• A new AI model upends everything you thought you knew about cybersecurity
• A dozen companies. Thousands of zero-days. One secret patch sprint.
• And state-sponsored hackers want what Mythos has — so they're already building it.

And Trupti Shiralkar joins us to unpack trust and AI.

Head to The Zero Trust Hub: hub.illumio.com

Get the Industry’s First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 

They tackle a critical question: If organizations are spending more than ever on cybersecurity, why are outcomes getting worse? Drawing from her experience protecting some of the most sensitive systems in the world, Theresa challenges conventional thinking around security frameworks, compliance, and the industry’s overreliance on checklists.

The conversation dives into:

• Why the current cybersecurity model is fundamentally broken—and what needs to change
• The growing gap between security spending and real-world outcomes
• How AI is reshaping the threat landscape as both a powerful tool and a potential insider risk
• Why designing for the human user—not just the buyer—is key to better security
• The overlooked importance of data classification in a post-quantum future
• Practical ways teams can begin “reimagining” security, even with limited time and resources

Theresa also shares behind-the-scenes insights from her time at the White House, including a surprising story that highlights just how personal—and nuanced—cybersecurity can be.

At its core, this episode is a call to action: to move beyond compliance, rethink outdated approaches, and build a more human-centered, resilient future for cybersecurity.

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Your JavaScript library just phoned North Korea.
• New details on last year’s banking software breach amid a flurry of lawsuits.
• And Team PCP hackers breach the EU through a tool…built to stop hackers. 

John Kindervag joins to talk about the latest Zero Trust push out of Washington.

Head to The Zero Trust Hub: hub.illumio.com

Get the Industry’s First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 

• ShinyHunters scales up its Salesforce extortion campaign, hitting major targets around the globe.
• Zero-day exploits aren’t cool. Do you know what’s cool? Negative-day exploits.
• And it’s sunshine and cyber alerts for the Golden State as California municipalities face disruptive attacks.

And Gary Barlet joins us to unpack RSAC 2026 and the AI buzz. 

Head to The Zero Trust Hub: hub.illumio.com

Get the Industry’s First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 

In this episode of The Segment, host Raghu Nandakumara sits down with Timothy Kromphardt, Senior Threat Researcher at Proofpoint to explore how modern scams actually work behind the scenes. Tim spends his days engaging directly with threat actors—sometimes for months at a time—to understand how fraud campaigns operate, how scammers build trust, and how they ultimately convince victims to hand over money or sensitive information.

Together, they unpack the mechanics of today’s most common scams, including TOAD (telephone-oriented attack delivery) attacks, business email compromise, and the increasingly sophisticated “pig butchering” investment scams that can drain victims’ life savings after months of relationship-building.

Together, Raghu and Tim unpack:

• Why social engineering continues to succeed—even as security technology improves
  
   
• How pig butchering scams build trust over months before stealing massive sums
  
   
• What happens when researchers directly engage with scammers
  
   
• Why AI is helping attackers scale operations—but not necessarily replace humans
  
   
• Practical steps organizations and individuals can take to reduce their risk

If you’ve ever wondered how scammers actually operate—or why even highly successful professionals sometimes fall victim—this episode offers a rare inside look at the human side of cybercrime.

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• The 3.4 million records exposed in massive healthcare tech breach
• Federal officials hunt for answers in the wake of Iran’s attack on Stryker
• Why cybercriminals are ditching malware for phone calls

And Christer Swartz joins us for a Boos and Bravos segment! 

Head to The Zero Trust Hub: hub.illumio.com

Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration

• As many as two hundred thousand devices wiped clean by Iranian hackers.
• A new class of malware uses AI to rewrite its own source code.
• And confidence vs. reality: New research shows that most security teams can’t stop a breach in real-time.

And John Kindervag argues that most cybersecurity incidents aren’t caused by a lack of technology — they’re caused by bad policy. Read his full article here: https://www.linkedin.com/pulse/cybersecurity-has-resilience-problem-tool-john-kindervag-hyxaf/?trackingId=jguODXNgCbhRZs5puz%2B18Q%3D%3D

Head to The Zero Trust Hub: hub.illumio.com

Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration

In this episode of The Segment, host Raghu Nandakumara sits down with Joshua Woodruff, Founder & CEO of Massive Scale AI, to explore what it really takes to adopt AI, especially agentic AI, without putting your business at risk.

Josh brings nearly 30 years of experience across security, cloud, and IT transformation, advising organizations from startups to Fortune 100 enterprises. As a zero trust thought leader, co-lead of the Cloud Security Alliance Zero Trust Working Group, and author of Agentic AI + Zero Trust, Josh shares why AI isn’t just another tools-led transformation—it’s a fundamental re-engineering of how work gets done.

Together, Raghu and Josh unpack:

• Why AI should be viewed as “commoditized intelligence,” not a human replacement
  
   
• The unique security challenges of stochastic, non-deterministic AI systems
  
   
• How Zero Trust provides a business-aligned foundation for securing AI and data
  
   
• What it means to treat AI agents like digital employees—with identities, guardrails, and codes of conduct
  
   
• Real-world examples of AI agents going off the rails—and how to prevent it
  
   
• Josh’s five-question “Agentic Trust Framework” for securing autonomous AI systems
  
   
• Why security teams have a rare opportunity to become true enablers of AI-driven transformation

If you’re a business leader, technologist, or security professional grappling with how to move fast on AI without breaking trust, this episode offers a clear, practical, and grounded roadmap for doing AI right—securely, responsibly, and at scale.

Resources Mentioned:

https://www.amazon.com/Agentic-AI-Zero-Trust-Business-ebook/dp/B0FL2WJQVQ

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Google unmasks an advanced — maybe government-leaked — exploit kit targeting Apple devices.
• Iran’s Muddy Waters hacking group is shaping up to be a clear threat to U.S. networks.
• And the White House signals that the best cyber defense might be cyber offense.

And Aishwarya Ramani on this year’s International Women’s Day theme — and why empowering women in cybersecurity gives the entire industry momentum. 

Head to The Zero Trust Hub: hub.illumio.com

Register for Hard Truths in Cybersecurity: Fear, Liability, and the Industry’s Biggest Lies: https://www.illumio.com/resources/events/rsac-2026-registration

• Security leaders brace for an epic backlash to U.S. and Israeli attacks on Iran.
• Meanwhile, Iran’s domestic internet cutoff provides a threat intel goldmine for defenders.
• And CISA gets a new leader as the agency navigates more than a year of internal turmoil.

And Christer Swartz joins us to bust a cybersecurity myth!  

Head to The Zero Trust Hub: hub.illumio.com

Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

In this episode of The Segment, host Raghu Nandakumara sits down with Phil Park, global cybersecurity and risk leader at IBM. With more than 25 years advising financial institutions across the U.S., Europe, and Asia-Pacific, Phil brings a practical perspective on how supervision is rapidly evolving from compliance checklists to real-world operational readiness.

Together, Raghu and Phil unpack the industry’s biggest mindset shift: regulators no longer ask “Are you protected?” — they ask “Can you operate through disruption?”

