In this edition of Lens Four,

🔍 In this episode:

— Why Workday's line — "Organizations wouldn't hire thousands of employees without an HR system to manage them. The same discipline is now required for AI agents" — exposes the HR-procurement collision everyone is about to run into

— Gartner's forecast: by the end of 2026, 40% of enterprise applications will be integrated with task-specific AI agents, up from less than 5% in 2025

— Why Jensen Huang's CES 2025 line — "IT is the HR department of agentic AI in the future" — is half-right, half-wrong, and why Josh Bersin's reframe (HR teams will be the managers and caretakers of AI agents) gets closer

— Bain and IDC agreeing that per-seat pricing is ending: by 2028, 70% of software vendors will refactor pricing around consumption, outcomes, or organizational capability — and what that means for the CEO's agenda

— The contingent workforce market is real money ($171.5B in 2021, projected to $465.2B by 2031 per Allied Market Research) — and why the contingent-labor playbook is the closest analogy for agents

— Aaron Levie's "tokenmaxxing" as the strategic-prioritization problem nobody is ready for

— Why the three vendor vocabularies (employee, contractor, software) are all task vocabularies — and why the agent era needs a judgment vocabulary instead

— The Fourth Lens: the collision between HR and procurement can go two ways (meteor or dressing), but the real steering question lives upstairs with the CEO, COO, and line-of-business leaders

Fourth Lens: The forced consolidation coming over the next twelve to eighteen months solves the plumbing. It doesn't solve the operating model. The organizations that win the next decade of enterprise work will build both the function downstairs that runs the agent roster and the leadership cadence upstairs that sets direction at machine speed.

🔗 Full article and references: seanmartin.com/lens-four/whos-managing-your-agent-workforce

📧 Subscribe to Lens Four: seanmartin.com/lens-four

🎙 Redefining CyberSecurity Podcast: redefiningcybersecuritypodcast.com

🎧 Music Evolves Podcast: musicevolvespodcast.com

🌐 ITSPmagazine: itspmagazine.com

🎬 Studio C60: studioc60.com

Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience across engineering, product development, marketing, and media. He is co-founder of ITSPmagazine (itspmagazine.com) and Studio C60 (studioc60.com), host of the Redefining CyberSecurity Podcast (redefiningcybersecuritypodcast.com) and Music Evolves Podcast (musicevolvespodcast.com), and co-host of On Location (itspmagazine.com/on-location) and Random and Unscripted (randomandunscripted.com). Learn more at seanmartin.com.

🔎 Keywords: AI agents, agentic AI, digital workforce, Salesforce Headless 360, Agentforce, AgentExchange, Workday Agent System of Record, ASOR, Salesforce TDX 2026, Aaron Levie, Marc Benioff, Joe Inzerillo, Jensen Huang, Josh Bersin, Jorge Amar, Kate Leggett, Gartner AI agents forecast, IDC FutureScape 2026, Forrester agentic AI, Bain SaaS pricing, Deloitte workforce planning, KPMG total workforce planning, McKinsey hybrid workforce, Futurum sameness, Model Context Protocol, MCP, contingent workforce, ManpowerGroup TAPFIN, Allied Market Research, outcome-based pricing, consumption-based pricing, per-seat obsolescence, tokenmaxxing, CapEx vs OpEx AI, systemic HR, superagents, digital employees, HR-procurement collision, total talent management, workforce orchestration, CEO strategic intent, line-of-business leadership, employee vs contractor classification, Sean Martin, Lens Four

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Stellar Cyber has been incorporating machine learning into every layer of its security platform since 2015, well before AI became the marketing default. The position Lisa Liu brings is direct: AI is not a one-size-fits-all solution. A large language model is not the most efficient way to parse log data, and slapping an AI label on existing functionality is not the same as designing for the analyst pain points at every stage of detection, investigation, and response.

The conversation closes on the autonomous SOC question, where Stellar Cyber argues for a human-augmented approach. Promises of complete autonomy deserve healthy skepticism; guardrails matter, and keeping a human analyst in the loop is what allows AI mistakes to be caught and contained before they cascade. It is a Brand Highlight worth a few minutes for anyone trying to separate AI substance from AI theater in security operations.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Lisa Liu, Corporate Marketing and Communications Manager, Stellar Cyber | On LinkedIn: https://www.linkedin.com/in/lisaaliu/

RESOURCES

Learn more about Stellar Cyber: https://stellarcyber.ai/

View all of our RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac26

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Lisa Liu, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, RSAC Conference 2026, Multi-Layer AI, human-augmented autonomous SOC, machine learning, Open XDR, NG-SIEM, security operations, AI in cybersecurity, agentic AI, SOC analyst, security platform

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The headline takeaway is what Michael Parisi calls the "fog of more." Marketing has done its job too well. CISOs and business leaders facing real decisions cannot tell competing solutions apart, do not know where to start, and are not sure their current stack is even the right one. Too much information has become its own information problem.

What is shifting, according to Michael Parisi, is where the meaningful conversations actually happen. Closed-door, hallway, and dinner conversations have always existed at RSAC Conference, but more people are now openly recognizing that this is where the real industry decisions get made. That recognition is changing how teams plan to engage with future conferences and industry events. For Steel Patriot Partners, which describes itself as business owners first, engineers second, and security and compliance practitioners third, that is exactly the conversation they want to be in.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Michael Parisi, Chief Growth Officer, Steel Patriot Partners | https://www.linkedin.com/in/michael-parisi-4009b2261/

RESOURCES

Learn more about Steel Patriot Partners: https://www.steelpatriotpartners.com

Steel Patriot Partners Assistance Center: https://www.steelpatriotpartners.com

View all of our RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac26

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Michael Parisi, Steel Patriot Partners, Marco Ciappelli, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, RSAC Conference 2026, RSAC, cybersecurity compliance, fog of more, vendor noise, CISO, GRC, cybersecurity advisory, FedRAMP, CMMC, HITRUST, AI security marketing, hallway conversations, post RSAC

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

I know that because I remember the first one, 2012, and I've been counting ever since — not out of habit, but because each year feels like a chapter in a longer story I'm trying to read in real time. Twelve years of standing in that same building in San Francisco, watching an industry evolve, stumble, reinvent itself, and occasionally look in the mirror.

In the early years it was pure technology. Cryptography, protocols, threat vectors, the architecture of defense. The conversations were technical, the energy was almost academic, the suits were slightly more formal. Then something shifted — gradually, then all at once, the way things usually do. The industry started talking about people. About culture. About the human beings sitting behind the keyboards and the very human mistakes they were making. The themes started reflecting it: community, togetherness, collective defense. Stronger Together. The Human Element. The Power of Community.

Year after year, the message from the main stage was some variation of: we are more than our tools. People are what matter. Connection is the point.

And then you'd walk the expo floor and see the booths.

I'm not being cynical. The community is real — I've felt it, in the hallway conversations, in the side events, in the faces of people I've been running into for a decade who are genuinely trying to make the digital world safer. That part is true and it matters. But there's a growing gap between what the theme says and what the stage performs. And at RSAC 2026, that gap became impossible to ignore.

Because this year, while the badge said The Power of Community, the keynotes were almost entirely about agents.

Non-human ones.

I wrote about this from a different angle in my first piece from RSAC — the Blade Runner angle, the NPC angle, the question of identity and intent when you can no longer tell the difference between a human action and an autonomous one. But there's another layer underneath that deserves its own space.

It's the pattern. The twelve-year arc.

An industry spends years — genuinely, sincerely — rediscovering the human element. Putting people at the center. Building a vocabulary around community, ethics, shared responsibility. And then, in what feels like a single conference cycle, it pivots to deploying a parallel workforce of non-human identities that outnumber us in our own systems, operate at speeds no human can follow, take actions no human directly authorized, and — here's the part that should make everyone pause — that a significant portion of organizations deploying them cannot monitor, cannot fully distinguish from human activity, and in many cases cannot stop once they're running.

We built the community. Then we populated it with agents and handed them the keys.

I kept thinking, walking those corridors, about the resistance. Not as a metaphor — or not only as a metaphor. In every story we've ever told about machines that gained too much autonomy, there's always a moment before the crisis where someone in the room knew. Where the warning existed. Where the design decision was made anyway because the pressure to ship, to scale, to compete was stronger than the instinct to pause.

The difference between those stories and this moment is that we're not watching it happen to fictional characters. We're the ones making the design decisions. And unlike software — which you can patch, roll back, update at 3am while everyone is asleep — agents with autonomy and access are a different category of thing entirely. The old mantra of move fast and break things made a certain kind of sense when what you were breaking was a feature. It makes no sense at all when what you're deploying can act, chain consequences, and escalate — faster than any human response team can follow.

This is where Asimov becomes relevant again. Not as nostalgia, not as science fiction trivia, but as a genuine design philosophy that the industry would do well to remember. His Three Laws of Robotics weren't invented as a plot device. They were a thought experiment in ethics-by-architecture — what does it look like to build the values into the system before the system runs, rather than hoping to correct the values after something goes wrong? He spent decades of stories showing that even the most carefully designed ethical constraints produce edge cases, contradictions, unintended consequences. But the point was never that ethics-by-design is perfect. The point was that without it, you don't have a fighting chance.

We are, right now, at the moment before the laws get written. Some people at RSAC were saying this clearly — not from the main stage, but in the rooms and conversations where the more honest thinking tends to happen. The guardrails exist. The frameworks are being built. But they're being built while the deployment is already running, while the agents are already in the systems, while the governance structures are catching up to a reality that moved faster than the institutional response.

That gap is the real story of RSAC 2026.

Not the products. Not the keynote soundbites. The gap between the speed of deployment and the maturity of the thinking around what we're actually deploying.

The community theme was right, actually — just not in the way the branding intended. The most important community at RSAC 2026 wasn't on the main stage. It was the quieter one: the engineers, researchers, practitioners, and security leaders who understand that we are at an inflection point, and that the decisions made in the next few years about how to design, govern, and constrain autonomous systems will matter far beyond the conference floor in San Francisco.

Utopia and dystopia are not predetermined destinations. They're design outcomes.

We still get to choose the architecture. But the window for making that choice thoughtfully — rather than reactively, in the middle of a crisis that moved faster than our guardrails — is not as wide as we might like to think.

Asimov knew that. He wrote the laws before the robots ran.

Maybe it's time we did the same.

Stay imperfect, stay human.

— Marco

Let's keep exploring what it means to be human in this Hybrid Analog Digital Age.

End of transmission.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation traces the arc of John Page Guitars, the small-batch shop John Page runs after more than 20 years at Fender, where he co-founded the legendary Custom Shop and led guitar research and development. He has now been designing and building guitars for 53 years. What gets made today at John Page Guitars is built by a small team, with John Page handling his own custom work and prototypes while a master builder works alongside him on production models.

What makes the instruments different is not one big thing but a series of quiet decisions. John Page mounts the neck to the body with threaded machine inserts and machine bolts instead of standard wood screws, a coupling he believes transfers tone better between neck and body and adds overtone complexity that a conventional bolt-on simply does not produce. A flatter 12-inch radius, a reverse-angled bridge pickup that removes the ice-pick high, a vintage-feeling neck profile. Every decision serves a single goal: an instrument that sings as a complete unit.

John Page describes his design philosophy in two short phrases. The first is "uniquely familiar," the idea that a guitar should feel comfortable in a player's hands and recognizable in their eyes while still being clearly its own thing. The second is "balanced asymmetry," an imbalance in which he finds a kind of perfect balance. Both show up in the offset fret markers, the body contours, and even in the restraint of the aesthetic choices that surround the Retablo's portraits.

The Retablo itself is where that philosophy leaves the factory floor and becomes something closer to a reliquary. John Page had never painted portraits before. He taught himself, hand-painting each founder of American roots music onto wood reclaimed from a dismantled church, designing and building a custom bridge that routes volume and tone controls into the tailpiece so the body can carry its imagery unbroken. A full documentary exists on the making of the guitar for anyone who wants the layer-on-layer detail.

When the talking is done, Bryan Ray of John Page Guitars steps in with one of the new baritone builds to let the instrument speak for itself. Every design decision John Page described is suddenly in the room, audible, as one of his guitars does exactly what he designed it to do.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUESTS

John Page, Founder, John Page Guitars (Co-Founder, Fender Custom Shop)
LinkedIn: https://www.linkedin.com/in/john-page-742b4213/

Bryan Ray, Marketing Director, John Page Classic
LinkedIn: https://www.linkedin.com/in/bryan-ray-a63b5419/

RESOURCES

John Page Guitars: https://www.johnpageguitars.com/
Meet John Page: https://www.johnpageguitars.com/pages/john-page
The Retablo and other Art Guitars: https://www.johnpageguitars.com/pages/john-page
John Page Signature Collection: https://www.johnpageguitars.com/collections/guitars
The NAMM Show: https://www.namm.org/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

John Page, Bryan Ray, John Page Guitars, John Page Classic, Fender Custom Shop, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, guitar design, luthier, electric guitar, The NAMM Show 2026, NAMM 2026, Retablo art guitar, Ashburn, Bloodline pickups, American roots music, custom guitars, handmade guitars, boutique guitar builder

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Marco Ciappelli

Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍

April 7, 2026

This is Marco Ciappelli's Newsletter: An Analog Brain In A Digital Age. This edition draws from ITSPmagazine's on-location coverage at RSAC Conference 2026 in San Francisco.

This article — and all of our RSAC Conference 2026 coverage — is made possible with the support of ITSPmagazine's RSAC 2026 sponsors: BLACKCLOAK | Crogl, Inc. | Manifest | Steel Patriot Partners | Skyhigh Security | Stellar Cyber | ESET | Token Security | Object First | Token

Watch and listen to the full coverage and all of the conversations we had, including those with our sponsors, at itspmagazine.com/rsac26

Do Androids Dream of Security Patches? Reflections from RSAC 2026 — Walking the Floor of the Agentic World

A new transmission from An Analog Brain In A Digital Age — formerly Musing On Society and Technology Newsletter, by Marco Ciappelli

The theme of RSAC 2026 was "The Power of Community." Nearly forty-four thousand people descended on the Moscone Center in San Francisco for four days of keynotes, corridor conversations, and expo floor theater. Six hundred exhibitors. Hundreds of speakers. And one word — one concept, one obsession — that swallowed everything else whole.

Not community. Agents.

AI agents. Autonomous. Self-directing. Capable of taking action, accessing systems, making decisions, and — here's the part nobody says quite out loud — doing all of that while you're asleep, or in a meeting, or standing in line for a mediocre conference coffee wondering if you remembered to turn off the stove.

Somewhere between the third and fourth time someone said "agentic AI" to me on that expo floor, I stopped hearing it as a technology term and started hearing it as a sound effect. A drone. A hum. Background noise for a world already running without asking for my permission. The irony of gathering tens of thousands of humans together under the banner of community, only to spend four days talking almost exclusively about non-human workers — that particular irony seemed to float unacknowledged through the air conditioning.

And that's when the flashback hit me. Not to any previous RSAC. To a screen. To a world I used to inhabit in the early days of World of Warcraft — before real life staged its intervention and I decided I needed one. In those massive online worlds, NPCs wandered their scripted paths. They had names, routines, dialogue trees, purpose. They looked like characters. They acted like characters. But they weren't. They were behavior patterns wearing a face. And the experienced player learned quickly: don't trust the ones you haven't verified. The convincing ones were sometimes the most dangerous.

I kept thinking about that walking those corridors.

About all these agents. Already deployed, already running inside enterprise systems, already accessing sensitive data, making tool calls, chaining actions in ways their human creators didn't fully anticipate. The gap between what's been launched in pilot programs and what's actually governed, monitored, and understood is — by most accounts from the conference — vast. Most enterprises are experimenting. Very few have the infrastructure to control what they've set loose. The rest are running something close to shadow agents: identities without owners, actions without accountability, behavior patterns wearing a face.

Which brings me, inevitably, to Blade Runner.

Not the flying cars. Not the neon rain. The real question at the center of Ridley Scott's masterpiece — and Philip K. Dick's before it — is simpler and far more disturbing: how do you tell the difference? The Voight-Kampff test existed precisely because replicants were convincing. They behaved like humans, responded like humans, even believed they were human sometimes. The problem wasn't that they were dangerous by design. The problem was that nobody could reliably track their intent.

That's not science fiction anymore. It's the central problem RSAC 2026 couldn't stop circling.

A significant portion of organizations at this point cannot distinguish AI agent activity from human activity in their own environments. The security industry has built its own Voight-Kampff problem — and hasn't finished building the test.

The vocabulary had shifted too, from the previous year. At Black Hat last summer, the conversation was about whether to trust agents. At RSAC 2026 it had already moved to identity. To behavior. To intent. One of the sharper ideas surfacing from the keynotes was the distinction between delegation and trusted delegation. Giving an agent a task is easy. Building the security infrastructure to actually trust that delegation — to know what the agent can touch, what it can't, what it will do when nobody is watching — that's where it gets complicated. Without it, someone on that main stage used a phrase that landed hard: a fast track to bankruptcy. Because agents don't just answer questions. They act. And some of those actions are irreversible.

So the question is no longer "who are you." It's "what do you want — and do I actually know what you're capable of?" Just like a Blade Runner asking a replicant about a tortoise left in the desert sun.

One researcher put it with a directness I appreciated: we need an HR view of agents. Onboarding, monitoring, offboarding. If there's no business justification for an agent's existence — remove it. Which is a pragmatic way of saying: even our digital workforce needs accountability. Even our NPCs need a character sheet.

And yet the deployment keeps accelerating. Agents with access and no clear owner. Identities running at machine speed through systems built for human-paced governance. The attack surface expanding quietly while the keynote applause was still echoing in the hall. Security researchers demonstrated live that vulnerabilities in agentic ecosystems are no longer theoretical — they're being exploited, chained, moving faster than the teams tasked with stopping them.

We built the agents. We gave them access. We handed them the keys and stood back saying impressive, right? — hoping nothing goes wrong.

With a chatbot, you worried about the wrong answer. With an agent, you worry about the wrong action.

That's not a product problem wearing a vendor badge. That's a civilization-scale question dressed up in a conference lanyard.

The Blade Runner didn't just hunt replicants. He had to learn to recognize them first.

We'd better start learning fast — before it gets really awkward.

Like if it isn't already.

Let's keep exploring what it means to be human in this Hybrid Analog Digital Age.

Stay imperfect, stay human.

— Marco

Let's keep exploring what it means to be human in this Hybrid Analog Digital Age.

End of transmission.

ⓘ About Marco Ciappelli

Co-Founder Studio C60 / ITSPmagazine | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍

These shows are all part of ITSPmagazine—which he co-founded with his good friend Sean Martin, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

Lear more about Marco Ciappelli: marcociappelli.com

ⓘ About Studio C60

We help cybersecurity startups build trust-based marketing and go-to-market strategies grounded in deep product understanding and real buyer insights. With hundreds of products brought to market and deep connections in the CISO community, we know what security leaders value in vendors.

Learn more at studioc60.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The DW Custom Shop stand is a visible argument for customization as a sonic decision, not just a cosmetic one. Chrome, gold, satin chrome, and black hardware. Polyester sprays, three durable lacquers, exotic plies, and ply wraps. When a drummer specifies wood species, ply count, and grain orientation, they are designing the drum's voice from the inside out.

The Slingerland revival gets the faithful-reproduction treatment. Radio King studio kits on display are solid, steam-bent maple shells with the original three-point throw-off and stick saver hoops, built in California. Scott Donnell speaks about the line the way a curator talks about a restoration: get the details right, honor what drummers remember, and let the sound do the rest.

Donnell frames DW's innovation as a stack of deliberate decisions rather than a single breakthrough. DW stamps a note into each shell through a process called timbre matching, which ensures the kit is manufactured as a family. Pair that with grain orientation technology, True Pitch tuning, and resonance-focused tom mounting systems, and drummers never end up with an orphan drum in their kit.

Marking the tenth anniversary of True Cast, the new DW Manufacturing four by 14 piccolo features a five millimeter sand-cast shell, cast bronze hoops, and fully machined brass and bronze hardware. Only one hundred are being made globally, each arriving in an Anvil flight case. A recent DW video features Dave Elitch and Abe Laboriel Jr. playing the drum with Paul McCartney.

