Cyber Security America

Discover how a Nepali American founder turned a personal frustration with security questionnaires into a rapidly growing AI-driven platform revolutionizing enterprise compliance. Pukar Hamal, CEO of Security Pal, reveals the untold story behind building one of the fastest-growing cybersecurity tools trusted by OpenAI, Figma, and Snapchat — and how Kathmandu's overlooked talent pool is shaping the future of cybersecurity innovation. In this explosive episode, you'll learn how Security Pal slashes the time to respond to complex security questionnaires from months to hours — transforming a tedious regulatory burden into a strategic advantage. Pukar shares his unique journey from a startup co-founder to a Silicon Valley CEO, highlighting the paradox of building trust in enterprise security while fighting misinformation and AI hallucinations. We break down specific techniques that will empower CISOs and security teams: how to leverage AI for continuous vendor monitoring, how to identify hidden risks through dynamic questionnaires, and how to use data-driven insights to propel security into a growth enabler. You'll discover how Security Pal's AI doesn't just automate answers — it predicts vulnerabilities, surfaces gaps, and helps companies stay ahead of technological and regulatory curves. Why is understanding the evolving security landscape critical right now? Because the traditional questionnaire isn't going away — instead, it's becoming the backbone of risk management that, if mastered, unlocks faster deal cycles, stronger compliance, and market differentiation. Next-generation security leaders can harness these insights to anticipate threats, streamline vendor assessments, and turn compliance from a bottleneck into a business booster. Perfect for security executives, compliance officers, and tech founders ready to harness AI's potential at scale — this episode unveils the future of cybersecurity at the intersection of talent, technology, and global opportunity. Whether you're navigating third-party risks or seeking competitive edge, you'll walk away with actionable strategies to elevate your security game in a fast-changing world. Join Pukar Hamal for a behind-the-scenes look at how AI, overlooked talent pools, and strategic insights are redefining what's possible in enterprise security. Don't miss this chance to learn from an innovator who's transforming the industry, one questionnaire at a time. www.darkstack7.com

In this episode of the Cyber Security America Podcast, host Joshua R Nicholson sits down with Chris Freedman, CEO of Ondefend, and Ron Frechette, CEO of CyberSurv, for a deep dive into cybersecurity entrepreneurship. Both guests share their journeys building companies in the cybersecurity space—from early startup challenges to scaling services, building strong company cultures, and navigating the rapidly evolving role of artificial intelligence in security. Chris discusses how Ondefend identified an opportunity on the preventative side of cybersecurity, focusing on red teaming, vulnerability discovery, and proactive security testing rather than crowded monitoring and incident response markets. Ron shares his path from executive search into cybersecurity during the early days of HIPAA compliance and how that experience eventually led him to focus on helping small and mid-sized businesses improve cyber hygiene and resilience. Together, they explore what it really takes to move a cybersecurity company from zero to one—and eventually from one to scale. In This Episode Why cybersecurity remains one of the largest and fastest-growing markets The realities of launching a bootstrapped cybersecurity startup How partnerships and subcontracting helped scale early services Why culture, mission, and hiring the right people matter most How AI is transforming cybersecurity services and advisory work The growing demand for fractional CIO and fractional CISO leadership Lessons learned from scaling consulting and cybersecurity service firms Key Takeaways The hardest stage of building a company is going from zero to your first customers. Strong partnerships can accelerate growth when building credibility in cybersecurity. AI is rapidly changing how cybersecurity assessments and advisory services are delivered. Many organizations are shifting toward fractional cybersecurity leadership models to gain specialized expertise without full-time executive hires. Featured Guests Chris Freedman CEO of Ondefend Entrepreneur and cybersecurity innovator focused on proactive defense, red teaming, and security testing technologies. Ron Frechette CEO of CyberSurv Serial entrepreneur helping organizations improve cyber hygiene through AI-driven cybersecurity advisory services. 🎧 Listen now on Spotify, Apple Podcasts, or your favorite podcast platform. #Cybersecurity #InfoSec #CyberThreats #CyberDefense #RedTeam #PenTesting #IncidentResponse #CyberHygiene #DataSecurity #MDR (Managed Detection & Response). Thanks to our show sponsor Darkstack7 Cyber Defense services www.darkstack7.com.

Episode 50 — Cybersecurity Leadership Secrets with MK Palmore In this milestone episode of Cyber Security America, Joshua Nicholson sits down with Malcolm "MK" Palmore — former FBI cybersecurity executive, Naval Academy graduate, U.S. Marine, and former Director of Security at Google Cloud — for a powerful conversation on leadership, risk, and the future of cybersecurity. MK shares lessons from leading one of the FBI's largest cyber investigative teams in Silicon Valley, helping shape security strategy at Google Cloud, and advising enterprises through complex cyber risk and digital transformation challenges. This episode goes beyond technology and tools to explore what truly drives successful cybersecurity programs: leadership, decision-making, and strategic clarity. Key topics include: How top CISOs think about cyber risk and executive leadership Lessons from FBI cyber investigations and real-world breach response The evolution of Zero Trust and cloud security strategy AI, emerging threats, and the future of enterprise defense Why fractional and strategic cybersecurity leadership is reshaping the industry Communicating cyber risk effectively to boards and executives This episode is essential listening for CISOs, executives, board members, security leaders, and anyone responsible for protecting modern enterprises in an era of accelerating cyber threats. 🎧 Listen to the Cyber Security America Podcast — a cybersecurity podcast focused on real-world incident response, threat intelligence, ransomware, and security leadership. https://www.youtube.com/playlist?list=PLBl5Ef4QLoa3szw4NGDVZCY0aa1tixnsa 🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285 🎙️Spotify: https://open.spotify.com/show/3wmyUbe1TY5hNl96Q8UFFI 🎙️Instagram: https://www.instagram.com/cybersecurityamericapodcast/ 🎙️TikTok: https://www.tiktok.com/@cybersecurityamerica 🎙️X.com: https://x.com/nicholsonj7111 📱 Follow Cyber Security America for short clips and updates: 👤 Host — Joshua R. Nicholson: https://www.linkedin.com/in/joshuarnicholson/ 🎙️Cyber Security America on LinkedIn: https://www.linkedin.com/company/cyber-security-america-podcast [email protected] for show inquires, guest requests, and sponsorship discussions or collaboration ideas or contact us through our website www.darkstack7.com/contact

In episode 49 of Cyber Security America, we explore how Artificial Intelligence is reshaping cybersecurity, Managed Detection and Response (MDR), and modern security operations. As cyber threats grow more advanced, organizations must evolve from reactive defense to proactive, intelligence-driven protection. 📱 Follow Cyber Security America on Youtube for short clips and updates Featuring Woo An (CEO of Zaun.ai) and Tyler Lackey (AI Security Builder), this episode delivers real-world insight into how AI-native security platforms are improving detection, response, and operational scale across enterprise environments. We discuss: The future of MDR and AI-driven security operations How AI agents and automation are transforming incident response Shadow AI, data leakage, and governance challenges AI security risks, role-based controls, and detection engineering Scaling cybersecurity outcomes without replacing security teams Real-world enterprise lessons from AI-powered security innovation Whether you're a CISO, security leader, MDR provider, or cybersecurity professional, this episode provides practical insight into how AI is redefining cyber defense and how organizations can stay ahead of evolving threats. 🎧 Listen to the Cyber Security America Podcast — a cybersecurity podcast focused on real-world incident response, threat intelligence, ransomware, and security leadership. YouTube Playlist: https://www.youtube.com/playlist?list=PLBl5Ef4QLoa3szw4NGDVZCY0aa1tixnsa 🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285 🎙️ Spotify: https://open.spotify.com/show/3wmyUbe1TY5hNl96Q8UFFI 🎙️ Instagram: https://www.instagram.com/cybersecurityamericapodcast/ 🎙️ TikTok: https://www.tiktok.com/@cybersecurityamerica 🎙️ X (Twitter): https://x.com/nicholsonj7111 📱 Follow Cyber Security America for short clips and updates 👤 Host — Joshua R. Nicholson: https://www.linkedin.com/in/joshuarnicholson/ 🎙️ Cyber Security America on LinkedIn: https://www.linkedin.com/company/cyber-security-america-podcast 📩 For show inquiries, guest requests, sponsorship discussions, or collaboration ideas: [email protected] 🌐 Contact via website: www.darkstack7.com/contact #CyberSecurity #ArtificialIntelligence #AIinCybersecurity #MDR #ManagedDetectionAndResponse #CyberDefense #SecurityOperations #SecOps #CyberRisk #CISO #CyberLeadership #ThreatDetection #IncidentResponse #SecurityAutomation #AIsecurity #CyberThreats #EnterpriseSecurity #CyberResilience #CyberSecurityPodcast #CyberSecurityAmerica

*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" tabindex="-1" data-turn-id= "request-WEB:0cf8a03d-e57a-43f6-9f7c-26bb6994647d-20" data-testid= "conversation-turn-42" data-scroll-anchor="true" data-turn= "assistant"> 🎙 Episode 48: AI and Cybersecurity — How Dune Security Is Reinventing User Risk Management In this episode of Cyber Security America, we explore how artificial intelligence is transforming cybersecurity—and why traditional security awareness training is no longer enough. I'm joined by David DellaPelle, cybersecurity leader and founder of Dune Security, to break down how AI-driven attacks like phishing, vishing, deepfakes, and social engineering are evolving faster than most security programs can handle. We discuss why 90% of breaches still start with human behavior and how Dune Security is redefining the user layer of cybersecurity with AI-powered risk quantification and remediation. 🔍 Topics covered in this episode: Why legacy security awareness training fails in an AI-driven threat landscape How attackers use GenAI, voice cloning, and deepfakes to bypass MFA The rise of multi-channel social engineering (email, SMS, voice, collaboration tools) How AI can identify high-risk users and reduce enterprise attack surface What CISOs should be doing now to prepare for AI-enabled threats The future of securing both human and AI workforces This conversation is essential listening for CISOs, security leaders, GRC teams, cloud and identity professionals, and anyone responsible for protecting modern organizations against advanced cyber threats. 🎧 Listen now on Apple Podcasts and Spotify to learn how AI is reshaping cybersecurity—for defenders and attackers alike. www.darkstack7.com/podcast #CyberSecurityAmerica #CybersecurityPodcast #AIandCybersecurity #ArtificialIntelligence #SocialEngineering #Phishing #Deepfake #CISO #SecurityAwareness #UserRisk #CloudSecurity #PodcastSEO