They explore why prevention alone is no longer enough, why containment and recovery now define security maturity, and how CISOs are moving from siloed operators to enterprise-wide risk leaders accountable to boards and regulators alike.

The conversation also dives into:

• Why regulators evaluate response quality rather than technical perfection
  
   
• How organizations are turning tabletop exercises into realistic resilience testing
  
   
• The growing pressure created by third-party and supply-chain dependencies
  
   
• Why evidence and outcomes matter more than policies and frameworks
  
   
• How overlapping reporting requirements are reshaping incident response playbooks
  
   
• The double-edged role of AI in both defense and attack, including deepfake risks
  
   
• Why security fundamentals matter even more in the AI era
  
   

This episode is a must-listen for security leaders and executives navigating a world where passing the audit is no longer the goal — proving you can withstand disruption is.

Also, if you’re attending FSISAC, join Illumio, IBM, and Palo Alto Networks for an exclusive dinner at Capital Grille! Save your seat here: https://lp.illumio.com/20260302-Steak-And-Security-Dinner.html?utm_medium=email&utm_source=marketo

• Hackers hijack nearly half a million dollars in New York school fraud.
• Government agencies breached after attackers exploit Ivanti zero-day vulnerability.
• And state-backed hackers weaponize generative AI to sharpen cyber operations.

And Christer Swartz joins us to unpack this month's Boos and Bravos. 

Head to The Zero Trust Hub: hub.illumio.com

Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

• Hackers hijack nearly half a million dollars in New York school fraud.
• Government agencies breached after attackers exploit Ivanti zero-day vulnerability.
• And state-backed hackers weaponize generative AI to sharpen cyber operations.

And Michael Adjei explains why the cybersecurity “talent shortage” might actually be an allocation problem.

Head to The Zero Trust Hub: hub.illumio.com

Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

Ross brings a pragmatic, business-first lens to cybersecurity, cutting through hype, buzzwords, and so-called “silver bullets” to focus on what actually works in the real world. Together, they explore why breaches still happen even in organizations that invest heavily in security and why that investment still matters.

In this conversation, you’ll learn:

• Why most cyber breaches still come down to security fundamentals, not next-gen tools
• Why cybersecurity has become a “market for silver bullets”—and what that means for buyers and vendors
• How misaligned incentives across engineering, IT, sales, and security undermine long-term security
• Why compliance should be treated as a baseline, not the finish line
• How to think about security ROI in a way executives actually understand
• How to evaluate AI in cybersecurity without getting lost in the hype
  Why security leaders must learn to lead without authority, similar to product managers
• What gives Ross optimism about the future of cybersecurity heading into 2026

• A massive espionage campaign infiltrates government networks in 37 countries.
• Hackers go for the gold as the Winter Olympics and the Super Bowl create a perfect storm.
• And a new social engineering tactic crashes your browser to steal your data.

And John Kindervag joins us to discuss why cybersecurity dashboards may be measuring the wrong things.  

Head to The Zero Trust Hub: hub.illumio.com

Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

• Major consumer brands caught in a fresh wave of cyberattacks
• Nike scrambles as hackers leak years of prototype and R&D data
• And the White House shelves proposed Biden-era software security rules

And Gary Barlet joins us to unpack the NSA's newly released Zero Trust Guideline Primer

Head to The Zero Trust Hub: hub.illumio.com

Join us at RSAC in San Francisco: https://www.illumio.com/resources/events/rsac-2026-registration

• A critical vulnerability is being actively exploited in core infrastructure, VMware warns.
• Hackers looking for extortion payoff tell Nike to… just do it.
• And a massive database leak exposes 149 million stolen credentials.

And Christer Swartz joins us for January's Boos and Bravos. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• Europe’s space agency suffers a massive data breach.
• Attackers keep cashing in on Oracle’s old breach.
• And credit card skimmers go digital.

And Aishwarya Ramani joins us to discuss executive sponsorship.  

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• A cyber incident snarls operations at a major European port.
• Ransomware gangs go after cloud backups.
• And Ivanti warns that its VPN devices are being actively exploited.

And Gary Barlet joins us to unpacks cyber warfare hitting critical infrastructure. 

https://www.wsj.com/articles/venezuela-raid-highlights-cyber-vulnerability-of-critical-infrastructure-28aed054?mod=author_content_page_1_pos_1

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• New year, new zero-day vulnerability in Windows Server.
• Ransomware rings in 2026 by hitting healthcare in Europe.
• And attackers cash in on holiday passwords.

And Aishwarya Ramani joins us for a special Book Club segment! 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• Apple tells users not to ho-ho-hold off on emergency patches as it warns about state-backed spyware.
• Cyber grinches disrupt UK education and water services.
• And Microsoft flags a not-so-jolly zero-day flaw in SharePoint.

And Christer Swartz joins us for a Boos and Bravos segment! 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

Tony shares his journey through some of the world’s most complex organizations, offering a candid look at the forces that drive digital transformation, why organizational silos still shape most architectures, and how AI may finally help dissolve them. He breaks down how cybersecurity models must shift in an era of ubiquitous AI, legacy infrastructure, and escalating regulatory complexity—and explains why continuous monitoring and long-term institutional memory are now essential.

We also dive into Tony’s leadership philosophy, how he balances transformation with cyber risk, and what he’s learned transitioning from CIO to CEO of a cybersecurity company tackling some of today’s hardest problems.

Key themes discussed:

• The evolution of the CIO role across decades of transformation
   
• Managing cyber risk amid AI proliferation, legacy systems, and modern architectures
   
• The importance of “useful life” frameworks for tech modernization
   
• Leadership lessons from navigating both public and private sector tech at scale
   

A must-listen for CIOs, CISOs, tech leaders, and anyone preparing their organization for what’s next in AI-driven transformation and cybersecurity.

• CISA uncovers a new Chinese backdoor in U.S. networks.
• A massive breach hits South Korea’s largest e-commerce platform.
• And a record-breaking DDoS attack pounds the financial sector

And Gary Barlet joins us for his 2026 predictions! 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• CISA flags new risks in both cloud and industrial systems.
• Congress calls Anthropic to explain AI-enabled threats.
• And a real-estate tech breach may spill into major U.S. banks.

And John Kindervag joins us for his 2026 predictions! 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• Akira turns up the heat on critical infrastructure.
• Did an AI model just run an espionage op?
• And a ghost in the cloud haunts Checkout.com

And Aishwarya Ramani joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• The U.S. Justice Department says the ransomware is coming from inside the house
• A foreign breach inside the U.S. CBO
• And another trusted security vendor becomes the target.

And Scott Smith with a "View from the Street" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• State-sponsored hackers wiretap a major telecom supplier.
• BadCandy creates a sour surprise for Cisco admins.
• Small businesses, big breaches — 2025 is on track for a grim new record.

And Christer Swartz with a "Boos and Bravos" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

With nearly three decades of experience — including over 20 years at Citi leading global infrastructure defense and cybersecurity services — Carl brings a rare, full-circle perspective on how the cyber landscape, leadership, and culture have evolved from the early 2000s to today’s AI-driven world.

