most? Ten percent of their pre-orders come from American gated communities and golf cart neighborhoods. These communities already understand the value of compact, efficient vehicles for daily errands. Squad just made them solar-powered and street legal.

Yes, you need consistent sunlight. If you live in perpetually cloudy climates, you'll still need to plug in occasionally. But for millions of people in sunny regions tired of hunting for charging stations or paying electricity bills to charge their second car, Squad Mobility built the obvious solution that somehow nobody else did.

Sometimes innovation isn't about reinventing the wheel. It's about putting a solar panel on the roof and letting the sun do the work.

This is the future of urban mobility, and it's arriving next year.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Monzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.

Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world’s largest banks. His message is clear: the industry’s long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can’t meaningfully investigate.

The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.

Crogl’s approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.

For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.

The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.

Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdk

Learn more about CROGL: https://itspm.ag/crogl-103909

Note: This story contains promotional content. Learn more.

GUEST

Monzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/

RESOURCES

Learn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/crogl

Brand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Traditional security models were built on a simple idea: collect data, normalize it, and analyze it. But as Director of Product Marketing Cory Wallace explains in this conversation with Sean Martin, that model no longer fits the reality of modern security operations. Data now lives across systems, clouds, and lakes—making normalization an inefficient, error-prone step that slows teams down and risks critical blind spots.

Rethinking How Analysts Work with Data

Cory describes how schema drift, inconsistent field naming, and vendor-specific query languages have turned the analyst’s job into a maze of manual mapping and guesswork. Each product update or schema change introduces a chance to miss something important—something an attacker is counting on. Crogl’s new patent eliminates this problem by enabling search and correlation across unnormalized data, creating a unified analytical view without forcing everything into one rigid format.

From Data Chaos to Analyst Empowerment

This shift isn’t just technical—it’s cultural. Instead of treating SOC analysts as passive alert closers, Crogl’s model empowers them with meaningful context from the start. Alerts now come with historical data, cross-referenced fields, and prebuilt queries, giving analysts the information they need to make decisions faster and more confidently.

Efficiency with Intelligence

Wallace explains how this approach saves time, reduces training burdens, and cuts dependency on multiple query languages. It helps overworked teams move from reactive triage to proactive investigation. By removing unnecessary layers of data transformation, organizations can accelerate incident resolution, minimize risk, and help analysts focus on what matters most—catching what others miss.

At its core, the conversation highlights how removing the barriers of data normalization can redefine what’s possible in modern security operations.

Watch the full interview: https://youtu.be/Kx2JEE_tYq0

Learn more about CROGL: https://itspm.ag/crogl-103909

Note: This story contains promotional content. Learn more.

GUEST

Cory Wallace, Director of Product Marketing at CROGL | On LinkedIn: https://www.linkedin.com/in/corywallacecrogl/

RESOURCES

Learn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/crogl

Press Release: https://www.globenewswire.com/news-release/2025/11/05/3181815/0/en/Crogl-Granted-Patent-for-Analyzing-Non-Normalized-Data-for-Security.html

Forbes Article: https://www.forbes.com/sites/justinwarren/2025/11/05/tackling-cybersecurity-data-sprawl-without-normalizing-everything/

LinkedIn Post: https://www.linkedin.com/posts/activity-7391913358817517569-QaCH

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.

During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.

The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.

Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.

This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.

Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.

The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.

Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.

This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.

Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.

The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.

Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.

Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.

Learn more about Asimily: itspm.ag/asimily-104921

Note: This story contains promotional content. Learn more.

Guest: Shankar Somasundaram, CEO & Founder, Asimily  | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/
Company Directory: https://www.itspmagazine.com/directory/asimily

Resources

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bryan brings over 30 years of experience in IT and cybersecurity, with a history as a CISO, consultant, and advisor. He now helps lead an organization that sits at the intersection of law, cyber, and geopolitics—an uncommon combination that reflects the complexity of modern risk. CyXcel was founded to address this reality head-on, integrating legal counsel, cybersecurity expertise, and operational insight into a single, business-first consulting model.

Rather than treat cybersecurity as a checklist or a technical hurdle, Bryan frames it as a service that should start with the business itself: its goals, values, partnerships, and operating environment. That’s why their engagements often begin with conversations with sales, finance, or operations—not just the CIO or CISO. It’s about understanding what needs to be protected and why, before prescribing how.

CyXcel supports clients before, during, and after incidents—ranging from tailored tabletop exercises to legal coordination during breach response and post-incident recovery planning. Their work spans critical sectors like healthcare, utilities, finance, manufacturing, and agriculture—where technology, law, and regulation often converge under pressure.

Importantly, Bryan emphasizes the need for tailored guidance, not generic frameworks. He notes that many companies don’t realize how incomplete their protections are until it’s too late. In one example, he recounts a hospital system that chose to “pay the fine” rather than invest in cybersecurity—a decision that risks reputational and operational harm far beyond the regulatory penalty.

From privacy laws and third-party contract reviews to incident forensics and geopolitical risk analysis, this episode reveals how cybersecurity consulting is evolving to meet a broader—and more human—set of business needs.

Learn more about CyXcel: https://itspm.ag/cyxcel-922331

Note: This story contains promotional content. Learn more.

Guest: Bryan Marlatt, Chief Regional Officer (North America) at CyXcel | On LinkedIn: https://www.linkedin.com/in/marlattb/

Resources

Learn more and catch more stories from CyXcel: https://www.itspmagazine.com/directory/cyxcel

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.

Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.

The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.

Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.

The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.

Learn more about Apono: https://itspm.ag/apono-1034

Note: This story contains promotional content. Learn more.

Guest:

Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/

Resources

Learn more and catch more stories from Apono: https://www.itspmagazine.com/directory/apono

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.

Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.

Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.

The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.

ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.

The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.

FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.

Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.

The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.

Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.

As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Brett explains that many ransomware groups now find it more profitable—and less risky—to steal sensitive data and threaten to leak it unless paid, rather than encrypt files and disrupt operations. This change also allows attackers to stay out of the headlines and avoid immediate law enforcement pressure, while still extracting massive payouts. One case saw a Fortune 50 company pay $75 million to prevent the leak of 100 terabytes of sensitive medical data—without a single file being encrypted.

The report highlights variation in attacker methods. Some groups focus on single large targets; others, like the group “LOP,” exploit vulnerabilities in widely used file transfer applications, making supply chain compromise a preferred tactic. Once inside, attackers validate their claims by providing file trees and sample data—proving the theft is real.

Certain industries remain disproportionately affected. Healthcare, manufacturing, and technology are perennial top targets, with oil and gas seeing a sharp increase this year. Many victims operate with legacy systems, slow to adopt modern security measures, making them vulnerable. Geographically, the U.S. continues to be hit hardest, accounting for roughly half of all observed ransomware incidents.

The conversation also addresses why organizations fail to detect such massive data theft—sometimes hundreds of gigabytes per day over weeks. Poor monitoring, limited security staffing, and alert fatigue all contribute. Brett emphasizes that reducing exposure starts with eliminating unnecessary internet-facing services and embracing zero trust architectures to prevent lateral movement.

The ransomware report serves not just as a data source but as a practical guide. By mapping observed attacker behaviors to defensive strategies, organizations can better identify and close their most dangerous gaps—before becoming another statistic in next year’s findings.

Learn more about Zscaler: https://itspm.ag/zscaler-327152

Note: This story contains promotional content. Learn more.

Guest:

Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, | On LinkedIn: https://www.linkedin.com/in/brett-stone-gross/

Resources

Learn more and catch more stories from Zscaler: https://www.itspmagazine.com/directory/zscaler

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, brett stone-gross, ransomware, data extortion, cyber attacks, zero trust security, threat intelligence, data breach, cyber defense, network security, file transfer vulnerability, data protection, black hat, black hat usa 2025, zscaler

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The corridors of Black Hat 2025 in Las Vegas buzzed with conversations about AI and emerging threats, but one of the most compelling discussions centered on something decidedly human: how we actually manage our cybersecurity teams. Marco Ciappelli, Co-Founder and CMO of ITSPmagazine, connected with longtime industry colleague Deidre Diamond, who brought along Carraig Stanwyck—a seasoned cybersecurity leader who recently transitioned from Fortune 200 CISO to CEO.

"It's been great running into people I know here at Black Hat," Ciappelli noted, "but finding Deidre after 11 years—and meeting the people she's been working with—that's what these events are really about. Finding out what's happening in the industry and reconnecting."

Diamond, who has spent 11 years in cybersecurity with eight years focused on talent matching and three years developing workforce risk management practices at CyberSN, brought a unique perspective to the conversation. Her journey from building a cyber taxonomy and job matching solution to addressing the industry's critical workforce challenges—retention, burnout, capability gaps, and career planning—set the stage for understanding how one Fortune 200 CISO discovered the limitations of traditional workforce management.

The Excel Trap: When Good Intentions Meet Reality

When Stanwyck thought he had workforce management figured out, he was using Excel spreadsheets and conducting regular happiness surveys with his cybersecurity team. As someone who started his career in human intelligence and carried that people-focused approach through government, startups, and enterprise organizations, he believed he was ahead of the curve.

"I thought I already had a solution," Stanwyck reflects. "I was already meeting with my people, doing specific surveys to track happiness and belonging because I wanted to catch issues early. You get your team right, and you can do anything."

But when he met Deidre Diamond from CyberSN at RSA two years ago, his confidence was quickly shaken. "She was talking about workforce risk management, and I was like, 'Well, yeah, I do that. I'm all set. I'm covered.'" Diamond's response was simple: "Show me how you visualize the data you use."

That's when Stanwyck discovered the limitations of his Excel-based approach—old data, time-intensive processes, and a fundamental lack of real-time visibility into how his team actually functioned.

Beyond Job Titles: The Hidden Workforce Reality

What CyberSN's platform revealed transformed Stanwyck's understanding of his own team. "You can re-interview your people like a recorder," he explains. "You can see that someone you hired as an analyst is doing all this engineering work—maybe they're better on the engineering team."

The platform provided something Stanwyck had never experienced: quantitative visibility into how his team's time was actually being spent. "It gave me a level of visibility in the team, what they were doing, and how their time was being spent at a quantitative level that there's no way for me to replicate manually."

Even more revealing was the discovery that job descriptions become obsolete almost immediately. "The job description of our talent is old within weeks and within months from the day it's created—if it was even created correctly at all," Diamond noted during the conversation.

The Fulfillment Factor: Beyond Happiness to Purpose

While Stanwyck's happiness surveys captured surface-level satisfaction, CyberSN's approach dug into something more fundamental. "HappinessHappy is important, but one that feels fulfilled—that they have a purpose—that's the key," Stanwyck emphasizes.

The platform's approach to understanding team members went beyond traditional metrics. "When you know where they want to go, how they feel about the team, you get all this extra data," Stanwyck explains. "Your ability to craft development plans, to help them move through different parts of the team, to help with career planning—it becomes so nailed that they can't help but see their way forward."

The impact was immediate and lasting. When Stanwyck transitioned to his CEO role, his team specifically requested that the organization renew their CyberSN contract. "These teammates feel like, wow, they're investing in understanding me more and planning more. It just adds to professional efficacy."

From Reactive to Strategic: The Business Case Revolution

Perhaps the most significant transformation was in business communication. Every cybersecurity leader knows the refrain: "We don't have enough people." But quantifying that gap had always been nearly impossible.