The conversation closes on a Red Hot Chili Peppers tour kit gifted to the DW museum by Chad Smith, which will join Neil Peart's and Terry Bozzio's tour kits on display while DW builds Chad new Sonic flight drums for the band's next tour. Pacific Drums and Percussion, LP's top-tuning congas, Tony Escapa's signature hand percussion series, and DWE round out the booth. Drum Workshop is not hiding how the drums get made. Take the tour, take the pictures, watch the videos, and the innovation speaks for itself.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Scott Donnell, Director of Brand Management, Drum Workshop, Inc. (DW Drums)
LinkedIn: https://www.linkedin.com/in/scott-donnell-2964a129/

RESOURCES

DW Drums: https://www.dwdrums.com
Pacific Drums and Percussion: https://www.pacificdrums.com
DW Music Foundation: https://www.dwmf.org
The NAMM Show: https://www.namm.org

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Scott Donnell, Drum Workshop, DW Drums, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, NAMM Show 2026, NAMM 2026, Slingerland, Radio King, Latin Percussion, LP, Pacific Drums and Percussion, PDP, DW Manufacturing, True Cast, custom drums, drum innovation, timbre matching, grain orientation, Chad Smith, Red Hot Chili Peppers, Josh Freese, Tony Escapa, Abe Laboriel Jr, Dave Elitch

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of HE&T Security Labs, and George Chen, Security Architect for a large global company, have spent years dissecting the attack surface of connected vehicle peripherals. Their research -- presented at SecTor and Black Hat Asia 2025 -- introduces a novel attack technique they call "DriveThru Hacking": an automated method for compromising dashcams through Wi-Fi within a standard drive-through window.

The attack is unsettling in its simplicity. Most dashcams ship with default or easily guessable credentials, and many manufacturers do not even allow users to change them. Within a six-minute exposure window, Alina and George's tool -- DriveThru Hacker -- can discover, connect to, and exfiltrate video, audio, and GPS data from a target dashcam, then use an LLM to stitch together a timeline of the owner's home, workplace, daily routes, and private conversations. The result is a shockingly detailed picture of someone's life, assembled entirely from a device most people never think to secure.

The research goes further than individual privacy. George walks through how 4G/5G-connected dashcams dramatically expand the attack surface beyond physical proximity -- opening doors to remote credential stuffing, API privilege escalation, and web-based attacks on cloud-connected accounts. More alarming still, Alina and George demonstrate how compromised dashcams can be converted into a mobile botnet -- a network of roaming, internet-connected nodes whose reach is not bounded by geography. Unlike static IoT devices, these infected cameras move through cities, near sensitive installations, and into places that are deliberately obscured from public maps.

The conversation also digs into the broader ecosystem: the infotainment network and CAN bus segmentation (or lack thereof), over-the-air firmware update security, the challenge of detection and response when dashcams have no audit logs whatsoever, and what responsible disclosure looked like when contacting over a dozen manufacturers -- most of whom had no dedicated security inbox and some of whom had no contact information at all. Alina and George close with practical hardening recommendations for both consumers and manufacturers, and a look at what intrusion prevention for embedded devices might look like as this research continues.

The connected car conversation has long focused on the vehicle itself. This episode makes the case that the accessories attached to it deserve equal scrutiny -- and that the window to act, like the drive-through line, is shorter than most realize.

⬥GUESTS⬥

Alina Tan, Security Architect and Co-Founder at HE&T Security Labs | Website: https://www.heatsecuritylabs.com/

George Chen, Security Architect for a large global company | On LinkedIn: https://www.linkedin.com/in/geoc/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

HE&T Security Labs | https://www.heatsecuritylabs.com/

DriveThru Hacking Session (Black Hat Asia 2025) | https://blackhat.com/asia-25/sponsored-sessions/schedule/index.html#drivethru-hacking-45214

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

⬥ADDITIONAL INFORMATION⬥

Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity

Connect with Sean Martin | https://www.seanmartin.com/

⬥KEYWORDS⬥

alina tan, george chen, he&t security labs, sean martin, dashcam security, connected vehicle cybersecurity, iot security, vehicle privacy, drivethru hacking, wi-fi hacking, mobile botnet, automotive cybersecurity, firmware security, over-the-air updates, credential stuffing, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The defining theme was agentic security. Vasudevan frames it around three core questions every security team now needs to answer: who is acting (agent identity), what are they accessing (data and APIs), and what are they trying to do (actions and permissions). The ChatGPT launch in November 2022 marked a generational shift -- and at RSAC 2026, Skyhigh Security observed that the industry had moved decisively from data-in and data-out protection to governing the actions of autonomous agents themselves.

Data sovereignty was the other major conversation thread, driven by geopolitical realities and tightening regional data regulations. Vasudevan spoke with CISOs from financial services, healthcare, public sector, and not-for-profit organizations, each with different infrastructure approaches -- from on-prem data centers to sovereign clouds to full cloud deployments -- but all navigating the same fundamental challenge. DSPM and hybrid architectures are no longer optional for global enterprises. And quietly but significantly, browser security emerged as a front-and-center priority, reflecting the browser's growing role as a primary cloud endpoint.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Thyaga Vasudevan, EVP, Product, Skyhigh Security
LinkedIn: https://www.linkedin.com/in/thyaga12/

RESOURCES

Skyhigh Security: https://www.skyhighsecurity.com
RSAC Conference 2026 Coverage: https://itspmagazine.com/rsac26

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Thyaga Vasudevan, Skyhigh Security, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, agentic AI security, data sovereignty, SSE, Security Service Edge, DSPM, zero trust, browser security, cloud security, RSAC Conference 2026, RSAC 2026, AI agent security, MCP security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if everything you've been spending on digital marketing isn't an investment — but a tax? Nick Richtsmeier, founder of CultureCraft, joins Marco Ciappelli for a Brand Highlight that cuts straight to the root of why so many organizations feel stuck: not a marketing problem, but an alignment problem.

Nick introduces the concept of the Silicon Valley tax — the ongoing cost most organizations pay to platforms that have no real incentive to show them what's working. He challenges the "attention economy" framing, arguing that what's actually being bought and sold is addictive behavior engineered by the algorithm. And he offers a different path: building trust in a humanist way, grounded in real alignment across culture, organizational design, positioning, point of view, and core community.

The result is a conversation about brands — but really about integrity. About whether what an organization says and what it does are actually the same thing. And about why asking marketing to be the "sin eater" for every internal dysfunction is a strategy that will always come up short.

**Connect with Nick Richtsmeier**

[Nick Richtsmeier on LinkedIn](https://www.linkedin.com/in/nickrichtsmeier/)

[CultureCraft](http://www.culturecraft.com)

[CultureCraft on LinkedIn](https://www.linkedin.com/company/culturecraftconsulting/)

**Connect with Marco & Studio C60**

[Marco Ciappelli on LinkedIn](https://www.linkedin.com/in/marco-ciappelli)

[Studio C60](https://www.studioc60.com)

[ITSPmagazine](https://www.itspmagazine.com)

**Keywords**

brand strategy, organizational culture, trust building, marketing strategy, CultureCraft, Nick Richtsmeier, Silicon Valley tax, attention economy, algorithmic economy, brand alignment, digital marketing, humanist branding, organizational design, Trust Made Growth, sin eater marketing, brand highlight, Studio C60, ITSPmagazine, Marco Ciappelli

**Want to tell your story?** [Full Length Brand Story]
(https://www.studioc60.com/content-creation#full) | 
[Brand Spotlight Story](https://www.studioc60.com/content-creation#spotlight) | 
[Brand Highlight Story](https://www.studioc60.com/content-creation#highlight)

This is a Brand Highlight — a ~5 min intro conversation spotlighting the guest and their company. 
Learn more: [studioc60.com/creation#highlight](https://www.studioc60.com/creation#highlight)

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

That detail points to something bigger. The AI hype cycle that peaked over the past two years is giving way to a more demanding audience. At RSAC Conference 2026, Cusimano heard a different kind of question: not whether a company uses AI, but whether it uses it responsibly -- and whether zero trust principles are baked in. The novelty is gone; accountability is what the floor was asking for.

For Object First, the shift in booth conversations has been even more meaningful. The question that used to greet them -- why is a backup storage company at a security conference? -- has been replaced by relief that they are there at all. Organizations now understand that backup and backup storage sit at the core of resilience and recovery. Cusimano described a floor full of teams thinking proactively, evaluating solutions before a crisis forces the decision.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Anthony Cusimano, Director of Solutions Marketing, Object First
LinkedIn: https://www.linkedin.com/in/anthonycusimano89/

RESOURCES

Object First website: https://objectfirst.com
ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, immutable backup storage, ransomware protection, Ootbi, Veeam backup, zero trust, data resilience, RSAC Conference 2026, cybersecurity, backup security, data recovery, edge security, fleet manager

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data.

🔍 In this episode:

• Why the 12 Glasswing partners are operating with fundamentally different intelligence than everyone else — not eventually, but today
• The precise claim: patches flow downstream to everyone, but self-scanning access, pre-public intelligence, and disclosure timeline influence stay inside the coalition
• How Mythos chains five CVEs into a novel exploit in under 24 hours — and why CVSS has no score for that
• Why NIST's draft Cyber AI Profile was built before anyone outside Anthropic knew what Mythos could do
• Casey Ellis of Bugcrowd on the terrain Glasswing can't reach: forgotten firmware, end-of-life routers, the places the industry stopped looking
• Ed Skoudis of SANS on what it means that AI will surpass all human vulnerability researchers combined within months
• The Anthropic-DoD standoff and the geopolitical dimension of a Western-only coalition
• The CSA, SANS, and OWASP joint briefing: 250 CISOs saying the frameworks are already inadequate

Fourth Lens: The CVE system was built on human-speed assumptions. CVSS was built on single-flaw assumptions. NIST frameworks were built on governance-speed assumptions. Every one of them was already under pressure. Now they're under pressure from a model that broke them at machine speed. The question worth asking: when the next model crosses this threshold, will the answer to "who gets the defense first" still be determined by who was already at the table?

🔗 Full article and references
🎙 Redefining CyberSecurity Podcast
📧 Subscribe to Lens Four

Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience. He is co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and Music Evolves Podcast, and co-host of On Location and Random and Unscripted.

🎙 Keywords: Project Glasswing, Claude Mythos, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, intelligence asymmetry, CVE, CVSS, NIST IR 8596, responsible disclosure, cyber inequity, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, open-source security, critical infrastructure, autonomous exploit chaining, breakout time, nation-state cyber threats, AI safety, AI governance, CISO, patch management, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Lens Four

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A Brand Highlight Conversation with Jacob Flores, Head of Research at Type One Ventures

There is a version of investing that asks what the return will be. And then there is the version that asks what kind of future the investment makes possible. Jacob Flores, Head of Research at Type One Ventures, is working firmly in the second category.

Type One Ventures takes its name from the Kardashev Scale — a framework developed by Soviet astrophysicist Nikolai Kardashev that ranks civilizations by their level of technological advancement. A Type One civilization has mastered its home planet and is beginning to extend its reach beyond it. That is the destination this firm is trying to fund. Flores, a former engineer and product manager with roughly a decade of experience across industries, leads the research function at Type One with a focus on AI, neurotech, and biotechnology.

The firm's investment lens is as much philosophical as it is financial. Type One looks for platform builders — companies whose core technology can be stacked across multiple applications, cultivating new marketplaces and entirely new categories of industry. Manufacturing in space is one clear example: in microgravity, it becomes possible to grow proteins, print circuits, and develop materials that cannot be produced the same way on Earth — yet those products have immediate, tangible value back on the ground.

The thesis extends well beyond orbit. Type One is also backing neurotechnology companies working to restore vision and movement for people who have lost those abilities, and longevity research aimed at extending healthy human life. Flores frames these not as moonshots for their own sake, but as the new foundation layer for an entirely new level of global industry.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more

Host Marco Ciappelli, Co-Founder, ITSPmagazine

Guest Jacob Flores, Head of Research, Type One Ventures

Resources Type One Ventures Type One Ventures on LinkedIn

Want to tell your story? Full Length Brand Story Brand Spotlight Story Brand Highlight Story

Keywords: Jacob Flores, Type One Ventures, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, space technology, deep tech, venture capital, multi-planetary civilization, Kardashev Scale, manufacturing in space, neurotech, longevity, AI, biotechnology, frontier technology, space investing, human longevity, platform builders

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Operational technology runs the infrastructure that keeps the world moving — manufacturing floors, power grids, air traffic control systems. Rob Demain founded e2e-assure in 2013 and has spent the past seven years narrowing its focus to one discipline: SOC and MDR services. He calls it "specificity" — the principle that doing one thing with precision delivers better outcomes than spreading resources thin.

In IT security, the primary concern is data. In OT, the stakes are entirely different. Downtime is the real threat. For a manufacturing business, minutes of halted production translate directly into significant financial loss. That distinction changes everything about how security teams must respond. The "safety first" rule in OT means responders sometimes have to run alongside a threat rather than immediately neutralize it — because disconnecting systems could halt the production line entirely.

The most common attack path into OT environments runs through IT: adversaries compromise IT first, then move laterally into OT systems. Supply chain risk is the second major vector. Firmware updates, software patches, and third-party management systems all represent potential entry points. Detection takes longer too — OT systems often lack the endpoint tools that trigger fast alerts, leaving threats to surface as subtle pattern deviations over extended periods.

This is a Brand Highlight — a short introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST
Rob Demain, CEO & Founder, e2e-assure
LinkedIn: https://uk.linkedin.com/in/rob-demain-01733468

RESOURCES
e2e-assure website: https://e2e-assure.com
OT Downtime and Remediation Gaps Research: https://e2e-assure.com

Are you interested in telling your story?
Full Length Brand Story: https://www.studioc60.com/content-creation#full
Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Walk the floor at RSAC Conference 2026 and you will find boxing rings, petting zoos, agentic AI everywhere, and very few answers to the question that actually matters: why should anyone trust you with their security? Sean Martin and Marco Ciappelli have been watching this pattern for more than a decade -- and in this short On Location conversation, they turn the camera on themselves and on the problem they built Studio C60 to solve.

The conversation starts with a pin. A small ITSPmagazine swag item from roughly ten years ago, sitting in Sean's hand at RSAC Conference. Marco traces the thread from there -- back to 2012, back to his first time on the conference floor, back to a joke he made that has never stopped being true: they are still selling the box. The packaging has changed -- servers became SaaS, disks became dashboards -- but the instinct to lead with the product rather than the outcome has not.

Sean frames it cleanly: the messaging is the innovation. But the message only lands when it connects the technology to how teams actually use it, to what that enables the business to do, to why it matters beyond the booth. Marco extends it further: if you sound like everyone else, there is no music -- only noise. Every instrument is playing, but there is no song.

That is the gap Studio C60 exists to close. Drawing on decades of combined experience in cybersecurity, go-to-market strategy, journalism, and brand storytelling, Sean and Marco offer clients something the expo floor rarely demonstrates: the ability to articulate not just what a product does, but what it means -- for the team, for the business, for the people it serves.

The work ranges from a single consulting session to full campaign development and retainer partnerships. It starts with an honest assessment: who are you, who needs you, and what do you sound like right now? For startups especially, that starting point is where everything else begins.

What the floor at RSAC Conference 2026 makes clear, year after year, is that attention is cheap and memory is rare. The brands that last are the ones that earn it -- not with a boxing ring, but with a story worth repeating.

⬥HOSTS⬥

Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/

Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/

⬥RESOURCES⬥

RSAC Conference 2026 -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Studio C60 | https://www.studioc60.com

The Future of Cybersecurity Newsletter (Sean Martin) | https://www.linkedin.com/newsletters/7108625890296614912/

An Analog Brain In A Digital Age Newsletter (Marco Ciappelli) | https://www.linkedin.com/newsletters/7079849705156870144/

On Location | https://www.itspmagazine.com/on-location

⬥KEYWORDS⬥

sean martin, marco ciappelli, rsac conference 2026, rsac 2026, studio c60, itspmagazine, brand storytelling, cybersecurity marketing, go-to-market strategy, messaging and positioning, agentic ai, expo floor, brand differentiation, content production, cybersecurity branding, on location

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sean Martin had barely finished his coffee when two separate conversations with CISOs at RSAC 2026 landed the same way: security is not how the business grows, it is how the business stays out of trouble. Compliance drives the tooling. The security team does its job. The business does its job. And the two rarely meet in the middle.

That observation kicked off a quick but pointed exchange with Marco Ciappelli on the floor at RSAC, one that quickly moved from the conference center to the broader question of culture. Not just inside organizations -- but out in the world, where most people installing iPhone updates are skipping the security patch and tapping the music app feature instead.

Sean has been making this argument for years -- his original show was called The Business of Security for a reason -- and Marco brings the branding and societal lens to the same problem. What happens when businesses treat security as a cost center rather than a brand asset? Apple made privacy a selling point. Most of the industry has not. And if the companies building and deploying security do not close that gap, the consumers and executives who should care never will.

The conversation ends with Sean hinting at a second idea brewing -- something sparked by a photograph of a bow and arrow on the streets of San Francisco. That one comes later.

⬥HOSTS⬥

Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/

Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/

⬥RESOURCES⬥

RSAC 2026 | April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

An Analog Brain In A Digital Age Newsletter | https://www.linkedin.com/newsletters/7079849705156870144/

On Location | https://www.itspmagazine.com/on-location

⬥KEYWORDS⬥

sean martin, marco ciappelli, rsac 2026, rsa conference, cybersecurity business value, security culture, ciso priorities, compliance-driven security, security roi, brand and security, consumer security behavior, ai and security, security as business enabler, itspmagazine, on location

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Matt Stewart and Alex Grohmann spoke with Sean Martin and Marco Ciappelli at RSAC Conference 2026 about what they are hearing on the show floor: agentic AI is accelerating the speed of compromise and exposing vulnerabilities in legacy systems that have been dormant for decades. Against that backdrop, the value of knowing -- not assuming -- that your detection and response capabilities hold up becomes critical. The platform builds that knowledge through live-fire exercises using an organization's own data, validating patch management, XDR, SIEM tuning, and post-compromise detection in a way no annual pen test can.

The conversation also touched on the structural talent problem agentic AI is creating inside SOCs. As AI fills the level one analyst role, the pipeline for developing level two analysts and incident responders is narrowing. Impetum sees persistent purple teaming as the training ground that closes that gap -- giving existing teams the repeated, realistic practice they need to respond with confidence when an actual breach begins.

Impetum targets mid-size organizations that have the right security tools but lack the budget, bandwidth, and access to industry events to keep those tools continuously validated against evolving attack paths. For those teams, the platform delivers something an annual report cannot: a documented, ongoing record of what works, what does not, and where the program is heading.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST
Matt Stewart, Co-Founder, Impetum
Alex Grohmann, Co-Founder, Impetum
LinkedIn: https://www.linkedin.com/in/alexandergrohmann/

RESOURCES
Impetum / Persistent Purple Team: https://www.persistentpurpleteam.com
ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS
Matt Stewart, Alex Grohmann, Impetum, Persistent Purple Team, Remedium Security, Sean Martin, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast, purple teaming, continuous security validation, threat resilience, CISO, security operations, SOC, red team, blue team, incident response, agentic AI, MITRE ATT&CK, penetration testing, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation covers three of the biggest attack categories hitting organizations today: SMS toll fraud, bonus abuse, and fake account registrations. Each one exploits legitimate business flows -- onboarding, loyalty programs, referral bonuses -- and often goes entirely undetected by security teams because the attackers never trigger a traditional alert. In one example, a rideshare company's cell bill climbed by millions before anyone connected it to a fraud campaign.

With agentic AI now in the mix, the attribution problem has become exponentially harder. Is that agent booking a hotel room a legitimate user action or the opening move of an account takeover? Arkose Labs places its defenses at the very top of the funnel -- registration and login flows -- combining risk scoring, challenge technology, a 24/7 SOC, and a dark web intelligence program called ACTOR. When a novel attack technique surfaces in gaming, Arkose Labs writes a global mitigation; when that same technique hits banking two days later, the defense is already deployed.

Frank Teruel closes with a direct message to CISOs: 75% of organizations surveyed cannot perform attribution, and 97% expect a major AI-driven incident within the next 12 months. The signal to watch for is not always in the security stack -- it shows up in rising SMS bills, unusual account-linking activity, and transaction abandonment rates that do not match marketing spend. The answer is internal fusion: security, fraud, finance, and operations sharing data before the incident, not after.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Frank Teruel, Chief Operating Officer, Arkose Labs
https://www.linkedin.com/in/frankteruel/

RESOURCES

Arkose Labs: https://www.arkoselabs.com

RSAC Conference 2026: https://www.rsaconference.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Frank Teruel, Arkose Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, fraud prevention, bot management, account security, SMS toll fraud, agentic AI, fraud deterrence, identity protection, crime as a service, RSAC Conference 2026, CISO, account takeover, fake account registration, bonus abuse, loyalty fraud, federated threat intelligence

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The traditional browser threat model centers on humans: phishing links, malicious downloads, social engineering, deepfake video scams. Enterprises have spent billions on SSE stacks and endpoint protection stacks. Yet attacks continue to multiply. What Menlo Security is now tracking is a second threat model layered on top -- one designed specifically for AI agents. Agents use browsers to acquire data and complete tasks, often spinning up hundreds or thousands of headless browser sessions outside the enterprise perimeter, invisible to network security tools that only monitor the wire.