You’ll learn:

• How Carl “accidentally” fell into cybersecurity — and what the early days of firewalls and compliance-driven security looked like
  
   
• What it was like to pioneer one of Citi’s first dedicated cyber teams
  
   
• Lessons in leadership from iconic figures like Charles Blauner, Greg Lavender, and John Miller
  
   
• How Citi became an early adopter of technologies like Palo Alto Networks, Splunk, CrowdStrike, and Illumio
  
   
• Why building business alignment and trust matters more than ever for CISOs
  
   
• How to frame security risks in business terms — and where many leaders go wrong
  
   
• The massive shift from machine learning to deep learning in cybersecurity
  
   
• How generative AI and “dark AI” are redefining the threat landscape — and why the next era of defense demands a mindset change
  
   

Packed with nostalgia, hard-won wisdom, and forward-looking insight, this episode bridges cybersecurity history, human leadership, and the AI-powered future ahead.

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Patch Tuesday just got a zero-day
• Nuclear secrets exposed through a SharePoint hole
• Former cybersecurity executive charged with selling secrets to Russia

And Gary Barlet joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• F5 breach shakes confidence in core cyber defenses
• Europe takes down a SIM-farm empire
• And China flips the script with hacking accusation against the U.S.

And Gary Barlet joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• New details on a serious Oracle vulnerability
• Mama mia! Nintendo faces a possible data leak
• And payroll pirates plunder HR accounts. Argh.

And Gary Barlet joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• Hackers hit Oracle customers with extortion emails.
• CISA’s lights are still on, but most of its defenders are home on furlough.
• And Palo Alto login portals face a flood of suspicious scans.

And Christer Swartz joins us for a "Boos and Bravos" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Download The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

• CISA orders an emergency patch after attackers weaponize Cisco firewall flaws.
• AI and malware are working hand-in-hand, but it’s not actually romantic
• And a string of new breaches could ruin the friendship between customers and major brands.

And Michael Adjei joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour 

• Travel chaos across Europe after attackers hit airport systems
• Factories remain stalled as Jaguar Land Rover hack drags on
• And key cyber intel-sharing law hits a snag in the Senate

And Scott Smith joins us for a "View from the Street" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour 

Greg shares how his team is building resilience from the inside out—applying zero trust principles not as a buzzword, but as a practical, culture-driven framework for protecting core systems. 

From his roots in school district IT to leading major modernization efforts at STCU, Greg walks us through what it means to lead with intention, assume breach, and drive results with lean teams and strong partnerships.

You’ll learn:

• Why disaster recovery isn’t a one-time exercise, but a team muscle worth training
  
   
• How segmentation led to better cross-team relationships—not just better security
  
   
• The power of small wins (and small apps) to kickstart transformation
  
   
• Why enforcement beats perfection when it comes to securing infrastructure
  
   
• What zero trust really looks like in day-to-day operations—and how to start using tools you already have
  
   
• How STCU is approaching cloud expansion with Illumio
  
   

🔐 “Treat it like a business priority, not just a security one.” — Greg Michel

This is the employee community you didn’t know you needed—where mindset, momentum, and people-first security converge.

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• FInsurance claims show ransomware is still king — but AI is giving phishing a major boost.
• DoubleDragon goes to Washington, posing as a U.S. lawmaker.
• And scam factories in Asia hit with the U.S. sanctions hammer.

And John Kindervag joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• Fallout continues from the Salesforce-Salesloft supply chain breach.
• A cyberattack clips the claws of Jaguar Land Rover.
• Congress races the clock to keep cyber threat intel sharing alive.

And Christer Swartz joins us for a "Boos and Bravos" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• Federal agencies scramble in the wake of major cyber lapses.
• A new ransomware strain uses AI to write its own attacks in real time.
• And to keep rivals out, hackers are patching the very security flaws they exploit.

And John Kindervag joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• Android VPNs promised users privacy — and tracked them instead.
• That urgent call from the boss? It may not be the boss.
• And Apple zero-day flaw makes a picture worth a thousand lines of malicious code.

And Trevor Dearing joins us for a "Myth Buster" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

Host, Raghu Nandakumara first sits down with Bennett Moe, a cartographer turned N2K CyberWire VP, reveals how mapping skills can turn massive data into actionable cyber insights and why fundamentals still matter in an AI-driven world. Then, Jim Reavis, CEO of the Cloud Security Alliance and ISSA Hall of Famer, shares his urgent warning on cloud risks, the impact of generative AI, and why security leaders must rethink old playbooks.

We discussed:

• How cartography principles help prioritize and visualize cybersecurity data
  
   
• The evolution of AI in security and where it’s moving beyond buzzwords
  
   
• Why fundamentals like security hygiene and the right people in the right roles are still critical
  
   
• Systemic risks in cloud environments and why old security playbooks may no longer suffice
  
   
• How security leaders can become their company’s most informed voices on AI
  
   
• The importance of actionable insights over overwhelming data for decision-making
• The role of cloud as a foundation for AI innovations like ChatGPT
  
   
• Distinguishing between securing AI and defending against AI-powered attacks
  
   
• How continuous learning, communication, and community collaboration are essential in cybersecurity
  
   
• The CSA’s mission and legacy as a navigator for the cybersecurity community

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Windows admins, start your updates — the latest Patch Tuesday is a doozy.
• Hackers are packing RomCom exploits into a popular file-archiving app, but no one’s laughing.
• And phishers are turning stolen logins into stock pump-and-dump scams.

And Aishwarya Ramani joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• Federal courts scramble to tighten security after sealed files spill in cyber breach.
• Less than 24 hours in, ChatGPT-5 is already breaking bad.
• And federal agencies: today's the deadline to apply a critical Exchange fix.

And Christer Swartz joins us for an "Ask the Expert" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• A cyberattack shuts down the city of St. Paul — and draws in the National Guard.
• Spiders and dragons and rats — oh my! U.S. authorities issue new cybersecurity warning.
• And AI-powered bots are making DDoS attacks almost as easy as cheating on your homework.

And John Kindervag joins us for a "Kindervag's Compass" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

• More than 400 organizations compromised in a fast-moving SharePoint attack campaign.
• Researchers are blaming China-based threat groups for the attacks
• And researchers ask: did well-meaning vulnerability disclosures tip them off?

And John Kindervag joins us for a "Kindervag's Compass" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

John and Chase reflect on the global evolution of Zero Trust—from its scrappy beginnings to its widespread adoption by Fortune 500s, military leaders, and even elder care facilities. 

They dive into why context-driven maps are now indispensable, how graph-based security is reshaping the cyber terrain, and where AI and automation can give defenders a real edge. Expect candid takes on the limits of SIEMs, the failure of red teaming without strategy, and why defenders need to start thinking like attackers if they want to win.