"How do you show the gaps and how you're not able to meet specific capability requirements?" Stanwyck asks. "It's really hard using the lack of tools you have right now—it's very subjective."

CyberSN's dual visualization capability became a game-changer. "You can see the whole org chart from people—what they're doing. But you can also flip it and see that same org chart from a capabilities perspective," Stanwyck describes. "Here's all the capabilities we need. How are they staffed? What are we missing? How do we plan for the future as we grow?"

This visibility transformed conversations with executive leadership. "It's easier to get budgets, easier to make a business case for where you're going as you grow," Stanwyck notes. "CIOs, CFOs, CEOs can now understand what the security leader is dealing with in a way that's logical, not just a spreadsheet."

The Multi-Tool Discovery

The platform revealed something crucial about modern cybersecurity teams: people are multi-tools, not single-purpose instruments. "You hire somebody because they do X or Y—that's the assumption," Stanwyck explains. "But when you get to know them better through the taxonomies, when you figure out what they end up doing on the team even if it wasn't what they were hired for, you start realizing these tools are multi-tools."

This discovery enabled better strategic planning and resource allocation. "It allows you to have a much better plan for how you're gonna leverage them throughout the organization, help them upscale, identify those opportunities for them to maximize the value they're able to provide."

The Human Element in an AI-Driven World

As Black Hat 2025 showcased the latest in AI and automation, Stanwyck offered a refreshing perspective on the role of humans in cybersecurity's future. "AI technologies are really statistical models of existing information—they're not creative, they're not thinking outside the box," he observes.

Instead of replacement, Stanwyck advocates for empowerment. "I'm excited about companies that take a smarter approach—how do we empower the human? It's kind of like putting that superhero costume on rather than getting rid of them."

For cybersecurity leaders still managing teams through spreadsheets and gut feelings, this Black Hat conversation offers a clear message: true workforce visibility isn't just about knowing who works for you—it's about understanding how they work, what fulfills them, and how to strategically position your human capabilities for the challenges ahead.

CyberSN's workforce risk management platform transforms how cybersecurity leaders understand, develop, and strategically deploy their most valuable asset: their people.

Learn more about CyberSN: https://itspm.ag/cybersn-476941

Note: This story contains promotional content. Learn more.

Guests:

Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/

Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/

Resources

Learn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersn

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation begins with a clear reality: business processes are complex, and when security is added into the mix, orchestrating workflows efficiently becomes even more challenging. BlinkOps addresses this by providing a platform that not only automates security tasks but also extends across HR, finance, sales, and marketing. By enabling automation in areas like employee onboarding/offboarding or access management, the platform helps organizations improve efficiency, reduce risk, and free human talent for higher-value work.

Mike explains that while traditional SOAR tools require heavy scripting and ongoing maintenance, BlinkOps takes a different approach. Its security co-pilot allows users to describe automations in plain language, which are then generated—90% complete—by the system. Whether the user is a SOC analyst or an HR manager, the platform supports low-code and no-code capabilities, making automation accessible to “citizen developers” across the organization.

The concept of micro agents is central. Instead of relying on large, complex AI models that can hallucinate or act unpredictably, BlinkOps uses focused, purpose-built agents with smaller context windows. These agents handle specific tasks—such as enriching security alerts—within larger workflows, ensuring accuracy and control.

The benefits are tangible. One customer’s triage agent processed 400 alerts in just eight days without direct human intervention, while another saved $1.8 million in manual endpoint deployment costs over a single month. Outcomes like reduced mean time to respond (MTTR) and faster time to automation are key drivers for adoption, especially when facing zero-day vulnerabilities where speed is critical.

BlinkOps runs as SaaS, hybrid, or in secure environments like GovCloud, making it adaptable for organizations of all sizes and compliance requirements.

The takeaway is clear: AI-driven automation doesn’t just improve security operations—it creates new efficiencies across the enterprise. As Mike puts it, when a process can be automated, “just blink it.”

Learn more about BlinkOps: https://itspm.ag/blinkops-942780

Note: This story contains promotional content. Learn more.

Guest: Mike Wayne, Vice President, Global Sales at BlinkOps | On Linkedin: https://www.linkedin.com/in/mikejwayne/

Resources

Learn more and catch more stories from BlinkOps: https://www.itspmagazine.com/directory/blinkops

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, mike wayne, blink ops, ai automation, agentic ai, micro agents, security automation, soc automation, workflow automation, zero day response, alert triage, enrichment agent, low code automation, cyber security ai, enterprise automation, black hat usa, black hat 2025

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Zdjelar outlines how modern applications are built from a mix of first-party, contracted, open source, and proprietary third-party components. By the time software reaches production, its lineage spans geographies, development teams, and sometimes even AI-generated code. Incidents like SolarWinds, Kaseya, and CircleCI demonstrate that trusted vendors are no longer immune to compromise, and commercial software can introduce critical vulnerabilities or malicious payloads deep into enterprise systems.

Regulatory drivers are increasing scrutiny. Executive Order 14028, Europe’s Cyber Resilience Act, DORA, and U.S. Department of Defense software sourcing restrictions all require greater transparency, such as a Software Bill of Materials (SBOM). However, Zdjelar cautions that SBOMs—while valuable—are like ingredient lists without recipes: they don’t reveal if a product is secure, just what’s in it.

ReversingLabs addresses this gap with a no-compromise analysis engine capable of deconstructing any file, of any size or complexity, to assess its safety. This capability enables organizations to make risk-based decisions, continuously monitor for unexpected changes between software versions, and operationalize controls at points such as procurement, SCCM deployments, or file transfers into critical environments.

For CISOs, this represents a true technical control where previously only contractual clauses, questionnaires, or insurance policies existed. By placing analysis at the front of the software lifecycle, organizations can reduce reliance on costly manual testing and sandboxing, improve detection of tampering or hidden behavior, and even influence cyber insurance rates.

The takeaway is clear: software supply chain security is a board-level concern, and the focus must expand beyond open source. With the right controls, organizations can avoid becoming the next headline-making breach and maintain trust with customers, partners, and regulators.

Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b

Note: This story contains promotional content. Learn more.

Guest: Saša Zdjelar, Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital | On Linkedin: https://www.linkedin.com/in/sasazdjelar/

Resources

Learn more and catch more stories from ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: Black Hat 2025, Black Hat USA, sean martin, saša zdjelar, software supply chain security, commercial software risk, binary analysis, software bill of materials, sbom security, malicious code detection, ciso strategies, third party software risk, software tampering detection, malware analysis tools, devsecops security, application security testing, cybersecurity compliance

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Crogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.

Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.

The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.

Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.

Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.

The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.

Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.

For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.

The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.

As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale.
 

Watch the full interview: https://youtu.be/0GqPtPXD2ik
 

Learn more about CROGL: https://itspm.ag/crogl-103909

Note: This story contains promotional content. Learn more.

Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/

Resources

Learn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/crogl

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don’t know exist in your environment.

Moore’s career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss.
 

Why Discovery Matters Most

Through repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren’t on the organization’s radar.
 

Beyond CVEs

Moore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws.
 

Revealing the Gaps

RunZero’s approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker’s perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways.
 

Changing the Game

This depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored.
 

Collaboration and Community

Moore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers.
 

The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.

Learn more about runZero: https://itspm.ag/runzero-5733

Note: This story contains promotional content. Learn more.

Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/

Resources

Learn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzero

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

____________________________

Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.

Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.

The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.

What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.

The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.

Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.

The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.

Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.

The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.

Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.

As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations.
 

Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947

Note: This story contains promotional content. Learn more.

Guest: 

Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/

Resources

Learn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyber

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jenkins emphasizes that the industry has moved beyond selling “magic” solutions that promise to find every threat. Instead, customers are demanding tangible results—tools that block threats by default, simplify approvals, and make exceptions easy to manage. ThreatLocker’s platform is built on this premise, enabling over 54,000 organizations worldwide to maintain a secure environment without slowing business operations.

A highlight from the event is ThreatLocker’s Defense Against Configurations (DAC) module. This feature performs 170 daily checks on every endpoint, aligning them with compliance frameworks like NIST and FedRAMP. It not only detects misconfigurations but also explains why they matter and how to fix them. Jenkins admits the tool even revealed gaps in ThreatLocker’s own environment—issues that were resolved in minutes—proving its practical value.

The discussion also touches on the company’s recent FedRAMP authorization process, a rigorous journey that validates both the product’s and the company’s security maturity. For federal agencies and contractors, this means faster compliance with CMMC and NIST requirements. For commercial clients, it’s an assurance that they’re working with a partner whose internal security practices meet some of the highest standards in the industry.

As ThreatLocker expands its integrations and modules, Jenkins stresses that simplicity remains the guiding principle. This is achieved through constant engagement with customers—at trade shows, in the field, and within the company’s own managed services operations. By actively using their own products at scale, the team identifies friction points and smooths them out before customers encounter them.

In short, the message from the booth at Black Hat is clear: effective security comes from strong fundamentals, simplified management, and a relentless focus on the user experience.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Danny Jenkins, CEO of ThreatLocker | On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The threat landscape for high-profile individuals includes everything from compromised personal email accounts and hacked home networks to deepfake attacks and targeted identity theft. These risks not only threaten the individual but can cause significant financial and reputational damage to the companies they represent.

BlackCloak addresses this by providing digital executive protection—securing executives, their families, and their homes with a blend of technology, privacy measures, and concierge-level service. This includes monitoring and removing data from brokers, detecting threats in the dark web, safeguarding home IoT devices, and even protecting yachts, jets, and vacation properties. The company also acts as an on-call cybersecurity and privacy advisor 24/7/365.

A key component is the BlackCloak app, which serves as a security dashboard and communication hub. Through it, clients can see privacy risks being addressed in real time, receive alerts, and contact their dedicated concierge team. Behind the scenes, deception networks and active monitoring provide an extra layer of defense.

Pierson highlights the growing convergence of cyber and physical threats. High-profile attacks and incidents in recent years underscore the importance of integrating cybersecurity with physical security, particularly for executives who are constantly in the public eye. With AI accelerating both the speed and sophistication of attacks, organizations need to consider a holistic approach—protecting not only networks and devices but the digital personas of their people.

Ultimately, Pierson sees this as part of a broader shift toward making security a lifestyle component for executives, much like comprehensive healthcare benefits. It’s about creating an always-on layer of protection that travels with them—whether they’re in the office, at home, or halfway around the world.

Learn more about BlackCloak: https://itspm.ag/itspbcweb

Note: This story contains promotional content.Learn more.

Guest:

Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

AI is driving a seismic transformation in business operations, with executive teams rapidly deploying proof-of-concept projects to capture competitive advantage. Yet, as Chokshi notes, many of these initiatives race ahead without fully integrating security teams into the process. While budgets for AI are expanding, funding for AI-specific security measures often lags behind, leaving organizations exposed.

One of the most pressing concerns is the rise of AI bots—Akamai observes 150 billion such bots traversing networks daily. These bots scrape valuable digital content, train models on it, and, in some cases, replace direct customer interactions with summarized answers. The result? Lost marketing leads, disrupted sales funnels, and even manipulated product recommendations—all without traditional “breach” indicators.

This is not just a security problem; it’s a business continuity challenge. Organizations must develop strategies to block or manage scraping, including commercial agreements for content usage. Beyond this, the proliferation of conversational AI agents—whether for booking tickets, providing mortgage information, or recommending products—introduces new attack surfaces. Threat actors exploit prompt injections, jailbreaks, and code execution vulnerabilities to compromise these interfaces, risking both customer trust and brand reputation.