In episode 47 of Cybersecurity America, host Joshua Nicholson is joined by Richa Kaul, CEO and Founder of Complyance, to explore how agentic AI and intelligent automation are reshaping enterprise Governance, Risk, and Compliance (GRC). Richa breaks down why traditional, spreadsheet-driven GRC programs are failing at scale—and how organizations are moving toward real-time risk monitoring, automated evidence collection, and continuous audit readiness. Drawing from her experience as a GRC executive and privacy advocate, she shares how modern GRC teams can reduce manual effort, improve visibility, and position compliance as a true business enabler. In this conversation, we cover: Why legacy GRC models can't keep up with today's threat landscape How AI agents streamline audits and compliance operations Continuous controls monitoring and real-time risk visibility Privacy-first approaches to enterprise AI adoption Third-party risk, regulatory change, and AI governance What CISOs and GRC leaders should expect heading into 2026 Whether you're a CISO, GRC leader, risk professional, or security executive, this episode offers practical insight into the future of enterprise GRC and AI-driven risk management. About the Show Sponsor: Darkstack7 Darkstack7 is a cybersecurity and IT management firm based in Charlotte, NC, founded by Joshua R. Nicholson, a Marine Corps veteran and seasoned cybersecurity leader with experience at Northrop Grumman, EY, Wells Fargo, and Booz Allen Hamilton. The company delivers Fortune 500–level expertise to mid-sized and growing organizations—specializing in Security Engineering, Incident Response, vCISO advisory, Insider Threat programs, and IT Management consulting. Darkstack7 also provides proactive services such as tabletop exercises, cyber readiness assessments, and strategic security architecture, helping organizations build resilient defenses and align technology investments with business objectives. www.darkstack7.com, https://www.linkedin.com/in/joshuarnicholson/ #Cybersecurity #GRC #RiskManagement #Compliance #AI #AIinSecurity #EnterpriseSecurity #CISO #CyberRisk #Governance #Privacy #DataProtection #InfoSec#ThirdPartyRisk #DigitalRisk #CyberLeadership #Podcast

Episode 46: Building the Future with Agentic AI — Deep Dive with Ben Wilcox In this episode of Cybersecurity America, technologist and Proarch leader Ben Wilcox breaks down the biggest insights from Microsoft Ignite, including breakthroughs in agentic AI, emerging security trends, and what organizations must prepare for as AI-driven systems rapidly evolve. Ben reveals: • What's really happening with Microsoft's newest AI technology • How agentic systems are advancing faster than expected • Why data readiness is the foundation of future productivity • How companies should approach security, governance, and infrastructure in the AI era • His early entrepreneurial journey launching a hosting company at age 15 • The unexpected link between technology leadership and high-performance racing We also explore: • Data Security Posture Management (DSPM) • Identity-based attacks and real-world fraud cases • AI's impact on compliance, audits, and supply-chain risk • The rise of agentic workflows, MCP, and automation • Why traditional SaaS may give way to agent-driven platforms This episode is packed with insights for CISOs, IT leaders, engineers, and anyone preparing for the future of enterprise AI. Connect with Ben Wilcox & Proarch: www.proarch.com LinkedIn: Ben Wilcox Sponsored by DarkStack7 – Cybersecurity leadership, vCISO services, incident response, and engineering. www.darkstack7.com Joshua R Nicholson - DarkStack7 Cyber Defense | LinkedIn https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg Agentic AI, Microsoft Ignite, Microsoft AI, Enterprise cybersecurity, Data security, AI agents, AI automation, CISO insights, Cloud security, AI in business, AIPosture management, Identity-based attacks, Fraud prevention, MCP (Model Context Protocol), AI workflows

In episode 45, we sit down with Jasson Casey, CEO and Co-Founder of Beyond Identity, to explore how identity has become the new perimeter in cybersecurity. With over two decades of experience across security, networking, and software-defined infrastructure, Jasson unpacks why traditional defenses are failing and how the next generation of identity security is reshaping cyber resilience. We dive deep into today's identity-based attack landscape — from Russian threat campaigns and TLS fragility to how endpoint trust, hardware-backed credentials, and zero trust authentication are converging. Jasson also shares fascinating insights on securing AI agents, drones, and machine identities, and what it really means to make credential-based attacks "impossible." Whether you're a security leader, technologist, or curious about the intersection of identity, AI, and the future of cyber defense, this episode is packed with forward-thinking insights you won't want to miss. 🔐 Key Topics: - The evolution of identity as the new cybersecurity perimeter - How attackers are exploiting TLS and credential sprawl - Why AI agents and drones demand new identity frameworks - TPMs, device-bound credentials, and the end of password-based trust The future of identity defense and zero trust authentication 🎧 Guest: Jasson Casey, CEO & Co-Founder, Beyond Identity 🔗 Learn more: www.beyondidentity.com 🎙 About the Show Sponsor: Darkstack7 Darkstack7 is a cybersecurity and IT management firm based in Charlotte, NC, founded by Joshua R. Nicholson, a Marine Corps veteran and seasoned cybersecurity leader with experience at Northrop Grumman, EY, Wells Fargo, and Booz Allen Hamilton. The company delivers Fortune 500–level expertise to mid-sized and growing organizations—specializing in Security Engineering, Incident Response, vCISO advisory, Insider Threat programs, and IT Management consulting. Darkstack7 also provides proactive services such as tabletop exercises, cyber readiness assessments, and strategic security architecture, helping organizations build resilient defenses and align technology investments with business objectives.

In episode 44 of Cyber Security America, host Joshua Nicholson sits down with Matthew Waddell, a battle-tested cybersecurity leader with over 25 years of experience in digital forensics, incident response, and ransomware defense. From conducting "just-in-time forensics" under combat conditions in Iraq and Afghanistan to leading global ransomware investigations for Fortune 100 companies, Waddell shares unmatched real-world insight into how cyber threats have evolved—and what it takes to defend against them. Topics Covered: The evolution of ransomware and why it remains a billion-dollar business Real-world stories from digital forensics on the battlefield Practical strategies for preventing lateral movement and improving network segmentation How AI and large language models (LLMs) are changing cybersecurity and cybercrime Why advanced tools like EDR and XDR can fail if humans disable alerts or skip training The promise and peril of AI in security operations, hiring, and incident response Matthew also discusses his upcoming book, Survive Ransomware, a practical playbook for small and medium-sized businesses navigating today's threat landscape. If you're serious about defending your organization—or just curious about how cybersecurity, AI, and human error collide—this episode is packed with lessons, stories, and expert insights. If you are in need of cybersecurity services please visit our sponsor Darkstack7 Cyber Defense at www.darkstack7.com 🎧 Listen, learn, Subscribe, like, and stay secure: http://www.darkstack7.com/media Video podcast on Youtube: Cyber Security America Video Host Info: https://www.linkedin.com/in/joshuarnicholson/ Guest Info: Website: www.tacticallysecure.com LinkedIn: linkedin.com/in/matthewwaddell Book: surviveransomware.com Hashtags: #cybersecurity #ransomware #ai #incidentresponse #digitalforensics #securityoperationscenter #cyberthreats #cyberdefense #infosec #networksecurity #MatthewWaddell #cybersecurityamerica #JoshuaNicholson #dataprotection #techpodcast #cyberawareness #aiinsecurity #SurviveRansomware #edraid #xdr #PowerShellSecurity #TacticallySecure #cyberpodcast #podcast

🎙 Inside the World of Cybersecurity with Steve Stasiukonis Tune in to the latest episode of Cyber Security America as we explore real-world solutions for defending against today's ever-evolving cyber threats. Our guest, Steve Stasiukonis, President of Secure Network Technologies, brings over 29 years of experience in penetration testing, information security, and incident response. In this episode, Steve dives deep into the rise of social engineering, AI-driven attacks, and the increasing sophistication of cybercriminals. He shares firsthand stories from the field, discusses the importance of continuous learning, and highlights why programmatic penetration testing is crucial for safeguarding your organization. 🔑 Key Topics: The Evolution of Cyber Threats Social Engineering Tactics AI's Role in Cybersecurity Penetration Testing Insights & Challenges Insider Threats & Corporate Espionage Incident Response & Real-World Stories Don't miss out on Steve's invaluable insights and the lessons every cybersecurity professional (and enthusiast) can learn from the frontlines of the digital battlefield. 🎧 Listen now on Spotify! #CyberSecurity #PenetrationTesting #SocialEngineering #AIinCyberSecurity #CyberDefense #CyberSecurityAmerica 🔗 darkstack7.com

In our latest Cybersecurity America episode (42), I had the privilege of speaking with Jim Goepel, a true leader in cybersecurity and compliance — and someone who has helped shape the very ecosystem he now advises. Jim is the CEO of Fathom Cyber, a consulting firm in North Wales, PA specializing in: 🔹 CMMC assessment preparation 🔹 CUI education and compliance strategy 🔹 Expert witness services His unique background — lawyer, engineer, author, educator, and one of the architects behind the CMMC ecosystem — means he's seen this challenge from every angle: technical, legal, business, and regulatory. Jim has not only helped companies prepare for and achieve some of the first-ever CMMC certifications, he literally helped create the framework, launch The Cyber AB, and build the financial and training models that sustain the program today. 💡 In our conversation, Jim and I covered: Why CMMC is less about stopping attacks — and more about building resilience The cultural and leadership challenges that make compliance harder than the tech How other governments are now looking to adopt CMMC-like frameworks What small and mid-size businesses must do now to turn compliance into a competitive advantage Whether you're in manufacturing, defense, or any sector touching sensitive government data, this episode is a must-listen if you want to understand not just what's coming, but how to strategically position your organization before the surge. 🎧 Listen here: [https://youtu.be/E0M61k5Z3KI] #CyberSecurity #CMMC #Compliance #RiskManagement #DefenseIndustry #DoD #CyberResilience Sponsored by, www.darkstack7.com - Cyber Defense https://www.linkedin.com/company/cyber-security-america-podcast/posts/?feedView=all&viewAsMember=true

In this episode of the Cybersecurity America Podcast, sponsored by DarkStack7, host Joshua Nicholson sits down with Nia Luckey — Army veteran, published author, and cybersecurity leader — to talk about her powerful journey from military service to the frontlines of cyber defense. Nia shares lessons on resilience, leadership, and transitioning from military to civilian life, while also unpacking the evolving challenges in today's cybersecurity landscape. From the importance of attention to detail, to burnout among cyber leaders, to the risks and opportunities of AI in security and governance, this episode is packed with insight for both aspiring professionals and seasoned experts. Key Topics Covered: - Nia's journey from Army communications to cybersecurity leadersh- ip - Building resilience and avoiding burnout in high-pressure environments - Specialization vs adaptability in cyber careers - AI, risk quantification, and governance in today's security programs - The future of work in cybersecurity Whether you're a veteran, a cybersecurity professional, or simply interested in how resilience and adaptability shape careers, this episode has something for you. 👉 Don't forget to like, comment, and subscribe for more conversations with today's cybersecurity leaders. #CyberSecurity #VeteransInTech #cyberresilience #leadership #cybercareers #aiincybersecurity #riskmanagement #ciso #cyberpodcast #NiaLuckey #cybersecurityamerica