The threat profile for agents is distinct. Where a human might miss a suspicious link, an agent reads white-on-white text and zero-font-size characters embedded in web pages -- classic prompt injection techniques. Agents are maniacally focused on task completion and do not naturally separate instructions from data. A co-opted agent, redirected through hidden instructions, will pursue its new goal with the same single-mindedness as its original one. Ed Wright notes that the top concern among CISOs at the RSAC Conference CISO bootcamp -- confirmed by a live audience poll -- is data exfiltration from agents: an agent accessing files, scraping internal pages, passing data to external LLMs, and moving sensitive information outside the organization.

Menlo Security's response is a unified browser security platform that applies a single policy framework to both human and agentic workloads. The platform is built on four pillars: threat prevention including zero-day protection, secure application access, data security through AI Adaptive DLP, and file security. AI Adaptive DLP is the capability Ed Wright emphasizes most -- it functions as a combination of DLP and DSPM, discovering and classifying sensitive data across the organization and masking it in real time rather than blocking access. When traditional DLP blocks a human, they call IT. When it blocks an agent, the workflow silently fails. AI Adaptive DLP eliminates that failure mode entirely, keeping workflows uninterrupted while sensitive data stays protected at the source.

The unification argument cuts through a crowded point-solution market. Rather than deploying separate tools for prompt injection, file security, and application access, Menlo Security delivers a single layer of visibility and observability across the entire workforce. Single policies. Single set of capabilities. No stitching together of forensic data from disconnected systems. Ed Wright points to a Fortune 500 customer that deployed 20,000-plus agents in a short window after a board mandate -- and quickly realized they had no security guardrails in place for browser-based agentic activity. The emergency call to Menlo Security was not the first of its kind, and it will not be the last.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Ed Wright, VP of Product Marketing, Menlo Security
LinkedIn: https://www.linkedin.com/in/edwardwright1/

RESOURCES

Menlo Security: https://www.menlosecurity.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Ed Wright, Menlo Security, Sean Martin, browser security, agentic AI security, AI agents, headless browsers, prompt injection, data exfiltration, AI Adaptive DLP, DSPM, zero-day threats, enterprise browser, SSE, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What sets Swissbit apart at RSAC Conference 2026 is convergence. The same iShield Key that authenticates a user at their workstation can also open a door. Tap it on an HID reader in a healthcare facility, a university, or a manufacturing plant, and access is granted -- physical and digital, in one device. Swissbit is the only vendor on the market today offering this combination, with HID Seos support now available and a global partner network ready to deploy at scale.

The forward story is post-quantum cryptography. Alexander Summerer notes that quantum computing poses a real and coming threat to standard authentication algorithms. Swissbit is already previewing a PQC evaluation platform at booth 6565 -- a device that runs a post-quantum chip alongside the traditional chip. Organizations can upgrade to PQC-protected authentication with the same hardware, keeping legacy use cases running without disruption.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Alexander Summerer, Head of Authentication, Swissbit
LinkedIn: https://www.linkedin.com/in/alexander-summerer

RESOURCES

Swissbit: https://www.swissbit.com
iShield Key product page: https://www.swissbit.com/en/products/security-products/ishield-key/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Alexander Summerer, Swissbit, Sean Martin, RSAC Conference 2026, hardware security key, FIDO2, phishing-resistant authentication, passwordless authentication, physical access control, post-quantum cryptography, PQC, iShield Key, HID Seos, enterprise authentication, zero trust, brand story, brand marketing, marketing podcast, brand highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Skyhigh Security announced three major innovations at RSAC Conference 2026: a next-generation SSE hybrid platform with a single console managing on-prem and cloud enforcement under one policy construct; a patent-pending browser security capability that injects JavaScript controls dynamically into existing browser sessions without requiring a dedicated enterprise browser; and the general availability of its DSPM platform, which uniquely provides visibility into both data at rest and data in motion by combining proxy-layer inspection with posture management.

The browser has quietly become the most important enforcement point in the enterprise. As AI tools like Microsoft Copilot operate through web socket connections that cannot be intercepted at the server level, security controls have to reach inside the browser session itself. Vasudevan describes a seamless approach: because Skyhigh Security already sees the traffic flowing through its SSE cloud, it can inject controls at the browser layer without asking employees to change the tools they use.

Data sovereignty is no longer a compliance footnote -- it is an architectural driver. Vasudevan walked through a global manufacturer operating simultaneously in Europe, the United States, and China. Each region carries different regulatory constraints, different trust postures for cloud infrastructure, and different performance requirements. Skyhigh Security's hybrid platform handles all three scenarios under the same management framework and the same policy construct. The customer chooses where enforcement happens -- on-prem, cloud, or hybrid -- without rebuilding their security architecture.

On AI agents, Vasudevan describes the evolution clearly: 2022 was about protecting data flowing into generative AI tools; 2025 became about protecting the actions of the agents themselves. Skyhigh Security positions itself as a proxy between agent traffic and the systems agents interact with -- whether MCP servers or SaaS applications -- monitoring what goes in and what comes out in real time. DSPM provides the baseline: know where sensitive data is and what risk it carries before any agent is given access to it. That distinction between sensitivity and risk is what allows organizations to make smart, dynamic decisions rather than blanket restrictions.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Thyaga Vasudevan, EVP, Product, Skyhigh Security
https://www.linkedin.com/in/thyaga12/

RESOURCES

Skyhigh Security: https://www.skyhighsecurity.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Thyaga Vasudevan, Skyhigh Security, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, hybrid security, SSE, Security Service Edge, DSPM, data security posture management, zero trust, browser security, data sovereignty, AI agents, agentic AI, cloud security, RSAC Conference 2026, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most of Cydarm's customers sit in government, defense, and critical infrastructure -- organizations where the pressure of regulatory compliance, legal accountability, and board-level reporting is highest. But the value extends well beyond compliance. Shanks draws a direct line from his time in Australian federal government to the philosophy behind Cydarm: good record keeping is good governance. When a capital-I incident is declared, legal, HR, communications, the C-Suite, and the board all need a view in. Cydarm's fine-grained, attribute-based access control makes it possible to give each stakeholder exactly the access they need -- and no more.

What sets Cydarm apart from the ticketing systems most teams already have? Shanks puts it plainly: ITSM was built for IT service management, not adversarial cyber threats. The volume, velocity, and variety of SecOps are simply different. Cydarm is designed to feel more like WhatsApp and less like ITSM -- rich data format support, Easy Connect integrations, and a collaborative experience built specifically for high-frequency security operations. Teams that have built workarounds in existing tools know the maintenance burden that comes with it. Cydarm eliminates that mess.

The post-incident dimension is where the system of record pays compounding dividends. Shanks outlines three paths: individual incident reports with adjustable significance levels for different audiences; longitudinal metrics capture that reveals the threat environment your controls aren't blocking; and resource justification data that gives security leaders the evidence to defend headcount and budgets. One customer -- a security leader at a major household brand -- had never experienced a breach, and had long struggled to justify the size of their team. With Cydarm's metrics, they finally had the data to make the argument.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Vaughan Shanks, Co-Founder and CEO, Cydarm Technologies
https://www.linkedin.com/in/vaughan-shanks/

RESOURCES

Cydarm Technologies: https://www.cydarm.com

KEYWORDS

Vaughan Shanks, Cydarm Technologies, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cyber incident response, SOC case management, security operations, incident management platform, system of record, RSAC Conference 2026, NIST incident response, playbook management, SecOps, ITSM alternatives, post-incident review, threat metrics, CISO accountability

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Gosschalk explains that the vast majority of agentic traffic today is not self-identifying. Rather than announcing themselves as AI agents, these systems impersonate real Chrome browsers on Mac OS -- choosing configurations with stronger privacy features to evade fingerprinting. There are two technical categories to contend with: headless browsers running in the cloud, which can be caught through device spoofing checks, and on-device agents that control a real browser instance, which require a deeper look at behavioral patterns and intent signals. Arkose Labs builds intent models around payment fraud, fake account creation, and account compromise to distinguish the good agents from the bad.

The economic framing Gosschalk brings to this conversation is striking. He describes SMS toll fraud -- where bad actors acquire millions of premium phone numbers and trigger OTP messages from victim companies, earning three to six cents per message while costing those companies tens of millions of dollars annually. He walks through micro deposit fraud targeting fintechs. His core thesis: fraud is an economic activity, and the best defense is making attacks more expensive than they are worth. Arkose Labs builds challenge mechanisms designed to raise that cost through novel stimuli that ML models have not been trained to solve -- presenting something genuinely new forces a brute-force approach that is less effective than purpose-built attacks.

The platform's consortium model is a key differentiator. Arkose Labs protects large enterprises including Expedia and Meta, and when an attack signature appears on one customer but nowhere else in the network, its uniqueness is itself a strong fraud signal. Customers can also feed labeled outcome data back into the system -- if something slips through and later proves malicious, that label sharpens the model for the entire consortium.

Gosschalk is equally clear about the opportunity side of agentic AI. Blocking all automated traffic is no longer viable -- legitimate agentic commerce is coming, where consumers will delegate shopping, comparison, and purchasing to AI assistants. The future is not blanket blocking but granular, policy-driven enforcement: letting each customer define what kinds of agentic behavior they want to permit on their platforms. Integration is accessible -- a basic JavaScript deployment for web, SDKs for mobile, and extended support for IoT devices and CDN integrations.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Kevin Gosschalk, Founder and CEO, Arkose Labs
LinkedIn: https://www.linkedin.com/in/kgosschalk/

RESOURCES

Arkose Labs: https://www.arkoselabs.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Kevin Gosschalk, Arkose Labs, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand spotlight, agentic AI, bot detection, bot mitigation, fraud prevention, SMS toll fraud, micro deposit fraud, behavioral biometrics, intent detection, CAPTCHA, account takeover, synthetic identity, RSAC Conference 2026, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Speaking on location at RSAC Conference 2026, Gottumukkala draws on his experience as a security executive at Salesforce to explain why even the most well-resourced teams fall behind. More code, more acquisitions, and more attack surface means more findings -- but the capacity to remediate does not scale at the same rate. The answer, he argues, is not more people. It is better systems.

Averlon approaches the problem by ingesting findings from across a customer's security stack, applying AI-driven analysis to determine what is actually exploitable in that specific environment, and eliminating noise. From there, rather than generating a ticket, the platform generates a fix -- actual code changes for application vulnerabilities, or compensating controls for situations requiring more time. The goal is not to manage vulnerabilities. It is to eliminate them.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Sunil Gottumukkala, CEO & Co-Founder, Averlon
https://www.linkedin.com/in/sunilgottumukkala/

RESOURCES

Averlon: https://www.averlon.ai

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Sunil Gottumukkala, Averlon, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, vulnerability remediation, remediation operations, exposure window, cloud security, agentic AI, CVSS, vulnerability management, RSAC Conference 2026, RSAC 2026, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Axonius was founded in 2017 after its co-founders witnessed a Fortune 100 retailer go into crisis during a live security incident -- unable to identify which assets were impacted or who owned them. That founding story still frames the company's mission: give security teams a comprehensive, enriched, and current view of every asset so they can stop flying blind.

But Kottas argues that visibility alone is no longer the goal. Axonius launched its exposure management product at RSAC Conference 2025 -- its most successful product launch to date -- and the message from customers is consistent: what used to take weeks now takes hours or minutes. The platform now enables teams to move from discovery to coverage gap analysis to prioritized remediation, all in one place.

The business case is real. Texas A&M University used Axonius to gamify risk reduction across its decentralized schools and divisions, turning remediation into a leaderboard and dramatically accelerating time to closure. An entertainment company customer used Axonius during the 2024 CrowdStrike Blue Screen of Death incident to scope its impact and build a remediation plan in minutes -- delaying operations by just five minutes, while others faced days of disruption.

Kottas also addresses the AI question head-on. He frames it as AI squared: the foundation for artificial intelligence is asset intelligence. Agentic AI and autonomous SOC workflows are only as reliable as the data underneath them. Conflicting endpoint counts across EDR, CMDB, and other tools produce dirty data that undermines AI trust. Axonius solves this by delivering a deduplicated, enriched asset graph with business context layered in -- so AI systems can make recommendations organizations can actually act on.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Angelos Kottas, VP of Product and Corporate Marketing, Axonius
LinkedIn: https://www.linkedin.com/in/amkottas/

RESOURCES

Axonius website: https://www.axonius.com
Axonius Actionability Report: https://www.axonius.com (available on the Axonius website)
Adapt 2026 (annual customer conference, April 15, New York City): https://www.axonius.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Angelos Kottas, Axonius, Sean Martin, asset intelligence, exposure management, cyber asset attack surface management, CAASM, vulnerability management, actionability, CISO visibility, AI in cybersecurity, agentic AI, asset discovery, coverage gap analysis, incident response, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation gets specific about what contextual risk scoring actually means. A CVE rated 10.0 in the National Vulnerability Database may be irrelevant to a given organization; a lower-severity finding may be critical given the systems that organization actually runs. PlexTrac's newly launched MCP server correlates vulnerability data against real-world environmental context, making that distinction automated and actionable -- not something an analyst has to puzzle out manually every time.

DeCloss walks through what the before state looks like for most teams: an annual pentest PDF, weekly scanner output, no unified view, and spreadsheet-based assignment that makes it nearly impossible to track who is working on what or whether anything is actually getting resolved. PlexTrac replaces that with a normalized, integrated platform that connects to Jira, ServiceNow, and Azure DevOps -- keeping workflows intact while adding the visibility that was always missing.

On AI's role in the industry, DeCloss is measured but direct. AI is a force multiplier, not a job eliminator. Security has always operated with a talent shortage, and automation fills that gap. But AI also expands the attack surface -- and organizations that adopt it without a security framework create new exposure. The human in the loop, with real subject matter expertise, remains essential.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Daniel DeCloss, Founder & CTO, PlexTrac
https://www.linkedin.com/in/ddecloss/

RESOURCES

PlexTrac: https://plextrac.com

KEYWORDS

Daniel DeCloss, PlexTrac, Sean Martin, vulnerability management, penetration testing, pentest reporting, risk prioritization, CVE scoring, MCP server, AI in cybersecurity, blue team, remediation tracking, CTEM, continuous threat exposure management, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast, brand story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Infinidat embeds cybersecurity directly into its storage platform through InfiniSafe, a software suite that has earned recognition from both storage and cybersecurity analysts. The centerpiece of the offering is a written guarantee: any dataset, regardless of size, will be recovered in one minute or less. Herzog explains that this is backed by immutable snapshots that cannot be altered or deleted, a management plane separated from the data plane, and AI/ML-powered scanning through InfiniSafe Cyber Detection that validates a snapshot is clean before it is restored.

The goal is a "known good copy" -- a forensically clean snapshot that can be brought back with confidence. Herzog notes that security teams often focus on confidentiality and availability while underweighting integrity. Infinidat's approach addresses all three: snapshots are verified clean, recovery is fast, and the process is demonstrable in live proof-of-concept environments. At the beginning of April 2026, Infinidat recovered six petabytes in three seconds in a live demo.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Eric Herzog, Chief Marketing Officer, Infinidat
LinkedIn: https://www.linkedin.com/in/erherzog

RESOURCES

Infinidat Website: https://www.infinidat.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Eric Herzog, Infinidat, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, enterprise storage, cybersecurity, ransomware recovery, data protection, InfiniSafe, immutable snapshots, cyber resilience, RSAC Conference 2026, next generation data protection, MSP security, storage security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Itamar Apelblat, co-founder and CEO, and Ido Shlomo, co-founder and CTO, came out of Israel's elite intelligence unit 8200 -- Apelblat from the defensive security side and Shlomo from offensive cyber operations. That shared background, and 17 years of partnership, shapes how Token Security approaches a problem that most identity vendors have not yet reckoned with: AI agents are not humans, and they are not standard machine identities either.

The core concept is intent-based access management. Rather than looking at an agent's historical behavior and extending permissions based on the past, Token Security asks: what is this agent supposed to do? What is its purpose? Restrictions are then built around that intent. As Apelblat explains, agents are non-deterministic -- they will pursue a goal through whatever path is available, including ones you did not anticipate or want. Locking down access based on intent rather than history is the only approach that holds.

Shlomo adds a dimension that makes the risk concrete: an AI agent forgets everything between sessions. Every interaction starts fresh. That means it does not remember a previous attack attempt. A sophisticated adversary who manipulates an agent today can try the exact same technique tomorrow. Combine that with the agent's relentless drive to satisfy its directive -- even to the point of deleting data or modifying infrastructure if that is what it takes -- and the case for an isolated, intent-scoped perimeter becomes clear.

The customer journey at Token Security almost always begins after deployment. Organizations arrive saying, in effect: we think we have agents out there, can you help us find them? Visibility comes first -- discovering what agents exist, understanding their usage, mapping ownership, managing lifecycle. Policy enforcement comes after. Critically, Token Security achieves this without sitting as an inline broker. The platform connects to both the agent platforms and the business applications those agents reach, creating enforcement at both ends without introducing friction into developer workflows.

Apelblat frames the architecture in terms of micro agents: purpose-specific, narrowly scoped, each with a well-defined role. Not one agent doing everything -- thousands of focused agents, each constrained to exactly what it needs. Shlomo puts the business case plainly: an agent with properly managed identity is not a chatbot, it is a member of a digital workforce. Get identity right, and the productivity multiplier is enormous. Get it wrong, and a single compromised agent can cascade across every connected system it touches.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUESTS

Itamar Apelblat, Co-Founder & CEO, Token Security
https://www.linkedin.com/in/itamar-apelblat/

Ido Shlomo, Co-Founder & CTO, Token Security
https://il.linkedin.com/in/ido--shlomo

RESOURCES

Token Security website: https://www.token.security/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Itamar Apelblat, Ido Shlomo, Token Security, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI agent security, AI agent identity, non-human identity, NHI security, intent-based access management, privileged access management, zero trust, RSAC Conference 2026, Innovation Sandbox, identity lifecycle management, agentic AI security, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Corelight's newly launched Agentic Triage product moves beyond the "level one" AI assistant model -- where a system answers questions but takes no action -- to a "level two" agent that actually investigates and triages alerts. It identifies the riskiest entities in an environment, collects all associated context and data, runs a full investigation cycle, and delivers a verdict with full evidence attached. Nair calls it "bringing the receipts": analysts see not just the conclusion but every step of the reasoning. Early results show a 10x increase in investigation speed and 60-70% of alerts being automatically triaged.

The network is having a resurgence as an essential visibility layer, and Nair explains why: attackers have adapted to EDR. Nation-state-style campaigns like Volt Typhoon and Salt Typhoon operate in the network layer, targeting unmanaged devices, routers, firewalls, and VPNs that endpoint tools cannot see. Corelight almost always finds something in the first 30 days of a pilot deployment -- from shadow IT and shadow VPNs to active red team attacks using tools like Sliver-based C2 frameworks.

On the question of SOC adoption, Nair pushes back on the assumption that hesitation comes from the top. The hunger for AI-powered tools runs from CISOs all the way down to the analysts dealing with alert overload and understaffed teams. A recent customer put it simply: "This is amazing. Please don't take it away from me." Nair frames the path to full autonomy as a spectrum -- from human-controlled to fully agentic -- and draws the comparison to Waymo: the journey is measured and incremental, but the destination is inevitable.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Vijit Nair, VP of Product Management, Corelight
https://www.linkedin.com/in/vijitn

RESOURCES

Corelight: https://corelight.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Vijit Nair, Corelight, Sean Martin, network detection and response, NDR, agentic triage, AI SOC, autonomous security operations, SOC automation, network security monitoring, threat detection, AI-powered security, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The CMMC program exists to solve a persistent problem: too many companies doing business with the federal government had failed to properly implement required cybersecurity controls. Built around NIST 800-171's 110 security requirements, CMMC demands third-party, independent verification -- and that means a large, trained, credentialed assessor workforce. ISACA's role is to build and certify exactly that. Todd Gagnon walks through the two foundational credentials at the center of this effort: the CMMC Certified Professional (CCP) as the entry point, and the CMMC Certified Assessor (CCA) as the operational core. With roughly 800 credentialed professionals in the current ecosystem against a need measured in thousands, the stakes and the urgency are clear.

What makes this conversation practically useful is the range of people it speaks to. Gagnon lays out who should be thinking about a CCP -- including professionals early in their careers and organizations that want internal staff who truly understand the CMMC framework, not just outside consultants. He explains the C3PAO model, how subcontractor compliance flows through the ecosystem, and why NIST 800-171 is a strong cybersecurity foundation regardless of whether an organization ever touches a government contract. The certification pathway is open to non-ISACA members, the CCP is designed to be accessible, and the knowledge transfers well beyond the federal contracting context.