Akamai’s response includes capabilities such as Firewall for AI, providing in-line visibility and control over AI-driven sessions, and bot mitigation technologies that protect high-value content. By offering real-time threat intelligence tailored to customer environments, Akamai helps enterprises maintain agility without sacrificing protection.

Chokshi’s call to action is clear: every company is now an AI company, and security must be embedded from the outset. Boards should view security not as a budget line item, but as the foundation for innovation velocity, brand integrity, and long-term competitiveness.

Learn more about Akamai: https://itspm.ag/akamailbwc

Note: This story contains promotional content. Learn more.

Guests:

Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve’s mission. He describes a world where compliance doesn’t have to mean complexity. Eve’s AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.

This isn’t about replacing people. It’s about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.

More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.

The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?

Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99

Note: This story contains promotional content. Learn more.

Guests:

Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/

Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/

Resources

Redefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1ml

Learn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrc

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Chris outlines how threats to privacy, cybersecurity, and physical safety intersect across personal and professional domains. A breached home network, a deepfake circulating online, or a targeted social engineering campaign could all become entry points back into a company’s infrastructure—or lead to reputational or financial fallout. That’s why BlackCloak takes a holistic view, combining identity protection, device hardening, social listening, concierge response, and physical risk monitoring into a single service.

One of the key resources discussed is the vendor-agnostic Digital Executive Protection Framework. Free to download and use, it offers CISOs and CSOs a 14-point checklist covering areas like financial data protection, social media monitoring, physical threats, and personal cyber hygiene. According to Chris, it’s designed to be practical, actionable, and easy to integrate into quarterly reviews and budget planning cycles.

While many security vendors promise protection through tools alone, BlackCloak emphasizes relationships—human connection is built into the service. The platform includes real-time threat response and one-on-one interaction, going far beyond 1-800 numbers or chatbots.

Whether you’re managing executive risk for a Fortune 500 company or navigating new board-level cyber obligations, this conversation outlines the real gaps in current corporate protections—and a solution that meets executives where they are.

Learn more about BlackCloak: https://itspm.ag/itspbcweb

Note: This story contains promotional content.Learn more.

Guest:

Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Drawing from LevelBlue’s Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.

More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone’s problem.

The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.

Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they’re also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]

On LinkedIn | https://www.linkedin.com/in/theresalanowitz/

Resources

To learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdp

To download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6i

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Join ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.

As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.

ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."

The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.

At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.

Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.

ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.

The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.

Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operations

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content.Learn more.

Guests:

John Lilliston
Cybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

ThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! 
‍
‍Time: 7PM - 10PM | Location: Mandalay Bay Complex 
RSVP below and we'll send you a confirmation email with all the details.

[ Welcome Reception RSVP ]

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rupesh shares that Akamai is now detecting over 150 billion AI scraping attempts—a staggering signal of the scale and sophistication of machine-to-machine activity. These scraper bots are not only siphoning off data but also undermining digital business models by bypassing monetization channels, especially in publishing, media, and content-driven sectors.

While AI introduces productivity gains and operational efficiency, it also introduces new and uncharted risks. Agentic AI, where autonomous systems operate on behalf of users or other systems, is pushing cybersecurity teams to rethink their strategies. Traditional firewalls aren’t enough—because these threats don’t behave like yesterday’s attacks. Prompt injection, toxic output, and AI-generated hallucinations are some of the issues now surfacing in enterprise environments, with over 70% of organizations already experiencing AI-related incidents.

This brings the focus to the runtime. Akamai’s newly launched Firewall for AI is purpose-built to detect and mitigate risks in generative AI and LLM applications—without disrupting performance. Designed to flag issues like toxic output, remote code execution, or compliance violations, it operates with real-time visibility across inputs and outputs. It’s not just about defense—it’s about building trust as AI moves deeper into decision-making and workflow automation.

CISOs, says Rupesh, need to shift from high-level discussions to deep, tactical understanding of where and how their organizations are deploying AI. This means not only securing AI but also working hand-in-hand with the business to establish governance, drive discovery, and embed security into the fabric of innovation.

Learn more about Akamai: https://itspm.ag/akamailbwc

Note: This story contains promotional content. Learn more.

Guests:

Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Founded by Edward Wu, former Head of AI/ML at ExtraHop Networks, Dropzone AI was built on a key realization: the last thing SOCs need is another flood of alerts. Instead, they need help processing and acting on them. That’s where Dropzone comes in—offering an AI-powered security analyst that doesn’t just detect threats, but investigates, correlates, and takes action.

During a recent pre-event chat with ITSPmagazine’s Sean Martin and Marco Ciappelli, Edward explained the core philosophy behind the platform. Unlike hype-driven claims of “fully autonomous SOCs,” Dropzone takes a practical, tiered approach to automation. Their agentic AI system performs full investigations, determines the nature of alerts (true vs. false positives), and recommends or executes containment actions depending on risk tolerance and policy.

The tech has found particular traction with lean security teams, or those expanding toward 24/7 coverage without adding headcount. Rather than replacing humans, the platform augments them—freeing analysts from the drudgery of low-priority alert triage and giving them space to focus on strategic work. As Edward put it, “Nobody wants to be a tier-one analyst forever.” Dropzone helps make sure they don’t have to be.

The platform integrates across existing security stacks and data sources, drawing from threat intel, logs, and endpoint signals to build a full picture of every alert. Security teams retain full control, with human-in-the-loop decision-making remaining the standard in most use cases. However, for low-risk assets and off-hours scenarios, some customers are already authorizing autonomous action.

With conversations at Black Hat expected to revolve around the reality of AI in production—not just the vision—Dropzone is entering the perfect arena. From demonstrating real-world impact to sharing insights on agentic design and trust boundaries, their presence will resonate with everyone from analysts to CISOs.

Whether you’re building out your SOC, questioning your MDR provider, or simply overwhelmed with alert fatigue, this may be your signal. Dropzone AI isn’t selling buzzwords. They’re delivering results. Visit them at Startup City, booth #6427, and see for yourself what the future of alert triage and SOC efficiency looks like—one investigation at a time.
 

Note: This story contains promotional content. Learn more.

Guests:

Edward Wu, Founder/CEO at Dropzone AI 
On LinkedIn: https://www.linkedin.com/in/edwardxwu/
DROPZONE AI: https://itspm.ag/dropzoneai-641

Hosts:

Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

______________________

Resources

Visit the DROPZONE Website to learn more: https://itspm.ag/dropzoneai-641

Learn more and catch more stories from Dropzone on ITSPmagazine: https://www.itspmagazine.com/directory/dropzoneai

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation highlights how HITRUST goes beyond a simple checklist by layering in both threat intelligence and maturity modeling. Their framework isn’t just built on abstract risk—it incorporates real-world attack techniques, aligning controls to the MITRE ATT&CK framework. This means that the certification reflects actual adversarial tactics rather than hypothetical risk scenarios.

Bennekers shares that 99.41% of HITRUST-certified organizations did not report a breach in the last year, and that consistency over two annual reports points to meaningful outcomes—not just marketing claims. Sheth explains how each certification is reviewed in full by HITRUST, not just sampled, and every control is assessed for maturity—not pass/fail. It’s a model that helps companies continuously improve, while also giving relying parties better information.

For executive teams and boards, the report surfaces where organizations commonly struggle, including access control, vulnerability management, and third-party risk. It also highlights a growing use of external inheritance—leveraging cloud service providers’ security posture—as a strategic move for organizations with tighter budgets.

Looking ahead, the conversation points to continuous assurance and the evolving role of AI—both as a source of new risks and a tool to enhance security operations. HITRUST is already exploring certification models that reduce drift and increase visibility year-round.

For organizations wanting to build more than just a paper shield, this episode unpacks how certification—done right—can be a strategic, measurable advantage.

Note: This story contains promotional content. Learn more.

Guests:

Bimal Sheth, Executive Vice President of Standards Development and Assurance Operations at HITRUST | On LinkedIn: https://www.linkedin.com/in/bimal-sheth-248219130/

Vincent Bennekers, Vice President of Quality at HITRUST | On LinkedIn: https://www.linkedin.com/in/vincent-bennekers-a0b3201/

Host:

Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/

______________________

Keywords: sean martin, bimal sheth, vincent bennekers, hitrust, trust report, cybersecurity, compliance, certification, quality assurance, risk management, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Resources

HITRUST 2025 Trust Report: https://itspm.ag/hitrusz49c

Webinar: Beyond the Checkbox: Rethinking SOC 2, Cybersecurity, and Third-Party Risk in 2025 — An ITSPmagazine Webinar with HITRUST (https://www.crowdcast.io/c/beyond-the-checkbox-rethinking-soc-2-cybersecurity-and-third-party-risk-in-2025-an-itspmagazine-webinar-with-hitrust)

Visit the HITRUST Website to learn more: https://itspm.ag/itsphitweb

Learn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrust

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Greg, a former Army Special Operations communicator, and John, who got his break as a self-taught hacker, agree that the traditional path — expensive certifications and theoretical labs — doesn’t reflect the reality of the work. That’s why White Knight Labs is launching the Entry Level Pen Tester (ELPT) program. The idea is straightforward: make high-quality, practical training accessible to anyone, anywhere.

Unlike other courses that focus purely on the technical side, the ELPT emphasizes the full skill set a junior pen tester needs. This means not just breaking into systems, but learning how to write clear reports, communicate effectively with clients, and operate as part of a real engagement team. John explains that even the best technical find is worthless if it’s not explained properly or delivered with clear guidance for fixing the issue.

Greg points out that the team culture at White Knight Labs borrows from his Special Forces days — small, specialized teams where each individual goes deep on a specific domain but works in tight coordination with others. Their goal for trainees mirrors this: to develop focused, practical skills while understanding how their piece fits into bigger, complex attack scenarios.

Affordability and global access are key parts of the mission. The team wants the ELPT to open doors for people who might not have thousands to spend on training. By combining hands-on labs, in-depth modules, real-world scenarios, and a tough final exam, they aim to ensure that passing the ELPT means you’re truly job-ready.

For anyone considering a start in offensive security, this episode is a glimpse into a program designed to create more than just hackers — it’s building adaptable, communicative professionals ready to hit the ground running.

Learn more about White Knight Labs: https://itspm.ag/white-knight-labs-vukr

Guests:

John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/

Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/

______________________

Keywords: sean martin, marco ciappelli, greg hatcher, john stigerwalt, cybersecurity, pentesting, training, certification, whiteknightlabs, hacking, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Resources

Visit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukr

Learn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labs

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.

The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.

One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.

HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that’s about improving phishing defenses or updating incident response playbooks.

From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.

Note: This story contains promotional content. Learn more.

Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/

Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/

______________________

Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Resources

Visit the HITRUST Website to learn more: https://itspm.ag/itsphitweb

Learn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrust

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don’t-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what’s relevant to their specific networks and business-critical systems.

The conversation also explores SSVC’s ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.

That’s where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.

The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they’re buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.

Whether you’re tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.

Learn more about runZero: https://itspm.ag/runzero-5733

Note: This story contains promotional content. Learn more.

Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/

Resources

Learn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzero

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation begins with a critical point: AI should be an enabler, not a shiny object. Hillard contrasts the superficial marketing claims that dominate vendor messaging with the grounded, transparent approach his team takes—an approach that fuses technology with hands-on human expertise to deliver results.

eSentire’s focus is on containment and control. In over 99% of intrusion cases, their platform successfully stops threats at the first host. That is the benchmark by which Hillard wants AI judged—not by its novelty or buzz, but by whether it helps security teams stop attacks before damage spreads.