There’s personal reflection too—Chase shares why he was reluctant to pick up the Zero Trust torch, and John opens up about the real heart behind the strategy. With wit, war stories, and straight talk, they make a clear case: cybersecurity isn't about perfection—it's about deterrence, resilience, and knowing what truly matters.

Topics Covered:

• The origin and global adoption of Zero Trust
   
• Why “good maps” are critical for cyber resilience
   
• Real-world applications of AI in cyber defense
   
• Why attackers often outmaneuver defenders—and how to change that
   
• The psychology of leadership in cybersecurity strategy
   
• From Chick-fil-A to Bletchley Park: the unexpected places Zero Trust shows up
   
• Chase’s take on stock-picking based on breach trends (yes, really)
   

Resources Mentioned:

• Think Like an Attacker by Dr. Chase Cunningham
   
• John Kindervag’s Zero Trust 5-Step Model
   
• “Zero Trust Terrain & Holding the High Ground” LinkedIn Live 

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Is Salt Typhoon’s nine-month hack of a National Guard network the tip of the iceberg?
• CISA issues a rare 24-hour deadline to patch CitrixBleed 2 vulnerability.
• And a zero-day vulnerability in SharePoint is being used to breach dozens of organizations.

And John Kindervag joins us for a "Kindervag's Compass" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• UK police round up suspects they say are behind a wave of retail hacks.
• That new car could be systematic. Hydromatic. Ultramatic. And hacked via a Bluetooth flaw.
• And a new GPU-based attack turns AI models into artificial idiots.

And John Kindervag joins us for a "Kindervag's Compass" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• Another week, another airline hit with a cyberattack.
• Iranian hackers threaten to leak more emails from Trump allies 
• And a ransomware gang suddenly shuts down… or is it just a rebrand?

And John Kindervag joins us for a "Kindervag's Compass" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• A second airline hit by a cyberattack in as many weeks.
• Iran’s hackers stay quiet — for now — after U.S. and Israeli airstrikes.
• And the IRS gets a security audit — and it’s not good.

And Christer Swartz joins us for a "Boos and Bravos" segment. 

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

With candid conversations about navigating gender bias, building real allyship, and mentoring the next generation of women in tech, this episode pulls back the curtain on what it really takes to thrive in a male-dominated space. From managing cross-functional teams to balancing business needs with technical demands, these leaders share practical advice, hard-won lessons, and a powerful vision for a more inclusive, empowered future in cyber.

Other topics we talked about:

• What drew each guest to cybersecurity from nontraditional backgrounds
  
   
• The role of mentorship and sponsorship in career growth
  
   
• Confronting misconceptions and biases in the workplace
  
   
• Why visibility and feedback are crucial for career advancement
  
   
• Balancing empathy and authority in leadership
  
   
• Retention strategies for women in tech
  
   
• The power of storytelling in inspiring the next generation
  
   
• How to build trust across business and security teams
  
   

Whether you're deep in the industry or just cyber-curious, you’ll leave inspired to challenge the status quo—and uplift others along the way.

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• U.S. officials warn of cyber blowback in the wake of airstrikes on Iran.
• The largest-ever trove of stolen passwords resurfaces online.
• And if it walks like a duck and quacks like a duck, it might be the latest attack by Scattered Spider.

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• Travelers left flying blind after cyberattack at Canadian airline
• Extra! Extra! Hackers target journalists at The Washington Post
• And a fake IT support is tricking Salesforce users into downloading malware

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

We also talk about: 

• The origins and evolution of the Ponemon Institute’s research.
• Why prevention isn’t enough, emphasizing containment and resilience in cybersecurity.
• The rising costs of data breaches and attackers’ growing focus on disrupting operational resilience.
• How organizations can leverage research data to secure leadership buy-in and develop effective strategies.
• The importance of Zero Trust frameworks in addressing modern security challenges.
• The role of robust leadership, strategic planning, and redundancy in enhancing resilience.
• The evolving responsibilities of CISOs and unifying accountability within organizations.
• Emerging trends like artificial intelligence and global contributions to cybersecurity innovation.
• Metrics for measuring the effectiveness of security controls.

The Global Cost of Ransomware Report: https://www.illumio.com/resource-center/cost-of-ransomware  

Listening Notes:

[2:30 - 6:00] Advice for Mitigating Ransomware Risks

[6:00 - 11:00] Role of Zero Trust in Security

[11:00 - 16:00] Accountability in Security Strategies

[16:00 - 21:00]  Research Wishlist: Metrics and Trust

[21:00 - 25:00] Long-Term Industry Observations

Tune in to learn how to shift from a prevention mindset to one of resilience and adaptability in an ever-changing digital world!

• A North Korean ransomware campaign is playing for keeps.
• A rose by any other name smells as sweet. But would malware by a standardized name be as leet?
• And is CISA’s brain drain a crisis in the making?

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• AI-powered cyberthreats are scaling fast
• Victoria's Secret remains hush-hush about security issue that triggered a website shutdown
• And U.S. banks are pushing back on breach disclosure rules

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• U.S. cyber defense faces budget cuts — just as threats are ramping up.
• A ransomware attack hamstrings a major healthcare network.
• And the Justice Department charges dozens in two global malware takedowns.

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

In this episode we also discuss:

• The evolution of spycraft, from traditional field operations to modern cyber warfare
• How cybercrime has transformed into a full-fledged business model
• Insights into decoding behavioral patterns in cyberattacks
• The complexities of cyber insurance and its limitations
• How businesses may be relying on cyber insurance in the wrong ways
• Examine how leadership engagement in cybersecurity has evolved
• Highlight the critical role the C-suite plays in driving security initiatives

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com

- Japan’s cyber defense is going on the offense

- Scattered Spider crawls its way to the U.S. after UK crime spree.

- And Spain reconsiders whether cyberattacks caused last month’s national blackout

And Christer Swartz us for "Boos and Bravos."

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

Together, we explore the chilling reality of modern cyber threats, deepfake technology, and the manipulation of perception in an increasingly digital world. Brett shares his insights on why “the perception of reality is more important than reality itself,” how AI is fueling new forms of deception, and why personal relationships and trust are more critical than ever in cybersecurity.

In this episode we also discuss:

• Why defenders continue to fall short
• The biggest misconceptions about cybercriminals
• Why billion-dollar security budgets aren’t enough
• The role of regulations in shaping cybersecurity culture
• Why most cyberattacks succeed due to simple oversights, not sophisticated tactics
• How organizations can force attackers to adapt by closing common security gaps
• The importance of layered security and data-driven threat detection

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• Simple mistakes are leading to serious OT security issues
• Did Samsung issue a sour patch for a server vulnerability last year?
• And malware is masquerading as an AI media tool

And John Kindervag joins us for "Ask the Expert."

Head to The Zero Trust Hub: hub.illumio.com

Introducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

• The White House warns China: If you hack us, we may hack back.
• UK retailers are under siege — and one ransomware gang is taking credit.
• And stolen passwords are leading to millions of account takeovers.

And Gary Barlet joins us for a special segment on live on the RSAC show floor. 