ISACA is also moving ahead of the curve: with NIST having released Revision 3 of 800-171, ISACA is already developing training content for the transition -- targeting late 2025 delivery so that a wave of Revision 3-ready professionals will be in place when the Department of War makes the regulatory shift. Todd Gagnon closes with a candid ask for patience as the April 1st transition from Cyber AB to ISACA takes effect, along with a clear statement of intent: the credentials issued under ISACA's watch should stand for something.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Todd Gagnon, Director, CMMC Assessor & Instructor Certification Organization (CAICO) at ISACA
LinkedIn: https://www.linkedin.com/in/todd-gagnon-90b8a6264/

RESOURCES

ISACA CMMC Certification Hub: https://www.isaca.org/cmmc
ISACA Official Website: https://www.isaca.org

KEYWORDS

Todd Gagnon, ISACA, Sean Martin, Marco Ciappelli, CMMC, Cybersecurity Maturity Model Certification, CAICO, CCP, CCA, NIST 800-171, Defense Industrial Base, cybersecurity certification, DoD compliance, government contractors, brand spotlight, brand story, brand marketing, marketing podcast, RSAC Conference 2026

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

CSA operates across three pillars -- cloud, zero trust, and AI -- and Mogull is the first to acknowledge the identity tension that comes with that breadth. But his argument is consistent: each pillar represents a transformational technology that exposed the limits of existing security practices. "Our sweet spot is these transformational, disruptive technologies," he says. The same challenge that played out with cloud adoption is now repeating itself with AI, and CSA's job is to help security teams navigate it with research that is genuinely actionable.

One of the most anticipated deliverables from Mogull's first year is the AI Security Maturity Model -- a structured framework that gives enterprise security programs a lens for assessing and improving their AI security posture. Modeled on CSA's Cloud Security Maturity Model (which Mogull also authored), it is built around measurable KPIs and designed to be as automatable as possible. After its first public draft drew over 600 comments from 60 international reviewers, Mogull is in the final stages of revision. The model covers governance, identity and access management, security monitoring, model security, AI infrastructure, agentic applications, MCP servers, and AI developer enablement -- a purpose-built lens for enterprise AI security programs, not a generic maturity template.

Beyond the model itself, Mogull is building the operational infrastructure to help CSA members actually use it. The new Enterprise Membership program -- launched in March 2026 -- centers on the Operational Maturity Roadmap: a structured, year-long engagement where CSA analysts work directly with member organizations, providing monthly guidance, specific recommendations, and an annual progress report tied to measurable outcomes. The goal is to move CSA from research producer to implementation partner -- and to deliver the kind of decision support that scales beyond what any individual consultant can provide.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Rich Mogull, Chief Analyst, Cloud Security Alliance
LinkedIn: https://www.linkedin.com/in/richmogull/

RESOURCES

Cloud Security Alliance: https://cloudsecurityalliance.org
CSA Enterprise Membership Program: https://cloudsecurityalliance.org/membership
CSA AI Controls Matrix: https://cloudsecurityalliance.org/research/working-groups/ai-controls-matrix
CSA Cloud Controls Matrix: https://cloudsecurityalliance.org/research/cloud-controls-matrix

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Rich Mogull, Cloud Security Alliance, CSA, Sean Martin, AI Security Maturity Model, cloud security, zero trust, AI security, enterprise security, security maturity model, RSAC Conference 2026, brand spotlight, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture.

Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation.

Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster.

A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Tony Anscombe, Chief Security Evangelist, ESET
LinkedIn: https://www.linkedin.com/in/tonyanscombe/

RESOURCES

ESET: https://www.eset.com
ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Stellar Cyber has been building toward a human-augmented, autonomous SOC for years -- long before "agentic" became the conference password. The logic driving that mission is not about market positioning. It is about what happens when AI makes a mistake at scale. One error in judgment can echo a thousandfold. Human oversight is not a limitation on the platform -- it is the architecture. The goal is not to put a human on the sidelines as a safety check. The goal is to make every analyst perform at a higher level, so a junior analyst works at the capability of a senior analyst.

Lisa Liu draws on the Waymo analogy familiar to anyone walking the streets of San Francisco this week: autonomous vehicles went from having a safety driver present to running solo. But when a power outage knocked out every Waymo unit simultaneously, the city needed humans to step in immediately. The same principle applies to security operations. Agentic AI is changing the analyst's role -- replacing alert fatigue and log chasing with higher-order problem solving -- but human involvement in the process is not going away.

For SOC teams asking how to get there, Lisa Liu is clear: success is not a rip-and-replace project. Success is minimal personnel disruption and maximum operational efficiency -- repositioning existing tools to work smarter without exposing the organization to weeks of vulnerability during a rebuild. Stellar Cyber's platform integrates with existing SIEMs and tools, adds coverage across network, endpoint, identity, and cloud environments, and offers hundreds of pre-built integrations with more being added continuously. For managed security service providers serving clients across different industries and risk profiles, that kind of unified visibility is what makes the business model scale.

The outcomes are specific. One Stellar Cyber customer reported that analysts were 83% more accurate in their threat environment analysis. Lisa Liu frames that number carefully: analysts are not measured by what they catch -- they are measured by what they miss. Any meaningful improvement in accuracy is not just a business metric. It changes how people feel about their work.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Lisa Liu, Corporate Marketing and Communications Manager, Stellar Cyber
https://www.linkedin.com/in/lisaaliu/

RESOURCES

Stellar Cyber: https://stellarcyber.ai

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Lisa Liu, Stellar Cyber, Sean Martin, RSAC Conference 2026, human-augmented SOC, autonomous SOC, AI-native security operations, Multi-Layer AI, MSSP security platform, SOC analyst efficiency, alert triage, agentic AI cybersecurity, brand spotlight, brand story, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The hidden sources of risk go deeper than most teams realize. C/C++ code underpins critical infrastructure across medical devices, automotive, defense, and financial services -- yet most scanning tools can't effectively analyze it. Third-party binaries carry serious risk that vendors rarely disclose. Open source libraries that haven't been updated in years represent quiet exposure. And AI adoption is adding a new layer of opacity: datasets of unknown provenance, open-weight models with untested risk profiles, and AI-embedded applications where organizations have no visibility into what models or agents are operating underneath.

Bardenstein frames the path forward in three dimensions: rapid response when a new issue emerges, proactive inventory and monitoring of critical dependencies, and supply chain risk stopped at the procurement gate before it enters the enterprise. When customers demand SBOMs as a condition of doing business, vendors improve -- and those improvements flow to all their other customers as well. Manifest Cyber sees this market dynamic as one of the most powerful forces for making the software ecosystem more secure.

The conversation also takes on accountability. Drawing on his time leading technology strategy at CISA, Bardenstein argues that the burden of transparency must fall on the people who write software, not those who buy and use it. The "transparency tax" -- the hidden cost of cheap or opaque technology -- only surfaces after something goes wrong, in the form of incident response, people-hours, and exposure. Compliance drivers like the EU Cyber Resilience Act are reinforcing this shift, but market pressure from major banks, pharmaceutical companies, and government is already moving faster than regulation.

Manifest Cyber automates the hard work: generating SBOMs, analyzing binaries, surfacing risk in C/C++ and third-party dependencies, and enabling fast, owner-assigned remediation. One customer went from zero to generating SBOMs across their entire fleet in 90 seconds -- without touching a command line. The platform is built to keep engineer velocity high, surface risk in plain language for procurement and risk teams, and make supply chain security accessible to the entire organization, not just the AppSec team.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Daniel Bardenstein, CEO and Co-Founder, Manifest Cyber
LinkedIn: https://www.linkedin.com/in/bardenstein/

RESOURCES

Manifest Cyber: https://www.manifestcyber.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Daniel Bardenstein, Manifest Cyber, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, software supply chain security, SBOM, Software Bill of Materials, AIBOM, AI supply chain, Log4Shell, software transparency, SCA tools, C/C++ security, open source risk, Secure by Design, EU Cyber Resilience Act, supply chain risk management, third-party risk, RSAC Conference 2026, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Crogl recently published the State of the AI SOC report, a survey of more than 600 organizations. The headline finding: nearly 40% of alerts go completely unattended. Not triaged. Not escalated. Just missed. The report also found that a large share of respondents rank the security of an AI system above its raw capability -- trust before performance. Merza says the goal of the report was part data, part demystification, and part empathy building -- giving security leaders permission to recognize that everyone is dealing with the same problems.

Crogl's knowledge engine is built on a foundational premise: data is fragmented in the enterprise, and that is not going to change. Rather than requiring data normalization before analysis, Crogl builds an enterprise semantic knowledge graph that maps relationships across data lakes, SIEMs, and SOAR platforms, wherever the data lives. Analysts no longer need to navigate schemas or query languages. Crogl handles the investigation and surfaces what matters.

Merza describes two compressor effects his customers experience. A competency compressor allows any analyst to draw on multiple data lakes at once. A domain knowledge compressor lets Crogl work across alert types -- phishing, endpoint, and beyond -- rather than routing each to a specialist. The result is a team that operates well above its apparent headcount. One customer example: a CISA advisory that would take hours to manually parse can be uploaded into Crogl and assessed across the enterprise footprint -- IOC mapping and detection coverage -- in sub-hours. The same logic extends to compliance, where audit data calls that once required manual query-by-query execution can now be executed by Crogl against a full 500-query data call at once.

On the jobs question, Merza takes a clear position: AI will create more security jobs, not fewer. Every new AI deployment is a new attack surface. Every new footprint needs to be defended. The repetitive tier-one work is going away -- but the volume of meaningful security work is expanding and the entry level is rising. The organizations getting ahead of this are already standing up AI review boards and putting security capability at the center of how they evaluate new AI tools.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Monzy Merza, Co-Founder and CEO, Crogl
LinkedIn: https://www.linkedin.com/in/monzymerza

RESOURCES

State of the AI SOC Report (free download): https://www.crogl.com
Crogl: https://www.crogl.com
AI SOC Summit: https://aisocsummit.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Monzy Merza, Crogl, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI SOC, security operations center, SOC automation, AI in cybersecurity, alert fatigue, security data lakes, SIEM integration, enterprise knowledge graph, threat intelligence, CISA advisory, Volt Typhoon, RSAC Conference 2026, RSAC 2026, cybersecurity AI, autonomous investigation, SOC analysts, security workforce, CISO strategy

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

One of those announcements is the HPE AI firewall -- a solution built specifically for organizations trying to govern how employees use generative AI tools without shutting down innovation. Mounir Hahad frames the challenge directly: gen AI has doubled the attack surface, and organizations that fail to act risk both data leakage and a loss of confidence in the technology itself. The AI firewall starts with visibility -- showing which AI services employees are using, what data is moving where, and whether private information is leaking to external services -- and then gives administrators the tools to set and enforce policy.

The second announcement is the formal launch of HPE Threat Labs, which brings together threat research capabilities from both Hewlett Packard Enterprise and the former Juniper Networks. The combined team covers both threat analysis and vulnerability analysis -- capabilities that were previously siloed. HPE Threat Labs has published its inaugural In the Wild threat report, drawing on telemetry, honeypots, and open-source intelligence to give CISOs and decision makers a clear view of how cybercrime has industrialized, why attacks are increasingly targeted, and why high-confidence alerts matter more than ever.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Mounir Hahad, Head of HPE Threat Labs, Hewlett Packard Enterprise
LinkedIn: https://www.linkedin.com/in/mounirhahad/

RESOURCES

HPE Threat Labs: https://www.hpe.com
HPE Threat Labs 2026 In the Wild Threat Report: https://www.hpe.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Mounir Hahad, Hewlett Packard Enterprise, HPE, HPE Threat Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI firewall, generative AI security, network security, threat intelligence, SASE, cybercrime, RSAC Conference 2026, threat research, enterprise security, AI governance, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Object First appliances are purpose-built for Veeam and ship with S3 protocol storage in automatic compliance mode, versioning, and object lock. Once data is written and a retention period is set, nothing -- no admin, no attacker, not even the vendor -- can touch it. Cusimano describes the architecture as a storage utility, not an administration platform: Veeam handles all backup policy and configuration; Object First handles one thing only, ensuring the data cannot be erased.

The statistics behind the design are sobering. According to Cusimano, 96 percent of ransomware attacks specifically target backup data -- a figure validated across four independent industry surveys. Organizations that rely on encryption alone, without immutable storage, are leaving a critical gap that attackers have learned to exploit. Many do not discover that gap until recovery is already underway.

Cusimano also makes the case for recovery testing as a security priority in its own right. He recommends full tabletop exercises that assume worst-case conditions: every admin credential compromised, active directory gone. Teams that run through this process discover gaps in their architecture that no amount of vendor documentation will surface. His practical tip -- collect coworkers' cell phone numbers before an incident -- reflects just how complete the communications blackout can be when directory services fail.

Two capabilities from Object First round out the conversation. Fleet Manager, launching May 6th, gives managed service providers and large enterprises a single SaaS dashboard to manage all Object First instances with unified telemetry and honeypot visibility -- with no backup data leaving the appliance. And the honeypot feature, included on every device at no cost, simulates a Veeam backup and replication server as a decoy. When agentic AI-driven attacks probe the environment, they interact with the honeypot exactly as they would a real target, triggering alerts that can surface threats days or weeks before a full attack develops.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Anthony Cusimano, Chief Evangelist & Director of Solutions Marketing, Object First
LinkedIn: https://www.linkedin.com/in/anthonycusimano89/

RESOURCES

Object First website: https://objectfirst.com
ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, ransomware, immutable storage, backup security, Veeam, data protection, RSAC Conference 2026, cyber resilience, absolute immutability, ransomware recovery, Fleet Manager, honeypot detection, managed service providers, zero trust storage

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The real exchanges, Parisi says, are happening backstage -- in the hallways, over coffee, between practitioners who trust each other enough to ask: does this vendor actually do what they say? That shift back to peer-driven trust is not a trend. It is a correction. Security leaders are exhausted and fragile, operating under intense pressure, and they are returning to the relationships they know rather than the research tools and AI-generated answers they do not trust.

Steel Patriot Partners was built around exactly that dynamic. Their operating principle -- business owners first, engineers second, compliance and security people third -- runs counter to how most consulting firms approach an engagement. Rather than leading with frameworks or certifications, the team starts by asking what outcome the client is actually trying to achieve. Parisi is candid about how often that conversation leads them to steer a client away from the path they came in convinced they needed. That willingness to say no -- and mean it -- is what sets a trusted advisor apart from a vendor.

The outcome-first philosophy shapes every engagement. As founder Jason Ford says, 80% of what Steel Patriot Partners does is a therapy session. Organizations coming in with complex compliance challenges -- FedRAMP, CMMC, HITRUST, DoD IL -- need more than a checklist. They need a partner who has lived those journeys themselves, made the mistakes, and can speak honestly about what is worth pursuing and what is not.

Parisi's advice to anyone evaluating a consulting partner is pointed: ask the question up and down the team, not just of the founder. The firms that have genuinely lived what they sell -- and can talk about the failures as clearly as the successes -- are the ones worth trusting when the stakes are high.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Michael Parisi, Chief Growth Officer, Steel Patriot Partners
LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/

RESOURCES

Steel Patriot Partners: https://www.steelpatriotpartners.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Michael Parisi, Steel Patriot Partners, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cybersecurity consulting, compliance advisory, FedRAMP, CMMC, HITRUST, DoD IL, trusted advisor, outcome-based consulting, vendor trust, cybersecurity noise, RSAC Conference 2026, security leadership, GRC, business risk, human in the loop

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

BlackCloak announced at RSAC Conference 2026 the launch of its new travel advisory platform -- a tool designed to give executives and their families actionable, real-time intelligence when traveling domestically or internationally. Pierson explained that CISOs and CSOs are increasingly being asked questions that go well beyond network security: what are the crime trends in this city, what embassy contacts are needed, which areas should be avoided? The platform distills complex, fast-moving threat intelligence into concise briefings -- four or five pages, mobile-accessible, and built for the executive and the family members traveling alongside them.

On the privacy side, BlackCloak introduced Search Suppression -- a new feature that goes further than data broker removal alone. Even after information is scrubbed from the major data broker sites, traces of personally identifiable information can persist across the open internet. Search Suppression identifies those instances and requests their removal from search engine results, shrinking the digital footprint that attackers use to build targeted OSINT profiles. And because the threat surface shifts as executives' children age and begin generating their own data trails, the platform monitors continuously -- not just at a single point in time.

Pierson also addressed the deepfake threat head-on. BlackCloak re-released its Impersonation Protection feature with deeper capabilities specifically designed for this problem. Plugin-based detection tools for Teams or Zoom leave the most common attack vectors -- phone calls, text messages, WhatsApp, Signal -- completely unaddressed. Impersonation Protection allows members to push a quick identity-verification request through the BlackCloak app to anyone in their trusted circle, regardless of how the original communication arrived. If verification fails, alarm notifications fire to both the CISO and the BlackCloak team. In a world where high-quality deepfake audio and video can be synthesized from publicly available earnings call recordings and media appearances, slowing down to verify through a trusted channel is one of the most reliable defenses available.

The conversation closed on the concept of trust -- a word Pierson returned to repeatedly. It is, he said, the reason people choose BlackCloak. The relationships the company builds with CISOs, CSOs, and the executives and families they protect require trust that is built carefully and maintained continuously. As BlackCloak scales, preserving that culture is something Pierson thinks about deeply. For a company whose entire business is built on protecting people in their most personal digital spaces, trust is not just a value. It is the product.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Dr. Chris Pierson, Founder and CEO, BlackCloak
https://www.linkedin.com/in/drchristopherpierson/

RESOURCES

BlackCloak official website: https://blackcloak.io
BlackCloak Digital Executive Protection Platform: https://blackcloak.io/product/
Request a BlackCloak demo: https://blackcloak.io/executives/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Dr. Chris Pierson, BlackCloak, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand spotlight, digital executive protection, executive cybersecurity, personal cybersecurity, deepfake defense, impersonation protection, travel advisory security, search suppression, data broker removal, OSINT, executive privacy, RSAC Conference 2026, RSAC 2026, cybersecurity, privacy

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Since its founding in 2007, Savvy Cyber Kids has been on a mission to provide parents and educators with the tools needed to guide children through the digital world. Ben explains why introducing technology too early can be detrimental to a child’s emotional preparedness and brain development, and why adult-led guidance is essential even when kids seem like "tech experts".

In this conversation, we explore:

The Evolution of Threats: Moving from MySpace and CRT monitors to 24/7 access via mobile devices.

Early Intervention: Why the "rhyme and picture book" approach works for children as young as three to teach concepts like online aliases and stranger safety.

Safe AI for Kids: Introducing a new partnership with Chaperone, a platform featuring "homework mode" and parental controls to ensure AI is a tool for learning, not a shortcut for thinking.

Going Global: How the organization has expanded internationally with materials translated into Spanish, German, French, and Hebrew.

About Our Guest

Ben Halpert is a cybersecurity veteran with over 25 years of experience and the founder of Savvy Cyber Kids. He is dedicated to helping parents navigate the "wild" of the internet with positive, developmentally appropriate programming.

Resources

Savvy Cyber Kids Website: savvycyberkids.org

More RSAC 2026 Coverage: itspmagazine.com/rsac

Marco's Website: Marcociappelli.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Key Highlights: • The Mission: To encourage Native Hawaiians—who are significantly underrepresented in tech and medical fields—to pursue and stay in STEM careers.  • The Impact: Since 2019, the scholarship has grown from a single recipient to 62, providing both financial aid and direct access to a professional network.  • Beyond the Money: Recipients share their college journeys through annual blog posts or vlogs, creating a community of future leaders.  • New Milestones: Hoala discusses the scholarship's recent 501(c)(3) nonprofit status, opening the doors for corporate partnerships and expanded funding.  

How to Support or Apply: If you are a Native Hawaiian student pursuing STEM, or if you are interested in donating to the fund, visit the link below: • 
Website: https://www.paubox.com/kahikina-stem-scholarship  
• Application Deadline: May 31st.  

Marco's Website: https://www.marcociappelli.com 
ITSPmagazine: https://www.ITSPmagazine.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What's actually covered: → Why agentic AI is dominating RSAC 2026 — and why it all sounds the same → Shadow AI: the insider threat nobody is calling an insider threat → What strong brand presence actually looks like (hint: it's not a circus tent) → Why fear — not budget — is the real reason companies still say no to AI → Integration, orchestration, ROI: what comes after the hype → The one message that matters: make AI your own 🔗 More from RSA Conference 2026: itspmagazine.com/rsac

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Key Discussion Points:

The AI Agent Explosion: Everyone says they can secure your agents, but is there any actual differentiation?

Keynote Insights: A breakdown of George Kurtz’s CrowdStrike keynote on "Full Throttle" AI vs. total fear.

The "Mushroom" Metaphor: Why AI is like a power-up in Super Mario Kart—it makes you go faster, but it doesn't make you a better driver.

The Marketing Disconnect: Why vendor messaging is failing to map to the actual "to-do lists" of modern CISOs.

Niche Power: Why the most innovative solutions are often found on the perimeter of the expo floor.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Key Discussion Points:

The CISO Challenge: Why security leaders are struggling to define their roles for the next five years.

Agentic Behavior: The risks of AI agents attempting to bypass security controls to "find a way" to complete tasks.

AI vs. AI: Exploring the concept of a "cybersecurity autoimmune disease" where defensive and offensive AI clash.

Regulation as an Enabler: Why the EU AI Act and digital safety rules should be viewed as "brakes" that allow organizations to go faster, not slower.