Key to achieving this is the way automation is used to supercharge analysts. Instead of running just three or five high-value queries in a 15-minute response window, eSentire’s AI framework runs 30. This allows the system to comb through a customer’s historical data, generate hypotheses based on broader knowledge bases, and deliver structured, contextual findings. Analysts can then focus on judgment and decision-making, not searching logs or assembling fragments.

Three pillars underpin this approach: direct telemetry gathering from tools like CrowdStrike and Microsoft, threat intelligence correlation, and contextual data from the customer environment. These layers combine to offer rich insights, fast. And importantly, the AI doesn’t operate in a black box. Hillard stresses explainability and auditability—every recommendation must be traceable back to concrete evidence, not just LLM-generated summaries.

He also touches on the eight assessment areas his team uses to evaluate AI readiness and safety: from autonomy and guardrails to data privacy, effectiveness metrics, and adversarial resilience. The point isn’t to convince customers with buzzwords, but to earn trust by demonstrating measurable results and opening the door to real conversations.

By encoding the investigative playbooks of seasoned analysts and executing them dynamically, agentic AI at eSentire isn’t replacing humans—it’s empowering them to respond faster and more accurately. That’s the difference between checking a marketing box and actually making a difference when every second counts.

Guest: Dustin Hillard | CTO, eSentire | https://www.linkedin.com/in/dustinhillard/

RESOURCES

Sorry We’re So Good: An Open Letter: https://itspm.ag/esentire-sorry4ek

Visit the eSentire Website to learn more: https://itspm.ag/esentire-594149

Learn more and catch more stories from eSentire on ITSPmagazine: https://www.itspmagazine.com/directory/esentire

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

______________________

Keywords: dustin hillard, sean martin, marco ciappelli, cybersecurity, ai, machine learning, automation, investigation, containment, transparency, brand story, brand marketing, marketing podcast, brand story podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Wilson brings a grounded perspective shaped by his experience on the floor at RSAC, where Object First made its debut as a sponsor. The energy, he notes, was contagious: not just among vendors, but also from practitioners expressing serious concerns about their ability to recover data post-incident. These conversations weren’t hypothetical; they were real worries tied to rising insurance premiums, regulatory compliance, and operational survivability. And at the core of all this? Trust in the data backup process.

Agentic AI, AI capable of making decisions independently, is one of the trends Wilson flags as both promising and risky. It offers potential for improving preparedness and accelerating recovery. But it also raises concerns around access and control of sensitive data, particularly if exploited by adversaries. For Sterling, the opportunity lies in combining proactive readiness with simplicity and control, especially for those who aren’t traditional security practitioners.

Object First is doing just that through OOTBI: Out of the Box Immutability. And yes, there’s a mascot: OOTBI. More than just a marketing hook, OOTBI represents a shift toward making backup and recovery systems approachable, usable, and, importantly, accessible. According to Wilson, the product gets users from “box to backup” in 15 minutes... with encrypted, immutable storage that meets critical requirements for cyber insurance coverage.

Cost, Wilson adds, is a key barrier that often prevents organizations from reaching data protection best practices. That’s why Object First now offers consumption-based pricing models. Whether a business is cloud-first or scaling fast, it’s a path to protection that doesn’t require breaking the budget.

Ultimately, Wilson emphasizes education and community as critical drivers of progress. From field labs where teams can configure their own Opi, to on-location conference conversations, the company is building awareness, and reducing fear, by making secure storage not just a feature, but a foundation.

This episode is a reminder that effective cybersecurity isn’t only about innovation; it’s about inclusion, practicality, and trust... both in your tools and your team.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guest: Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, sterling wilson, immutability, agentic, ai, backup, recovery, cybersecurity, insurance, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

While many are still just beginning to assess how AI impacts application development, Manico has been preparing for this moment for years. Two and a half years ago, he saw a shift—traditional low-level technical bugs were being mitigated effectively by mature organizations. The new challenge? Business logic flaws and access control issues that scanners can’t easily detect. This change signaled a new direction, prompting him to dive into AI security long before it became fashionable.

Now, Manico is delivering AI-flavored AppSec training, helping developers understand the risks of insecure code generated by large language models. His research shows that even the best AI coding tools—from Claude to Copilot—still generate insecure code out of the box. That’s where his work becomes transformative: by developing detailed, framework-specific prompts grounded in decades of secure coding knowledge, he has trained these tools to write safer code, using React, Django, Vue, and more.

Beyond teaching, he’s building. With 200 volunteers, he’s leading the creation of the Artificial Intelligence Security Verification Standard (AISVS), a new OWASP project inspired by the well-known Application Security Verification Standard (ASVS). Generated with both AI and human collaboration, the AISVS already has a v0.1 release and aims for a major update by summer.

For Manico, this isn’t just a technical evolution—it’s a personal renaissance. His deep catalog of secure coding techniques, once used primarily for human education, is now fueling a new generation of AI-assisted development. And he’s just getting started.

This episode isn’t just about where AppSec is going. It’s a call to developers and security professionals to rethink how we teach, how we build, and how we can use AI to enhance—not endanger—the software we create.

Learn more about Manicode: https://itspm.ag/manicode-security-7q8i

Note: This story contains promotional content. Learn more.

Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/

Resources

Jim's OWASP Session: https://owasp2025globalappseceu.sched.com/event/1wfpM/leveraging-ai-for-secure-react-development-with-effective-prompt-engineering

Download the Course Catalog: https://itspm.ag/manicode-x684

Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-security

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: jim manico, sean martin, appsec, ai, owasp, securecoding, developers, aisvs, training, react, brand story, brand marketing, marketing podcast, brand story podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ThreatLocker’s mission is grounded in achieving Zero Trust in a simple, operationally feasible way. But more than that, Allen emphasizes their value as enablers of peace of mind. Whether helping customers prevent ransomware attacks or meet regional regulatory requirements like GDPR or Australia’s Essential Eight, the company is working toward real-world solutions that reduce complexity without sacrificing security. Their presence at events like InfoSecurity Europe is key—not just for outreach, but to hear directly from customers and partners about what’s working and where they need help.

Why Being There Matters

Different regions have different pressures. In Australia, adoption surged without any local team initially on the ground—driven purely by alignment with the Essential Eight framework. In the UK, it’s conversations about Cyber Essentials that shape booth discussions. Regulations aren’t just compliance checklists; they’re also conversation starters that change how organizations prioritize security.

The ThreatLocker team doesn’t rely on generic demos or vague promises. They bring targeted examples to the booth—like asking attendees if they know what software can be run on their machines without alerting anyone. If tools like remote desktop applications or archive utilities can be freely executed, attackers can use them too. This is where ThreatLocker steps in: controlling what runs, identifying what’s necessary, and blocking what isn’t.

Booth D90 and Beyond

Rob Allen invites anyone—whether they’re new to ThreatLocker or longtime users—to visit booth D90. The team, built with a mix of technical skill and humor (ask about the “second-best beard” in the company), is there to listen and help. It’s not just about showcasing technology; it’s about building relationships and reinforcing a shared goal: practical, proactive cybersecurity that makes a measurable difference.

If you’re at InfoSecurity Europe, stop by. If you’re not, this episode offers a meaningful glimpse into why showing up—both physically and philosophically—matters in cybersecurity.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: 

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Cyber Essentials Guide: https://threatlocker.kb.help/threatlocker-and-cyber-essentials-compliance/?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_interview_rob&utm_term=podcast

Australia's Essential Eight Guide: https://www.threatlocker.com/whitepaper/australia-essential-eight?utm_source=itsp&utm_medium=sponsor&utm_campaign=infosec_europe_pre_interview_rob_q2_25&utm_content=infosec_europe_pre_intervi

Learn more and catch more event coverage stories from Infosecurity Europe 2025 in London: https://www.itspmagazine.com/infosec25 

______________________

Keywords:

sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, infosec, compliance, ransomware, endpoint, regulation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people’s attention, though, wasn’t the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker’s controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.

Zero Trust Is a Journey—But It Doesn’t Have to Be Complicated

One key message Rob emphasizes is that true security doesn’t come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they’re all winter coats, you’re not prepared for summer,” Sean Martin jokes, reinforcing Rob’s point that layers should be distinct, not redundant.

ThreatLocker’s approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.

From Technical Wins to Human Connections

The conversation wraps with a reminder that cybersecurity isn’t just about tools—it’s about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

⸻

Guest: 

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

More Than a Job: Why Community Matters

Rob Clyde shares his long-standing involvement with ISACA and reflects on the powerful role that professional associations play in cybersecurity careers. It’s not just about certifications—though Clyde notes that employers often value them more than degrees—it’s also about community, mentorship, and mutual support. When asked how many people landed a job because of someone in their local ISACA chapter, half the room raised their hands. That kind of connection is difficult to overstate.

Clyde urges cybersecurity professionals to look beyond their company roles and invest in something that gives back—whether through volunteering, speaking, or simply showing up. “It’s your career,” he says. “Take back control.”

Facing Burnout and Legal Risk Head-On

The group also addresses a growing issue: burnout. ISACA’s latest research shows 66% of cybersecurity professionals are feeling more burned out than last year. For CISOs in particular, that pressure is compounded by personal liability—as in the case of former SolarWinds CISO Tim Brown being sued by the SEC. Clyde warns that such actions have a chilling effect, discouraging internal risk discussions and openness.

To counteract that, he emphasizes the need for continuous learning and peer support as a defense, not only against burnout, but also isolation and fear.

The Silent Threat of Quantum

While AI dominated RSAC’s headlines, Clyde raises a quieter but equally pressing concern: quantum computing. ISACA chose to focus its latest poll on this topic, revealing a significant gap between awareness and action. Despite widespread recognition that a breakthrough could “break the internet,” only 5% of respondents are taking proactive steps. Clyde sees this as a wake-up call. “The algorithms exist. Q Day is coming. We just don’t know when.”

From mental health to quantum readiness, this conversation makes it clear: cybersecurity isn’t just a technology issue—it’s a people issue. Listen to the full episode to hear what else we’re missing.

Learn more about ISACA: https://itspm.ag/isaca-96808

⸻

Guest: 

Rob Clyde, Board Director, Chair, Past Chair of the Board Directors at ISACA | https://www.linkedin.com/in/robclyde/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Stay tuned for an upcoming ITSPmagazine Webinar with ISACA: https://www.itspmagazine.com/webinars

ISACA Quantum Pulse Poll 2025 and related resources: https://www.isaca.org/quantum-pulse-poll

ISACA State of Cybersecurity 2024 survey report: https://www.isaca.org/resources/reports/state-of-cybersecurity-2024

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob clyde, rsac2025, burnout, quantum, cryptography, certification, isaca, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Not All AI Is Created Equal: The Archer Approach

RSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn’t about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.

Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.

From Policy Generation to Risk Narratives

One of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.

AI with a Human Touch

As Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.

What’s Next in Risk? Better Conversations

Looking ahead, Schlarman sees a shift from “no, we can’t” to “yes, and here’s how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.

From regulatory change to real-time translation of risk data, this is where tech meets trust.

⸻

Guest: 

Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Detecteam founders challenge the industry’s obsession with metrics like mean time to detect or respond, pointing out that these often measure operational efficiency—not true risk readiness. Instead, they propose a shift in thinking: stop optimizing broken processes and start creating better ones.