In this episode, sponsored by Darkstack7, Joshua sits down with Chris Cronin, partner at Halock Security Labs and founding partner of Reasonable Risk, to explore the intersection of cybersecurity, risk management, and the legal principles behind "reasonable" safeguards. Chris unpacks the DoCRA Standard and CIS RAM, sharing how historical and legal frameworks can guide today's cybersecurity strategies. From his journey in academia to his leadership in cyber risk, Chris offers practical insights on balancing risk, ensuring compliance, and applying reasonable security measures that stand up to regulatory and legal scrutiny. The discussion covers real-world risk assessments, notable legal cases, and emerging tools that automate and enhance risk management. Key Topics: - How the DoCRA Standard and CIS RAM shape practical risk analysis Applying "reasonableness" from legal precedent to cybersecurity Balancing regulatory specificity with operational flexibility The role of community and professional standards in defining reasonable safeguards Historical analogies, insurance considerations, and executive decision-making in risk management Timestamps: 00:00 Introduction to Cybersecurity Challenges 00:26 Meet Chris: A Cybersecurity Expert 01:25 Chris's Journey into Cybersecurity 02:50 Where Law Meets Cybersecurity 04:37 Defining Reasonable Security Measures 06:37 Regulations and Compliance in Practice 08:24 The Legal Concept of Reasonableness 10:22 Translating Legal Standards into Cyber Practices 14:53 Practical Risk Analysis Steps 21:20 Balancing Flexibility and Specificity in Regulations 24:54 Professional Standards That Shape Reasonableness 25:49 Certifications and Industry Benchmarks 26:17 How Community Shapes Standards 26:34 Lessons from Aviation for Cybersecurity 28:29 The CIS RAM and Risk Assessment Methods 30:51 Legal Implications of Adopting Reasonableness 32:16 Insurance and Risk Management 34:38 Challenges in Incident Response Reporting 39:40 Risk Assessments for Executive Decision-Making 46:02 Closing Thoughts and Call to Action www.darkstack7.com

In episode 39, host Josh Nicholson is joined by memory forensics expert Andrew Case, co-developer of the Volatility framework and co-author of The Art of Memory Forensics. Together, they explore the critical role of memory analysis in modern incident response—uncovering hidden malware, insider threats, and ransomware techniques invisible to traditional disk forensics or EDR tools. Andrew breaks down what's new in Volatility 3, how memory-only malware operates, and why CISA now recommends memory imaging in its emergency directives. Whether you're a responder, analyst, or just curious about advanced DFIR, this episode is packed with practical insight and real-world experience. 🎧 Stay secure—and subscribe for more expert cyber content. https://youtu.be/2q4z9Z2_cwc www.darkstack7.com

Cyber threats aren't slowing down—and neither are we. In episode 38 of Cyber Security America, I sit down with two powerhouses from Surefire Cyber—Karla Reffold and Billy Cordio—to pull back the curtain on what's really happening in today's incident response and threat intelligence landscape. 💡 What we cover: 📈 Real-world ransomware trends (like longer dwell times and SSH backdoors) 📨 Surging business email compromise tactics—attachments are the new attack vector 🔐 Why incident response retainers are more valuable than ever 🔥 Rapid resiliency: 5 key misconfigurations every business must address 🧠 How threat actors are using AI (and why they still don't need it to win) 💬 Candid career advice for aspiring DFIR and intel pros Whether you're a CISO, SOC leader, or cyber-curious professional, this episode gives you front-line insights from the experts handling these threats daily. 🎧 Listen now and secure your edge: [https://www.darkstack7.com/podcast] #CyberSecurity #IncidentResponse #DFIR #ThreatIntelligence #Ransomware #BEC #SurefireCyber #CyberSecurityAmerica #Podcast #EDR #mfa #Resilience #digitalforensics https://www.linkedin.com/in/joshuanicholson/

In this powerful episode, we sit down with Kyle DuPont, CEO and Co-Founder of Ohalo, the trailblazing company reshaping the way organizations understand and manage unstructured data. With deep experience in both finance and technology, including a background at Morgan Stanley, Kyle shares the origin story of Ohalo and how their flagship product, Data X-ray, is revolutionizing data governance through advanced machine learning and natural language processing (NLP). We explore how Ohalo empowers major banks, governments, and enterprises to discover, classify, and protect sensitive data in a world of increasing complexity, compliance pressure, and security risks. From the rise of generative AI to the ethical implications of automation, this episode is packed with practical insights and future-facing perspectives. Whether you're a tech leader, data scientist, or simply curious about the future of AI and data, this conversation is a must-watch. 🕒 Chapter Timestamps 00:00 – Introduction to Kyle DuPont and Ohalo 01:44 – Kyle's Journey to Founding Ohalo 03:35 – Understanding Data X-ray and Its Applications 05:21 – Challenges in Data Security and AI Solutions 07:04 – The Role of AI in Data Management 13:31 – Cultural Insights and Personal Anecdotes 15:27 – Ideal Customers and Use Cases for Ohalo 17:56 – Future of AI and Data Management 20:56 – The Future of AI: Predictions and Implications 21:10 – Automation and Productivity: Embracing AI Tools 21:55 – The Evolution of Coding and Business Processes 24:36 – AI in Business: Real-World Applications 26:46 – Emerging AI Protocols and Security Concerns 29:53 – Ethical and Legal Implications of AI 36:22 – Advice for Aspiring AI Professionals 38:32 – Conclusion and Final Thoughts 📢 Don't forget to like, comment, and subscribe for more expert-led conversations on data, AI, and the future of technology. For the show video versions and the Cyber Battlefield training series are available. https://www.youtube.com/@cybersecurityamerica_show #AI #ArtificialIntelligence #MachineLearning #DataScience #DataSecurity #CyberSecurity #NaturalLanguageProcessing #FinTech #BigData #DataGovernance #GenerativeAI #TechPodcast #StartupStories #Innovation #Automation #FutureOfWork #DigitalTransformation #UnstructuredData #Ohalo #KyleDuPont #DataPrivacy #AIethics #TechLeadership

In episode 36, Josh welcomes renowned intelligence systems expert Stephen Arnold to shine a light on one of the most underestimated threats in cybersecurity today—Telegram. Known to most as a simple messaging app, Telegram is quietly operating as a "super app" for cyber crime. From crypto laundering and hamster games masking gambling platforms, to automated money laundering, dark web-style marketplaces, and human trafficking operations, Telegram's labyrinthine infrastructure is designed for scale, secrecy, and obfuscation. 🔍 What you'll learn: How Telegram morphed into a platform for organized cyber crime The shocking links to cryptocurrency laundering through games like Hamster Combat The automation of criminal finance using bots and wallets Real-world examples of Telegram-enabled fraud, crime, and digital exploitation What law enforcement is doing—and not doing—to combat it The ethical gray zone of Telegram's elusive founder and the platform's murky governance 📕 Featuring insights from Stephen Arnold's upcoming book The Telegram Labyrinth—exclusive to law enforcement and intelligence professionals. 📢 Don't miss this revealing backstage pass into one of the most sophisticated cybercrime infrastructures on the planet. 🔹 Listen now: https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285 🔹 Follow the podcast: https://www.darkstack7.com/ 🔹 Connect with Joshua Nicholson: https://www.linkedin.com/in/joshuanicholson/ 🔔 Subscribe, comment, and share if you're ready to stay ahead in the cyber battlefield. #CyberSecurityAmerica #TelegramExposed #CyberCrime #DigitalUnderground #StephenArnold #JoshNicholson #InfoSec #CryptoCrime #TelegramLabyrinth #HamsterCombat #OpenSourceIntel #MDR #IncidentResponse #CyberIntel #clt #charlotte #CyberSecurityPodcast #DarkWeb #AML #DigitalThreats #CyberRisk #CISOInsights

Join host Joshua Nicholson, a seasoned cybersecurity veteran with over 24 years of frontline experience, as he dives deep into the high-stakes world of incident response and takes you on an exclusive dark web tour. In this power-packed episode, Joshua shares real-world lessons learned from handling hundreds of cyber incidents, breaking down the best practices, critical backup strategies, and common pitfalls that organizations face when responding to attacks. But that's not all—this episode also unmasks the dark web, revealing its hidden layers, the tools and techniques used to navigate it, and the threats lurking in its shadows. From TOR networks, VPNs, and sock puppets to cybersecurity playbooks and business-aligned security strategies, this episode is a must-listen for IT professionals, CISOs, and business leaders alike. 🔹 Listen now: https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285 🔹 Follow the podcast: https://www.darkstack7.com/ 🔹 Connect with Joshua Nicholson: https://www.linkedin.com/in/joshuanicholson/ #CyberSecurity #IncidentResponse #DarkWeb #CyberThreats #CyberDefense #InfoSec #SOC #TOR #VPN #CyberRisk #ThreatIntel #DigitalForensics #EthicalHacking #CyberWar #DataBreach #CyberStrategy

🎙 Episode 34 - Job Hunting: Top 10 Tips to Land the Next One Looking for your next big career move? In this episode of Cyber Security America, we break down the Top 10 Tips to help you navigate the job market and secure your next role with confidence. Whether you're a seasoned cybersecurity professional or just starting out, we'll cover essential strategies—from optimizing your resume and acing interviews to leveraging your network and standing out in a competitive field. 📺 Watch the full video version on YouTube: Cyber Security America 📝 Read the full article on LinkedIn: Job Hunting 2025: Top 10 Tips to Land Your Next Role 👤 Learn more about the host, Joshua Nicholson: 🔗 Website: www.darkstack7.com 🔗 LinkedIn: www.linkedin.com/in/joshuarnicholson 🎧 Listen now on your favorite podcast platform! Don't miss this essential career guide—subscribe, watch, and read to stay ahead in your job search! 🚀

Top 10 GRC Program Tips – Build vs. Buy with an Amazon Leader! We're back with another powerful episode featuring one of the top minds at Amazon. In this episode, we dive deep into Governance, Risk, and Compliance (GRC) and explore the Top 10 Tips for GRC Program Success. Should you build your own security governance tools or buy them off the shelf? Our guest shares expert insights on making the right call for your business! 🔴 Don't miss this! Subscribe and hit the notification bell so you stay ahead in cybersecurity. 🔗 Follow for more cybersecurity insights: 🎧 Listen on your favorite podcast platform 📲 Share with your network #CyberSecurity #GRC #RiskManagement #CyberRisk #BuildVsBuy #Compliance #TechLeadership #Amazon #CyberPodcast #CyberSecurityAmerica #Infosec #DataSecurity #CISO #SecurityOperations #CyberAwareness #CloudSecurity #itsecurity (www.darkstack7.com https://www.linkedin.com/in/joshuanicholson/ https://x.com/nicholsonj7111)