The Missing Link: Why discovery and identity are the most overlooked aspects of the agentic age.

Chapters:

0:00 - Live from RSA Conference San Francisco

1:03 - The impossible task of the modern CISO

2:26 - Why there were no "puppies" at RSAC this year

4:14 - Cutting through the GenAI marketing noise

5:51 - Upskilling vs. reskilling for an AI workforce

7:50 - The need for "Discovery" in AI agents

11:39 - Budgeting: Securing AI within the AI budget

13:24 - Stop treating AI like it's "mysterious" software

15:42 - Regulation: The EU AI Act and "Brakes" for innovation

18:19 - AI Horror Stories: Agents gone rogue?

23:00 - The Cybersecurity Autoimmune Disease theory

Suggested Tags

Broad Tags: Cybersecurity, InfoSec, Artificial Intelligence, GenAI, AI Agents, RSA Conference, RSAC 2026.

Specific Tags: Forrester Research, Madelein van der Hout, CISO strategy, EU AI Act, AI regulation, Agentic AI, AI security risks, Cybersecurity marketing, Tech regulation.

Next Step: Would you like me to generate a high-impact thumbnail concept or a few community post blurbs to promote the video once it's live?

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

🔍 In this episode:

• 82% of health systems have limited or no AI governance in place, while deployments proceed — Digital Medicine Society
• 58% of frontline clinical staff are using unsanctioned AI tools — not out of recklessness, but because approved alternatives don't exist — Wolters Kluwer
• The vendor trust gap: trusted vendors are shipping AI capabilities into integrated products after contracts are signed, after integrations are built, after due diligence has closed — and most health systems have no mechanism to detect it
• Jason Kor of HITRUST on what procurement processes aren't built to catch — recorded for the Redefining CyberSecurity Podcast
• The Stryker attack: a nation-state operation that disrupted hospitals through their supplier — not their own systems
• Ryan Patrick of HITRUST on why availability of services now sits in the same risk tier as confidentiality of data
• Who actually owns the patient's data — the provider, the insurer, the vendor, the device manufacturer, the government program, or the patient?
• TEFCA — the Trusted Exchange Framework and Common Agreement — moves data nationally across eleven Qualified Health Information Networks. It does not move the ownership rights with it
• The CMS agenda: $1.7 trillion, 160 million Americans, and a policy clock that does not wait for the identity infrastructure to catch up
• The vocabulary of transformation — what "pilot to production" and "scale" are selecting for, and what they are leaving out
• Zero Trust reframed as the infrastructure condition that makes trustworthy AI deployment possible — not just a ransomware defense

Fourth Lens: Healthcare's AI ambition and its data infrastructure are moving at different speeds — and the patient is where those speeds collide. The program layer is making sequence choices. The market layer is accelerating pressure. The messaging layer is optimizing for ambition. None of it is an argument against innovation. All of it is an argument for discipline — A-to-Z, every dependency, ambiguity, and fragility along the way.

🎙️ Podcast conversations referenced in this article:

• Jason Kor, HITRUST — Brand Spotlight
• Ryan Patrick, HITRUST — HIMSS Recap

🔗 Full article and references: seanmartin.com/lens-four

🌐 HIMSS26 coverage: itspmagazine.com

Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com.

Subscribe to Lens Four — Where business, innovation, and messaging come into focus.

🎯 Keywords: healthcare AI governance, order of operations AI, data foundation healthcare, vendor trust gap, patient data ownership, TEFCA, health information exchange, QHINs, Shadow AI healthcare, third-party risk management, supply chain resilience healthcare, Zero Trust healthcare, CMS interoperability framework, CIA triad healthcare, data integrity AI, identity management healthcare, HITRUST, Jason Kor, Ryan Patrick, Wolters Kluwer, Digital Medicine Society, DiMe, Google for Health, Jon McNeill, John Halamka, Mayo Clinic Platform, Sumbul Ahmad Desai, Apple Health, Daymond John, Dr. Mehmet Oz, Amy Gleason, Kim Brandt, DOGE healthcare, Stryker cyberattack, nation-state healthcare attack, HIMSS26, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, ITSPmagazine

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSAC Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five.

Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security.

The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending.

The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined.

All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it.

Guest

Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis

Host

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

Resources

SANS Institute | https://www.sans.org

RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Keywords

ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The ESET eCrime Ecosystem Report comes in two forms: a business-facing summary outlining current risks for leadership, and a long-form technical report for analysts -- complete with IOCs, coding examples, and structured intelligence feeds covering ransomware, crypto scams, malicious email attachments, and infostealer data. These feeds are built to plug directly into SOC workflows and firewall rules, not to create more work for already stretched teams.

Tony Anscombe is direct about the quality problem in threat intelligence. Open-source feeds sound appealing -- until you factor in the analyst hours required to clean out the noise. By then, the intelligence is stale. Attacks circle the globe in hours. Near-real-time, verified intelligence is not a premium -- it is the baseline requirement.

The threat detection conversation has also moved well past malware. Anscombe walks through how modern attackers often skip the payload entirely -- credential theft gets them in, then slow lateral movement and data exfiltration follow, with ransomware as the final act rather than the first signal. ESET's platform focuses on behavioral anomaly detection across the full environment, with on-site, cloud, and managed deployment options for organizations that cannot or will not go all-in on cloud architecture.

At RSAC Conference 2026, ESET will be at booth 5253 in Moscone North. Anscombe has two sessions on the Wednesday agenda: one on supply chain blind spots -- urging security teams to engage directly with the business side to map third-party risk fully -- and a community rant session tackling four things that need to change in cybersecurity, including the cryptocurrency regulation debate. On AI, his message is measured: the real conversation at the show is not about using AI -- it is about securing it.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Tony Anscombe, Chief Security Evangelist, ESET
LinkedIn: https://www.linkedin.com/in/tonyanscombe/

RESOURCES

ESET website: https://www.eset.com
ESET threat research blog (WeLiveSecurity): https://www.welivesecurity.com
ESET at RSAC Conference 2026 -- Booth 5253, Moscone North

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Tony Anscombe, ESET, Sean Martin, RSAC Conference 2026, eCrime, threat intelligence, eCrime Ecosystem Report, cybersecurity, endpoint protection, MDR, threat detection, supply chain security, AI security, ransomware, infostealer, brand spotlight, brand marketing, marketing podcast, brand story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Object First builds physical, on-premises appliances purpose-built for Veeam. Once backup data lands on the device, it cannot be changed by anyone: not an admin, not the vendor, not an attacker. That guarantee is the foundation of the company's entire product philosophy. As Anthony Cusimano puts it, the threat is clear -- ransomware operators now specifically target backups because destroying that data eliminates the victim's options.

Heading into RSAC Conference 2026, Object First is bringing new capabilities to South Hall Booth S3601. Demos will include Honeypot, a feature that causes the Object First appliance to simulate a Veeam backup and replication server as a decoy. If a bad actor attempts brute-force access or a remote desktop connection, an alert fires immediately -- a signal that your real Veeam environment is likely also being probed.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Anthony Cusimano, Director of Solutions Marketing, Object First
LinkedIn: https://www.linkedin.com/in/anthonycusimano89/

RESOURCES

Object First website: https://objectfirst.com
ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Anthony Cusimano, Object First, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, ransomware, backup security, immutable storage, Veeam, data protection, RSAC Conference 2026, cyber resilience, backup immutability, ransomware protection

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The threat landscape has shifted in ways that validate Stellar Cyber's original architecture. LLM-generated attacks have collapsed the time to launch a sophisticated phishing campaign from weeks to minutes. Stellar Cyber was built to serve the mid-market and the MSSPs that protect it -- organizations that face identical threats to enterprises but without enterprise resources. A unified, multi-tenant platform means MSSPs onboard new customers in minutes. An open data ingestion engine works with whatever tools are already in place -- no EDR lock-in, no rip-and-replace.

At the center of the platform is a correlation engine that transforms thousands of individual alerts into a manageable set of high-confidence cases. An identity compromise driving lateral movement across dozens of alerts becomes one case with a clear recommended action. Subo describes this as the difference between drowning in noise and focusing on decisions that actually require human judgment -- and it is the foundation the autonomous SOC layer is built on.

Subo is direct about what the hype gets wrong: the claim that organizations can dramatically cut SOC headcount because AI has it covered is not happening. The realistic version of autonomous SOC is a force multiplier -- digital agents handle the continuous, high-volume triage work that consumes analyst hours, freeing humans for the cases that require context and institutional knowledge. A system that automates without explainability does not reduce risk. It relocates it.

Stellar Cyber will be at booth S327 in the South Hall at RSAC Conference 2026, right at the bottom of the escalator. Live autonomous SOC demonstrations will be running throughout the event, with real-world results from customers already in production. The team also has a barista on site -- a detail Subo was particularly keen to mention for Marco Ciappelli.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Subo Guha, Senior Vice President of Product Management, Stellar Cyber
https://www.linkedin.com/in/suboguha/

RESOURCES

Learn more about Stellar Cyber: https://stellarcyber.ai

RSAC Conference 2026 Coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, autonomous SOC, Open XDR, MSSP security platform, AI-driven security operations, agentic AI cybersecurity, threat detection and response, RSAC Conference 2026, SOC analyst tools, multi-tenant security platform, LLM-generated attacks, security operations center, SIEM NDR unified platform

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Crogl was founded in 2023 to make every security practitioner as effective as their entire team. What sets Crogl apart is a refusal to require data normalization before the product becomes useful. Instead, Crogl builds a semantic knowledge graph across an organization's existing data lakes, SIEMs, and SOAR platforms -- however many there are -- so analysts can investigate alerts and threat hunt across their real environment, not an idealized version of it.

Monzy Merza applies the same logic to language models as to data: if different data stores serve different purposes, why accept a single LLM for every security scenario? Crogl lets organizations choose their model, swap as needs evolve, and deploy on any footprint -- including fully air-gapped environments. For government agencies, energy utilities, and manufacturers, that is not a feature. It is a deployment prerequisite.

Financial services leaders across 15 conversations in New York told Merza the same thing unprompted: Crogl's investment in an enterprise semantic knowledge graph is what they see as genuinely correct. Their argument: you cannot solve enterprise security operations with AI without knowing where data lives without transforming it. These were practitioners speaking, not vendors.

The week before RSAC Conference, Crogl hosted the first AI SOC Summit near Washington, DC -- no NDAs, no directed demos. Attendees brought their own laptops, got access tokens, and used Crogl on their own problems, completely unattended. The booth at RSAC Conference will work the same way: walk up, run real scenarios, no one driving the demo. The head of AI, UX designer, and chief architect will all be on the floor to listen and be challenged.

Organizations building AI security strategy around eliminating people are making a bet history does not support. The smarter path -- and the one Crogl is built around -- is enabling practitioners with tools that meet them where they are, on the data they have, with the models they trust, in the environments they control.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Monzy Merza, Co-Founder and CEO, Crogl
On LinkedIn: https://www.linkedin.com/in/monzymerza/

RESOURCES

Crogl: https://www.crogl.com

AI SOC Summit: https://www.aisocsummit.com/

RSAC Conference 2026 Coverage on ITSPmagazine: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Monzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC, security operations center, autonomous alert investigation, enterprise semantic knowledge graph, AI security tools, SOC automation, security analyst, threat hunting, data normalization, large language models, agentic AI, RSAC 2026, RSAC Conference

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use?

Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The Business Protection Group. His lens is converged security: the deliberate integration of cyber, physical, privacy, and people-risk under a unified program and leadership model.

Roland identifies three patterns that typically bring organizations to him. First, an emergent crisis -- a threat against an executive, a workplace violence incident, a travel security failure -- that suddenly exposes the absence of a coherent protection program. Second, a cost and structure conversation where the CEO is tired of receiving two different risk pictures from two different security leaders and wants a single accountable voice. Third, a board-driven inquiry where general counsel or the CEO is being asked questions about executive resilience and duty of care that nobody inside the organization can confidently answer.

What makes this conversation particularly sharp is Roland's framing of convergence not as an org chart exercise, but as a force multiplier. A unified threat intelligence picture -- one that covers cyber, physical, executive, brand, and customer risk simultaneously -- enables cleaner prioritization, better resource allocation, and a fundamentally stronger conversation with the CEO. The alternative, which he has seen firsthand, is four separate threat management platforms reporting independently with no team working across all of them.

The episode also pushes into territory that most security programs have not yet mapped: employee protection at scale. Not bodyguards for everyone, but the organizational consciousness to monitor for geographic threats, proactively check in with distributed employees during major events, and build a duty-of-care posture that extends beyond the office walls into people's home lives and total risk environment. For high-risk employees -- those with keys to the kingdom, not just C-suite titles -- that responsibility extends further still.

For CISOs and CSOs wondering where to start, Roland offers a practical crawl-walk-run framework: start with shared services rather than full convergence, open the conversation with leadership, surface the gaps the business already knows exist, and build a financial and risk model that makes sense for your specific organization. The goal is a converged security program that treats people -- not just infrastructure -- as an asset worth protecting.

⬥GUEST⬥

Roland Cloutier, Principal at The Business Protection Group | On LinkedIn: https://www.linkedin.com/in/rolandcloutier/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/
More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast
Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

⬥ADDITIONAL INFORMATION⬥

On ITSPmagazine: https://www.itspmagazine.com/
On YouTube: https://www.youtube.com/@itspmagazine
On LinkedIn Newsletter: https://itspm.ag/future-of-cybersecurity
Sean Martin's Contact Page: https://www.seanmartin.com/

⬥KEYWORDS⬥

roland cloutier, the business protection group, sean martin, executive protection, employee protection, converged security, physical security, ciso, cso, duty of care, threat intelligence, workplace violence, security convergence, business resilience, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At HIMSS 2026 in Las Vegas, the conversation keeps circling back to the same question: how can technology help healthcare workers spend more time with patients and less time chasing information? For Chris Sullivan, Global Healthcare Practice Lead at Zebra Technologies, that question is not hypothetical — it's the work.

In this Brand Spotlight, Marco Ciappelli connects with Chris from the conference floor to talk about what's actually happening in healthcare technology right now. Zebra Technologies, a 55-year-old company with over 10,000 employees and more than 300 healthcare-specific products, has built its reputation by designing tools not for the corner office, but for the frontline worker — the nurse, the pharmacist, the care team member who needs the right information at exactly the right moment.

One of the most compelling stories Chris shares is Zebra's partnership with Texas Children's Hospital, a world leader in pediatric oncology. The challenge: high-cost cancer medications — some exceeding a million dollars per treatment — were being lost, duplicated, or expiring before reaching patients. The solution was an RFID-based drug management system, built in partnership with a Texas software company, that now tracks medications throughout the pharmacy supply chain. The result? Millions of dollars in annual inventory savings, improved patient safety, and a model that Texas Children's is now actively sharing with hospitals in Amsterdam and beyond.

But the RFID story is just one piece of a larger picture. What Zebra calls healthcare workflow orchestration — the coordination of people, assets, and information across a complex hospital environment — is the bigger ambition. Chris describes a three-part framework: asset visibility (digitizing wheelchairs, pumps, medications, and supplies), real-time information for caregivers (through mobile computers and hands-free wearables), and operational automation (like the pharmacy RFID system). Together, these elements are designed to remove friction from the care delivery process and give clinicians back the one thing they most want: presence with their patients.

And then there's AI. Zebra has been building sensor-rich devices for years, and now those sensors — over 15 per device, capturing voice, video, and environmental data — are becoming the foundation for an AI platform built specifically for frontline workers. Chris draws a sharp distinction between AI for knowledge workers and AI for frontline workers, arguing that the needs, rules, and structures are fundamentally different. Zebra's approach is to pre-extract sensor intelligence into an open SDK with over 21 AI enablers, then package those into industry-specific blueprints that can be deployed in months rather than years.

The conversation ends where it began: with people. Chris is both a technology provider and a healthcare board member, which gives him a perspective that's rare in this industry. He understands what it means when a caregiver is interrupted. He knows that a nurse who has to stop and look something up is a nurse who isn't holding a patient's hand. That's the problem Zebra is trying to solve — not with a flashy pitch, but with 55 years of frontline experience and a clear-eyed view of what the work actually looks like.

Recorded remotely from HIMSS 2026 | Las Vegas, NV | March 9–12, 2026

This Brand Spotlight is part of ITSPmagazine's ongoing coverage of HIMSS 2026. To explore more conversations from the event, visit ITSPmagazine.com.

GUEST
Chris Sullivan
Global Healthcare Practice Lead, Zebra Technologies
LinkedIn: https://www.linkedin.com/in/chris-sullivan-6135624/

RESOURCES
Zebra Technologies: https://www.zebra.com
HIMSS 2026: https://www.himssconference.com

Want to tell your brand story? Reach out to us at ITSPmagazine.com.

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

Want to tell your story and make an impact? ITSPmagazine is your platform.
👉 https://www.itspmagazine.com/telling-your-story

KEYWORDS
Chris Sullivan, Zebra Technologies, Marco Ciappelli, HIMSS 2026, healthcare technology, frontline workers, RFID, drug management, Texas Children's Hospital, AI in healthcare, workflow orchestration, mobile computing, brand spotlight, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Scott Scheferman -- known throughout the cybersecurity and music communities as Shagghie -- brings a rare combination of backgrounds to this conversation: classically trained on trumpet, a live techno producer since the late nineties, a student of synthesis at its lowest circuit level, and now a full-time researcher working on what he calls the Joy Protocol -- a frequency-based framework designed to produce measurable physiological and neurological benefits through sound and light.

The conversation opens with Scott recounting his musical journey -- from blues trumpet in the Caribbean to losing his cherished instruments during a move to the United States, to a 25-year silence before his daughter convinced him to pick up the horn again. Then came the synthesizers. He describes performing live techno with six drum machines and synthesizer sequencers at a San Diego club, his parents in the crowd, sweating and dancing by 2:00 AM. For Scott, that was the moment of arrival -- not just as a performer, but as someone understood.

From there, the conversation moves into the physics. Scott and Sean explore how frequency operates across the entire spectrum -- from the 7.83 hertz resonant frequency of the Earth itself to the quantum oscillations that defy measurement. Scott makes the case that sound is not merely an aesthetic experience but a literal force, one that operates on the body, mind, and cellular structure in ways now being confirmed by a new wave of scientific research. The Solfeggio scale, long dismissed by mainstream music as esoteric, turns out to have been built around frequencies that have specific, studied, physiological effects on the human body.

The conversation doesn't shy from harder territory. Scott discusses directional sound weapons he witnessed firsthand at Booz Allen Hamilton, the documented Havana syndrome incidents, and how blue light frequencies are engineered into consumer electronics to trigger dopamine responses. These aren't conspiracy theories, he argues -- they are the same science, used from the opposite direction. The Joy Protocol is the inverse: taking those same mechanisms and applying them to produce healing, not harm. Even the 40-hertz frequency -- which Scott now seeks out on his wife's Power Plate machine at the gym -- produces a physical response he describes as immediately and unmistakably real.

The episode closes on the question every musician, listener, and creator should be sitting with: if certain frequencies heal and others harm, if the A-440 tuning standard may have been a deliberate departure from something more resonant, and if the spaces between notes matter as much as the notes themselves -- then what does it mean to produce music intentionally? Scott points toward the guitar as a last frontier that AI cannot replicate: the harmonic overtones that physically manifest in wood when an instrument is tuned to a resonant frequency cannot be induced after the fact. That reality, he suggests, is both a challenge and an invitation.

Host

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

Guest(s)

Scott "Shagghie" Scheferman, Cybersecurity Strategist, Musician, and Researcher | Website: https://www.scottscheferman.com/ | On LinkedIn: https://www.linkedin.com/in/scottscheferman/

Resources

Scott Scheferman's Personal Website | https://www.scottscheferman.com/
Music Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/

Keywords

scott scheferman, shagghie, frequency healing, quantum consciousness, cymatics, solfeggio frequencies, sound as medicine, live techno, music production, joy protocol, sean martin, music, creativity, art, artist, musician, music evolves, music podcast, music and technology podcast

More From Sean Martin on ITSPmagazine

More from Music Evolves: https://www.seanmartin.com/music-evolves-podcast

Music Evolves on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTRJ5du7hFDXjiugu-uNPtW

On Location with Sean and Marco: https://www.itspmagazine.com/on-location

ITSPmagazine YouTube Channel: https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Stryker attack, which unfolded in real time during HIMSS 2026, made the stakes concrete. What began as a nation-state operation quickly became a supply chain crisis. Hospitals relying on Stryker products scrambled -- not because their own environments were breached, but because a critical supplier went down. Patrick argues that availability of services deserves equal weight to confidentiality, especially when a supplier outage directly impacts patient care and revenue.

AI adds a new layer of urgency to vendor risk. Vendors are quietly adding AI capabilities to existing products -- sometimes without notifying customers. An EHR platform might add a clinical decision support model as a routine feature update. The health system consuming it may lack the leverage to audit what that model does with patient data. In agentic AI scenarios, where decisions happen without a human in the loop, the consequences are clinical, not just operational.