Head to The Zero Trust Hub: hub.illumio.com

Our guest today is Founder and CEO of Sightline Security and president of the Open Information Security Foundation. Dr. Misata brings a unique lens to the field, shaped by her personal journey as a stalking survivor turned cybersecurity advocate. From supporting nonprofits working with trafficking survivors to influencing how organizations manage open source risk, her work underscores the need to approach security with empathy, patience, and mission-first thinking.

Together, we explore why cybersecurity can no longer be treated as a siloed function. Instead, it must be embedded into every decision, guided by understanding and tailored to the needs of those it aims to protect—especially in the nonprofit world. The conversation spans the dangers of digital assumptions, the importance of storytelling in awareness training, and how open source communities can be as critical to resilience as enterprise vendors.

🎙️ Topics include:

• How personal experience shaped Dr. Misata’s mission to make security more accessible and human-centered
  
   
• The unique security challenges facing mission-driven organizations
  
   
• Why open source tools deserve enterprise-level attention
  
   
• The role of empathy, inclusion, and curiosity in building better cyber practices
  
   
• What it means to lead with listening in a field driven by risk
  
   

Whether you're a seasoned security professional or just starting to explore the digital safety landscape, this episode offers real talk, refreshing insights, and a powerful reminder: better security starts with better conversations.

Resources Mentioned:

RSAC Presentation: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728257517998001QtNB 

Stay Connected with our host, Raghu on LinkedIn

For more information about Illumio, check out our website at illumio.com 

• M&S battles a cyber incident that’s ‘anything but ordinary’
• Is AI code generation playing fast and loose with security?
• And SAP scrambles to patch a critical vulnerability after real-world attacks.

And Michael Adjei joins us for "Ask the Expert". 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend RSAC: https://www.illumio.com/resources/events/rsa-conference-2025

• Russian hackers woo diplomats — with a glass of wine.
• AI flaws are going unfixed, even when they’re critical.
• And security leaders look for a way forward after CVE program is pulled back from the brink

And Christer Swartz joins us for "Boos and Bravos". 

Head to The Zero Trust Hub: hub.illumio.com

Register to attend RSAC: https://www.illumio.com/resources/events/rsa-conference-2025

Cyberpsychology—the blend of security, human behavior, and neuroscience—reveals that over 90% of data breaches involve human error or social engineering, not just technical exploits. The conversation shifts to why traditional cybersecurity awareness training isn’t enough—awareness is widespread, but true preparedness is lacking.

In this episode, we discuss:

• Why even the most secure organizations still fall victim to cyberattacks
• The dangerous blame culture in cybersecurity and why it needs to change
• The intense pressure and burnout CISOs face in today’s fast-moving business world 
• What organizations can do to strengthen security beyond just investing in tech
• How attackers manipulate emotions
   

If you think only careless people get hacked, think again.
Resources Mentioned:

Dr. Huffman Ted Talk

• China makes a cyber confession. Or was it a veiled warning?
• CISA director nomination blocked over another Chinese attack
• And ransomware attacks are up — but payouts are down.

And John Kindervag joins us for "Ask the Expert."

Head to The Zero Trust Hub: hub.illumio.com

Register to attend RSAC: https://www.illumio.com/resources/events/rsa-conference-2025

• TikTok gets more time in the U.S. — and a huge fine in Europe 
• You can always count on death, taxes, and in April, IRS-themed phishing attacks
• And a major cybercriminal gang is taking the “ware” out of ransomware attacks

And Trevor Dearing joins us for "Ask the Expert."

Head to The Zero Trust Hub: hub.illumio.com

Register to attend RSAC: https://www.illumio.com/resources/events/rsa-conference-2025

• New “Morphing Meerkat” phishing kit packs a mighty punch
• Critical vulnerabilities cast a shadow over solar power systems
• And the risk prognosis is not looking good for many medical devices

And Gary Barlet joins us for "Ask the Expert."

Head to The Zero Trust Hub: hub.illumio.com

Register to attend RSAC: https://www.illumio.com/resources/events/rsa-conference-2025

• AI is supercharging organized crime, Europol warns
• Researchers fool major AI tools into helping them write malware
• And UK security leaders are confident — maybe too confident

And Christer Swartz joins us for a Boos and Bravos Segment

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

• Accused LockBit ransomware developer facing lockup after U.S. extradition
• Medusa ransomware now targeting critical infrastructure
• You’re not a robot, and “ClickFix” is not a solution

And Gary Barlet joins us for a Book Club segment. 

Brooking's article: https://www.brookings.edu/articles/generative-ai-the-american-worker-and-the-future-of-work/

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

• Watching pirated media? Prepare to be boarded by malware.
• Medusa petrifies more victims with ransomware
• And Chinese cybersecurity vendor accused of doing the opposite

And John Kindervag joins us for an Ask the Expert segment! 

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

• API keys showing up in AI training data
• Russian IT firms hacked by pirates in SPAAAAAAAAAAACE!
• And a new campaign is using malicious PDFs — and some clever SEO

And John Kindervag joins us for a Myth Busters segment! 

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

• Bybit says bye-bye to nearly 1½ billion dollars in record-breaking crypto heist
• Apple devices are getting a lot less private in the U.K.
• And phishing gangs are reinventing credit card theft for the digital era

And Christer Swartz joins us for an Ask the Expert Segment! 

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

• More DeepSeek Security Concerns — this time from South Korea
• Cybercriminals visit Virginia Courthouse — but not in the way you were hoping
• And an old Mac Malware Variant Gets a Brand New Update

And Michael Adjei joins us for an Ask the Expert Segment! 

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

- Major vulnerability puts global infrastructure at risk

- Microsoft to software developers: check your keys, please 

- And DeepSeek is in deeper trouble with U.S. lawmakers

And Christer Swartz joins us for a Boos and Bravos Segment! 

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

- DeepSeek AI sparking deep concerns among security experts

- Meta reveals what’s up with spyware campaign targeting journalists

- And it’s code blue for vulnerable hospital-patient monitors

And Gary Barlet joins us for an Ask the Expert Segment!  

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

- Trump Tells Key Cybersecurity Board: You’re Fired

- Critical Flaw Found in Meta’s AI Framework

- North Korean Spies Posing as U.S. IT Workers Get More Aggressive

And Gary Barlet joins us for a MythBusters Segment!  

Head to The Zero Trust Hub: hub.illumio.com

The Global Cost of Ransomware Study: https://www.illumio.com/resource-center/cost-of-ransomware

-What’s up with one of the world’s biggest messaging platforms? Targeted attacks, that’s what.

-While hotel guests were checking in last year, hackers were checking out their personal info

-And a new phishing kit bypasses Microsoft 365 two-factor authentication

And Gary Barlet and John Kindervag join us for an Agree to Disagree segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

- Microsoft has a message for alleged AI hackers: see you in court

- Someone is finally thinking of the children. The bad news: it’s a ransomware group.