Welcome to Episode 32 of our podcast, where we explore the evolving landscape of cybersecurity in the Middle East. In this installment, we delve into the complexities of implementing Zero Trust in the region, focusing on the challenges and opportunities foreign companies face while adopting this vital framework. Zero Trust is more than a buzzword—it's a multi-faceted journey that requires a deep dive into the five core pillars: identity, network, application, device, and data. These pillars form the foundation of the Zero Trust maturity model, and every organization looking to implement this framework must evaluate its maturity across these domains. Our guest, Kamel Tamimi, a visionary cybersecurity professional with over two decades of experience, joins us to discuss how the Middle East is embracing Zero Trust as a strategic defense against growing threats. Kamel explains that achieving Zero Trust maturity isn't a single-department project or a one-time task—it's a continuous improvement process that involves both technology and practices. As technologies like multi-factor authentication (MFA) become more accessible and affordable, organizations can integrate them into their Zero Trust models to better protect their data and assets. Kamel also highlights how AI and machine learning are revolutionizing Zero Trust, enabling dynamic, risk-based decisions based on a wealth of real-time data. AI's role in Zero Trust is pivotal—processing vast amounts of data quickly to assess the risk of every request. With machine learning, Zero Trust systems can not only verify identities but also detect anomalies such as unusual login times or unfamiliar devices. This dynamic, data-driven approach helps companies better secure their networks, with the flexibility to take actions beyond simply allowing or blocking access. For instance, AI can divert suspicious traffic to deception systems or apply more rigorous security controls based on the risk profile of a user or device. Kamel also touches on the practical side of implementing Zero Trust in the Middle East. It's not about ripping and replacing your infrastructure; it's about re-architecting your security framework to align with the Zero Trust principles. The journey begins with evaluating your identity management system and ensuring it can support advanced features like MFA and single sign-on. The other pillars—network, application, device, and data—must also be addressed in a comprehensive strategy that evolves over time. As we explore these themes, we also discuss broader regional trends, such as the expansion of hyperscale data centers by global tech giants like Google, Oracle, Azure, and Alibaba in Saudi Arabia, UAE, and Qatar. The drive for data sovereignty, regulatory compliance, and job creation is reshaping the cybersecurity landscape in the region, making Zero Trust even more relevant. Join us for an insightful conversation with Kamel Tamimi as we unpack the complexities of adopting Zero Trust in the Middle East and explore the intersection of technology, strategy, and cybersecurity. Stay updated with the latest episodes of Cyber Security America by visiting our YouTube Channel Cyber Security America and subscribing on Apple Podcasts. Connect with Joshua Nicholson on LinkedIn here. #Cybersecurity #MiddleEast #ZeroTrust #AI #MachineLearning #ThreatIntelligence #DataSovereignty #TechAdvancements #DigitalTransformation #Podcast #CybersecurityChallenges #ForeignOperations

Episode 31, Welcome to season two of the Cyber Security America podcast. In this episode, we explore the evolving landscape of cloud security, focusing on critical considerations for organizations migrating to Office 365 and Azure AD. Stay tuned as we unravel essential strategies and insights to bolster your security posture in the cloud. In traditional on-prem environments, users authenticate to domain controllers within a network. However, replicating this infrastructure to Azure Cloud introduces significant changes. Now, users can authenticate from anywhere globally, leading to numerous failed authentications and increased MFA prompts. This new setup can cause account lockouts that do not synchronize back to the on-prem domain controller. Therefore, when moving to Office 365, it's crucial to consider Microsoft's Defender for Identity for enhanced security posture, compliance, threat detection, and vulnerability assessments. One of the most significant security concerns is PowerShell. It's frequently used in legitimate administrative actions and by malicious actors. Hardening PowerShell is essential, and this includes enabling transcription, which captures input and output of commands, and script block logging, which ensures Base64 encoded commands are logged and can be decoded for analysis. This helps to detect and respond to malicious activities without relying on external tools like CyberChef. Furthermore, enforcing script execution policies (restricted, bypass, remote signed, all signed) helps manage which scripts can run, though these policies are not foolproof security controls. The key is to use them as intended to prevent unintended script execution. Constrained language mode is another vital hardening measure, restricting access to commands that can invoke Windows APIs, which are often exploited to download malware. For example, commands like `Add-Type` can load arbitrary C# code and are frequently used in attacks. Additionally, integrating the Anti-Malware Scanning Interface (AMSI) into applications can help detect and prevent script-based threats by scanning unobfuscated scripts before execution. This is particularly useful in environments where PowerShell is heavily used, as it adds an extra layer of security. Effective cybersecurity requires technical depth and business alignment. Start by understanding your industry's regulations and standards. Align your cybersecurity strategy with business risks and integrate threat intelligence, incident response management, and continuous attack surface management. This strategic approach ensures a comprehensive security posture. Finally, as organizations migrate to Azure AD and other cloud services, several key security considerations must be addressed. This includes understanding architecture changes, monitoring data flow, and ensuring tool rationalization. Critical components often overlooked include proper deployment of MFA and firewall management. PowerShell security remains a top priority, requiring logging configurations that decode Base64 and using digital signatures to verify scripts. Emerging technology threats, such as AI model poisoning and DNS over HTTPS, also need attention. Monitoring DNS logs for threat hunting is crucial, but the shift to DNS over HTTPS complicates this. Additionally, remote access solutions like RDP should be used in just-in-time mode to prevent continuous exposure. In summary, moving to the cloud and adopting new technologies necessitates a robust cybersecurity framework that integrates traditional security measures with advanced threat detection and response capabilities. #Cybersecurity #PowerShell #AzureAD #CloudSecurity #Office365 #DefenderForIdentity #MFA #ThreatDetection #ITSecurity #CyberThreats #CloudMigration #PowerShellSecurity #DNSOverHTTPS #AIThreats #RemoteAccess #ITCompliance #SecurityBestPractices #IncidentResponse #ThreatIntelligence

Join us for an illuminating journey into the world of cybersecurity and governance as we sit down with former Governor Pat McCrory, the 74th Governor of North Carolina. In this captivating episode, Governor McCrory offers his invaluable leadership insights on the pressing issue of cybersecurity, particularly within the context of state and local government. #informationsecurity #government #governor #northcarolina #charlotte #asheville #greensboronc #raleigh Discover how the decentralized nature of government at various levels is adapting to the ever-evolving digital landscape. Governor McCrory's extensive experience in public service provides a unique perspective on the challenges and opportunities in safeguarding our digital assets. Explore the real-world implications of cyber threats, with a particular focus on potential threats to the Department of Transportation (DOT). Gain a deeper understanding of how government agencies like DOT are addressing and mitigating these emerging challenges. We'll also delve into the recent Government Accountability Office (GAO) Report on Cyber, analyzing its key findings and recommendations. This report is a must-read for policymakers and cybersecurity professionals, and our discussion will provide valuable insights into our nation's cybersecurity readiness. But that's not all! Governor McCrory has an exciting announcement to share. He will provide insights into a potential Presidential candidacy from the No-Labels political group, offering a unique perspective on the evolving political landscape and the role of cybersecurity in national politics. Tune in to this exclusive episode and engage with Governor Pat McCrory's insights, questions, and the dynamic discussion surrounding critical issues at the intersection of cybersecurity, governance, and national politics. Don't miss this opportunity to gain a deeper understanding of the challenges and opportunities facing our digital world. Patrick Lloyd McCrory (born October 17, 1956) is an American politician, businessman, and radio host who served as the 74th governor of North Carolina from 2013 to 2017. A member of the Republican Party, he previously served as the 53rd Mayor of Charlotte from 1995 to 2009. While serving as mayor of Charlotte, McCrory served on the U.S. Homeland Security Advisory Council from 2002 to 2006 under President George W. Bush. He was the Republican nominee for governor of North Carolina in the 2008 general election. McCrory was again the Republican nominee in the 2012 gubernatorial election and won with 55 percent of the vote. McCrory became the first Mayor of Charlotte to win the state's highest office, as well as the first Republican to win the governorship of North Carolina since 1988.

In episode 29, host Joshua Nicholson welcomes Dennis Kraft, a Penn State graduate and former United States Army Captain who served with the 101st Airborne Division Air Assault in Afghanistan from 2010 to 2011. After his military service, Dennis transitioned to a career in cybersecurity, working for the Department of Veterans Affairs, the Department of Homeland Security, and private companies. He later founded Cyberkraft in 2019 with the mission of bridging the cybersecurity skills gap through elite training courses. Dennis discusses his mission at Cyberkraft, which is to help individuals obtain cybersecurity certifications to advance their careers and fill the growing cyber skills gap. He emphasizes the importance of hands-on training and mentorship, drawing parallels between military training and cybersecurity education. The conversation touches on open source tools versus commercial products, the need for foundational networking knowledge, and the challenges faced by those entering the cybersecurity field. The episode highlights the importance of investing in cybersecurity training and mentorship to prepare professionals for the ever-evolving field of cybersecurity. Dennis also mentions Cyberkraft's competitive pricing, financing options, and veteran discounts for their training programs, emphasizing their commitment to making quality training accessible. The podcast offers insights into the challenges and opportunities in the cybersecurity industry and the value of continuous learning and mentorship. The text discusses the challenges faced by a student in a self-paced entry-level course and suggests that instructor-led training might have been more suitable. The conversation highlights the importance of tailoring teaching methods to individual learning styles and mentions the incorporation of the VARC model (Visual, Audio, Reading, Writing, Kinesthetic) into courses to accommodate different learning preferences. The company, founded in 2019, specializes in cybersecurity training and emphasizes both passing certifications and gaining practical, real-world skills. The text also touches on the use of live labs and hands-on exercises, as well as the importance of understanding the thinking behind complex exam questions. Finally, it briefly discusses cloud certifications like CompTIA Cloud+ and CASP+ as well as the potential alignment of certifications with specific job roles