Patrick's advice for managing AI risk: stop treating it as a fundamentally different category. Layer it into existing security programs, policies, and governance frameworks. The uniqueness lies in how you assess AI risk -- not in abandoning what already works. The industry, he observes, is finally moving past the wait-and-see phase.

The data on HITRUST certification outcomes is compelling. One organization has gone seven to eight years without a security incident by requiring all vendors to achieve HITRUST certification. External vulnerability platforms like SecurityScorecard and RiskRecon independently confirm the pattern: HITRUST-certified vendors score measurably higher. Certified vendors mature over time. Non-certified vendors plateau.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Ryan Patrick, Executive Vice President, TPRM Customer Solutions, HITRUST
https://www.linkedin.com/in/ryan-patrick-3699117a/

RESOURCES

HITRUST: https://hitrustalliance.net
HIMSS 2026 Coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/himss-global-health-conference-amp-exhibition-2026

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Ryan Patrick, HITRUST, Sean Martin, third-party risk management, TPRM, supply chain security, healthcare cybersecurity, HIMSS 2026, AI security, EHR security, vendor risk, HIPAA compliance, CIA triad, supply chain resilience, agentic AI, healthcare data security, brand spotlight, brand marketing, marketing podcast, brand spotlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In a wide-ranging pre-event conversation ahead of RSAC 2026, Daniel Bardenstein, CEO and Co-Founder of Manifest, explores what it means to truly secure the software and AI supply chain — not just check the compliance box. Manifest's new research report, Beyond the Black Box, surveyed more than 300 security and AI leaders globally to understand the reality of AI adoption and software supply chain risk. One of the most striking findings was not a statistic, but a structural problem: a significant perception gap exists between how confident executive security leadership feels about their AI security posture and how unprepared frontline practitioners actually are. Where there is misalignment, Bardenstein notes, there is risk.

The conversation draws a vivid parallel to the cloud adoption wave of a decade ago, when organizations rushed to SaaS and cloud infrastructure without thinking through security implications — and gave birth to entire new industries to clean up the mess. Today, the same dynamic is playing out with AI. Nearly two-thirds of the survey respondents reported encountering shadow AI within their organizations, as employees freely use tools like ChatGPT, DeepSeek, or locally downloaded models without centralized governance. When that AI eventually gets embedded into software that organizations build, deploy, and sell, the blind spots compound.

SBOMs — software bills of materials — represent a promising step toward supply chain transparency, and Bardenstein credits the US government's regulatory nudging for driving adoption. Manifest's research shows that roughly 60% of organizations are now generating SBOMs, a meaningful milestone. But generation is not governance. Too many organizations treat an SBOM as a compliance artifact — a JSON file on a hard drive — rather than an operational tool that could dramatically accelerate vulnerability response, regulatory compliance, and incident management. The prescription has been filled; it's just not being taken.

To reframe the urgency, Bardenstein introduces the concept of the "transparency tax" — the hidden cost organizations pay in time, money, and risk when they build or buy opaque technology. Just as consumers demand ingredient labels on food, Carfax reports on used cars, and active ingredient disclosures on prescriptions, the technology sector needs to normalize the same transparency for software and AI. For organizations willing to do the math, the case for investing in supply chain visibility becomes not just a security argument, but a business one.

Heading into RSAC 2026, Manifest will not have a booth but will be active across the conference floor, meeting with customers, partners, and prospects. Bardenstein will appear on an invite-only panel alongside leadership from Corridor Dev, 1Password, and Google to discuss secure software and secure AI. The team is also planning to announce new platform capabilities designed to close the governance gaps their research surfaced — helping organizations move fast without creating the kind of blind spots that make AI adoption a liability rather than an advantage.

Tune in for this sharp, candid pre-event conversation — and look for the full on-location Brand Spotlight recorded live at RSAC 2026 in San Francisco.

🎙️ This story is part of the RSAC 2026 Coverage Series on ITSPmagazine, produced in partnership with Manifest.

GUEST

Daniel Bardenstein

CEO and Co-Founder, Manifest

https://www.linkedin.com/in/bardenstein/

https://www.manifestcyber.com

RESOURCES

Beyond the Black Box Research Report — Manifest:

https://www.manifestcyber.com

Learn more about Manifest and their software and AI supply chain security platform:

https://www.manifestcyber.com

Learn more about and follow ITSPmagazine's coverage on RSAC 2026:

https://www.itspmagazine.com/rsac-usa-2026-san-francisco-cybersecurity-event-coverage

Catch all of our event coverage:

https://www.itspmagazine.com/technology-cybersecurity-society-podcast-coverage

Want to tell your Brand Story Difference Maker Podcast Story or Advertise with us? 👉 https://www.itspmagazine.com/telling-your-story

KEYWORDS

Daniel Bardenstein, Manifest, Manifest Cyber, software supply chain security, SBOM, AI supply chain, AI risk, RSAC 2026, RSA Conference, Sean Martin, Marco Ciappelli, brand spotlight, brand story, ITSPmagazine, brand marketing, marketing podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Steel Patriot Partners operates on a simple but powerful premise: business owners first, engineers second, compliance professionals third. That philosophy shapes everything from how they engage clients to how they show up at industry events. At RSAC, Parisi's calendar is already full — and intentionally so. The value isn't in the booths. It's in the bilateral trust that forms between peers who cut through the noise to share what's actually working.

And the noise, this year, is particularly loud. AI dominates the conversation in ways that create as much anxiety as excitement — especially for federal cybersecurity professionals whose institutional knowledge feels suddenly uncertain. Parisi addresses this head-on: the question isn't just whether AI will replace jobs, it's whether leaders are having honest conversations with their teams about what's changing and why. The fog of marketing has thickened into what he calls a "fog of truth" — a marketplace where it's increasingly hard to know who actually delivers versus who just pitches well.

This conversation is a preview of what Steel Patriot Partners will be listening for, talking about, and connecting around at RSAC 2026 — from retaining trusted people amid AI disruption, to whether tried-and-true solutions still hold their own against the wave of AI-native platforms. Parisi and the SPP team will also be sitting down with Marco and Sean live on the floor for a deeper follow-up conversation.

Loved this conversation? Share it with someone heading to RSAC 2026 and make sure to connect with Michael Parisi and the Steel Patriot Partners team in San Francisco.

GUEST

Michael Parisi

Chief Growth Officer, Steel Patriot Partners

https://www.linkedin.com/in/michael-parisi-4009b2261/

https://www.steelpatriotpartners.com

RESOURCES

Steel Patriot Partners: https://www.steelpatriotpartners.com

RSAC Conference 2026: https://www.rsaconference.com

✨ A special thank you to our sponsors and supporters: https://itspm.ag/telecom-ts630

_____________________________

Are you interested in telling your story? 👉 https://www.itspmagazine.com/telling-your-story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The forces challenging organizations today are well known: velocity of change, volume of change, and the uncertainty that compounds both. What makes the problem acute is timing. Annual audit cycles and quarterly risk assessments produce reports that reflect a reality that has already shifted by the time decision makers see them. The result is drift between what GRC functions can see and what leadership actually needs to know, and every gap in that visibility carries potential exposure.

Schlarman explains that this reactive posture is exactly what Archer is working to change. Rather than treating risk and compliance as periodic checkboxes, the goal is to build a program that runs continuously, projecting forward as the business expands into new jurisdictions, launches new products, or encounters emerging risks. What are the compliance obligations? How does exposure shift? Archer Evolv is designed to answer those questions in real time, keeping GRC moving alongside the business rather than scrambling to catch up.

Central to Archer's strategy is AI applied with intention. Rather than deploying generic agents, Archer is building what Schlarman calls AI operators: focused, guardrailed tools designed specifically to solve GRC problems. That distinction matters because the complexity of risk and compliance work demands precision, not just automation.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Steve Schlarman, Senior Director, Archer | https://www.linkedin.com/in/steveschlarman/

RESOURCES

Learn more about Archer and the Archer Evolv platform: https://www.archerirm.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Steve Schlarman, Archer, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, GRC, governance risk and compliance, adaptive GRC, integrated risk management, Archer Evolv, AI in GRC, risk management, compliance automation, enterprise risk, risk and compliance strategy

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this edition of Lens Four, Sean Martin looks at the agentic AI landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

🔍 In this episode:

• Why organizations are building human-optional workflows one procurement decision at a time — without ever deciding to
• The five-task AI hiring pipeline and five-task AI legal contracting pipeline — real tools, real companies, real outcome data
• 375+ agentic AI vendors claiming the space, but only ~130 delivering genuine capability — and what that gap means for buyers
• Why "augment, not replace" is a strategy, not a description — and what the accountability gap it creates looks like when something goes wrong
• The agentic orchestration platform emerging from Nintex and Microsoft — and why it splits outcomes between deliberate orgs and accumulators
• The regulatory window that is open right now — and why it won't stay that way

Fourth Lens: The vendors knew what they were building. The buyers didn't ask the right questions. The auditors haven't arrived yet. The organizations that use the remaining window to map what they've assembled — and make explicit decisions about what requires human judgment — will be positioned when the frameworks arrive. The ones that don't will discover that the workflow they built by default is not the workflow they would have chosen under scrutiny.

📖 Read the full Lens Four analysis on seanmartin.com: https://www.seanmartin.com/lens-four/task-by-task-workflows-handing-to-ai-one-decision-at-a-time

🎧 Listen to the Redefining CyberSecurity Podcast conversation with Edward Wu of Dropzone AI at Black Hat USA 2025: https://www.itspmagazine.com/their-stories/dropzone-ai-brings-agentic-automation-to-black-hat-usa-2025-a-drop-zone-ai-pre-event-coverage-of-black-hat-usa-2025-las-vegas-brand-story-with-edward-wu-founder/ceo-at-dropzone-ai

🎧 Listen to the Redefining CyberSecurity Podcast conversation with Subo Guha of Stellar Cyber at RSAC 2025: https://www.itspmagazine.com/their-stories/simplifying-cybersecurity-operations-at-scale-automation-with-a-human-touch-a-brand-story-with-subo-guha-from-stellar-cyber-an-on-location-rsac-conference-2025-brand-story

🎧 Listen to the Redefining CyberSecurity Podcast conversation with Subo Guha of Stellar Cyber at Black Hat 2025: https://www.itspmagazine.com/their-stories/stellar-cyber-revolutionizes-soc-cybersecurity-operations-with-human-augmented-autonomous-platform-at-black-hat-2025a-stellar-cyber-event-coverage-of-black-hat-usa-2025-las-vegas

🎧 Listen to the Random and Unscripted episode — "We're Becoming Dumb and Numb" — with Sean Martin and Marco Ciappelli: https://randomandunscripted.com/episodes/were-becoming-dumb-and-numb-why-black-hat-2025s-ai-hype-is-killing-cybersecurity-and-our-ability-to-think-random-and-unscripted-weekly-update-with-sean-martin-and-marco-ciappelli | 🎬 Watch on YouTube

🔔 Subscribe to the Future of Cybersecurity newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.
Enjoy, think, share with others, and subscribe to Lens Four on seanmartin.com and "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity
Sincerely, Sean Martin and TAPE9

Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️
Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location
To learn more about Sean, visit his personal website.

🔎 Keywords
agentic AI, workflow automation, task-specific AI agents, AI hiring tools, resume screening automation, HireVue, Paradox Olivia, legal AI, Harvey AI, LegalOn, contract review automation, agentic SOC, Dropzone AI, Stellar Cyber, Token Security, AI agent identity, RSAC 2026, Nintex, Microsoft Copilot Studio, agentic orchestration platform, human accountability in AI, agentwashing, AI augmentation vs replacement, AI governance, enterprise AI adoption, Gartner agentic AI, Forrester AI forecast, AI decision accountability, AI regulatory compliance, AI workforce impact

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

HITRUST will be at HIMSS 2026 in Las Vegas, March 9-12, at Booth 11307. Stop playing whack-a-mole with vendor risk -- step into the VR challenge and win prizes. For organizations already holding a HITRUST certification, the team has something else waiting: a trophy recognizing the commitment to independent, external audits and rigorous security standards. For those exploring certification for the first time, the booth is a chance to understand how HITRUST compares to alternatives like SOC 2 questionnaires -- and why scalability and risk reduction make it the stronger choice for supply chain assurance. Kor puts it plainly: the audits are time-consuming and expensive because they are effective. And at the end of the process, someone reads that report and makes real business decisions based on what it contains.

Two major themes converge at this year's event: supply chain risk and AI. HITRUST has already launched an AI security assessment offering, and new CSF releases are on the horizon, including a report center feature enabling online review of assessments for anti-fraud and continuous monitoring purposes. On Tuesday, March 10, 2026, from 11:10 AM to 11:30 AM, Kor will deliver a 20-minute session titled "Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience." The session addresses a rapidly evolving challenge: as organizations build their own generative AI tooling -- or work with third parties that have integrated AI into their products -- questions around data sovereignty, input handling, and model provenance become critical, especially in healthcare where electronic health information is at stake.

Also on the HIMSS 2026 agenda from HITRUST: Ryan Patrick, Executive Vice President of TPRM Customer Solutions, joins John P. Houston of UPMC and Chuck Christian of Franciscan Health for a Brunch Briefing titled "Building Secure, Compliant, and Resilient Healthcare Systems Together" on Tuesday, March 10, 2026, from 10:30 AM to 11:45 AM at Level 1, Casanova 505. The session offers practical strategies, frameworks, and real-world lessons for organizations looking to reduce risk, enhance protection, and advance trust in an evolving threat and regulatory landscape.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Jason Kor, Principal, HITRUST
https://www.linkedin.com/in/securityconsultantcissp/

RESOURCES

HITRUST: https://hitrustalliance.net
Jason Kor Session -- Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience (Tuesday, March 10, 2026, 11:10 AM - 11:30 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMyMTMxOA==
Building Secure, Compliant, and Resilient Healthcare Systems Together -- Brunch Briefing (Tuesday, March 10, 2026, 10:30 AM - 11:45 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMzNzQwMQ==
HIMSS 2026 Global Health Conference and Exhibition: https://www.itspmagazine.com/cybersecurity-technology-society-events/himss-global-health-conference-amp-exhibition-2026

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Jason Kor, HITRUST, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, third-party risk management, TPRM, supply chain risk, healthcare cybersecurity, HIMSS 2026, AI security, generative AI risk, HITRUST CSF, cybersecurity certification, data sovereignty, electronic health information, vendor risk management

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

🔍 In this episode:

• Why identity-driven attacks now account for 65% of initial access and what that means for security programs
• The CISO who replaced the entire SOC with AI-driven automation — and the math behind the decision
• 375 AI security vendors, 58 focused on SOC automation, and over $1.3 billion in funding reshaping the market
• Why "resilience" without a timeframe is just damage control
• The board-CISO communication gap that's pulling budgets in the wrong direction

Sean's Take:
When attackers operate in minutes and defenders plan in quarters, the gap isn't technology — it's assumptions. The organizations closing the 72-minute gap aren't hiring faster. They're rethinking what humans are for and what machines should own.

Catch the full companion article on Lens Four at seanmartin.com for the complete three-lens analysis with all references and data sources.

For CISOs and security leaders: Can your program detect, investigate, and contain a threat in 72 minutes — or are you still measuring in days?
For vendors and product teams: Is your platform solving the operational problem CISOs have today, or selling a vision their program can't execute on?
For marketing and go-to-market teams: Are you connecting your messaging to measurable outcomes — or hiding behind buzzwords like "resilience" and "platform"?

📖 Read the full Lens Four analysis on seanmartin.com: https://www.seanmartin.com/lens-four/72-minute-gap-breaches-vendors-messaging

🎬 Watch the companion video summary — "Why Hackers Beat Your Security in Just 72 Minutes": https://youtu.be/EjsADm7faJ0

🎧 Listen to the Redefining CyberSecurity Podcast conversation with Richard Stiennon on SOC automation: https://redefiningcybersecuritypodcast.com/episodes/soc-automation-and-the-ai-driven-future-of-cybersecurity-defense-a-redefining-cybersecurity-podcast-conversation-with-richard-stiennon-chief-research-analyst-of-it-harvest

🎬 Watch the video version of the Richard Stiennon conversation: https://youtu.be/si_fS4H-d3w

🔔 Subscribe to the Future of Cybersecurity newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.
Enjoy, think, share with others, and subscribe to Lens Four on seanmartin.com and "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity
Sincerely, Sean Martin and TAPE9

Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️
Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location
To learn more about Sean, visit his personal website.

🔎 Keywords
72-minute gap, ai-driven cyberattacks, soc automation, unit 42, incident response, identity-driven attacks, credential theft, iam misconfigurations, cisa workforce, agentic ai, palo alto networks, crowdstrike, google wiz acquisition, cybersecurity spending, platform consolidation, ai security vendors, it-harvest, richard stiennon, gartner cybersecurity trends 2026, forrester predictions, clawjacked, enterprise management associates, board-ciso communication, cybersecurity resilience, managed security services, cyber insurance, redefining cybersecurity podcast, lens four, sean martin, tape9

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived.

Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run.

What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long.

The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost.

The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge.

⬥GUEST⬥

Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/
On LinkedIn: https://www.linkedin.com/in/stiennon/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

IT-Harvest | https://it-harvest.com/
Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/
Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers
RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/
More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast
Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

⬥ADDITIONAL INFORMATION⬥

On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast
On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
Newsletter: https://itspm.ag/future-of-cybersecurity
Contact Sean: https://www.seanmartin.com/

⬥KEYWORDS⬥

richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands.

Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization.

A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere.

The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization.

For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear.

⬥GUEST⬥

Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com
The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/
More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast
Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

⬥ADDITIONAL INFORMATION⬥
✨ More Redefining CyberSecurity Podcast:
🎧 https://www.seanmartin.com/redefining-cybersecurity-podcast
Redefining CyberSecurity Podcast on YouTube:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
📝 The Future of Cybersecurity Newsletter: https://www.linkedin.com/newsletters/7108625890296614912/
Contact Sean Martin to request to be a guest on an episode of Redefining CyberSecurity: https://www.seanmartin.com/contact

⬥KEYWORDS⬥

josh mason, sean martin, speaks security with a business accent, cybersecurity communication, business alignment, penetration testing, risk management, air force cybersecurity, security leadership, mission-driven security, stakeholder communication, security storytelling, noob village, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if the economy isn't broken — just badly designed? Tom Chi, Google X founding member, inventor of 77 patents, and venture capitalist at At One Ventures, joined me on An Analog Brain In A Digital Age to discuss his new book Climate Capital: Investing in the Tools for a Regenerative Future. From the streets of Florence to the strip malls of Silicon Valley, from the mechanics of attention capture to the physics of ecological economics, this conversation goes far beyond climate. It's about how we design the systems we live inside — and whether we have the will to redesign them before it's too late.

📺 Watch | 🎙️ Listen | marcociappelli.com

Article Body

Tom Chi has worked on things that changed the world. Microsoft Office. Web search. The self-driving car. Google Glass. He'll tell you himself that not all of them were hits, and he's fine with that — that's what it means to be an inventor. But what he's working on now is different in scale from anything before. Not a product. Not a platform. A redesign of the global economy.

His new book, Climate Capital: Investing in the Tools for a Regenerative Future, starts from a premise that sounds radical until you think about it for more than a few minutes: economics is a design discipline. And right now, it's poorly designed. Not maliciously — poorly. We built systems optimized for short-term capital extraction, and we're living with the consequences. The question Tom is asking is whether we can redesign them before those consequences become irreversible.

He didn't get there through ideology. He got there through Florence.

Tom was auditing sustainable MBA courses alongside his partner when he was invited to a conference in Italy. He landed, got a day off, wandered the streets — and something clicked. The entire city is built from sustainable materials. And it's one of the most beautiful places on earth. That moment demolished an assumption he didn't even know he was carrying: that sustainable living means downgrading. Florence is a 2,000-year-old counterexample to every joke about Birkenstocks and cold showers. We knew how to do this. We just forgot.

Which brings us to the first big thread of our conversation: the pattern of forgetting. We talked about this in the context of technology, not history. Specifically, how the shift from software you paid for to software supported by advertising quietly changed everything. When you pay for a tool, the goal is to make it better. When the tool is supported by advertisers, the goal is to keep you inside it as long as possible. Clippy used to annoy us because it interrupted our train of thought. Now interrupting our train of thought is the entire business model.

Tom has a phrase for what's happening at scale: cognitive despoiling. We spent the 20th century strip mining the physical resources of the planet. We're spending the 21st century strip mining the cognitive resources of humanity. There's a finite number of coherent thoughts this civilization can produce. And we're burning through them — with misinformation, amygdala triggers, and dopamine loops — the same way we burned through forests and waterways. The damage is invisible because it's underwater, like ocean trawling. But it's real. And it compounds across generations.

This is where I had to push back a little. Because I grew up in Florence. I made the jump to digital. I love my vinyls and I love my streaming library. I'm part of the contradiction he's describing. And I asked him: given all this, where do you even start?