- And a new threat actor is using AI to punch above its weight class

And Christer Swartz joins us for a Boos and Bravos segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

-Chinese Hackers Breach Treasury Department Through Vendor API

-U.S. Army Soldier Accused of Being the Notorious Kiperphantom

-New Year, New DoubleClickjacking Technique 

And Michael Adjei joins us for an Ask the Expert segment! 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

-North Korean IT workers end up on DoJ naughty list for alleged remote work fraud

-’Tis the season for ransomware as victim totals hit new records

-And it’s Yule-tide trouble as cybergrinches deck the Halls with RDP Exploits

And John Kindervag and Gary Barlet join us for an Agree to Disagree segment! 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

- Crypto thieves tailor Android malware for targeted attacks

- A not-so-swift resolution to Chinese telecom hack

- And Russian cyber spies acting in concert with rival hackers

And Raghu Nandakumara joins us for a Boos and Bravos segment! 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

- Got $200? You’ve got enough to launch a new advanced phishing attack

- Hackers aren’t waiting to exploit the Godot Game Engine

- And a high-profile attacker could be operating from a surprise location: a U.S. Army base

And Christer Swartz joins us for a Mythbuster segment! 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

- DHS releases AI framework for critical infrastructure

- A critical zero-day vulnerability hits Palo Alto firewalls

- And grandma gets an AI upgrade in the fight against scam calls

And John Kindervag joins us for an Ask the Expert segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

North Korean hackers target Apple MacOS with new crypto-stealing malware 

Interlock ransomware group emerges as new threat to healthcare and government 

And a U.S. government agency tells its staff to stop using mobile phones after Chinese hack

And Trevor Dearing joins us for a Myth Busting segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

Election infrastructure has 'never been more secure,' CISA chief says 

Cyber saboteur tries to make Disney the hackiest place on earth

And severe vulnerabilities found in hardware powering many industrial devices

And Sudha Iyer joins us for a Tech Tips segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

--------

“A good friend of mine is a CIO for a very large organization and he shared a great story. Obviously, during the pandemic, everyone was working remotely and they set up this whole Zero Trust principle and policy set to better secure their remote workers. It was interesting, he said, when everyone started coming back into the office, we realized we had better security when everyone was remote because of the changes that we made. So, we wanted to apply those same principles to our internal network and then we realized, can we just get rid of our internal network, our corporate network?”

--------

Time Stamps 

(03:14) The role of the CISO and its evolution

(07:59) Challenges and opportunities in the CISO role

(21:49) Importance of context in security operations

(31:54) Simplifying compliance and driving innovation

(45:23) Advice for Aspiring CISOs

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Neil on LinkedIn

Illumio World Tour 

Cisco urges customers to patch their firewalls and VPN software amid active exploits

LockBit copycat targets Apple MacOS systems with new ransomware strains

And Microsoft’s boss takes a pay cut for a series of security incidents

And Raghu Nandakumara joins us for a Boos and Bravos segment. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

Suspected cyber bandit in data broker breach busted! In Brazil!

LockBit dethroned as RansomHub crowned new king of the ransomware arena

And Casio races the clock as it struggles in the wake of a ransomware attack

And Gary Barlet joins us again to talk about election security. Read his piece with the Financial Times: https://www.ft.com/partnercontent/illumio/tackling-election-security-with-zero-trust.html

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

--------

“Pre-decision making. If we come under ransom, are we going to pay? A lot of people start spiraling and it's like, wait, do you want to be spiraling now or do you want to be spiraling when we're actually under ransom? Let's spiral now. Let's do that worrying now, so that if something happens in the future, we're ready for that.”

--------

Time Stamps 

(04:53) Sherrod's career journey

(16:15) Importance of basic security practices in ransomware resilience

(18:37) Ransomware: To pay or not to pay?

(22:08) Building a culture of ransomware resilience

(26:19) Subjectivity of security

(29:51) Evolution of threat actors

(34:13) Zero Trust's impact on security

(46:04) Role of AI in cybersecurity

(49:49) Future of threat intelligence

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

Illumio World Tour 

--------

Links

Connect with Sherrod on LinkedIn

Tiny company, massive data breach, and a swarm of lawsuits. New details in NPD bankruptcy

The Wayback Machine moving forward after a series of attacks

And OpenAI shuts down efforts to use it for AI-powered wrongdoing

And Gary Barlet to talk about Cybersecurity Awareness Month. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 

China breaches U.S. broadband providers in months long breach

It’s double trouble as two flaws put critical networking infrastructure at risk

And U.S. authorities seize dozens of internet domains tied to Russian hackers.

And John Kindervag joins us to talk about the 14 year Zero Trust journey. 

Head to The Zero Trust Hub: hub.illumio.com

Illumio World Tour Registration: https://www.illumio.com/illumio-world-tour 
 

“Should have, would have, could have - public policy is not about penalizing people for what they could have been doing or should have been doing. It's about making it better in the present and then making it better in the future.”

--------

Time Stamps 

(02:01) Nicole’s background 

(08:31) Responses to breaches and reporting 

(11:19) Victims of cyber hacks 

(17:39) Defining cyber equity 

(24:19) High impact cyber attacks 

(37:42) Linking Zero Trust to Cyber Equity: Secure-by-design 

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Nicole on LinkedIn

The Hidden Injustice of Cyberattacks by Nicole Tisdale 

Illumio World Tour

Learn more on how to achieve DORA compliance: Illumio.com/dora

Learn strategies for DORA compliance in this ebook: https://www.illumio.com/resource-center/zero-trust-segmentation-dora 

--------

"If you did a search on DORA and looked for the word segmented, ss in micro-segmentation, instantaneous severing of elements of the network in order to contain and what have you, it's in there. It's absolutely in there. So, you just need to know what you're looking for and you'll find it. And Zero Trust will evolve. It might evolve into a different name or a different set of characteristics that we seek to achieve, but DORA should last. And we might find terms like Zero Trust start to pop up in regulatory technical standards or implementing technical standards that accompany it, but it's absolutely in there because it's such a good way to protect our organizations from harm, the types of harm that we've talked about." - Mark 

"If you were to build something completely separate and ask all businesses to comply with something that was different, not only would there be significant cost, I think actually you get much greater resistance. Whereas, these regulations like DORA actually build upon industry-recognized best practices that many businesses are already adopting to a degree, and it actually is sensible, but it also makes the barrier to compliance less." - Tristan

--------

Time Stamps 

(04:22) Current cyber threat landscape 

(11:02) Operational resilience and cyber resilience

(12427) Compliance and regulatory standards 

(15:22) A historical look at compliance 

(25:58) The tipping point for the EU to prioritize operational resilience

(36:48) What differentiates DORA from other legislation? 

(44:24) The role of Zero Trust within DORA 

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Tristan on LinkedIn

Connect with Mark on LinkedIn

--------

"You cannot run a Zero Trust program exclusively out of IT. You cannot run it exclusively out of cybersecurity. And also if the business, or at least our organization, which is quite big and lots of different business units, if everybody of these business units starts by their own something, it will also not work. It will only work as teamwork all together. So IT typically brings in the services and the service operational model. Cybersecurity brings in the rules and partly also kind of architecture, as well as IT by the way, and business obviously owns all of these assets. So if you don't have them on the same table, at the same table it won't work at all."