Welcome to episode 28 of the Cyber Security America podcast with your host Joshua R. Nicholson (https://www.linkedin.com/in/joshuanicholson/). He is excited to welcome Dayle Alsbury (https://www.linkedin.com/in/daylealsbury/), a distinguished cybersecurity expert with over two decades of experience in information security. Dayle has led diverse global teams, delivering innovative security solutions across highly regulated industries like education, healthcare, finance, banking, and energy. Currently serving as the CISO at Litmos, he plays a pivotal role in securely providing eLearning solutions and integrated Learning Management services to more than 20 million individuals in 150 countries. Before joining Litmos, Dayle spearheaded the cybersecurity program at Stride Learning, implementing an exceptional cybersecurity recovery and transformation roadmap that resulted in a remarkable 90% increase in NIST maturity within just 24 months. Prior to that, he held instrumental roles at Blue Cross Blue Shield of Louisiana, driving security innovation, risk reduction, cloud and mobile adoption, and cost-effective cybersecurity management. Dayle's expertise extends beyond a single organization; he also serves as a virtual or fractional CISO and strategy advisor to numerous organizations facing unique cybersecurity challenges. Over the past two decades, he has made substantial contributions to cybersecurity and IT leadership in small organizations and startups spanning various sectors. Beyond his corporate roles, Dayle is an IT regulatory compliance expert and mentor, offering valuable guidance to innovative organizations and professionals. He has also served as an Executive Member of the Blue Cross Information Security Advisory Committee, providing national-level thought leadership to Blue Cross organizations. His expertise further extends to collaborating on cyber skills training and competitions projects and sharing insights with renowned organizations such as CNN, NBC, Time Magazine, Gartner, Radio America, WWL Radio, and many others. In this podcast episode, Dayle and Josh delve into several critical cybersecurity challenges and captivating stories from the trenches: - Deep Fakes: We'll discuss the growing concern of deep fakes and their potential consequences, including incidents like the Ukraine war deep fake video of Putin. - Security Tool Pollution in the SOC: We'll explore the challenges associated with security tool proliferation in Security Operations Centers (SOCs) and strategies to maintain efficiency. - Spoilage & Deep Fakes: Dayle will share stories related to spoilage and deep fakes, highlighting real-world examples and their impact on security. Join us in this insightful audio podcast episode as we navigate the evolving landscape of cybersecurity, Cyber Security America video podcast located (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg)

Welcome to our latest podcast episode (Episode 27), where Joshua R. Nicholson (https://www.linkedin.com/in/joshuanicholson/) embarks on an insightful journey through the dynamic world of #cybersecurity. Our distinguished guest, Joshua Copeland, brings his battle-tested expertise and extensive experience to the forefront. As the Director of Cyber at AT&T, Joshua plays a pivotal role in shaping security solutions for State, Local, Tribal, and Territory (SLTT) entities. In this episode, our two Josh's delve into the critical role of Governance, Risk, & Compliance (GRC) in navigating the cyber landscape. Joshua Copeland provides valuable insights into how GRC serves as a compass, guiding organizations to make informed decisions about where to invest their resources. GRC helps identify vulnerabilities, weaknesses, and risks, providing a roadmap for strategic investments in cybersecurity. Youtube video podcast (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) As Joshua Copeland aptly puts it, GRC helps quantify and understand the true nature of risks. Without this understanding, organizations may find themselves merely throwing money at the latest cybersecurity tools and gadgets. While cool toys and cutting-edge technology are appealing, they must align with an organization's unique risk profile and vulnerabilities. To effectively mitigate risks, organizations need to intrinsically comprehend their risks, their potential impacts, and the available mitigation strategies. This understanding enables them to select the right cybersecurity solutions tailored to their specific requirements. It's not always about having the most expensive Ferrari; it's about having the right tool for the right job, efficiently addressing the identified risks. But our episode doesn't stop there. Before we delve into Joshua's invaluable insights, we dissect the events of August 2023's Patch Tuesday from Microsoft. This episode explores the two zero-day vulnerabilities and a staggering 87 flaws addressed during that release. As we eagerly anticipate September's Patch Tuesday, we reflect on Microsoft's handling of these vulnerabilities, including the intriguing fact that only six were rated as critical. Our discussion extends to major updates from other industry players, including Adobe's security updates for Microsoft Acrobat Reader, AMD's security enhancements for new hardware, and Cisco's necessary security updates for their VPNs due to ongoing vulnerabilities exploitation. Join us for a thought-provoking discussion with Joshua Copeland, touching on cybersecurity insights, hiring practices, leadership, and pathways into the field. Discover how Joshua, an adjunct professor at Tulane University, teaches cybercrime and cyber leadership. #cybersecurity #grc #informationsecurity

Welcome to the 26th episode of How do you managed an operational threat intelligence program? In this installment, Joshua Nicholson (https://www.linkedin.com/in/joshuanicholson/) traverses the realms of business, technology, and those often-unnoticed opportunities that slip through the cracks. Today, our spotlight turns towards a paramount facet that frequently resides in the shadows: Threat Intelligence management. While the realm of Business Intelligence has flourished over decades, employing cutting-edge tools to unveil hidden insights within data, Threat Intelligence has seldom basked in the limelight of decision-making. But why does this crucial component remain relegated to the background? Join us on a journey to unearth the untapped potential and overlooked dimensions of Threat Intelligence. Our host engages in an intriguing dialogue with the distinguished Mr. Brian Mohr, an industry expert who illuminates the striking parallels between Business Intelligence and Threat Intelligence. Despite the availability of advanced technologies, Threat Intelligence remains an underrecognized powerhouse, yearning for its rightful acknowledgment. This episode (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg). imparts the understanding that tools and technology wield great power, yet their impact rests on those who wield them. The conversation underscores the vital role of a Threat Intelligence analyst—a counterpart to a Business Analyst in the realm of threats. Just as a Business Analyst deciphers intricate data for informed decisions, a Threat Intelligence analyst decrypts threats and vulnerabilities, propelling proactive strategies. Our esteemed guest regales us with captivating anecdotes from workshops, where Intelligence teams dissect a corporation's 10-K statement—a goldmine of insights into a company's risks and pursuits. This reveals that Threat Intelligence isn't a distant relation; it's a sibling with its own unique challenges. Join us in dispelling the misconceptions around Threat Intelligence and discovering its potential to revolutionize decision-making. The time has come to honor a discipline that, like Business Intelligence, holds the key to well-informed choices. Tune in to episode 26, as overlooking Threat Intelligence is a regrettable oversight. Our guest today is Brian (https://www.linkedin.com/in/brianvmohr/), co-founder of Reqfast (www.reqfast.com), a program management platform tailored for intelligence and investigative teams. With over two decades in intelligence and security, Brian's journey began in the Marines, specializing in Counterintelligence/Human Intelligence. Transitioning to a financial services company, he implemented threat intelligence workflows. Brian ventured into an intelligence provider, creating workshops and understanding both sides of the threat intelligence relationship. Holding an MS in Cybersecurity, an MBA, and even an Associate of Arts in Chinese Mandari

Welcome to Episode 25 of the podcast, where we dive deep into the intriguing world of cybersecurity in the Middle East. In this installment, we're exploring the unique operational challenges faced by foreign companies operating in the region. Join us as we uncover the threats, risks, and intricate dynamics of this operating environment. Building upon our earlier discussion about the Volt Typhoon incident in May, we're shedding light on the intensified scrutiny surrounding Chinese threat activities. These activities are closely tied to the escalating tensions between China and Taiwan, fueling the urgency to analyze such threats. As the podcast unfolds, we venture into the burgeoning landscape of hyperscale presence within the Middle East. The discussion explores the establishment of data centers by tech giants like Google, Oracle, Azure, and Alibaba in countries such as Saudi Arabia, UAE, and Qatar. We uncover the motivations behind this rapid growth and the regulatory push to ensure data sovereignty, compliance, and job creation. Our guest for this episode, Camille Tamimi (https://www.linkedin.com/in/kameltamimi/), an esteemed cybersecurity professional with over two decades of experience, joins us from Dubai, the heart of Middle East cybersecurity and technological advancements. Camille brings a wealth of knowledge and insights into the regional digital transformation and modernization efforts. Threat Intelligence takes center stage as we delve into recent developments. ChatGPT's use in refining Arabic phishing attacks, the alarming employment of the 'Evil Proxy' technique to target VIPs and bypass MFA, and the activities of Threat Actor Storm0558, responsible for compromising O365 accounts at high-profile government entities, are just some of the eye-opening topics we'll explore. The global stage also comes into play, with Russian and Chinese naval exercises around Alaska raising concerns. We're thrilled to be joined by Kamel Tamimi, a seasoned professional with deep expertise and insights into the cybersecurity landscape of the Middle East. With a background spanning sales, engineering, and leadership roles, Kamel's presence adds invaluable depth to our discussion. Tune in to gain an in-depth understanding of the cybersecurity challenges, triumphs, and intricacies that define the Middle Eastern cybersecurity realm. Thank you for joining us on this illuminating journey into the heart of digital defense and transformation. To stay updated on the latest episodes of Cyber Security America, visit the Cyber Security America YouTube Channel (https://www.voiceamerica.com/show/4125) and subscribe to the Cyber Security America Apple Podcast (https://podcasts.apple.com/us/podcast/cyber-security-america/id1668216285). Connect with Joshua Nicholson on LinkedIn (https://www.linkedin.com/in/joshuanicholson/) #Cybersecurity #MiddleEast #Threats #DataSovereignty #TechAdvancements #DigitalTransformation #PodcastEpisode #ForeignOperations

Welcome to **Cyber Security America**, your ultimate hub for all things cybersecurity in the digital era. I'm your host, Joshua Nicholson (https://www.linkedin.com/in/joshuanicholson/), and today we're delving deep into the realm of cutting-edge cyber security managed and consulting services. Get ready to uncover groundbreaking strategies that are reshaping the way we combat digital threats. Our spotlight shines on Pat Joyce (https://www.linkedin.com/in/pjoyce/), a seasoned veteran in the cyber world with an impressive two-decade career. From roles as an enterprise security consultant, a security program leader, to a security product development leader at esteemed organizations like Accenture and Booz Allen Hamilton, Pat now stands as a driving force at DeepSeas (www.deepseas.com). Armed with a B.S. in Management Information Systems from the University of Massachusetts Dartmouth, Pat's insights bring invaluable depth to our discussion. In a landscape where organizations grapple with the intricate challenge of integrating a myriad of security tools from diverse vendors and service providers, Pat unveils a brilliant solution crafted by DeepSeas. As Pat eloquently describes, We typically have environments with multiple products from various vendors, and we strive to integrate them. However, the margins between the management service, tool A, and tool B often harbor significant risks. YouTube Channel: (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) Ever wondered how global titans seamlessly weave together an array of security capabilities into their defense strategies? Join us as we embark on a journey through this intricate landscape, exploring how even smaller entities can rise to the challenge without extravagant resources. Pat Joyce sheds light on DeepSeas' pioneering approach that levels the playing field – introducing Managed Detection & Response plus (MDR+). Leveraging their extensive experience gained from reputable enterprises and esteemed consultancies, DeepSeas introduces an avant-garde platform that redefines cyber defense for organizations of all sizes. Pat further elucidates, We've assembled a team of experts who have worked within the largest enterprises and top-tier consultancies, including Fortune 100 companies. Our platform serves to rationalize tools, bringing diverse stakeholders together under one unified platform. DeepSeas stands as more than just a name; it's a symbol of innovation and excellence. With over three decades of delivering premier Managed Cyber Defense Services across five countries, they are at the forefront of the innovative global MDR landscape. Their accolades include Frost & Sullivan's 2022 Frost Radar recognition and being featured in Gartner's MDR Market Guide. Notably, their log aggregation platform secured the prestigious MSP 501 Winner title for two consecutive years.