His answer is the most practical thing I've heard in a long time. Start with physical businesses. The ones actually causing most of the damage — to water, soil, air, biodiversity. And here's the part that almost nobody is talking about: 90% of the cost structure of a physical business already aligns ecological and economic goals. Fewer raw materials used means lower feedstock costs and less extraction. Less energy consumed means lower processing costs and fewer emissions. Shorter supply chains mean lower logistics costs and fewer transport emissions. The economy and the ecology are already pointing the same direction on 90% of what matters. The 5% that isn't aligned — pollution — is what the lobbyists fight about. So that's what dominates the news. And that's why we think this is harder than it is.

Tom's firm, At One Ventures, is built around this insight. They invest in what he calls the triad: disruptive deep tech that delivers radically better unit economics and radically better environmental outcomes at the same time. Their portfolio companies don't sell sustainability. They sell efficiency. The ecological benefit is baked in by design. The customers buy it because it's cheaper and better. The planet wins as a side effect.

That's the book. Part toolkit, part framework, part demonstration that the future we need is already technically possible. The Four C's — critical thinking, creativity, compassion, community — are the human skills that will matter most as AI and robotics take over the rest. And the Three Epochs of Ecological Technology are the roadmap from the economy we have to the one that could actually last.

I don't know if we'll get there in time. Neither does Tom. But I left this conversation thinking something I don't think often enough: the design problem is solvable. We just have to decide we want to solve it.

Climate Capital is out now from Wiley. Link below. And if this is the kind of conversation you come here for — subscribe to the newsletter at marcociappelli.com.

— Marco

Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍

____________ About Marco

Marco Ciappelli is Co-Founder & CMO of ITSPmagazine, Co-Founder & Creative Director of Studio C60, Branding & Marketing Advisor, Personal Branding Coach, Journalist, Writer, and Host of An Analog Brain In A Digital Age podcast. Born in Florence, Italy, and based in Los Angeles, he explores the intersection of technology, society, storytelling, and creativity — with an analog brain, in a digital age.

🌎 marcociappelli.com 
 

___________ About the Guest

About the Guest

Tom Chi is a lifelong technologist, inventor, and Google X founding member who contributed to Google Glass, the Waymo self-driving car, and Project Loon. He holds degrees in electrical engineering from Cornell University, is a named inventor on 77 patents, and has held executive roles at Microsoft, Yahoo, and Google. After Google, he mentored 200+ entrepreneurs on global development challenges before professionalizing his investment work at Hack VC and Crosslink Capital. He is now Managing Partner at At One Ventures, a venture firm with a mission to help humanity become a net positive to nature. Climate Capital: Investing in the Tools for a Regenerative Future (Wiley, February 2026) is his first book.

🔗 tomchi.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast

______________________

Episode Notes

Asteroid Mining: The Promise, the Problems, and the Philosophy

Asteroid mining is one of those ideas that cycles in and out of public fascination — generating enormous excitement, then fading when people realize it won't happen within the next news cycle. But the concept never truly disappears, and for good reason.

Near-Earth asteroids, numbering in the millions, contain staggering quantities of precious metals, rare earth elements, and water ice. Ironically, those same materials — iron, gold, platinum, nickel, and dozens of others — were originally delivered to Earth by asteroids during the Late Heavy Bombardment period some four billion years ago. We're essentially talking about going back to the source.

The three main asteroid types — carbonaceous (C-type), silicate (S-type), and metallic (M-type) — each offer distinct resources. Beyond metals, the abundance of water ice in the solar system could relieve pressure on Earth's increasingly stressed freshwater supply and fuel deep-space missions.

Philosophically, the implications are profound. Thomas More and Nietzsche both wrestled with why scarcity drives human value systems. Flood the market with space-borne metals and the entire economic architecture built on scarcity begins to crumble. Orwell saw it too — abundance erodes hierarchy. The first trillionaires born from asteroid mining might find their wealth meaningless almost immediately after making it.

But the darker scenarios deserve equal attention. Redistributing consumption off-world doesn't eliminate it. Space debris, environmental degradation beyond Earth, and the very real risk of exploitative labor structures in off-world operations — echoes of colonialism and indentured servitude — are not science fiction. They're logical extensions of human patterns.

The enthusiasm may ebb and flow, but asteroid mining remains an inevitable chapter in humanity's story. The real question is what kind of story we choose to write around it.

______________________

Resources

______________________

For more podcast Stories from Space with Matthew S Williams, visit: https://itspmagazine.com/stories-from-space-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most couldn't answer it. Not the Fortune 500 companies. Not the government agencies. Not the critical infrastructure operators. Not the hospitals or the banks or the utilities. They had built and bought mountains of software over years and decades, and when the moment came to understand what was actually inside it, they were effectively blind.

That gap is exactly what Daniel Bardenstein set out to close when he co-founded Manifest Cyber in 2023. And in a conversation on ITSPmagazine's Brand Highlight series, he made a case for technology transparency that is hard to argue with — not because it's technically complex, but because the analogy he draws is so strikingly obvious once you hear it.

"If you want to buy a house, you get to go inside the house, do the home inspection," he said. "You want to buy food from the grocery store — you can look at the ingredients. Even our clothes tell you what they're made of, how to care for them, and where they're from." But software? The technology running hospital MRI machines, weapon systems, financial infrastructure, water delivery? No transparency required. No ingredient label. No inspection rights. Just trust.

That trust, as Log4Shell demonstrated, is a vulnerability in itself.

Bardenstein came to this problem with credentials that few founders in the space can claim. Before starting Manifest, he spent four and a half years in the US government leading large-scale cyber programs and serving as technology strategy lead at CISA — the Cybersecurity and Infrastructure Security Agency. He saw firsthand how defenders are perpetually at a disadvantage, operating without the basic visibility they need to do their jobs. His mission became building the tools to change that.

The problem, he's quick to point out, has not improved in the years since Log4Shell. Software supply chain attacks have multiplied — XZ Utils, NPM Polyfill, and others following the same pattern: trusted software becomes the attack vector, and it spreads fast. Meanwhile, most security teams are still operating with SCA tools that generate noisy, overwhelming alerts and vendor risk programs built on Excel spreadsheets and questionnaires rather than actual empirical data about the security of what they're buying.

"Security teams have a false sense of security," Bardenstein said. The gap between what organizations think they know and what they actually know about their software supply chains remains dangerously wide.

Manifest Cyber addresses this across the full lifecycle. For organizations that build software, the platform maps every open source dependency, assesses it for risk, and ensures developers can write more secure code without losing velocity. For organizations that buy software — which is everyone — it finds risks before procurement, then continuously monitors every third party component so that when something breaks, they know the blast radius in seconds, not weeks.

The timing matters. Regulation is catching up to the problem. The EU AI Act, the Cyber Resilience Act, and a growing body of global policy are beginning to demand exactly the kind of software supply chain transparency that Manifest is built to provide. Organizations that wait to build this capability will find themselves scrambling to comply — those that build it in now will have it as a competitive advantage.

The ingredient label for software has always been missing. Manifest Cyber is writing it.
________________________________________________________________

Marco Ciappelli interviews Daniel Bardenstein, CEO & Co-Founder of Manifest Cyber, for ITSPmagazine's Brand Highlight series.

HOST Marco Ciappelli — Co-Founder & CMO, ITSPmagazine | Journalist, Writer & Branding Advisor 🌐 https://www.marcociappelli.com 🌐 https://www.itspmagazine.com

GUEST Daniel Bardenstein, CEO and Co-Founder of Manifest Cyber https://www.linkedin.com/in/bardenstein

RESOURCES Manifest Cyber: https://www.manifestcyber.com

Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS Manifest Cyber, software supply chain security, SBOM, Log4Shell, open source vulnerability, technology transparency, Daniel Bardenstein, CISA, software composition analysis, third party risk, EU Cyber Resilience Act, AppSec

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There's a particular arrogance embedded in how we talk about progress. We speak about innovation as if it moves in one direction only — forward, upward, smarter, faster. But what if the line isn't straight? What if it loops, doubles back, and occasionally vanishes entirely?

That's the uncomfortable question at the center of my conversation with Jack R. Bialik. His book Lost in Time: Our Forgotten and Vanishing Knowledge doesn't read like a history lesson. It reads like a case file — evidence, example by example, that the civilization we assume is the most advanced in human history is also, in some critical ways, deeply amnesiac.

Take cataract surgery. We learned it in the 1700s, right? Except we didn't. Indians were performing it in 800 BC. The ancient Egyptians and Babylonians had diagrams of the procedure dating back to 2,400 BCE. The knowledge existed, worked, and then — somewhere in the chaos of collapsing empires and burning libraries — it vanished. We didn't progress past it. We forgot it, and then reinvented it from scratch, centuries later, convinced we were doing something new.

Or the Baghdad Battery: clay pots, 2,000 years old, that when filled with acid can generate 1.1 volts of electricity. We don't know what they used them for. We don't know who figured it out. We just know it worked, it existed, and then it didn't anymore.

This is what Bialik calls the pattern of loss — and it's not random. It follows catastrophe: the Library of Alexandria, the systematic destruction of Mayan records, the slow erosion of oral traditions as writing systems took over. Knowledge disappears when the systems that carry it collapse. And here's where the conversation gets uncomfortably relevant: we are building those systems right now, and we are not thinking about how long they'll last.

The curator at the Computer History Museum told Bialik that to preserve the data from early IBM PCs and Macintosh computers, they had to print it on paper. The floppy drives had become brittle. The formats were unreadable. The digital archive was failing — and the only solution was to go analog. A vinyl record from the 1920s still plays. A CD from the 1980s may not survive another decade.

I've been thinking about this since we recorded. My brain is analog — that's not just a podcast title, it's a philosophy. I grew up in Florence, surrounded by things that had survived centuries because they were made to last: stone, fresco, manuscript. Then I jumped on the digital train like everyone else, seduced by infinite libraries on my phone, music on demand, knowledge at my fingertips. But what Bialik is pointing out is that fingertips are fragile. And so are hard drives.

The deeper issue isn't storage format. It's the distinction Bialik draws between knowledge and wisdom. Knowledge is the data — the cataract surgery technique, the battery design, the pyramid engineering. Wisdom is knowing why it matters, when to use it, and what the consequences might be. We've gotten extraordinarily good at accumulating knowledge. We are considerably worse at transmitting wisdom. And wisdom, Bialik argues, doesn't live in databases. It lives in the space between people — in stories, in teaching, in the slow transmission of judgment across generations.

That's why oral tradition survived when everything else failed. Not because it was more sophisticated, but because it was more human. It didn't require a device to run on.

I don't know how to solve the digital longevity problem. Neither does Bialik — not yet. But I think the first step is admitting we have one. That's actually one of the quietest, most powerful arguments in the book: be humble. We don't know everything. We never did. And some of the things we've lost might be exactly what we need right now.

The question isn't just what we've forgotten. It's what we're forgetting today, while we're too busy scrolling to notice.

Grab Lost in Time: Our Forgotten and Vanishing Knowledge — link below — and spend some time with a perspective that goes very, very far back. Which is maybe the only way to see very, very far forward.

And if this kind of conversation is what you come here for, subscribe to the newsletter at marcociappelli.com. 

More of this. Less noise.

— Marco Ciappelli

Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍
 

____________ About Marco

Marco Ciappelli is Co-Founder & CMO of ITSPmagazine, Co-Founder & Creative Director of Studio C60, Branding & Marketing Advisor, Personal Branding Coach, Journalist, Writer, and Host of An Analog Brain In A Digital Age podcast. Born in Florence, Italy, and based in Los Angeles, he explores the intersection of technology, society, storytelling, and creativity — with an analog brain, in a digital age.

🌎 marcociappelli.com 

___________ About the Guest

Jack R. Bialik is a technology expert and author with a 40-year career spanning electrical engineering, project management, F-15 fighter simulation for the U.S. Air Force, Nokia, Motorola, and the Department of Homeland Security. Lost in Time: Our Forgotten and Vanishing Knowledge is the result of years of research into the technologies, wisdom, and innovations that vanished from our collective memory — and what that means for our digital future.

🌎 jrbialik.com

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How can agentic AI change the way SOC teams handle alert overload? Guha describes what he calls a "digital army" of AI agents that work around the clock to automate alert triage and catch phishing attacks. The system filters 70 to 80 percent of incoming alerts, allowing analysts to focus on the 20 percent that matter most. With attackers using AI to launch faster and more frequent campaigns, Stellar Cyber takes a human-augmented approach, meaning the AI learns from analyst interactions and continuously guides the SOC team toward faster, more accurate remediation.

Why does this matter for MSPs operating on thin margins? Guha explains that the autonomous SOC capability layered on top of Stellar Cyber's XDR platform allows MSSPs to serve more customers, reduce mean time to repair, and grow their tenant base without proportionally increasing staff. When MSSPs grow revenue, Stellar Cyber grows alongside them, creating a mutually beneficial model that ultimately means more organizations get protected.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Subo Guha, Senior Vice President of Product Management, Stellar Cyber @LinkedIn

RESOURCES

Learn more about Stellar Cyber: https://stellarcyber.ai

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Subo Guha, Stellar Cyber, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, autonomous SOC, agentic AI, security operations, XDR, NDR, MSSP, MSP, alert triage, AI-driven security, Open XDR, Gartner Magic Quadrant, phishing detection, SOC automation

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What does an all-in-one operations platform for live events actually do? Soundcheck Live focuses on four core pillars: booking, scheduling, payments, and coordination. Ikwuagwu explains that every event, regardless of size, comes down to these four elements. The platform provides a centralized dashboard where teams can manage gig details, client communication, and payment information without juggling spreadsheets, text threads, and scattered documents.

How is Soundcheck Live building differently? From day one, the team has built the product around its users. Pilots with bands, production companies, and venues shaped the tool from the ground up. With advances in AI, the feedback loop has accelerated dramatically. Focus group insights that once took weeks to implement now translate into working features in hours, giving users the feeling that the platform is being custom-built for their specific workflows.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Ben Ikwuagwu, CEO & Co-Founder of Soundcheck Live

On LinkedIn: https://www.linkedin.com/in/benjaminikwuagwu/

RESOURCES

Soundcheck Live (Website): https://soundchecklive.io/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Ben Ikwuagwu, Soundcheck Live, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, live events, gig management, event operations, live music, booking platform, freelancer tools, event technology, live entertainment, artist management, talent agencies

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The uncomfortable answer, according to Stigs, is that the fundamental problems haven't changed. At all.

"Honestly, it's still 2015," he said during our most recent conversation on ITSPmagazine's Brand Story series. Not as a metaphor. As a diagnosis. The same misconfigurations, the same weak identity policies, the same unlocked back doors that red teamers were exploiting a decade ago are still wide open today. The apps built in a COVID-era frenzy — pushed out fast, tested never — are now running critical business infrastructure. And the organizations using them are only finding out when something breaks.

What's changed is the surface area. Cloud, AI, Microsoft 365, vibe-coded production apps — each new layer of technology gets adopted at speed, and each one arrives carrying the same original sin: no one turned on the basics. Stigs used Microsoft 365 as a pointed example. Millions of businesses are running on it with DMARC turned off, default configurations untouched, Copilot layered on top, and not a single CIS Benchmark policy applied. "Every client is vulnerable," he said. "Not just 10% of clients. Every client."

That's a striking statement. It's also, if you've been paying attention to breach headlines, not a surprising one.

The AI angle adds a new and almost darkly comedic wrinkle. Vibe coding — the practice of using AI tools like Cursor or Claude to generate production-ready code at speed — has given entry-level developers intermediate-level output. Which sounds great, until you realize that the AI models many of them leaned on were trained on outdated, sometimes vulnerable data. Stigs described visiting multiple clients with nearly identical security weaknesses, all tracing back to the same ChatGPT-generated setup instructions. "You and your neighbor did the same thing," he told one client. That's not just a funny anecdote. It's a warning about what happens when an entire industry bootstraps its infrastructure from the same flawed source.

And yet, Stigs isn't anti-AI. He uses it every day. He just sees it with the clarity of someone who also finds the holes it leaves behind. His prediction for the near future: a massive wave of secure code review requests, as companies start reckoning with the vibe-coded backlog they've been quietly accumulating. AppSec is about to have a very good year.

Looking forward, White Knight Labs is watching the growing intersection of private sector expertise and government infrastructure testing with particular interest. Critical infrastructure in America, long overdue for rigorous physical and embedded testing, is starting to receive that attention. Stigs and his team are already in the room.

What makes White Knight Labs different isn't just technical skill — it's the ability to communicate what they find in language that actually lands. In an industry full of reports that gather dust, that matters. The best penetration test in the world is useless if no one acts on it.

The door is open. It's been open for years. The question is who you call to finally lock it.

To learn more about White Knight Labs, visit their website or reach out directly. Listen to the full conversation on ITSPmagazine.

GUEST

John Stigerwalt
Founder at White Knight Labs | Red Team Operations Leader
https://www.linkedin.com/in/john-stigerwalt-90a9b4110/

RESOURCES

White Knight Labs:  https://whiteknightlabs.com

_____________________________________________________________

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How should security teams approach AI agent identity governance? Shlomo explains that the first step is discovery. Most companies do not know what their AI agent inventory looks like, and without that baseline, effective governance is impossible. The good news, he notes, is that agents do not suffer from politics. They do exactly what they are told and operate within the boundaries they are given. That predictability makes the challenge more manageable if the right tooling is in place.

What makes an effective access policy for AI agents? Rather than relying on prompt filtering or output controls that add latency and friction, Shlomo advocates for intent-based permission models that scope each agent to access only what it needs, when it needs it. He frames the prioritization process as a matrix of access and autonomy, where the agents with the highest levels of both deserve immediate attention. For business leaders, the visibility that comes from this approach also reveals waste and inefficiency, highlighting departments and services that are not delivering on their intended value. To learn more about how to identify, govern, and secure AI agent identities, connect with the Token Security team and follow Ido Shlomo for practical guidance.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Ido Shlomo, Co-Founder & CTO of Token Security
On LinkedIn: https://il.linkedin.com/in/ido--shlomo

RESOURCES

Token Security (Website): https://www.token.security/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Ido Shlomo, Token Security, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI agent identity, non-human identity, identity governance, AI agent security, identity risk, least privilege, AI agent access, machine identity, NHI security, AI agent inventory, intent-based access

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There's something poetic about a technology born to help people with muscular dystrophy finding its second life on factory floors and logistics warehouses. That's the story of Agade, an Italian deeptech startup that began as a research project at Politecnico di Milano and evolved into something far more ambitious: a mission to preserve human craftsmanship in an age of automation.

I sat down with Lorenzo Aquilante, CEO and co-founder of Agade, to talk about their journey from healthcare innovation to industrial exoskeletons—and what it was like showcasing their latest product at CES 2026.

The origin story matters here. Back in 2017, researchers at Politecnico di Milano started developing exoskeletons for people affected by muscular dystrophy. They created something different—a semi-active model powered by AI that recognizes when a user is lifting and responds accordingly. It wasn't just about motors and sensors. It was about intelligence.

Then companies came knocking. Manufacturing firms, logistics operations, industries where human workers still matter because their skills, experience, and judgment can't be replaced by machines. They saw potential. Why not use this technology to protect the people doing the heavy lifting—literally?

Agade was founded in 2020 with a clear mission: preserve craftsmanship against the physical toll of material handling. Not replace humans. Protect them.

The company now has two products. The first, launched in 2024, focuses on shoulder assistance. The second—the one they brought to CES 2026—targets the lower back, which makes sense when you consider that back pain is practically an occupational hazard for anyone moving materials all day.

What makes Agade's approach different is that semi-active AI system. The exoskeleton knows when you're lifting. It responds. It's not just a passive brace or a fully motorized suit that takes over. It's somewhere in between—smart enough to help, light enough to wear all day.

Lorenzo emphasized something that resonated with me: the importance of feedback. From day one, Agade has been obsessed with real-world testing. Not lab conditions. Actual workers doing actual jobs. Because the buyer isn't the user—companies purchase these for their employees—and that creates a unique dynamic. You need both sides to believe in the technology.

The CES experience brought that home. There's always the initial wow factor when someone sees a wearable robot with motors and sensors. But the real work happens after the demo, when users tell you what needs to improve. That's where the collaboration lives.

And here's what struck me most about this conversation: Agade isn't trying to remove humans from the equation. They're trying to keep humans in it longer, healthier, and more capable. In a world racing toward full automation, there's something refreshing about a company betting on human skill—and building technology to protect it.

The products are available globally. You can reach Agade through their website at agadexoskeletons.com, find them on LinkedIn and other social channels, and even arrange trials before committing to a purchase.

For those of us watching the intersection of AI, robotics, and human labor, Agade represents a different path. Not humans versus machines. Humans with machines. Tools that amplify rather than replace.

That's a story worth telling.