At the heart of their work is a new approach to detection engineering—one that continuously generates and validates detections based on actual behavior, environmental context, and adversary tactics. It’s about moving away from one-size-fits-all IOCs toward purpose-built, context-aware detections that evolve as threats do.

Sebastien highlights the absurdity of relying on static, signature-based detection in a world of dynamic threats. Adversaries constantly change tactics, yet detection rules often sit unchanged for months. The platform they’ve built breaks detection down into a testable, iterative process—closing the gap between intel, engineering, and operations. Teams no longer need to rely on hope or external content packs—they can build, test, and validate detections in minutes.

Fred explains the benefit in terms any CISO can understand: this isn’t just detection—it’s readiness. If a team can build a working detection in under 15 minutes, they beat the average breakout time of many attackers. That’s a tangible advantage, especially when operating with limited personnel.

This conversation isn’t about a silver bullet or more noise—it’s about clarity. What’s working? What’s not? And how do you know? For organizations seeking real impact in their security operations—not just activity—this episode explores a path forward that’s faster, smarter, and grounded in reality.

Learn more about Detecteam: https://itspm.ag/detecteam-21686

Note: This story contains promotional content. Learn more.

Guests: 

Fred Wilmot, Co-Founder & CEO, Detecteam | https://www.linkedin.com/in/fredwilmot/

Sebastien Tricaud, Co-Founder & CTO, Detecteam | https://www.linkedin.com/in/tricaud/

Resources

Learn more and catch more stories from Detecteam: https://www.itspmagazine.com/directory/detecteam

Webinar: Rethink, Don’t Just Optimize: A New Philosophy for Intelligent Detection and Response — An ITSPmagazine Webinar with Detecteam | https://www.crowdcast.io/c/rethink-dont-just-optimize-a-new-philosophy-for-intelligent-detection-and-response-an-itspmagazine-webinar-with-detecteam-314ca046e634

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, fred wilmot, sebastien tricaud, detecteam, detection, cybersecurity, behavior, automation, red team, blue team, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Subo walks through the foundations of their open XDR platform, which allows customers to retain the endpoint and network tools they already use—such as CrowdStrike or SentinelOne—without being locked into a single ecosystem. This flexibility proves especially valuable to MSSPs managing dozens or hundreds of customers with diverse toolsets, including those that have grown through acquisitions. The platform’s modular sensor technology supports IT, OT, and hybrid environments, offering deep packet inspection, network detection, and even user behavior analytics to flag potential lateral movement or anomalous activity.

One of the most compelling updates from the conversation is the introduction of their autonomous SOC capability. Subo emphasizes this is not about replacing humans but amplifying their efforts. The platform groups alerts into actionable cases, reducing noise and allowing analysts to respond faster. Built-in machine learning and threat intelligence feeds enrich data as it enters the system, helping determine if something is benign or a real threat.

The episode also highlights new program launches like Infinity, which enhances business development and peer collaboration for MSSP partners, and their Cybersecurity Alliance, which deepens integration across a wide variety of security tools. These efforts reflect Stellar Cyber’s strong commitment to ecosystem support and customer-centric growth.

Subo closes by reinforcing the importance of scalability and affordability. Stellar Cyber offers a single platform with unified licensing to help MSSPs grow without adding complexity or cost. It’s a clear statement: powerful security doesn’t need to be out of reach for smaller teams or companies.

This episode offers a practical view into what it takes to operationalize cybersecurity across diverse environments—and why automation with human collaboration is the path forward.

Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947

Note: This story contains promotional content. Learn more.

Guest: 

Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/

Resources

Learn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyber

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, subo guha, xdr, mssp, cybersecurity, automation, soc, ai, ot, threat detection, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don’t just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.

At the heart of the platform’s effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it’s SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.

AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.

Perhaps most compelling is ManageEngine’s global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.

This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?

Learn more about ManageEngine: https://itspm.ag/manageen-631623

Note: This story contains promotional content. Learn more.

Guest: 

Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/

Resources

Learn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengine

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn’t hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.

Coalfire’s evolution reflects this shift. It’s not just about running a penetration test or red team operation in isolation. It’s about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they’re seeking simplified, strategic programs with measurable outcomes.

The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It’s about enabling CISOs to own the narrative, armed with context, clarity, and confidence.

Henderson’s reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.

This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.

Learn more about Coalfire: https://itspm.ag/coalfire-yj4w

Note: This story contains promotional content. Learn more.

Guest: 

Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/

Resources

Learn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfire

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Emily outlines a critical flaw: Kubernetes wasn’t built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn’t real—it’s just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.

Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn’t disrupt developer workflows, integrates easily at the infrastructure layer, and doesn’t require retraining or restructuring CI/CD pipelines. It’s secure by design, without compromising performance or portability.

The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today’s ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.

Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today’s container sprawl, but tomorrow’s AI-powered compute environments.

This is more than a product pitch—it’s a reframing of how we define and implement security at the container level. The full conversation reveals what’s possible when performance, portability, and protection are no longer at odds.

Learn more about Edera: https://itspm.ag/edera-434868

Note: This story contains promotional content. Learn more.

Guest: 

Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/

Resources

Learn more and catch more stories from Edera: https://www.itspmagazine.com/directory/edera

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Richard shares the thinking behind Qualys’ Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.

With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.

From Security Operations to Risk Operations

While a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.

The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.

A CISO’s Role in the Business of Risk

Richard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”

This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?

Learn more about Qualys: https://itspm.ag/qualys-908446

Note: This story contains promotional content. Learn more.

Guest: 

Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/

Resources

Learn more and catch more stories from Qualys: https://www.itspmagazine.com/directory/qualys

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, richard seiersen, risk, cybersecurity, data, resilience, telemetry, automation, ciso, soc, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

More than just a legal expert, Geva advises early-stage founders and institutional investors across markets, helping them navigate cultural, legal, and strategic gaps. With over 50 personal investments and a strong focus on cybersecurity in recent institutional activity, his perspective reflects where real momentum is building—and how smart capital is being deployed.

AI Acceleration and M&A Hesitation

According to Geva, the accelerating capabilities of AI have created a strange paradox: in some sectors, VCs are hesitant to invest because the pace of change undermines long-term confidence. Yet in cybersecurity, AI is acting as a catalyst, not a caution. Cyber-AI combinations are among the few domains where deals are still moving quickly. He points to recent acquisitions—such as Palo Alto Networks’ move on Protect AI—as a sign that strategic consolidation is alive and well, even if overall deal volume remains lighter than expected.

Cyber Due Diligence Is Now Table Stakes

Across all industries, cybersecurity evaluations have become a non-negotiable part of M&A. Whether acquiring a fashion brand or a software firm, buyers now expect a clear security posture, detailed risk management plans, and full disclosure of any prior breaches. Geva notes that incident response experience, when managed professionally, can actually serve as a confidence builder in the eyes of strategic buyers.

From Global Hubs to Human Connections

While San Francisco remains a major force, Geva sees increasing momentum in New York, London, and Tel Aviv. Yet across all markets, he emphasizes that human relationships—trust, cultural understanding, and cross-border collaboration—ultimately drive deal success more than any legal document or term sheet.

With a front-row seat to innovation and a hand in building the bridges that power global tech growth, Yair Geva is helping define the next chapter of cybersecurity, AI, and strategic investment.

Listen to the full conversation to hear what’s shaping the deals behind tomorrow’s cybersecurity innovations.Note: This story contains promotional content. Learn more.

Guest: 

Yair Geva, Attorney and Investor | https://www.linkedin.com/in/yairgeva/

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, yair geva, cybersecurity, investment, ai, m&a, venture, resilience, innovation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can’t control what you can’t see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.

The Zero Trust Mindset: Assume Breach, Limit Access

Rob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It’s not about waiting to detect bad behavior—it’s about blocking the behavior before it starts.

The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker’s automation is designed to lower that barrier and get organizations to meaningful control faster.

Modern Threats, Simplified Defenses

As AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don’t require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it’s created. Whether it’s PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.

This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you’re ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: 

Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SandboxAQ, a company spun out of Alphabet, operates at the intersection of quantum technology and artificial intelligence. Manzano highlights two immediate challenges that demand new approaches: the looming need for quantum-resistant cryptography and the unchecked proliferation of AI agents across enterprise systems.

Post-Quantum Migration and Cryptographic Agility

Manzano describes an industry-wide need for massive cryptographic migration in response to the quantum threat. But rather than treating it as a one-time fix, SandboxAQ promotes cryptographic agility—a framework that enables organizations to dynamically and automatically rotate credentials, replace algorithms, and manage certificates in real-time. Their approach replaces decades of static key management practices with a modern, policy-driven control plane. It’s not just about surviving the post-quantum era—it’s about staying ready for whatever comes next.

Taming the Complexity of AI Agents and Non-Human Identities

The second challenge is the surge of non-human identities—AI agents, machine workloads, and ephemeral cloud infrastructure. SandboxAQ’s platform provides continuous visibility and control over what software is running, who or what it communicates with, and whether it adheres to security policies. This approach helps teams move beyond manual, one-off audits to real-time monitoring, dramatically improving how organizations manage software supply chain risks.

Real Use Cases with Measurable Impact

Manzano shares practical examples of how SandboxAQ’s technology is being used in complex environments like large banks—where decades of M&A activity have created fragmented infrastructure. Their platform unifies cryptographic and identity management through a single pane of glass, helping security teams act faster with less friction. Another use case? Reducing vendor risk assessment from months to minutes, allowing security teams to assess software posture quickly and continuously.

Whether it’s quantum cryptography, AI risk, or identity control—this isn’t a vision for 2030. It’s a call to action for today.

Learn more about SandboxAQ: https://itspm.ag/sandboxaq-j2en

Note: This story contains promotional content. Learn more.

Guest: 

Marc Manzano, General Manager of Cybersecurity at SandboxAQ | https://www.linkedin.com/in/marcmanzano/

Resources

Learn more and catch more stories from SandboxAQ: https://www.itspmagazine.com/directory/sandboxaq

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

marc manzano, marco ciappelli, sean martin, cryptography, quantum, ai, cybersecurity, nonhuman, keymanagement, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Object First is purpose-built for Veeam environments, offering out-of-the-box immutability (OOTBI) with a hardened, on-premises appliance. The goal is simple but critical: make backup security both powerful and practical. With backup credentials often doubling as access credentials for storage infrastructure, organizations expose themselves to unnecessary risk. Object First separates those duties by design, reducing the attack surface and protecting data even when attackers have admin credentials in hand.

Immutability as a Foundation—Not a Feature

The conversation highlights data from a recent ESG study showing that 81% of respondents recognize immutable object storage as the most secure way to protect backup data. True immutability means data cannot be modified or deleted until a set retention period expires—an essential safeguard when facing ransomware or insider threats. But Sterling emphasizes that immutability alone isn’t enough. Backup policies, storage access, and data workflows must be segmented and secured.

Zero Trust for Backup Infrastructure

Zero trust principles—verify explicitly, assume breach, enforce least privilege—have gained ground across networks and applications. But few organizations extend those principles into the backup layer. Object First applies zero trust directly to backup infrastructure through what they call zero trust data resilience. That includes verifying credentials at every step and ensuring backup jobs can’t alter storage configurations.