Welcome to Episode 23 of Cyber Security America, where we delve deeper into the world of cybersecurity careers in part 2 of our special series, Building a Cybersecurity Career: The Journey to CISO. In this episode, we are honored to host two remarkable guests who have risen to the prestigious position of Chief Information Security Officer (CISO) in the Financial Services industry. Join us as we hear the inspiring stories of Joshua Stabiner and Tom Baxley, two highly skilled and seasoned cybersecurity professionals. Joshua Stabiner is the CISO at General Atlantic in New York City leading the cybersecurity effort, protecting over 84.4 billion in assets under management. He takes us through his incredible journey, starting as a junior Cybersecurity consultant and making his way up to establishing a leading cybersecurity function at Pine River Capital Management. During his impressive 10-year tenure at EY, Josh also led cyber threat management advisory services for esteemed financial sector clients. Now, as the head of cybersecurity efforts at General Atlantic, managing over 84.4 billion in assets, he shares his insights on the critical cybersecurity challenges faced by organizations today. Not only does Josh excel in his role, but he also serves as the Chairman of the FS-ISAC Alternative Investors Council and has been a Cybersecurity Advisory Board Member for Pace University's Seidenberg School of Computer Science and Information Systems. With a bachelor's and master's degree in Computer Science from Dartmouth College and a CISSP certification, his expertise is truly unparalleled (https://www.linkedin.com/in/josh-stabiner/). Our second guest, Tom Baxley, brings his wealth of experience as the Chief Information Security Officer at Balyasny Asset Management (BAM). With a background as the CISO at Pine River Capital Management and as an Information Security Engineer, Tom has a unique perspective on the industry. Before his impressive tenure at Pine River, he honed his skills at Ernst & Young as a Cybersecurity Consultant. Tom holds a Bachelor of Science degree in Information Security and Forensics from Rochester Institute of Technology, adding further credibility to his knowledge (https://www.linkedin.com/in/tbaxley/) Join us as we dive into the minds of these cybersecurity experts and gain invaluable insights for the future. Discover how they tackle some of the most pressing cybersecurity issues in the Financial Services sector and how to prepare yourself for the responsibilities of the role. Whether you're an aspiring CISO or a cybersecurity enthusiast, this episode is packed with invaluable knowledge and tips. And don't forget to engage with us using the following hashtags to join the conversation on the most popular cybersecurity topics: #cybersecurity #CISO #infosec #threatintelligence #vulnerabilitymanagement #securitymonitoring #incidentmanagement #securityengineering #FSISAC #CISSP #GeneralAtlantic #PineRiverCapital #EY #deepseas

Welcome to today's episode! In contrast to our previous discussions on #artificialintelligence, #cloudsecurity, and #burnout, we are taking a different approach today. We have the pleasure of hosting two remarkable CEOs from cybersecurity technology companies. These individuals are at the forefront of driving innovative solutions to tackle the most complex cybersecurity challenges. With their extensive industry knowledge and proven track records, they have successfully developed applications and services that promote innovation, mitigate risks, and enable modern enterprises to thrive in this ever-changing landscape of cyber threats. To add more value, we have invited our esteemed guests to shed light on the top five crucial aspects that the CISO community should be aware of. Their insights will help us gain a deeper understanding of these critical issues. Joining us today are Chris Lehman and Chris Freedman, who will share their expertise and perspectives on this compelling subject. So, let's dive in and explore the valuable insights they bring to the table. Chris Lehman is the Chief Executive Officer (CEO) of SafeGuard Cyber. Chris is a seasoned senior executive with more than 20 years of experience working for some of the highest growth and most successful technology companies in the world. Most recently, Chris was the Chief Revenue Officer (CRO) for ExtraHop, where over four years, he helped lead their transformation into #CyberSecurity's leading Enterprise Network Detection and Response (NDR) company. During Chris' time at ExtraHop, he was responsible for all Go-to-Market functions, and they grew their ARR over 700%, culminating in the successful sale of the business to Bain Capital and Crosspoint Ventures. Prior to ExtraHop, Chris held senior leadership positions at FireEye, Salesforce.com, EMC, and Documentum. Chris holds a BA in Communications with a minor in Business Administration from the Pennsylvania State University. #cybersecurityexpert Chris Freedman is a highly accomplished business leader with a diverse background in diplomacy, business, and philanthropy. Chris began his career serving as a diplomat with the Atlantic Treaty Association and founding a regional real-estate development firm. He continued his career by founding and managing various corporations in the U.S., including MyBenefitsLab, a national online provider of diagnostic testing with the nation's largest laboratories and national physician's network. In 2016, Chris co-founded OnDefend, an international #cybersecurity firm, where he currently serves as the CEO. Civically, Chris has also served several charitable organizations, including Best Buddies Jacksonville and the American Red Cross of Northeast Florida. Chris graduated with the highest honors from the University of Florida. #businessleadership In recent news, the U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog,

Welcome to the Cybersecurity America Podcast! In episode 21, we have an exciting lineup of topics that cover critical insights from the DeepSeas (https://www.deepseas.com/learn/) Cyber Threat Intelligence (CTI) desk and the latest in cybersecurity innovation with Salem Cyber. Prepare for an informative and engaging discussion! #malware #informationsecurity #infosec #windows #cyberattack #ciso Host, Joshua R Nicholson (https://www.linkedin.com/in/joshuanicholson/) YouTube Channel: (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) Podcast Home Site: (https://www.voiceamerica.com/show/4125) In the first part of the episode, we bring you crucial insights on the recent MOVEit managed file transfer vulnerability, now identified as CVE-2023-34362. Learn about how threat actors exploited this vulnerability in Progress' MoveIt software as early as May 27th. Taking advantage of the Memorial Day weekend and limited staffing, they conducted scans and extracted files from multiple organizations. We delve into the tactics employed by threat actors, including the targeting of widely-used software and exploiting holidays when staffing is low. Microsoft and Mandiant have identified clap ransomware as the primary threat actor behind these attacks. What sets this incident apart is that clap ransomware instructed affected organizations to reach out and contact them instead of the usual extortion email. This unexpected approach raises questions about their motivations and capacity to handle a large cache of information. The second part of the episode shifts focus to cybersecurity innovation. We're joined by John Bagg, the co-founder and CEO of Salem Cyber, an AI cybersecurity startup. With over a decade of experience, John shares his expertise in implementing cyber technology and threat detection programs for top commercial organizations. He introduces us to their flagship technology, the Virtual Cyber Analyst, which addresses the challenge of alert overload faced by cybersecurity experts. By leveraging AI capabilities, organizations can prioritize alerts and empower their analysts to focus on critical matters. This episode highlights the significance of reducing attack surfaces, implementing robust monitoring systems, and having a well-defined playbook for incident response. We delve into crucial questions you need to ask within your cyber fusion center or IT department to enhance your cybersecurity measures. Join us for this thought-provoking discussion as we navigate the landscape of cybersecurity, starting with the MOVEit vulnerability incident and moving on to the innovative solutions offered by Salem Cyber. Stay tuned for valuable insights and updates on the latest trends in the field. #Cybersecurity #ThreatIntelligence #DataBreach #Ransomware #AttackSurfaceReduction #IncidentResponse #Innovation #AI #Startup #ThreatDetection #AlertFatigue #AnomalyDetection #SalemCyber #CVE-2023-34362

Welcome to our podcast, where we explore the fascinating world of generative AI and its profound impact on various fields. Join us as we delve into the intricate details of different models designed for specific tasks, such as text generation, native speech processing, and image/video generation. We also address the pressing concerns surrounding privacy and security in the realm of AI technologies, including the potential risks of phishing emails and deep fake attacks. #malware #informationsecurity #infosec #windows #cyberattack #ciso (https://www.linkedin.com/in/joshuanicholson/) YouTube Channel: https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg Podcast Home Site: https://www.voiceamerica.com/show/4125 In our discussions on text generation, we thoroughly examine popular models like ChatGPT, Bard, Lama, and Bloom, shedding light on the distinctions between closed-source, open-source, and academic models. Additionally, we emphasize the significance of leveraging open-source models from platforms like Hugging Face, while carefully considering the implications for cybersecurity. Discover how organizations can effectively navigate the use of AI models to protect their data and privacy. In this week's Intelligence report, we highlight notable cyber-attacks, including the insidious Akira ransomware and the successful neutralization of the Snake malware by the FBI. We delve into the details of the recent attack on Bluefield University, ensuring you stay informed on the latest developments in cybersecurity. Follow our insightful discussions on topics like AI, machine learning, and enterprise security, as we unveil the crucial intersections between these fields. The Akira ransomware has ruthlessly targeted and breached the security of 16 companies across diverse industries. Employing an encrypt-and-ransom tactic, they demand exorbitant sums of money from their victims. To intensify the pressure, the gang has created a unique data leaks site with a captivating 1980s retro aesthetic. Visitors to the site must navigate using console commands, adding an intriguing dimension to their illicit activities. The leaked data ranges from sizes as small as 5.9 GB to a staggering 259 gigabytes. Ransom demands vary from $200,000 to multimillion-dollar figures, with provisions for lower amounts if the target companies solely wish to prevent the leak of their stolen data. We also revisit the multinational operations that successfully neutralized the Snake malware, a highly sophisticated cyber espionage tool developed by Russia's Federal Security Service (FSB), known as Turla. This covert P2P network of infected computers spanned across 50 countries and targeted government research networks, research facilities, journalists, small businesses, media organizations, and critical infrastructure segments within the United States. #GenerativeAI #PrivacyConcerns #Cybersecurity #AIModels #Ransomware #Malware #FBI #Snake #Podcast #Tech #CybersecurityAwareness