--------

Time Stamps 

*(03:56) Thomas' journey at Siemens

*(08:59) Challenges in Zero Trust implementation

*(16:08) Business benefits of Zero Trust

*(27:32) Balancing big vision with tactical steps

*(34:06) Identity's role in Zero Trust

*(43:10) Collaborating across IT, security, and business for zero trust success

*(44:59) How Zero Trust drives competitive advantage

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Thomas on LinkedIn

Download your copy of The Forrester Wave for Microsegmentation Solutions: Illumio is a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024.  

--------

"The way I see it with some of these regulations, it's changing the focus of very siloed-based approaches to addressing regulatory requirements, to as I term, it's turning compliance into a team sport. You need to have your Chief Information Security Officer at the table for DORA. However, you also need to have the person that's responsible for all of your human resources or the person that's responsible for your business operations or for your important business services. And the more mature organizations that I'm working with are approaching it in that way. They have all of those key stakeholders at the table. They've understood that there are certain roles to play for each of these functions and they're working together."

--------

Time Stamps 

(01:27) Indy's career journey

(07:40) The shift to cyber resilience

(10:18) Importance of cybersecurity awareness

(13:19) Ransomware ethics and initial client concerns

(17:10) Evolution of regulations in cybersecurity

(27:58) Understanding Zero Trust

(35:54) Adoption and implementation of Zero Trust strategy

(48:19) Harmonizing risk, security, and fraud

(50:55) Future challenges in cybersecurity

(53:05) Impact of AI and quantum computing on cybersecurity

(55:03) Indy's vision of the future

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Indy on LinkedIn

--------

“Even with artificial intelligence, we should just think about how our defense in depth, our security posture hasn't necessarily changed that much. It has changed in terms of improvement, but it's a cat-and-mouse game and the threat actors are also improving so we have to adapt. It's not just a one-and-done. ‘I've done my security. I'm done with it. I'm not going to think about it.’ It's more so, ‘Okay, can we revise this now that the threat actors are evolving? What can we do to just stay ahead of the needle?’ And I think as designers, that's a big thing to think about when you're designing a product is like, ‘Okay, if I build this, if I design this this way, how would attackers try and go around it and what is their next move?”

--------

Time Stamps 

(00:43) Kyla's background and journey into cybersecurity

(08:28) Proactive approaches to cyber education

(11:09) Ways to measure cybersecurity education impacts

(19:25) Incorporating the zero trust concept into education

(25:53) Importance of secure by design

(32:52) Significance of user experience in security

(35:29) Day-to-day in threat intelligence

(38:21) Addressing common and recurring vulnerabilities

(42:39) AI's impact on cybersecurity

(47:08) Future of cybersecurity and the human element

(49:20) Advice to cybersecurity professionals

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Kyla on LinkedIn

Check out Bits N' Bytes Cybersecurity Education

Learn more about GirlCon

--------

“It's about making security the enabler for Google, like you just said, it is the enabler, but then it's also making it invisible to the user community, so that it's secured, controlled, managed, but they can do their jobs as effectively no matter where they are. And it's just, this is a really pivotal time." - Steve White

--------

Time Stamps 

(04:42) The security challenges of modernization

(17:29) Connecting business and security outcomes 

(29:02) Should cybersecurity and network teams merge? 

(31:01) What will generative AI bring to security?

(49:31) The borderless network and managing the perimeter

 --------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Stephen on LinkedIn

(04:39) How the nature of the perimeter has changed 

(12:00) The shift towards being critical-asset focused and how it accelerated cloud adoption

(15:36) The process behind drafting recent regulation and EO 14028

(36:56) Are agencies making the expected improvements? 

(41:48) The key challenges moving forward 

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Sean on LinkedIn

--------

“They are not in charge of security. Until now they haven't been accountable  to basically provide security. Okay. Of course, they are concerned about being disrupted, the operations being disrupted.” - Carlos Buenano

--------

Time Stamps:

(08:39) How to discuss security with OT practitioners

(13:49) Why we have so many legacy systems in OT and OT’s perspective on security 

(24:19) Adoption of Zero Trust in OT environments and challenges 

(39:23) Pros and cons of the American and European approaches, how to accelerate adoption

(44:15) Relevance of AI in the OT space

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Carlos on LinkedIn

--------

Time Stamps

(14:39) Cognitive dissonance in cybersecurity 

(26:01) The role of Zero Trust in a decentralized world

(30:51) Misconceptions about Zero Trust

(40:48) What does Zero Trust have to do with API Security?

(56:36) The future of Zero Trust and API Security 

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Richard on LinkedIn

--------

“I said all interfaces should have the same trust and it should be zero. And that's really where Zero Trust comes from, is just a pushback against how we were building firewalls which affected policy and there was no reason for it." - John Kindervag

--------

Time Stamps

(09:00) The foundation of “trust but verify”

(15:39) The motivation behind John’s seminal papers at Forrester

(24:16) The uptick of Zero Trust 

(31:41) Is Zero Trust difficult to adopt? 

(46:48) What does a culture of Zero Trust mean?

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with John on LinkedIn

Read the NSTAC Report to the President on Zero Trust and Trusted Identity Management (February 2022)

--------

“Democratization has to exist as well, and there has to be global standards and there has to be global regulation, but there also has to be global cooperation, right?.. We’re seeing an increase in collaboration and cooperation, but we’re not where we need to be. And the only way we actually defeat the bad enemy is with collective defense, and we need to get a lot better about collective defense.”

--------

Time Stamps

(04:32) An egalitarian approach to cybersecurity

(11:01)  “The greatest thing the industry can do is improve visibility”

(13:50) Three steps to Zero Trust

(25:00) What’s driving Zero Trust adoption?

(28:00) Talking cyber resilience to the Board

(34:36) Becoming a better CISO

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Ann on LinkedIn

--------

“I'd like to think that all healthcare organizations are looking at all aspects of Zero Trust, right? But Zero Trust is a journey. It's not something where you can throw a switch on and become Zero Trust certified overnight. It's a mindset. It's a journey.”

--------

Time Stamps

(02:49) The role of the CISO through the years

(08:32) Understanding the perpetrators of cybercrime

(19:00) The medical OT threat landscape

(29:00) Reducing HIoT risk with Zero Trust

(39:00) AI and the future of healthcare

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Richard on LinkedIn

--------

“How can we go towards Zero and, I’ll say, Zero-ish Trust? Actual Zero Trust is really hard to do, and I think it's really intimidating...But, for instance, what we're talking about is micro-segmentation from a Zero Trust perspective, what is the best bang for our buck that we're gonna get with being the least disruptive?” - Ryan Fried

--------

Time Stamps

* (06:31) Mapping out your risk exposure

* (10:44) Striking a balance between good security and “good enough”

* (13:03) Compliance in less regulated industries

* (17:22) Being compliant vs. being secure

* (24:22) Zero-ish Trust in action

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Ryan on LinkedIn

--------

"I'm seeing a lot more folks that are security engineers and are on blue teams that are also then wanting to participate in those red team exercises and in those tests, and be involved and actually understand how they can learn and apply those techniques while they're building into their threat models.