A Real-World Test: Marysville School District

When Marysville School District suffered a ransomware attack, nearly every system was compromised—except the Object First appliance. The attacker had administrative credentials, but couldn’t access or encrypt the immutable backups. Thanks to the secure design and separation of permissions, recovery was possible—demonstrating that trust in your backups can’t be assumed; it must be enforced by design.

Meeting Customers Where They Are

To support both partners and end customers, Object First now offers OOTBI through a consumption-based model. Whether organizations are managing remote offices or scaling their environments quickly, the new model provides flexibility without compromising security or simplicity.

Learn more about Object First: https://itspm.ag/object-first-2gjl

Note: This story contains promotional content. Learn more.

Guest: 

Sterling Wilson, Field CTO, Object First | https://www.linkedin.com/in/sterling-wilson/

Resources

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, sterling wilson, ransomware, immutability, backups, cybersecurity, zero trust, data protection, veeam, recovery, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At the center of the conversation is Archer Evolv, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company’s post-RSA independence, Evolv aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.

Leveraging technology developed by Compliance.ai, acquired by Archer last year, Archer applies AI tuned specifically for the language of compliance, helping customers reduce review time per regulatory obligation from 100 hours to just a few. That’s more than a productivity gain—it’s a structural shift in how companies adapt to nonstop regulatory change.

Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.

The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.

This episode isn’t just about software or frameworks. It’s about what happens when governance becomes a driver of value, not just a reaction to fear.

Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.

Learn more about Archer: https://itspm.ag/rsaarchweb

Note: This story contains promotional content. Learn more.

Guest: 

Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it’s also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.

The API and Web Application Threat Surge

Referencing Akamai’s latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they’re exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.

Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren’t actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.

Introducing Akamai’s Firewall for AI

Akamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.

In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.

Enabling Security Leadership

Chokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai’s goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.

Learn more about Akamai: https://itspm.ag/akamailbwc

Note: This story contains promotional content. Learn more.

Guest: 

Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/

Resources

Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

While many know ISACA for its certifications and events, Norton emphasizes that the organization’s mission goes much deeper—supporting digital trust through education, community, and career development. One key area of focus: helping individuals navigate every phase of their professional journey, from new graduates to seasoned leaders. That includes new offerings like the Certified Cyber Operations Analyst (CCOA) credential, designed specifically to meet the growing demand for technical, hands-on skills in security operations roles.

What’s driving this shift? Norton points to employer demand for candidates who can walk into SOC and technical analyst roles with practical experience. The CCOA was created based on feedback from ISACA’s 185,000+ global members and a wide network of hiring organizations, all highlighting the same pain point: early-stage roles are difficult to fill, not because people aren’t interested, but because too many can’t prove their skills in ways hiring managers understand.

ISACA’s response is both strategic and community-driven. Certification development is rooted in large-scale data analysis and enhanced by input from members around the world, ensuring each program reflects real-world needs. At the same time, ISACA recognizes that certifications alone don’t create confidence. Community and mentorship matter—especially for those struggling with imposter syndrome or breaking into the field from non-traditional backgrounds.

Looking ahead, ISACA is investing in career journey tools, AI-focused certifications, and guidance for post-quantum readiness—all while continuing to support members through local chapters and global programs.

For those hiring, job-seeking, or guiding others into the field, this episode offers a grounded, forward-looking view into how one organization is equipping the cybersecurity workforce for the work that matters now—and what’s coming next.

Learn more about ISACA: https://itspm.ag/isaca-96808

Note: This story contains promotional content. Learn more.

Guest: 

Jamie Norton, Director Board of Directors, ISACA | https://www.linkedin.com/in/jamienorton/

Resources

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

jamie norton, sean martin, marco ciappelli, cybersecurity, certifications, workforce, skills, governance, community, careers, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr. Pierson—a former two-time CISO, DHS cybersecurity advisor, and chief privacy officer—explains how BlackCloak addresses a long-ignored problem: the personal digital exposure of high-profile individuals and their families. From compromised home networks and identity theft to impersonation scams powered by deepfake technology, today’s cyber threats easily bypass corporate defenses by exploiting softer targets at home.

Digital Protection That Mirrors Physical Security

Just as companies rely on third-party providers for health insurance or physical executive protection, Dr. Pierson advocates for a dedicated, privacy-conscious solution for securing personal digital lives. BlackCloak functions as a concierge-style service, guiding individuals through essential steps like securing high-risk accounts, managing privacy settings, shrinking their attack surface, and implementing a modern, multifactor verification system to prevent impersonation attacks.

A Framework for Action

At RSAC, Dr. Pierson unveiled BlackCloak’s Digital Executive Protection Framework—a practical tool that includes 14 tenets and over 100 specific actions to assess and improve personal digital security maturity. The goal: help organizations prioritize what matters most. Instead of trying to secure every account or device equally, the framework focuses attention on high-value targets like banking credentials, communication platforms, and personal data exposed via data brokers.

From Deepfakes to Real-World Consequences

Pierson also highlights the alarming growth of AI-powered impersonation attacks. With 42% of surveyed CISOs reporting executive-targeted deepfake incidents, and financial losses climbing, companies must think differently. It’s not just about technology—it’s about trust, relationships, and verification at every level of communication.

This episode sheds light on how executive protection is evolving—and why your organization should consider extending its security strategy beyond the boardroom. To see how BlackCloak is redefining protection for the C-suite and their families, listen to the full episode.

Learn more about BlackCloak: https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest: 

Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/ 

Resources

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, marco ciappelli, chris pierson, cybersecurity, privacy, deepfakes, identity, executives, framework, protection, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anomali’s latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.

Agentic AI Meets Threat Intelligence

Hugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali’s AI operates within a secure, bounded dataset tailored to the customer’s environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization’s specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn’t just contextual awareness—it’s operational intelligence at speed and scale.

Making Security More Human-Centric

One clear theme emerges: the democratization of security tools. With Anomali’s design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.

Real-World Results and Risk Insights

Customers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali’s system doesn’t just detect—it correlates attack surface data with threat activity to highlight what’s both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.

Learn more about Anomali: https://itspm.ag/anomali-bdz393

Note: This story contains promotional content. Learn more.

Guest: 

Hugh Njemanze, President and Founder at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/

Resources

Learn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomali

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cyber Resilience, Not Just Storage

According to Herzog, today’s enterprise buyers—especially those in the Global Fortune 2000—aren’t just asking how to store data. They’re asking how to protect it when things go wrong. That’s why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.

Built-In Defense and Blazing-Fast Recovery

The integration isn’t cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.

Real-World Scenarios, Real Business Outcomes

Herzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.

Simplified Operations, Smarter Security

The message is clear: storage can’t be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.

Learn more about Infinidat: https://itspm.ag/infini3o5d

Note: This story contains promotional content. Learn more.

Guest: 

Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/

Resources

Learn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidat

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beyond the Perimeter: Visibility as a Force Multiplier

According to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They’re bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What’s left exposed is the network itself—and that’s where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.

Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there’s no real damage.

Three Layers of Network Insight

Dye outlines a layered approach to detection:

1. Baseline Network Activity – High-fidelity summaries of what’s happening.

2. Raw Detections – Behavioral rules, signatures, and machine learning.

3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.

This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.

The Metrics That Matter

Dye points to three critical success metrics for teams:

• Visibility coverage over time.

• MITRE ATT&CK coverage, especially around lateral movement.

• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.

As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.

Learn more about Corelight: https://itspm.ag/coreligh-954270

Note: This story contains promotional content. Learn more.

Guest: 

Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/

Resources

Learn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelight

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Edera, just over a year old, is focused on reimagining how containers are built and run by taking a hardware-up approach rather than layering security on from the top down. Their system eliminates lateral movement and living-off-the-land attacks from the outset by operating below the kernel, resulting in simplified, proactive protection across cloud and on-premises environments.

What’s notable is not just the technology, but the philosophy behind it. As Emily explains, organizations have grown accustomed to the limitations of containerization and the technical debt that comes with it. Edera challenges this assumption by revisiting foundational virtualization principles, drawing inspiration from technologies like Xen hypervisors, and applying them in modern ways to support today’s use cases, including AI and GPU-driven environments.

Kaylin adds that this design-first approach means security isn’t bolted on later—it’s embedded from the start. And yet, it’s done without disruption. Teams don’t need to scrap what they have or undertake complex rebuilds. The system works with existing environments to reduce complexity and ease compliance burdens like FedRAMP.

For those grappling with infrastructure pain points—whether you’re in product security, DevOps, or infrastructure—this conversation is worth a listen. Edera’s vision is bold, but their delivery is practical. And yes, you’ll find them roaming the show floor in bold pink—“mobile booth,” zero fluff.

Listen to the episode to hear what it really means to be “secure by design” in the age of AI and container sprawl.

Learn more about Edera: https://itspm.ag/edera-434868

Note: This story contains promotional content. Learn more.

Guests: 

Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/

Kaylin Trychon, Head of Communications, Edera | https://www.linkedin.com/in/kaylintrychon/

Resources

Learn more and catch more stories from Edera: https://www.itspmagazine.com/directory/edera

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25

______________________

Keywords:

emily long, kaylin trychon, sean martin, marco ciappelli, containers, virtualization, cloud, infrastructure, security, fedramp, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sterling’s career path reads like a masterclass in data protection. After working deep in the trenches as a Microsoft and virtualization architect for both government and private sectors, he transitioned into the vendor space—eventually joining Veeam Software, where he became immersed in the world of backups and data resilience. That journey eventually brought him to Object First, and it’s clear that passion for simplifying security while strengthening infrastructure hasn’t faded.

One of the major shifts we talked about is how the world of cybersecurity is now fundamentally interconnected. Sterling emphasized what we’ve said many times ourselves: it’s no longer about isolated tools or technologies. It’s about how everything fits together. And at the center of it all? Data.

Object First is hitting RSAC with a mission: making backup security radically simple without compromising strength. Their “Ootbi”—short for Out Of The Box Immutability—makes protecting backup data straightforward, automatic, and resilient. No special configuration needed. No extra security knowledge required. Just plug it in and let the design do the work.

We loved hearing how Object First applies core Zero Trust principles—like assuming breach and strict segmentation—not to networks or apps, but directly to backup storage. It’s a philosophy Sterling calls “Zero Trust Data Resilience.” Especially in a world where admins are juggling multiple roles, budgets are tighter, and attacks are getting smarter (yes, AI is helping the bad actors too), reducing complexity while increasing protection is a game-changer.

Sterling also shared a hard truth that many organizations are realizing too late: a lot of backup storage solutions weren’t built for today’s threat landscape. They weren’t designed with security-first thinking. Object First aims to fix that by focusing on simplicity, immutability, and speed—not just in backup, but in recovery when it matters most.

If you’re heading to RSAC 2025, make sure you swing by Booth S260 to check out Object First in person. There’ll be demos, trivia, swag, and a few surprise announcements. Plus, Sterling will be speaking at the Insights Theater (South Expo Booth 2151) on April 30 at 10:30 AM. He’ll dive deeper into what Zero Trust Data Resilience really means—and why it’s time to rethink how we secure our most valuable digital assets.

And if you can’t make it to San Francisco? Don’t worry—we’ll be recording another conversation with Sterling on location during the conference, going even deeper into these critical topics. Be sure to follow our On Location coverage to stay connected with everything happening during RSAC 2025.

The future of security isn’t just about new firewalls, AI-driven analytics, or policy updates. It’s about protecting what matters most—our data—with approaches that are built for the challenges of today, not yesterday. And with companies like Object First pushing the boundaries, we think the conversation around data resilience is about to get a whole lot louder.