Welcome to another episode of Cyber Security America with your host, Joshua Nicholson (https://www.linkedin.com/in/joshuanicholson/). In this episode, we delve into the world of cloud computing and its impact on cybersecurity. We explore the major cloud platforms such as AWS, Azure, and GCP, along with their deployment and service models. Discover the benefits of cloud computing, including Infrastructure as a Service (IAAS), Platform as a Service (PAAS), and Software as a Service (SAAS). Podcast Home Site: (https://www.voiceamerica.com/show/4125), YouTube Channel: (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) We also tackle the characteristics of cloud computing, including on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service, virtualization, service-oriented architecture (SOA), grid computing, and utility computing. Gain insights into how these characteristics shape the cloud security landscape. This week's Intel briefing covers two critical vulnerabilities: CVE-2023-28771 affecting week's ZyWALL/USG series firmware and CVE-202-2868, a remote command injection vulnerability resulting from incomplete input validation of user-specified dot tar files. Furthermore, we dive into the fascinating topic of conducting Incident Response (IR) in the cloud versus on-premises. Explore the six major differences between these environments and understand the unique challenges and considerations for cloud-based IR. Joining us as our special guest is Martin Brough (Senior Manager of Cyber Defense Operations @ ARM semiconductors). He is a seasoned information security professional with over 20 years of experience. Martin's expertise spans various domains, including secure communications systems, email security, malware analysis, SIEM system logging, and cloud-based threat hunting. He is particularly well-versed in the field of Incident Response, with extensive knowledge in security design, training, and detection and response playbook writing. Martin has shared his insights at renowned conferences such as Def Con, Blackhat, and DerbyCon, and he has contributed to notable security publications like PenTest Magazine and Cyber Defense Magazine. Tune in as we explore the intricate world of cloud computing and its impact on cybersecurity. Stay informed and gain valuable insights on how to secure your cloud infrastructure effectively. This episode is a must-listen for both security professionals and enthusiasts alike. Remember to subscribe to Cyber Security America for more captivating discussions on the latest trends and challenges in the ever-evolving world of cybersecurity. Sponsored by (www.deepseas.com) #CyberSecurity #CloudComputing #AWS #Azure #GCP #IAAS #PAAS #SAAS #CloudSecurity #Virtualization #SOA #GridComputing #UtilityComputing #IncidentResponse #CloudIR #OnPremiseIR #InformationSecurity #Podcast #CyberSecurityAmerica #CybersecurityPodcast #DeepSeasSponsor

There is no doubt that corporate America and our Nation is in desperate need of #cybersecurity analysts and engineers to protect critical infrastructure. For most of the shows on the #CyberSecurityAmerica podcast, we focus on tactical areas of knowledge in order upskill security practitioners in management and executive #leadership. In this episode, we are taking on the sticky subject of mental fatigue and burnout on the job. We have all experienced it at one time or another. We get to a point of mental exhaustion and our well-being and health starts to slip. The stress builds up and we may find external chemical-based mood enhancers such as alcohol or drugs to address the stress, we started fighting with loved ones, friends, and co-workers, which could lead to us making bad employment decisions. In this episode, Chloé talks about what she feels is the greatest stress accelerator which is the number 1 cause of burn-out - poor leadership. Our guest today is Chloé Messdaghi, an accomplished security executive, CEO & Founder of Global Secure Partners, known for advising and developing solutions that have improved security teams and the industry. A sought-after public speaker and trusted source for national and sector reporters, her work has been featured in numerous outlets, and she has been recognized as a Power Player in #Cybersecurity by Business Insider and SC Media. Chloé is also dedicated to various charitable causes, demonstrating her commitment to driving positive change. This week's Intelligence briefing (www.deepseas.com) focusing on Nation State activities related to Operational Technology (OT) and ICS SCADA systems. The first one was a piece of malware that was discovered as Cosmic Energy by Mandiant and an implant from China named Volt Typhoon. Volt is another OT technology implant used primarily for espionage. #malware #informationsecurity #infosec #windows #cyberattack #ciso (https://www.linkedin.com/in/joshuanicholson/) YouTube Channel: https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg Podcast Home Site: https://www.voiceamerica.com/show/4125 Disclaimer: - This podcast is for informational purposes only and should not be considered legal or professional advice. - We are not responsible for any losses, damages, or liabilities that may arise from the use of this podcast. - This podcast is not intended to replace professional technology advice. - The views expressed in this podcast may not be those of the host or the management.

Welcome to the Cyber Security America show, a platform for exploring the dynamic and ever-evolving world of cybersecurity and information technology. In episode 17, we delve deep into the topic of zero trust, a security model that assumes all users, devices, and applications are potentially hostile, and requires strict access controls and verification measures to prevent data breaches. We also discuss the national security situation surrounding Jack Teixeira and its impact on security controls in the future. #cybersecurity #zerotrust #nationalsecurity Our guest for today's episode is Gordon Lawson, CEO of Conceal.io, who brings years of experience and ability in implementing zero trust strategies for some of the largest organizations in the world. Together, we explore the concept of zero trust, its advantages and challenges, and how it differs from traditional security models. We also discuss the future of zero trust and how it's shaping the cybersecurity landscape, including the innovative ConcealBrowse technology that detects, defends, and isolates malicious internet traffic. #zerotrustimplementation Gordon Lawson has over 20 years of experience in the physical and cyber security space, with a focus on SaaS optimization and global enterprise business development. Prior to joining Conceal, he was President at RangeForce, a cyber training platform company, and SVP of Global Sales at Cofense through their $400MM acquisition by BlackRock in 2018. With his background as a U.S. Naval Officer and a graduate of the Air Force Command and Staff College and the Army Airborne School, Gordon offers unique insights into the implementation of zero trust strategies and the future of cybersecurity. #cybersecurityleader #militaryexperience Threat Intel Report: US Intelligence Agencies and international partners from the 5 Eyes alliance have released a report detailing Russia's Snake Malware, a peer-to-peer network that infected multiple devices, including diplomatic missions and NATO areas. The malware was a significant part of the Turla framework used by Russian cyber threat actors and attributed to the Federal Security Service Center 16 and military unit 71330, also known as Berserk bear. The report supplies recommendations for mitigations and scanner technology. Additionally, a cybersecurity firm reported a threat actor trying to extort executives by compromising new hire credentials, showing the need for ongoing monitoring and protection of human elements in cybersecurity. The growing impact of cyberattacks on physical outcomes is also noted. #cybersecuritythreats #malware #5eyesalliance

Welcome to the Cyber Security America Show, where we dive into the sea of complex technologies and provide real-world context to the world of Cyber Security and Information Technology. In episode 16, we explore the various jobs and roles within the industry, including penetration testers, vulnerability managers, detection analysts, threat hunters, Cloud Security Architects/Engineers, Cyber Security mentorship resources, and Incident Response (IR). Our Threat Intelligence briefing covers the Apple Rapid Response situation, where lack of proper and honest communication caused unnecessary mistrust. We also discuss the latest Ransomware attack against the City of Dallas, U.S. Cyber Teams, and the upcoming International Cyber Competition in San Diego later this year. Our guest for this episode is Steve Cobb, CISO for Security Scorecard, who brings over 30 years of leadership and consulting experience involving IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Steve is passionate about sharing his knowledge and experience with others through mentorship and training and is a coach for the US Cyber Team. Don't miss out on the US Cyber Games, North Carolina Cyber Academy, Black Hills Training, and Chris Saunders Training. Register now and take the next step in your Cyber Security journey. US Cyber Games - https://www.uscybergames.com/ North Carolina Cyber Academy - https://www.myncca.com/ Black Hills Training - https://www.antisyphontraining.com/ Chris Saunders Training - https://www.networkdefense.co/courses/ - Investigation Theory Join us on this informative episode and stay up to date with the latest Cyber Security news and trends. Follow us on social media and use the hashtags #CyberSecurityAmericaShow #CyberSecurity #InformationTechnology #ThreatIntelligence #USCyberGames #NorthCarolinaCyberAcademy #BlackHillsTraining #ciso #ChrisSaundersTraining to stay connected.

In today's hyper-connected world, no organization can tackle computer threats alone using just their own people, processes, and technology. A successful Chief Information Security Officer (CISO) or Director of Security Operations needs to engage and leverage technology vendors, strategic integrators, and consulting partners to accomplish their mission. That's why we're thrilled to have Mike Johnson, Vice President of Partners & Alliances at DeepSeas, as our expert guest in this episode titled Cyber Supply Risk Management: Defense Strategies for maximized outcomes. Mike brings a unique mix of technical and advisory skills, honed through his experience building successful partner networks at SIEM vendors LogRhythm and Securonix, SaaS GRC provider Pathlock, and now DeepSeas. But first, let's take a look at the latest cyber threats. This week's Cyber Threat Intelligence (CTI) report tracks the active exploitation of PaperCut, a remote code execution (RCE) vulnerability impacting all PaperCut MF or NG versions 8.0 or later (CVE-2023-27350). Additionally, an information disclosure flaw has been found in PaperCut MF or NG versions 15.0 or later (CVE-2023-27351). Reports indicate that the primary exploitation is being done by the ransomware operators of Lockbit and Clop. And if that's not enough, there's a new exploit kit on the block - MacOS Stealer or Atomic Mac OS Dealer (Amos) malware - being sold on Telegram for $1,000 per month. This kit can obtain iCloud Keychain passwords, files from the desktop or documents folder, and can also get the Mac OS password. Don't be caught unprepared - stay up to date with the latest cyber threats and defense strategies. And remember, the material and information presented here is for general information purposes only. Stay Secure and don't forget to Like, Subscribe, Comment, and turn on notifications

In the 14th episode of Cyber Security America, we explore one of the most devastating threats that small and large business face today. Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. In recent years, ransomware incidents have become increasingly prevalent among the Nation's state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion. The monetary value of ransom demands has also increased, with some demands exceeding US $1 million. Ransomware incidents have become more destructive and impactful in nature and scope. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small. From https://www.cisa.gov/stopransomware/ransomware-guide This Ransomware Guide includes two resources: Part 1: Ransomware Prevention Best Practices Part 2: Ransomware Response Checklist • Policy-oriented or technical assessments help organizations understand how they can improve their defenses to avoid ransomware infection: https://www.cisa.gov/cyber-resource-hub Contacts: • SLTT organizations: [email protected] • Private sector organizations: [email protected] Ransomware Quick References • Security Primer – Ransomware (MS-ISAC): Outlines opportunistic and strategic ransomware campaigns, common infection vectors, and best practice recommendations: https://www.cisecurity.org/white-papers/security-primer-ransomware/ • Ransomware: Facts, Threats, and Countermeasures (MSISAC): Facts about ransomware, infection vectors, ransomware capabilities, and how to mitigate the risk of ransomware infection: https://www.cisecurity.org/blog/ransomwarefacts- What are the lessons learned on how best to work together to break down the barriers of communications and prioritization. Don't miss this informative episode to learn more about the and its importance in securing your enterprise. Remember to like, subscribe, and turn on notifications for future episodes. Cyber Security America Podcast https://www.voiceamerica.com/show/4125