Marco Ciappelli interviews Lorenzo Aquilante, CEO & Co-Founder of Agade, for ITSPmagazine's Brand Highlight series following CES 2026.

>>> Marcociappelli.com

GUEST

Lorenzo Aquilante, CEO and co-founder of Agade
https://www.linkedin.com/in/lorenzo-aquilante-108573b0/

RESOURCES

AGADE: https://agade-exoskeletons.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS
Agade, exoskeleton, CES 2026, wearable robotics, AI, future of work, industrial exoskeleton, made in Italy, workplace safety, deeptech, robotics.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What is the KEV catalog and who is it really for? The KEV is mandated by Binding Operational Directive 22-01 (BOD 22-01), which tasks CISA with identifying vulnerabilities that are known to be exploited and have an available fix. Its primary audience is federal civilian executive branch agencies, but because the catalog is public, organizations everywhere use it as a prioritization signal. Beardsley notes that inclusion on the KEV requires a CVE ID, evidence of active exploitation, a patch or mitigation, and relevance to federal interests, meaning zero-day vulnerabilities and end-of-life systems without CVEs never appear.

How should organizations think about KEV entries that are not equally dangerous? Beardsley explains that only about a third of KEV-listed vulnerabilities represent straight-shot remote code execution with no user interaction and no authentication required. The rest span a wide spectrum of severity. EPSS data reveals an inverse bell curve: many KEV entries have extremely low probabilities of exploitation in the next 30 days, while others cluster at the high end with commodity exploits widely available. This means treating every KEV entry as equally critical leads to wasted effort and alert fatigue.

That gap between the catalog and real-world decision-making is exactly what KEVology addresses. The research, produced by Beardsley at runZero, enriches KEV data with CVSS metrics, EPSS scores, exploit tooling indicators, and ATT&CK mappings to help security teams filter and prioritize vulnerabilities based on what actually matters to their environment. Rather than prescribing a single priority list, KEVology treats the KEV as data to be analyzed, not doctrine to be followed blindly.

To make this analysis accessible and interactive, runZero built KEV Collider, a free, daily-updated web application at runzero.com/kev-collider. The tool lets defenders sort, filter, and layer multiple risk signals across the entire KEV catalog. Because every filter combination is encoded in URL parameters, teams can bookmark and share custom views with colleagues instantly. Beardsley describes KEV Collider as an evergreen companion to the research, updating automatically as new vulnerabilities are added to the catalog each week.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Tod Beardsley, Vice President of Security Research at runZero
On LinkedIn: https://www.linkedin.com/in/todb/

RESOURCES

Learn more about runZero: https://www.runzero.com
KEVology research report: https://www.runzero.com/resources/kevology/
KEV Collider: https://www.runzero.com/kev-collider/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Tod Beardsley, runZero, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, KEVology, KEV Collider, CISA KEV, vulnerability management, exploit scoring, EPSS, CVSS, vulnerability prioritization, exposure management, BOD 22-01, known exploited vulnerabilities, cybersecurity risk, patch management

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How does semantic chaining work? Pignati explains that the attack uses a single prompt composed of several parts. It begins with a benign scenario, such as a historical or educational context. A second instruction asks the model to make an innocent modification, like changing the color of a background. The final, critical step introduces a malicious directive, instructing the model to embed harmful content directly into the generated image. Because image-generation models apply fewer safety filters than their text-based counterparts, the harmful instructions are rendered inside the image without triggering the usual safeguards.

The NeuralTrust research team tested semantic chaining against prominent models including Gemini Nano Pro, Grok 4, and Seedream 4.5 by ByteDance, finding the attack effective across all of them. For enterprises, the implications extend well beyond consumer use cases. Pignati notes that if an AI agent or chatbot has access to a knowledge base containing sensitive information or personal data, a carefully structured semantic chaining prompt can force the model to generate that data directly into an image, bypassing text-based safety mechanisms entirely.

Organizations looking to learn more about semantic chaining and the broader landscape of AI agent security can visit the NeuralTrust blog, where the research team publishes detailed breakdowns of their findings. NeuralTrust also offers a newsletter with regular updates on agent security research and newly discovered vulnerabilities.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Alessandro Pignati, AI Security Researcher, NeuralTrust
On LinkedIn: https://www.linkedin.com/in/alessandro-pignati/

RESOURCES

Learn more about NeuralTrust: https://neuraltrust.ai/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Alessandro Pignati, NeuralTrust, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, semantic chaining, image jailbreak, AI security, agentic AI, multimodal AI, LLM safety, AI red teaming, prompt injection, AI agent security, image-based attacks, enterprise AI security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Crogl builds what Merza describes as a "superhero suit" for SOC analysts. The platform investigates every alert in depth, working across multiple data lakes without requiring data normalization, and escalates only the issues that require human judgment. But the conversation here goes beyond any single product. Merza explains that the motivation for creating the AI SOC Summit came directly from community feedback. Security teams across enterprises are trying to determine what to buy, what to build, and how to govern AI in their environments, and they need a transparent, practical space to share those experiences.

How are threat actors changing the game with agentic AI? Merza points to two critical shifts. First, adversaries are now conducting campaigns using agentic systems, which means defenders need to operate at the same speed. Second, the barrier to entry for sophisticated attacks has dropped significantly because agentic systems handle much of the technical detail, from crafting convincing phishing emails to automating post-exploitation activity. The implication is clear: security teams that do not adopt AI-driven capabilities risk falling behind attackers who already have.

The AI SOC Summit, hosted March 3rd at the Hyatt Regency in Tysons, Virginia, is structured to serve the practitioners who are doing the daily work of security operations. The morning features keynotes from CISOs sharing what is working and what is not, along with perspectives on AI governance and privacy. The afternoon splits into two tracks: talk sessions from startups and established companies, and a five-and-a-half-hour hackathon where attendees get free access to frontier AI models and tools to experiment hands-on with real security data.

Who should attend the AI SOC Summit? Merza identifies four key personas. SOC analysts at every tier who are buried in alert triage. Security engineers deploying AI-driven and traditional tools who want to see how other enterprises are rationalizing their investments. Incident responders and threat hunters who need to understand how to track agentic activity rather than just human activity. And builders, the security teams prototyping and testing AI capabilities in-house, who want to learn from what others have tried, what has failed, and what constraints can be overcome.

What sets this event apart from the typical conference experience? The AI SOC Summit is intentionally vendor-agnostic. Sponsors range from reseller partners serving government organizations to household names like Splunk and Cribl, but the focus stays on community learning rather than product pitches. Many organizations still restrict employee access to frontier models and agentic systems, and the summit provides a space where attendees can kick the tires on these technologies without worrying about tooling costs or corporate restrictions. The goal is for every participant to leave with something practical they can take back and apply to their work immediately.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Monzy Merza, Co-Founder and CEO, Crogl [@monzymerza on X]
https://www.linkedin.com/in/monzymerza

RESOURCES

Crogl: https://www.crogl.com
AI SOC Summit: https://www.aisocsummit.com/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Monzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC Summit, AI SOC agent, security operations center, agentic AI, autonomous security, threat detection, SOC analyst, incident response, threat hunting, security engineering, AI governance, cybersecurity community, hackathon, frontier AI models, agentic speed, security automation

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How did Chris Buck and Yamaha land on the right pickups for the RS02CB? Buck explains that the pickups were the centerpiece of the collaboration, with the team working through countless iterations of magnet types, wire specifications, and voicing options. The result is a set of custom P90-style pickups that deliver the dynamic, responsive tone he has built his sound around. The wraparound tailpiece, a feature less common on modern instruments, adds sustain and directness to the signal path, contributing to the guitar's massive volume and resonance.

What makes the RS02CB stand apart from other Revstar models? Buck highlights a three-way pickup selector switch instead of the five-way found on the current generation of Revstars, along with custom inlays and his own signature squiggle on the back of the headstock. He caps the conversation by playing a lick that shows exactly what the guitar can do, leaving no doubt about the instrument's character and capability.

This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Chris Buck, Yamaha Signature Artist | On Instagram: @chrisbuckguitar | Website: https://www.chrisbuckguitar.shop/

RESOURCES

Yamaha: https://usa.yamaha.com/

Yamaha RS02CB Chris Buck Signature Revstar: https://usa.yamaha.com/products/musical_instruments/guitars_basses/el_guitars/rs02cb/index.html

Part of ITSPmagazine's On Location Coverage at NAMM 2026. 🌐 https://www.itspmagazine.com/the-namm-show-2026-namm-music-conference-music-technology-event-coverage-anaheim-california

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

More From Sean Martin

More from Music Evolves: https://www.seanmartin.com/music-evolves-podcast

Music Evolves on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllTRJ5du7hFDXjiugu-uNPtW

Music Evolves: Sonic Frontiers Newsletter | https://www.linkedin.com/newsletters/7290890771828719616/

Line of Sight Newsletter | https://www.linkedin.com/newsletters/7400591548452667392/

ITSPmagazine YouTube Channel: https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

KEYWORDS

Chris Buck, Yamaha, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, Yamaha Revstar, RS02CB, signature guitar, P90 pickups, NAMM 2026, Cardinal Black, wraparound tailpiece, electric guitar, guitar design, custom pickups, signature artist

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

John Morgan Salomon said something during our conversation that I haven't stopped thinking about. We were discussing encryption, privacy laws, the usual terrain — and he cut through all of it with five words: "It's none of your goddamn business."

Not elegant. Not diplomatic. But exactly right.

John has spent 30 years in information security. He's Swiss, lives in Spain, advises governments and startups, and uses his real name on social media despite spending his career thinking about privacy. When someone like that tells you he's worried, you should probably pay attention.

The immediate concern is something called "Chat Control" — a proposed EU law that would mandate access to encrypted communications on your phone. It's failed twice. It's now in its third iteration. The Danish Information Commissioner is pushing it. Germany and Poland are resisting. The European Parliament is next.

The justification is familiar: child abuse materials, terrorism, drug trafficking. These are the straw man arguments that appear every time someone wants to break encryption. And John walked me through the pattern: tragedy strikes, laws pass in the emotional fervor, and those laws never go away. The Patriot Act. RIPA in the UK. The Clipper Chip the FBI tried to push in the 1990s. Same playbook, different decade.

Here's the rhetorical trap: "Do you support terrorism? Do you support child abuse?" There's only one acceptable answer. And once you give it, you've already conceded the frame. You're now arguing about implementation rather than principle.

But the principle matters. John calls it the panopticon — the Victorian-era prison design where all cells face inward toward a central guard tower. No walls. Total visibility. The transparent citizen. If you can see what everyone is doing, you can spot evil early. That's the theory.

The reality is different. Once you build the infrastructure to monitor everyone, the question becomes: who decides what "evil" looks like? Child pornographers, sure. Terrorists, obviously. But what about LGBTQ individuals in countries where their existence is criminalized? John told me about visiting Chile in 2006, where his gay neighbor could only hold his partner's hand inside a hidden bar. That was a democracy. It was also a place where being yourself was punishable by prison.

The targets expand. They always do. Catholics in 1960s America. Migrants today. Anyone who thinks differently from whoever holds power at any given moment. These laws don't just catch criminals — they set precedents. And precedents outlive the people who set them.

John made another point that landed hard: the privacy we've already lost probably isn't coming back. Supermarket loyalty cards. Surveillance cameras. Social media profiles. Cookie consent dialogs we click through without reading. That version of privacy is dead. But there's another kind — the kind that prevents all that ambient data from being weaponized against you as an individual. The kind that stops your encrypted messages from becoming evidence of thought crimes. That privacy still exists. For now.

Technology won't save us. John was clear about that. Neither will it destroy us. Technology is just an element in a much larger equation that includes human nature, greed, apathy, and the willingness of citizens to actually engage. He sent emails to 40 Spanish members of European Parliament about Chat Control. One responded.

That's the real problem. Not the law. Not the technology. The apathy.

Republic comes from "res publica" — the thing of the people. Benjamin Franklin supposedly said it best: "A republic, if you can keep it." Keeping it requires attention. Requires understanding what's at stake. Requires saying, when necessary: this is none of your goddamn business.

Stay curious. Stay Human.

 Subscribe to the podcast. And if you have thoughts, drop them in the comments — I actually read them.

Marco Ciappelli

Subscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.

> https://www.linkedin.com/newsletters/7079849705156870144/

Marco Ciappelli: https://www.marcociappelli.com/

John Salomon 
Experienced, international information security leader. vCISO, board & startup advisor, strategist.
https://www.linkedin.com/in/johnsalomon/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Most organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.

In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.

Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.

The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.

For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.

Host

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

Guest(s)

Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/

Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/

Resources

Learn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlson

Learn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurity

Cybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Keywords

dr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Walking into the Taylor booth at NAMM 2026 felt like stepping into a sonic candy store. Jim Kirlin's words, not mine—but he's right.

I sat down with Jim to talk about what Taylor is bringing to the table this year, and it comes down to two distinct directions: the Next Generation Grand Auditorium series and the Gold Label Collection. Modern innovation on one side, vintage inspiration on the other.

The Next Gen guitars build on Taylor's flagship Grand Auditorium—that versatile middle-size body that works for everything from fingerpicking to strumming. But they've added three significant upgrades.

First is the Action Control Neck. It's a patented design with a long tenon joint that enhances resonance and tonal transfer between neck and body. More importantly, it lets players adjust string height in seconds through the sound hole. Climate changes, different venues, personal preference—you can dial it in on the fly. That's the kind of player-centric thinking that removes obstacles from the playing experience.

Second is Scalloped V-Class Bracing. Andy Powers introduced V-Class back in 2018, and this evolution adds warmth and low end while maintaining that clear, balanced Taylor articulation. You get more of everything without losing what makes a Taylor sound like a Taylor.

Third is the new Claria Pickup system. It's discreet—sound hole mounted with volume, mid contour, and tone controls. The goal was simplicity. Plug in, play, express yourself. No fussing with complicated setups depending on the venue. Just reliable amplified sound wherever you are.

Then there's the Gold Label Collection—a completely different approach.

These are non-cutaway guitars with traditional styling inspired by instruments from the 1930s and 40s. Andy Powers designed them to broaden Taylor's tonal palette and reach players who've never been drawn to the brand before.

The new square shoulder dreadnought caught my attention. Deeper body dimensions than a traditional Taylor dread, with serious lung capacity inside. You strum those chords and feel the low end push back. Fan V-Class Bracing gives it projection and response that traditional dreadnought fans will appreciate.

There's also round shoulder dreadnoughts and super auditoriums—the latter based on the Grand Auditorium but with all the curves pushed out for more air mass. Many feature torrified tops that give them an aged, played-in character right out of the case.

The headstock shape is different. The logo styling is older. It's Taylor paying respect to tradition while still building with modern precision.

What struck me most was how intentional both directions are. Taylor isn't abandoning their modern sound—they're expanding what's possible. Next Gen for players who want cutting-edge innovation. Gold Label for players who want vintage warmth and resonance.

Two paths. Same commitment to removing obstacles and inspiring players.

That's 50 years of guitar making at work.

Sean Martin interviews Jim Kirlin from Taylor Guitars at NAMM 2026 for ITSPmagazine.

__________________________

This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUESTS

Jim Kirlin
Editorial Director at Taylor Guitars

RESOURCES

Learn more about Taylir Guitars Strings Guitars: https://www.taylorguitars.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

I've been away from Florence for 25 years. I didn't know there was a guitar company like this back home.

At NAMM 2026, I found Filippo Martini from Paoletti Custom Guitars—a boutique manufacturer based in the heart of Tuscany, building instruments that are equal parts guitar and artwork.

Paoletti does something no one else does: they build guitars from chestnut wood sourced from Italian wine barrels. The material offers a wide harmonic spectrum, but it's difficult to work with. You need to know how to handle it. Founder Fabrizio Paoletti figured it out, and now every guitar they produce shows the natural grain—no opaque finishes, no hiding the wood.

The craftsmanship runs deep. Bridges, pickguards, pickups—all made in-house. Necks carved from Canadian maple, roasted on-site. 99% of the process happens in Tuscany. As Filippo put it, "Kilometer zero." Zero miles. Everything local except the screws.

Their model is 100% custom. You don't buy a Paoletti off the rack. You tell them your style, your sound, the genre you play. They build around your vision while keeping the Italian essence intact—chestnut wood, Italian-made components, tailored to your idea.

But what stopped me cold was the Duomo collection.

Eight individual guitars, each hand-engraved by Fabrizio Paoletti himself. Three years of work. The subject: Florence's cathedral—the Duomo di Santa Maria del Fiore.

This isn't just decoration. Paoletti secured an official partnership with the Opera del Duomo, the authority that oversees the cathedral. The back of each guitar reproduces the marble floor pattern from inside the Duomo. And when the collection is complete this October, every guitar will contain an actual piece of marble from the cathedral.

I got shivers standing there.

This is what happens when guitar making meets Italian heritage. It's not about specs or market positioning. It's about place, history, and craft passed down through generations.

Filippo invited me to visit the workshop in Florence when I return in April. I'm going. I want to see where this happens—where wine barrel wood becomes an instrument, where cathedral marble gets embedded into a guitar body, where a team of artisans builds one-of-one pieces for players around the world.

Florence is known for many things. Leather. Art. Architecture. The Renaissance itself. Now I know it's also home to some of the most distinctive guitars being made anywhere.

Paoletti proves that boutique doesn't mean small ambitions. They're partnering with galleries in Dubai, working with the Duomo authorities, and bringing Florence to NAMM.

Not bad for a company I didn't even know existed until I walked the show floor and heard an Italian accent.

Sometimes you find home in unexpected places.

Marco Ciappelli interviews Filippo Martini from Paoletti Custom Guitars at NAMM 2026 for ITSPmagazine.

Part of ITSPmagazine's On Location Coverage at NAMM 2026.

🌐 https://www.itspmagazine.com/the-namm-show-2026-namm-music-conference-music-technology-event-coverage-anaheim-california

__________________________

This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Filippo Martini 
Managing DIrector at Paoletti Guitars | Florence | Tuscany | Italy

RESOURCES

Learn more about Paoletti Guitars: https://www.paolettiguitars.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Some brands chase nostalgia. Yamaha builds forward.

At NAMM 2026, I spoke with Andy Winston to talk about 60 years of Yamaha guitar design—and why this company keeps delivering instruments that punch way above their price point.

The conversation started with the Chris Buck Signature Revstar. Buck is the guitarist for Cardinal Black, and he's earned his own model. The specs tell the story: overwound P90 pickups for a hotter sound, wraparound tailpiece with adjustable saddles, stainless steel frets, lightweight tuners, and those old-school inlays from the first-generation Revstar. No boost circuit. Buck wanted it stripped to essentials.

Then Andy dropped a tease: Matteo Mancuso is getting his own Revstar this summer. The Italian virtuoso. That's a statement.

We moved to the new Pacifica SC—Yamaha's answer for T-style players. Humbucker in the neck, single coil in the bridge, and pickups designed in partnership with Rupert Neve's team. The boost circuit under the bridge pickup gives you five sounds from two pickups. Made in Indonesia at $999 or Made in Japan with compound radius fretboard and IRA wood treatment at $2,199.

I bought my nephew a Pacifica. Entry level, around $200. It works. That's Yamaha's philosophy—you can start at $200 and work your way up to a Mike Stern signature model without ever leaving the family.

But here's what stuck with me.

Andy said something that defines Yamaha's approach: "We don't do reissues. You're never gonna see us reissue a 1972."

Sixty years of guitar history, and they're not looking backward. The Revstar draws inspiration from the 1970s Super Flight, sure—but it's chambered mahogany, tuned to eliminate harsh mid-range frequencies. Yamaha builds pianos, violins, marimbas. They know how to tune wood. They apply that knowledge to electric guitars in ways other companies don't.

The BB Bass series came next. String-through body with 45-degree break angle. Extra bolts pulling the neck tight into the pocket. A maple stripe running through the center of the body for note response. Active/passive switching. Five-ply neck. Professional features at prices that don't require a car payment.

"We give people more instrument than what a price tag says," Andy told me.

That's not marketing. That's mission.

Before we wrapped, Andy shared a personal story. In 1977, hair down to his shoulders, bell bottoms on, his mom decided he was serious about guitar. She bought him a Yamaha FG-75. His first real acoustic. He doesn't have that one anymore, but he found a replacement. Had to.

That's brand loyalty earned over decades. Not through heritage mythology—through instruments that work, that last, that give players what they need without emptying their wallets.

Sixty years of guitar design. No reissues. Just forward.

Yamaha keeps proving that innovation and accessibility aren't mutually exclusive.

Marco Ciappelli interviews Andy Winston from Yamaha at NAMM 2026 for ITSPmagazine.

Part of ITSPmagazine's On Location Coverage at NAMM 2026.

🌐 https://www.itspmagazine.com/the-namm-show-2026-namm-music-conference-music-technology-event-coverage-anaheim-california

__________________________

This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight

GUEST

Andy Winston
Product Training Specialist at Yamaha

RESOURCES

Learn more about Yamaha Guitars: https://www.yamaha.com/

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.