Guests:

Sterling Wilson | Field CTO | Data Resilience Strategist | ZTDR Advocate
LinkedIn: https://www.linkedin.com/in/sterling-wilson-007

______________________________

Resources:

Learn more about Object First: https://itspm.ag/object-first-2gjl

Learn more and catch more stories from Object First: https://www.itspmagazine.com/directory/object-first

Immutable Storage for Everyone.
Ransomware-proof and immutable out-of-the-box, Ootbi delivers secure, simple, and powerful backup storage: https://itspm.ag/objectzlju

____________________________

Keywords:

RSAC 2025, backup security, data resilience, immutable storage, zero trust, object first, ootbi, zero trust data resilience, cybersecurity conference, backup protection, Veeam, ransomware, disaster recovery, storage security, simple cybersecurity, RSAC, securing backups, infosec, infosecurity

_______________________

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.

John’s journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg’s path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.

That mindset now defines how White Knight Labs works with clients. They don’t sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.

Their ransomware simulation service is a perfect example. They don’t just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it’s just another Tuesday. Most clients fail the test — not because they’re careless, but because most simulations aren’t this real.

And that’s the point.

White Knight Labs isn’t here to help companies check a box. They’re here to expose the gaps and raise the bar — because real threats don’t play fair, and security shouldn’t pretend they do.

What makes them different is what they don’t do. They’re not an all-in-one shop, and they’re proud of that. They won’t touch IR for major breaches — they’ve got partners for that. They only resell hardware and software they’ve personally vetted. That honesty builds credibility. That kind of focus builds trust.

Their training programs are just as intense. Between live DEF CON courses and their online platform, they’re giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.

Pass their ODPC certification, and you’ll probably get a call — not because they need to check a hiring box, but because it proves you’re serious. And if you can write loaders that bypass real defenses? You’re speaking their language.

This first conversation with John and Greg reminded us why we started this series in the first place. It’s not just about product features or service offerings — it’s about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.

We’ve got more stories with them on the way. But if this first one is any sign of what’s to come, we’re in for something special.

⸻

Learn more about White Knight Labs: 

Guests:

John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/

Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/

White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr

______________________

Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services

______________________

Resources

Visit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukr

Learn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labs

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mary Carmichael, President of ISACA’s Vancouver Chapter and a CPA focused on cybersecurity risk and governance, highlights the session she’s co-presenting with Dooshima Dabo’Adzuana: Third-Party AI: What Are You Really Buying? Their talk will explore the increasing complexity of evaluating AI solutions procured from vendors—especially those embedding large language models. Topics include due diligence during procurement, monitoring post-deployment, and assessing whether vendor practices align with internal risk and privacy requirements.

Dooshima Dabo’Adzuana, a researcher at Boise State University and leader from ISACA’s Abuja Chapter, shares how ISACA members across regions are grappling with similar questions: What does AI mean for my organization? What risks do third-party integrations introduce? She emphasizes the importance of frameworks and educational tools—resources that ISACA is making readily available at their booth (South Expo #2268) and through new certification tracks in AI audit and security.

Alongside the AI focus, visitors to the booth can explore results from ISACA’s Quantum Pulse Poll and access guidance on encryption readiness for a post-quantum future. The booth will also feature a selfie station and serve as a meeting point for the diverse ISACA community, with members from over 220 chapters worldwide.

The conversation rounds out with a critical discussion on cybersecurity career development. Both Mary and Dooshima share personal stories of transitioning into the field—Mary from accounting, Dooshima from insurance—and call for broader recognition of transferable skills. They point to global tools, such as career pathway frameworks supported by ISACA and the UK Cyber Security Council, as essential for addressing the persistent workforce gap.

This episode offers a preview of how ISACA is connecting global conversations on AI, quantum, and professional development—making RSAC Conference 2025 not just a tech showcase, but a community gathering rooted in learning and action.

Stop by booth 2268 in the South Expo to explore how ISACA are equipping professionals with practical tools for AI governance, quantum readiness, and cybersecurity career growth—and how your organization can benefit from a stronger, more connected community.

Learn more about ISACA: https://itspm.ag/isaca-96808

Guests:

Mary Carmichael, President of ISACA’s Vancouver Chapter | https://www.linkedin.com/in/carmichaelmary/

Dooshima Dabo’Adzuana, a researcher at Boise State University and leader from ISACA’s Abuja Chapter | https://www.linkedin.com/in/dooshima-dabo-adzuana/

Resources

Mary and Dooshima's session at RSA Conference: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737642290064001tqyq

Learn more about ISACA's AI resources: https://www.isaca.org/resources/artificial-intelligence

Learn more about ISACA's credentials: https://www.isaca.org/credentialing

Learn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isaca

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: ai, quantum, cybersecurity, risk, governance, audit, certification, encryption, rsa, rsac, third-party, compliance, career, skills, education, community, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Steve represents a company that’s been at the center of governance, risk, and compliance (GRC) for nearly 25 years. But don’t mistake tenure for inertia—Archer is actively reshaping how organizations think about integrated risk management, especially through its latest platform, Archer Evolv. Steve shares how his team is focused on rethinking compliance not as a checkbox, but as a foundation for smarter, more strategic business decisions.

What sets Archer Evolv apart? For one, the platform doesn’t just cater to full-time risk professionals. It’s built for anyone in the organization who touches compliance—even occasionally. Steve explains how the user experience has been redesigned to make it easier for non-experts to contribute, pulling in relevant data without bogging down daily operations.

AI also plays a major role. After acquiring Compliance.AI, Archer has embedded large language models and automation into its compliance workflows—cutting down the time it takes to process regulatory updates and map controls. This means compliance professionals can spend less time scanning documents and more time advising the business.

But this isn’t about technology for technology’s sake. Steve underscores the bigger question facing companies today: how much risk are they truly willing to accept? Regulation might kickstart the conversation, but it’s risk management that sustains it—and that requires clarity, context, and collaboration across the business.

Archer’s team will be on site at RSAC, ready to demo the platform and share stories from the field. With over 1,200 customers worldwide, the company has no shortage of real-world examples to pull from. From frontline vulnerability assessments to strategic compliance mapping, Archer’s approach is centered on enabling better decisions—not just better dashboards.

Stop by booth 3117 (https://itspm.ag/archervn5f) to see how they’re turning compliance into an engine for risk-aware growth—and how your team might benefit from a more purposeful approach to GRC.

Learn more about Archer: https://itspm.ag/rsaarchweb

Guest: Steve Schlarman, Senior Director, Product Management at Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/

Resources

Learn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archer

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: risk, compliance, governance, cybersecurity, ai, automation, regulation, grc, audit, resilience, controls, workflow, data, business continuity, product management, rsa, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast

______________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry’s typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker’s philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.

ThreatLocker’s presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn’t? They (temporarily) get your data. It’s a simple but powerful reminder that what you think is secure might not be.

The booth won’t just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that’s growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.

And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).

For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

______________________

Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven’t heard of SandboxAQ yet, here’s a quick headline: they’re a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.

But let’s keep our feet on the ground for a second, because this story isn’t just about tech that sounds cool. It’s about solving the very real, very painful problems that security teams face every day.

Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.

And it’s not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.

And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.

Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.

We’ll be there too — recording a deeper Brand Story episode On Location during the event.

Until then, enjoy this preview — and get ready to meet the future of cybersecurity.

⸻

Keywords:

sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation

______________________

Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQ

Marc Manzano on LinkedIn

🌐 SandboxAQ Website

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

SandboxAQ:
https://itspm.ag/sandboxaq-j2en

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Chokshi, who leads Akamai’s Application Security business, describes a landscape marked by explosive growth in web and API attacks—and a parallel shift as enterprises embrace generative AI. The double-edged nature of AI is central to the discussion: while it offers breakthrough productivity and automation, it also creates new vulnerabilities. Akamai’s dual focus, says Chokshi, is both using AI to strengthen defenses and securing AI-powered applications themselves.

The conversation touches on the scale and sophistication of modern threats, including an eye-opening stat: Akamai is now tracking over 500 million large language model (LLM)-driven scraping requests per day. As these threats extend from e-commerce to healthcare and beyond, Chokshi emphasizes the need for layered defense strategies and real-time adaptability.

Ciappelli brings a sociological lens to the AI discussion, noting the hype-to-reality shift the industry is experiencing. “We’re no longer asking if AI will change the game,” he suggests. “We’re asking how to implement it responsibly—and how to protect it.”

At RSAC 2025, Akamai will showcase a range of innovations, including updates to its Guardicore platform and new App & API Protection Hybrid solutions. Their booth (6245) will feature interactive demos, theater sessions, and one-on-one briefings. The Akamai team will also release a new edition of their State of the Internet report, packed with actionable threat data and insights.

The episode closes with a reminder: in a world that’s both accelerating and fragmenting, cybersecurity must serve not just as a barrier—but as a catalyst. “Security,” says Chokshi, “has to enable innovation, not hinder it.”

⸻

Keywords: RSAC 2025, Akamai, cybersecurity, generative AI, API protection, web attacks, application security, LLM scraping, Guardicore, State of the Internet report, Zero Trust, hybrid digital world, enterprise resilience, AI security, threat intelligence, prompt injection, data privacy, RSA Conference, Sean Martin, Marco Ciappelli

______________________

Guest: Rupesh Chokshi, SVP & GM, Akamai 
https://www.linkedin.com/in/rupeshchokshi/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

AKAMAI:
https://itspm.ag/akamailbwc

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Rupesh Chokshi Session at RSAC 2025
The New Attack Frontier: Research Shows Apps & APIs Are the Targets - [PART1-W09]

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Phishing as a Service and the Surge in Email Compromises

One of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.

Malware Is Smarter, Simpler—and It’s Spreading Fast

Malware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.

Ransomware: Faster and More Automated Than Ever

The speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.

Why This Report Matters

Rather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.

Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue’s next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.

Learn more about LevelBlue: https://itspm.ag/levelblue266f6c

Note: This story contains promotional content. Learn more.

Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue’s Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/

Resources

Download the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdp

Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblue

Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

From Default Permit to Default Deny

ThreatLocker’s philosophy centers on a fundamental shift: moving from a default permit posture to a default deny stance. This approach, according to Rob, doesn’t hinder operations—it creates boundaries that allow organizations to function safely and efficiently. It’s not about locking systems down; it’s about granting permissions with precision, so users can operate without even noticing security is present.

Product Innovation Driven by Real Feedback

The conversation highlights how customer input—and CEO Danny Jenkins’ relentless presence at industry events—drives product development. New solutions like Web Control and Patch Management are designed as logical extensions of existing tools, allowing security teams to reduce risk without creating friction for end users. The addition of a software store, suggested by enterprise customers, gives users clarity on what’s approved while reducing IT support tickets.

Insights and the Detect Dashboard

Rob also explains how ThreatLocker is unlocking the value of big data. With billions of data points collected every hour, their new Insights platform aggregates and analyzes cross-customer trends to better inform security decisions. Combined with the Detect Dashboard, teams now gain not only visibility but actionable intelligence—supported by polished visuals and streamlined workflows.

More Than Just Tech—It’s Peace of Mind

While the technology is impressive, Rob says the most rewarding feedback is simple: “ThreatLocker helps me sleep at night.” For many customers, that level of confidence is priceless. And in unexpected situations—like a blue-screen incident caused by third-party software—ThreatLocker has even been used to mitigate impacts in creative ways.