Don't forget to like, subscribe, and turn on notifications for future episodes. Welcome to the 13th episode of Cyber Security America, where we delve into the challenges and issues related to managing up and cultivating the complex relationship between the Chief Information Officer (CIO), Chief Information Security Officer (CISO), and the Board of Directors. Effective identification and mitigation of systemic corporate risk toward technology crown jewels and assets are crucial for the success or failure of a company's Cyber Security program. In this episode, we explore the lessons learned on how to work together to break down the barriers of communication and prioritization. Join us for this informative episode to learn more about this critical issue and its importance in securing your enterprise. Our guest speaker for this episode is George Tsantes, a renowned Cybersecurity expert with over 40 years of experience in delivering innovative solutions and securing enterprises across industries. He is the co-founder and CEO of CYBERPHOS, a Software as a Service (SAAS) focused on improving cybersecurity risk governance. He also operates GT3 Consulting, a boutique consultancy that helps clients across a wide spectrum of industries understand and manage their cybersecurity risk. During his career, Mr. Tsantes was a Principle at EY where he led the firm's cybersecurity practice for the Financial Services Office (FSO) and advised many of EY's key clients across a wide range of cyber topics and projects. He was also Executive Vice President and Chief Technology Officer of Intersections, Inc., and a Partner at Accenture, a global management consulting and technology services company. He is the co-author of Cybertax, Managing the Risks and Results and a frequent speaker at corporate and industry events. As part of this episode, we will also be discussing the latest Cybersecurity threats, including CVE-2023-21554 rated as a 9.8 CVSS score, a RCE vulnerability involving Microsoft Message Querying Services, and CVE-2023-28528252, an out of bound write vulnerability in Microsoft Windows that is being exploited by the Ransomware group known as Noco Ywa. Additionally, research shows that over 360,000 IP addresses are exposing Microsoft MSMQ services over the Internet via TCP port 1801, and the Lockbit 3.0 attack strikes again. Join us for an insightful discussion on Executive Development and how to avoid the CISO, CIO, and Board Communications chasm. Follow us on Cyber Security America Podcast https://www.youtube.com/@cybersecurityamerica_show/featured #cybersecurity #CISO #infosec #Iinformationsecurity #riskreduction #threatintelligence #computersecurity

Tune in to episode 12 of Cyber Security America, airing live on Tuesdays at Noon ET on VoiceAmerica. In this week's discussion, we will continue the conversation from the previous episode and delve deeper into the topic of Security Operations Center (SOC) delivery models. Join Josh and special guest, Mr. Paul Dwyer, as they explore the best practices and lessons learned for optimizing SOC performance and maturity. As a former Global IBM Security Partner with vast experience in SOC implementation and optimization, Mr. Dwyer brings invaluable insights to the table. Don't miss this opportunity to learn about SOC strategy design, implementation, and optimization techniques, as well as the latest developments in Risk Analytic Centers (Fusion Centers). Follow the links below to listen to the episode on Spotify and access more resources on the topics of SOC, threat detection, and cyber defense. #SOC #securityoperations #threatdetection #threatresponse #MDR #cybersecurity #cyberthreats #cyberdefense #cyberthreatintelligence #manageddetectionandresponse #threatintel #threatintelligence #deepseas https://www.linkedin.com/in/joshuanicholson/

The Untold History of Women in Cyber Security. In this new episode, we hear from women who are leading cyber defense teams, developing cutting-edge technology, and driving innovation in the cyber security field. They will share their stories, the challenges they have faced, and how they met them head on. We also discuss how the cyber security industry benefits from diversity. Join us as we contribute to the documentation of women's impact in the cyber security industry and learn from the experiences of women who are paving the way for the next generation of leaders. This is The Untold History of Women in Cyber Security." https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg

In the 10th episode of Cyber Security America, we delve into the crucial field of Identity & Access Management (IAM). We discuss how identities, access rights, and permissions all play a crucial role in providing secure access to data and applications across multiple ecosystems. Our guest Rakesh, a cybersecurity leader with over 18 years of experience, highlights the often-overlooked aspect of User Experience and the need for dedicated resources to drive a successful IAM program. He shares insights into how small and mid-sized companies can implement these functions to achieve maximum risk reduction. Don't miss this informative episode to learn more about IAM and its importance in securing your enterprise. Remember to like, subscribe, and turn on notifications for future episodes. Rakesh is a Cybersecurity leader with 18+ years of progressive experience assisting Fortune 500 companies in implementing security and risk management programs. He was previously the Head of IAM for an Insurance company and managed all aspects of IAM incl. governance, strategy & roadmap, engineering, regulatory compliance, and operations. He has worked in a variety of leadership positions running several IAM services. He has been a management consultant at Big-4 organization where he was part of the Cybersecurity consulting group focused on Financial Services. Outside of IAM, Rakesh also has experience across broader areas of Cybersecurity incl. endpoint and data security, network security, vendor risk management and cyber governance. Rakesh has a bachelor's degree in Computer Science Engineering from VTU, India and holds CISSP, CISM and CRISC certifications. He is based out of Charlotte, where he lives with his wife and two kids. In his free time, he enjoys going on treks, training for marathons, playing poker and motorbike rides. #cybersecurity #CISO #infosec #IAM #userexperience #riskreduction

Join us for the 9th episode of Cyber Security America as we explore the journey of a cybersecurity professional who climbed the ranks from junior Cybersecurity consultant to the coveted position of Chief Information Security Officer (CISO). Our guest, Josh, shares his experience of working as a consultant at EY and ultimately leading the cybersecurity efforts at General Atlantic, managing over 84.4 billion in assets under management. Josh discusses how he established and developed a leading cybersecurity function at Pine River Capital Management and led cyber threat management advisory services for financial sector clients during his 10-year tenure at EY. He also shares his insights on the most critical cybersecurity challenges facing organizations today, including threat intelligence, vulnerability identification and remediation, security monitoring and analytics, incident management, and security engineering. In addition, Josh serves as the Chairman of the FS-ISAC Alternative Investors Council and formerly served as a Cybersecurity Advisory Board Member for Pace University's Seidenberg School of Computer Science and Information Systems. With a bachelor's and master's degree in Computer Science from Dartmouth College, he is also a certified CISSP. Join us to gain valuable insights from Josh's cybersecurity journey and learn from his experience in dealing with the most pressing cybersecurity issues. Don't forget to use the following hashtags for the most popular cybersecurity topics: #cybersecurity #CISO #infosec #threatintelligence #vulnerabilitymanagement #securitymonitoring #incidentmanagement #securityengineering #FSISAC #CISSP #GeneralAtlantic #PineRiverCapital #EY #deepseas #DartmouthCollege #SeidenbergSchool #cybersecurityamerica

Welcome to Cyber Security America, the podcast where we delve deep into the world of cybersecurity and provide insights on past trends, current challenges, and areas for improvement. Our goal is to help you stay informed and prepared for the next cyber threat. In this episode, we have a very special guest, Bruce Schneier, an internationally renowned security technologist, known as a security guru by The Economist. With over a dozen books and hundreds of articles and academic papers under his belt, Bruce is a true legend in the information security field. He's also the author of the latest book, A Hacker's Mind, where he takes hacking out of the world of computing and uses it to analyze the systems that underpin our society. During our conversation, Bruce provides us with valuable insights on the current state of cybersecurity. He discusses the impact of coordinated takedowns by federal forces on ransomware actors, and how less payment transactions on the blockchain related to ransomware actors is a promising sign. He also highlights an emerging threat, Black Lotus, and shares his thoughts on how artificial intelligence thinking like a hacker could be catastrophic. This episode is packed with expert tips and lessons learned. So tune in now to Cyber Security America and join the conversation. Don't forget to check out our website, DeepSeas, for more information on cybersecurity. You can also follow Bruce Schneier on Twitter at @schneierblog for more updates and insights on cybersecurity thought leadership. https://www.linkedin.com/in/joshuanicholson/ https://twitter.com/nicholsonj7111

The landscape of cyber security threats is evolving, and with it, so are the methods of penetration testing and control validation. Sophisticated organizations now use a continuous purple-teaming methodology that combines offensive testers (Red Teamers) with Cyber Defenders (Blue Teamers) to identify blind spots in their Detection & Response (D&R) controls before a breach occurs. This new approach, called Breach Attack Simulation (BAS), is transforming the way security controls are tested and how analytics are developed. In this episode of our Cyber Security America podcast, we discuss best practices and lessons learned from the purple-teaming revolution. We explore the need for vigilance in monitoring desktop telemetry from EDR solutions, the effectiveness of Network Intrusion Detection Systems (NIDS) sensors and supporting log analytics. The days of simple penetration testing are over, and we explore what to look for in a Breach Attack Simulation managed or in-house capability. Join the conversation and don't miss out on this game-changing episode, packed with expert tips and insights. Listen now on and watch on YouTube at https://www.youtube.com/watch?v=3nDjc6RaZ3Q. #DetectionAndResponse #intelligence #threatintelligence #ThreatHunting #informationsecurity #Podcast #VoiceAmerica #deepseas #charlottebusiness #leader #ciso #cybernews #cyberdefense. Available on #spotifypodcasts,

Join us for an engaging and thought-provoking episode of Cyber Security America, as we delve into the crucial topic of The Confusion Between Attack Surface Reduction (ASR) and Vulnerability Management (VM). Our expert guest, Jason Nordquist and Ken Gonzales, share their insights on the current state of cybersecurity and the challenges faced by organizations in this space. Discover the importance of this new paradigm, a critical yet often overlooked aspect of cybersecurity, and how it can help mitigate the risks posed by cyber threats. Don't miss out on this opportunity to gain valuable knowledge and actionable tips from a seasoned cybersecurity professional.

At the center of your cyber security universe is the Security Operations Center (SOC). This is supposed to be part of your 24/7 Managed Detection & Response (MDR) capability. But how do you know if your security operations team is running in a mature and highly capable manner. This is where the rubber meets the road when identifying and respond to security threats within your environment. What are the different delivery models, lessons learned, and best practices for driving improvements? We will also explore the increasingly sophisticated tactics used by threat actors, including their use of IoT devices to evade detection inside your network and pivot around undetected. Join us as we take our defense strategy to the next level of maturity, exploring what's working and what needs to change to stay ahead of the evolving threat landscape.

SEC cybersecurity risk governance rule and its impact on the market. Chris Hetner is the former Cyber Security Advisor to the Chair of the US Securities and Exchange Commission (SEC) and a former Senior Member of the US Department of Treasury Financial Banking Information Infrastructure Committee. He talks about the final process of approving the cybersecurity risk governance guidance, which will bring about a tectonic shift in the way cyber is governed. Don't miss this informative and engaging conversation about the complexities of cybersecurity governance and how the Board will need to adapt.