And I see that the folks that are doing that on a more regular basis are maturing more rapidly. And if they're not factoring in that testing to what they've implemented, then there may be long periods and long gaps where there's a susceptibility that remains unknown." - Rob Ragan

--------

Time Stamps

* (2:23) Learning the wrong ways to build applications

* (6:31) Securing IoT/OT and national critical infrastructure

* (15:36) Zero Trust and offensive security

* (19:27) Maturing faster with more testing

* (24:32) TCO and ROI

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Rob on LinkedIn

--------

"You wanna continue to try to do your best, but there's no such thing as perfect. And you have to be ready for the alternative, right? What happens when the art of the perfect fails you, and you have to deal with a breach? And I think that that monumental shift in approach and philosophy is something that I think that modern entities, agencies, and businesses, if they don't make that shift, they're just gonna continue to lose." - Gary Barlet

--------

Time Stamps

* (3:07) Fighting the everyday battle in cyberspace

* (7:16) How to “assume breach”

* (17:53) The US Government’s top cyber challenges

* (28:17) Breach economics

* (35:33) The future of Zero Trust

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with Gary on LinkedIn

--------

"When we're having conversations with customers we are very, very reluctant to put the actual technology, feature or the control at the beginning of the conversation. Because, particularly with something as nuanced to Zero Trust, you really have to have a much more in-depth understanding of the problem that they're trying to solve." - Shawn Kirk

--------

Time Stamps

* (5:19) How to secure your cloud migration

* (9:38) Zero Trust’s role in cyber conversations

* (17:34) ROI benefits of cloud security

* (19:25) Top security challenges facing AWS customers

* (22:46) Evolving threats in the cloud

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com.

--------

Links

Connect with Shawn on LinkedIn

--------

"I do think we fell off the bandwagon with all this implicit trust in the environment…All these things that were just allowed to talk to each other implicitly—no one ever thought about, you know, let’s turn this into explicit trust? That's a place where I think we definitely needed Zero Trust to help us along that journey." - PJ Kirner

--------

Time Stamps

* (0:47) The Illumio founding story

*(11:39) What do submarines and cyber resilience have in common?

*(14:55) Overcoming implicit trust 

*(24:40) Validating ideas with data

* (36:13) What a CTO hopes to see at RSA

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com or visit us at RSAC in San Francisco, between April 24 – April 27! You can find us in the North Hall, at Booth 5778.

--------

Links

Connect with PJ on LinkedIn

--------

“Back in the day it was around protecting everything, encrypting everything, and really making sure that we scan everything in an environment. Now when we talk to clients, it's around how do we make sure that we are truly looking after the most important things in our environment, making sure that those are properly protected, [and] controlled.” - Stephen Coraggio

“You don't want to spend four months deciding what top five policies you want to enforce in a CSPM solution—Make those decisions quickly and reduce risk.” - Greg Tkaczyk

--------

Time Stamps

* 10:17 – Defining your “crown jewels”

* 13:09 – Overcoming “analysis paralysis”

* 22:35 – ZT as a framework: “It’s a set of guiding principles”

* 30:30 – What comes next in cyber (a case for AI/automation)

* 34:10 – Using data to demonstrate ROI

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with Stephen on LinkedIn

Connect with Greg on LinkedIn

--------

“If you start taking an approach of zero tolerance—we need to start getting a sense of more governance around how do we manage this?

While we want to empower people, while we want to have speed and agility—you cannot do it at the cost of IT hygiene and therefore poor security and therefore risk of being breached.” - Vishal Salvi

--------

Time Stamps

* (6:02) Evolving as the profession evolves 

* (9:30) Being an empathetic business leader 

* (16:30) Back to basics — “Doing the boring stuff right” 

* (20:52) Democratizing cybersecurity within the organization 

* (31:50) How to make the most of your cyber investments 

* (41:05) What excites a CISO

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with Vishal on LinkedIn

Check out Infosys

--------

“Because when you're managing risk, it's not just an IT thing. It's also a mission thing as well. What are the political aspects of the risk and the decisions that you're making? That informs the IT risk as well. But I think it has to be well understood that this is, going back to the ROI, this is why this is a good investment. This is gonna help mitigate this risk… [Zero Trust] is a cultural thing for an organization and it needs to be communicated.” - Gerald Caron

--------

Time Stamps

* (5:00) Understanding your operational risk posture as a CIO

* (9:52) What peanut butter, the cinema and Zero Trust have in common

* (14:10) Demystifying Zero Trust: Driving the adoption of ZT at the OIG

* (18:40) Measuring progress and effectiveness

* (25:53) Aligning Zero Trust with your company’s business strategy

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with Gerald on LinkedIn

--------

“That understanding fundamentally of trust is something we don't necessarily talk about a lot in organizations. When you get into Zero Trust, the real trick is how do I spot the trusts? When I look at a computer, router, firewall, server config — what's the trust? How do I go through and get rid of them?

That's what Zero Trust is about. It's not about not trusting people. It's about finding those trusts in our digital systems and getting rid of them.” - George Finney

--------

Time Stamps

* (5:40) Establishing a unified security culture

* (11:10) What Zero Trust isn’t: “Don’t take the cynical approach”  

* (16:50) The secret sauce to being a CSO today is building in security from day 1 

* (24:00) Understanding your “protect surface” to maximize ROI 

* (28:30) The reason some Zero Trust projects fail isn’t because of tools - it’s people

--------

Sponsor

Assume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with George on LinkedIn

Check out George's best-selling book "Project Zero Trust"

--------

“...John [Kindervag] says it all the time: Trust is a human emotion; we've built it into computers. If you remove the trusted relationships, it's not that there's going to be “zero trust.” It's that they're going to have manageable risk based on trust relationships, and that makes the bad guy's day really hard.” — Dr. Chase Cunningham

--------

Time Stamps

* (6:34) Zero Trust is nothing new, just an evolution of something that’s always made sense 

* (10:32) You can get Zero Trust wrong – but start small to get it right 

* (16:18) How vendors have changed the Zero Trust landscape 

* (21:39) How APIs are transforming the future of cybersecurity platforms 

* (28:34) Federal Zero Trust progress is “fast-ish” 

--------

Sponsor

Assume breach. Minimize impact. Increase resilience. With Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/

--------

Links

Connect with Chase on LinkedIn

Check out the DrZeroTrust podcast

On “The Segment: A Zero Trust Leadership Podcast”, you will hear from industry experts about the latest cybersecurity and ransomware trends. We will unpack how modern organizations can reduce risk and curtail impact with Zero Trust - a “never trust, always verify” approach to cybersecurity.

Join us for The Segment: A Zero Trust Leadership Podcast, brought to you by Illumio.

-------

Assume breach. Minimize impact. Increase resilience. With Illumio, the Zero Trust Segmentation company. 

Learn more at illumio.com/