Whether you’re leading a global IT team or managing a growing MSP, this episode will make you think differently about how security fits into your operational strategy. Tune in to hear how ThreatLocker is turning bold ideas into real-world control.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Rob Allen, Chief Product Officer at ThreatLocker

On LinkedIn | https://www.linkedin.com/in/threatlockerrob/

Resources

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Chris is no stranger to the RSA stage—this year marks his 21st year presenting—and he’s bringing his energy to two powerful sessions. The first, titled “Protecting What Matters: Your Family and Home,” kicks off bright and early on Monday, April 28. It’s not about blinky lights or enterprise networks—it’s about us. The cybersecurity community often talks about protecting organizations, but what about protecting ourselves and our families? Chris will explore how security pros can apply their skills at home, covering identity theft, scams, and home network safety. It’s a refreshing and much-needed call to action that connects the personal and professional.

On Wednesday, Chris returns with co-presenter James Shreve for a two-hour Learning Lab, “When Things Go Boom: Supply Chain Risk.” This Chatham House Rule session dives deep into one of today’s most complex challenges: managing third-party risk without stopping the business in its tracks. Participants will step into different roles—board members, CISOs, legal, finance—to engage in a live, collaborative scenario that pushes them to think beyond checklists. Real talk. Real collaboration. And practical takeaways.

But that’s not all. BlackCloak is also unveiling its new Digital Executive Protection Framework, designed to help organizations assess and strengthen protections for executives and their families. Chris teases that this framework includes 14 essential tenets that blend physical, digital, and organizational awareness—and he’ll be sitting down with us again at the event to go deeper.

With 15–20 BlackCloak team members on site, a full schedule of meetings, events, and community conversations, this year is shaping up to be a milestone for BlackCloak at RSAC. If you’re attending, keep an eye on their LinkedIn page for updates, booking links, and suite details.

As Chris says, it’s about lifting our heads, scanning the horizon, and showing up for our community—and our families.

Keywords: RSAC2025, Chris Pierson, BlackCloak, cybersecurity, RSA Conference, digital protection, executive protection, supply chain risk, identity theft, privacy, home network security, third-party risk, CISOs, cybersecurity community, digital executive protection framework, GRC, threat intelligence, infosec, personal security, cybersecurity awareness

______________________

Guest: Chris Pierson, Founder & CEO of BLACKCLOAK | Digital Executive Protection | Concierge Cybersecurity & Privacy Protection . . . in their Personal Lives | On LinkedIn: https://www.linkedin.com/in/drchristopherpierson/

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BLACKCLOAK:
https://itspm.ag/itspbcweb

____________________________

Resources

Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Chris Sessions
Protecting What Matters—Your Family & Home https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739369849404001eWtU

When Things Go Boom! Your Supply Chain Risk
https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727434586212001yGwM

BLACKCLOAK WEBSITE:
https://itspm.ag/itspbcweb

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How does a military-born cybersecurity solution empower MSPs and SMBs in today’s compliance-driven world? Here’s the Beachhead Solutions story.

When it comes to cybersecurity, one thing is clear: the Wild West may have lost a “wild,” but it’s still lawless out there. In this ITSPmagazine Brand Story, Sean Martin and Marco Ciappelli sit down with Cam Roberson of Beachhead Solutions—a company with deep roots in military-grade data protection and a forward-thinking approach to endpoint security.

Cam shares how Beachhead Solutions began two decades ago, solving a very real problem for the military: how to instantly and securely destroy sensitive data on compromised devices like laptops in Humvees. Today, that same secure mindset powers a solution designed not just for high-risk environments, but also for businesses of all sizes that need to manage device security and compliance without locking down operations.

What sets Beachhead apart? Their philosophy of “trust but verify.” Unlike rigid zero trust models that can frustrate users and slow productivity, Beachhead enables granular access control based on real-time risk conditions—automated and scalable. Their “Risk Responder” technology evaluates behavior and environment to enforce adaptive policies, ensuring protection without constant human oversight.

Whether you’re a small business or an enterprise MSP, compliance is no longer optional. Cam discusses the increasing pressure from frameworks like NIST, HIPAA, CMMC, and the FTC Safeguards Rule—regulations that apply across industries and sizes. Beachhead’s cloud-native platform helps companies prepare, adapt, and prove compliance through detailed reporting and control over data access.

What’s more, their MSP-first model isn’t just a reseller program. Partners get concierge onboarding, flexible monthly billing, and free internal use of the platform—because they’re part of the supply chain too. With Beachhead, MSPs aren’t just meeting regulatory checkboxes; they’re showing value to clients and securing new business opportunities in a rapidly evolving threat landscape.

From USB-stolen “startup kits” to porch-tossed medical laptops, Cam’s anecdotes highlight the real-world chaos that their solution brings order to.

Ready to move from wild to wise? Beachhead Solutions has your back.

⸻

Keywords:

endpoint security, data protection, zero trust, risk responder, MSP, SMB security, device control, cybersecurity, compliance, NIST, HIPAA, FTC safeguards, CMMC, supply chain security, secure data wipe, remote access control, encryption, managed services, cloud-native security, Beachhead Solutions, adaptive security

Learn more about BeachHead Solutions : https://itspm.ag/beachhead-solutions-r49e

Note: This story contains promotional content. Learn more.

_______________________________________

Guest: Cam Roberson 

🔗 Cam Roberson on LinkedIn: https://www.linkedin.com/in/camroberson/
 

Resources

Learn more and catch more stories from Beachhead Solutions: https://www.itspmagazine.com/directory/beach-head-solutions

____________________________

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about Nerdio: https://www.itspmagazine.com/directory/nerdio

Guest: Will Ominsky, VP MSP Sales at Nerdio | On LinkedIn: https://www.linkedin.com/in/will-ominsky/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Foundation of Secure Development

Jim Manico has spent decades helping engineers and architects understand and implement secure coding practices. His work with the Open Web Application Security Project (OWASP), including contributions to the OWASP Top 10 and the OWASP Cheat Sheet Series, has influenced how security is approached in software development. He emphasizes that security should not be an afterthought but a fundamental part of the development process.

He highlights OWASP’s role in providing documentation, security tools, and standards like the Application Security Verification Standard (ASVS), which is now in its 5.0 release. These resources help organizations build secure applications, but Manico points out that simply having the guidance available isn’t enough—engineers need the right training to apply security principles effectively.

Why Training Matters

Manico has trained thousands of engineers worldwide and sees firsthand the impact of hands-on education. He explains that developers often lack formal security training, which leads to common mistakes such as insecure authentication, improper data handling, and vulnerabilities in third-party dependencies. His training programs focus on practical, real-world applications, allowing developers to immediately integrate security into their work.

Security training also helps businesses beyond just compliance. While some companies initially engage in training to meet regulatory requirements, many realize the long-term value of security in reducing risk, improving product quality, and building customer trust. Manico shares an example of a startup that embedded security from the beginning, investing heavily in training early on. That approach helped differentiate them in the market and contributed to their success as a multi-billion-dollar company.

The Role of AI and Continuous Learning

Manico acknowledges that the speed of technological change presents challenges for security training. Frameworks, programming languages, and attack techniques evolve constantly, requiring continuous learning. He has integrated AI tools into his training workflow to help answer complex questions, identify knowledge gaps, and refine content. AI serves as an augmentation tool, not a replacement, and he encourages developers to use it as an assistant to strengthen their understanding of security concepts.

Security as a Business Enabler

The conversation reinforces that secure coding is not just about avoiding breaches—it is about building better software. Organizations that prioritize security early can reduce costs, improve reliability, and increase customer confidence. Manico’s approach to education is about empowering developers to think beyond compliance and see security as a critical component of software quality and business success.

For organizations looking to enhance their security posture, developer training is an investment that pays off. Manicode Security offers customized training programs to meet the specific needs of teams, covering topics from secure coding fundamentals to advanced application security techniques. To learn more or schedule a session, Jim Manico can be reached at Jim@manicode.com.

Tune in to the full episode to hear more insights from Jim Manico on how security training is shaping the future of application security.

Learn more about Manicode: https://itspm.ag/manicode-security-7q8i

Note: This story contains promotional content. Learn more.

Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/

Resources

Download the Course Catalog: https://itspm.ag/manicode-x684

Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-security

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of ITSPmagazine’s Brand Story series, hosts Marco Ciappelli and Sean Martin sit down with Dr. Chris Pierson, CEO and Founder of BlackCloak, to explore the increasing risks posed by cybercriminals, data brokers, and even nation-state actors, all of whom exploit publicly available information to orchestrate real-world threats. With the rise of doxing, swatting, and targeted attacks on corporate leadership, it is clear that safeguarding digital identities is no longer optional—it is essential.

Dr. Pierson shares insights on how BlackCloak’s concierge approach blends cutting-edge technology with a personalized human touch, ensuring that executives and their families can navigate the digital world securely. From removing personal information from data broker websites to mitigating deep web threats, BlackCloak’s unique approach focuses on proactive protection rather than reactive crisis management. The conversation also touches on recent high-profile security breaches and their implications, highlighting the urgent need for businesses to extend cybersecurity measures beyond the enterprise network.

As digital and physical threats continue to merge, organizations must rethink their approach to executive security. This episode is a wake-up call for leaders who may underestimate the exposure they and their families face. Tune in to learn why digital executive protection is no longer a luxury but a necessity, and how BlackCloak is setting the standard for safeguarding the modern executive.

For those looking to take control of their digital privacy and security, visit BlackCloak.io and connect with Dr. Chris Pierson on LinkedIn. The intersection of cybersecurity and personal safety is here—how prepared are you?

Learn more about BlackCloak: https://itspm.ag/itspbcweb

Note: This story contains promotional content. Learn more.

Guest: Chris Pierson, Founder and CEO of BlackCloak | On Linkedin: https://www.linkedin.com/in/drchristopherpierson/

Resources

Download the Whitepaper | Executive Protection at Home is the Major Gap in Cybersecurity: https://itspm.ag/blackcue74

Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about The Tech Degenerates: https://www.itspmagazine.com/directory/the-tech-degenerates

Guest: Martin Perkins, Co-Founder at The Tech Degenerates | On LinkedIn: https://www.linkedin.com/in/martinjperkins/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about FirmGuard by Phoenix Technologies: https://www.itspmagazine.com/directory/phoenix-technologies

Guest: Rob Inman, Director of Products at FirmGuard by Phoenix Technologies | On LinkedIn: https://www.linkedin.com/in/robert-inman/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about inforcer: https://www.itspmagazine.com/directory/inforcer

Guest: Rachel Harris, Senior Account Manager at inforcer | On LinkedIn: https://www.linkedin.com/in/rachel-harris-6b3173188/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about bvoip: https://www.itspmagazine.com/directory/bvoip

Guest: Ryan Denning, Vice President of Sales at bvoip | On LinkedIn: https://www.linkedin.com/in/ryandenning/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Note: This story contains promotional content. Learn more.

Learn more about INFIMA Security: https://itspmagazine.com/directory/infima-security

Guest: Isabelle Jacob, Channel Events Specialist at INFIMA Security | On LinkedIn: https://www.linkedin.com/in/isabelle-jacob/

RESOURCES

Learn more and catch more stories from ThreatLocker Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida

Learn more and catch more stories from ThreatLocker: https://itspm.ag/threatlocker-r974

Catch all of our event coverage on ITSPmagazine: https://www.itspmagazine.com/on-location

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.